From 43e57a42832ea8b4ceb0317f3c9028a4174ffa7b Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 8 Aug 2007 07:25:32 +0000 Subject: Adapted project directory structure to suit the new maven based build process. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@909 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/AuthenticationException.java | 31 + .../at/gv/egovernment/moa/id/BuildException.java | 34 + .../moa/id/ECDSAConverterException.java | 34 + .../at/gv/egovernment/moa/id/MOAIDException.java | 159 +++ .../at/gv/egovernment/moa/id/ParseException.java | 34 + .../at/gv/egovernment/moa/id/ServiceException.java | 34 + .../moa/id/auth/AuthenticationServer.java | 1019 ++++++++++++++++++++ .../moa/id/auth/AuthenticationSessionCleaner.java | 52 + .../moa/id/auth/MOAIDAuthConstants.java | 75 ++ .../moa/id/auth/MOAIDAuthInitializer.java | 163 ++++ .../moa/id/auth/WrongParametersException.java | 21 + .../builder/AuthenticationAssertionBuilder.java | 88 ++ .../AuthenticationBlockAssertionBuilder.java | 146 +++ .../AuthenticationDataAssertionBuilder.java | 156 +++ .../moa/id/auth/builder/BPKBuilder.java | 49 + .../egovernment/moa/id/auth/builder/Builder.java | 59 ++ .../CertInfoVerifyXMLSignatureRequestBuilder.java | 84 ++ .../builder/CreateXMLSignatureRequestBuilder.java | 93 ++ .../moa/id/auth/builder/DataURLBuilder.java | 83 ++ .../auth/builder/GetIdentityLinkFormBuilder.java | 150 +++ .../id/auth/builder/InfoboxReadRequestBuilder.java | 86 ++ .../builder/InfoboxValidatorParamsBuilder.java | 82 ++ .../moa/id/auth/builder/PersonDataBuilder.java | 59 ++ .../moa/id/auth/builder/SAMLArtifactBuilder.java | 60 ++ .../moa/id/auth/builder/SAMLResponseBuilder.java | 91 ++ .../moa/id/auth/builder/SelectBKUFormBuilder.java | 63 ++ .../builder/VerifyXMLSignatureRequestBuilder.java | 206 ++++ .../moa/id/auth/data/AuthenticationSession.java | 383 ++++++++ .../id/auth/data/CreateXMLSignatureResponse.java | 71 ++ .../moa/id/auth/data/ExtendedSAMLAttribute.java | 73 ++ .../id/auth/data/ExtendedSAMLAttributeImpl.java | 137 +++ .../egovernment/moa/id/auth/data/IdentityLink.java | 266 +++++ .../egovernment/moa/id/auth/data/InfoboxToken.java | 65 ++ .../moa/id/auth/data/InfoboxTokenImpl.java | 129 +++ .../moa/id/auth/data/InfoboxValidationResult.java | 57 ++ .../id/auth/data/InfoboxValidationResultImpl.java | 101 ++ .../moa/id/auth/data/InfoboxValidatorParams.java | 172 ++++ .../id/auth/data/InfoboxValidatorParamsImpl.java | 348 +++++++ .../moa/id/auth/data/SAMLAttribute.java | 79 ++ .../at/gv/egovernment/moa/id/auth/data/Schema.java | 26 + .../egovernment/moa/id/auth/data/SchemaImpl.java | 63 ++ .../id/auth/data/VerifyXMLSignatureResponse.java | 177 ++++ .../auth/invoke/SignatureVerificationInvoker.java | 92 ++ .../parser/CreateXMLSignatureResponseParser.java | 193 ++++ .../moa/id/auth/parser/ErrorResponseParser.java | 72 ++ .../parser/ExtendedInfoboxReadResponseParser.java | 157 +++ .../auth/parser/IdentityLinkAssertionParser.java | 319 ++++++ .../id/auth/parser/InfoboxReadResponseParser.java | 165 ++++ .../moa/id/auth/parser/SAMLArtifactParser.java | 58 ++ .../parser/VerifyXMLSignatureResponseParser.java | 156 +++ .../moa/id/auth/servlet/AuthServlet.java | 202 ++++ .../moa/id/auth/servlet/ConfigurationServlet.java | 75 ++ .../auth/servlet/GetAuthenticationDataService.java | 135 +++ .../moa/id/auth/servlet/SelectBKUServlet.java | 99 ++ .../auth/servlet/StartAuthenticationServlet.java | 103 ++ .../servlet/VerifyAuthenticationBlockServlet.java | 120 +++ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 107 ++ .../CreateXMLSignatureResponseValidator.java | 274 ++++++ .../id/auth/validator/IdentityLinkValidator.java | 159 +++ .../moa/id/auth/validator/InfoboxValidator.java | 32 + .../moa/id/auth/validator/ValidateException.java | 35 + .../VerifyXMLSignatureResponseValidator.java | 177 ++++ .../moa/id/config/ConfigurationBuilder.java | 894 +++++++++++++++++ .../moa/id/config/ConfigurationException.java | 31 + .../moa/id/config/ConfigurationProvider.java | 128 +++ .../moa/id/config/ConnectionParameter.java | 106 ++ .../gv/egovernment/moa/id/config/OAParameter.java | 76 ++ .../id/config/auth/AuthConfigurationProvider.java | 414 ++++++++ .../moa/id/config/auth/OAAuthParameter.java | 268 +++++ .../moa/id/config/auth/VerifyInfoboxParameter.java | 360 +++++++ .../id/config/auth/VerifyInfoboxParameters.java | 135 +++ .../moa/id/config/proxy/OAConfiguration.java | 173 ++++ .../moa/id/config/proxy/OAProxyParameter.java | 184 ++++ .../id/config/proxy/ProxyConfigurationBuilder.java | 268 +++++ .../config/proxy/ProxyConfigurationProvider.java | 188 ++++ .../moa/id/data/AuthenticationData.java | 394 ++++++++ .../java/at/gv/egovernment/moa/id/data/Cookie.java | 119 +++ .../gv/egovernment/moa/id/data/CookieManager.java | 114 +++ .../egovernment/moa/id/data/IssuerAndSerial.java | 111 +++ .../at/gv/egovernment/moa/id/data/SAMLStatus.java | 59 ++ .../id/iaik/config/CertStoreConfigurationImpl.java | 96 ++ .../moa/id/iaik/config/LoggerConfigImpl.java | 51 + .../moa/id/iaik/config/PKIConfigurationImpl.java | 66 ++ .../iaik/config/RevocationConfigurationImpl.java | 36 + .../iaik/config/ValidationConfigurationImpl.java | 51 + .../moa/id/iaik/pki/PKIProfileImpl.java | 186 ++++ .../moa/id/iaik/pki/jsse/MOAIDTrustManager.java | 119 +++ .../iaik/servertools/observer/ObservableImpl.java | 46 + .../moa/id/proxy/ConnectionBuilder.java | 64 ++ .../moa/id/proxy/ConnectionBuilderFactory.java | 68 ++ .../moa/id/proxy/DefaultConnectionBuilder.java | 149 +++ .../id/proxy/DefaultLoginParameterResolver.java | 142 +++ .../moa/id/proxy/ElakConnectionBuilder.java | 249 +++++ .../moa/id/proxy/EnhancedConnectionBuilder.java | 211 ++++ .../moa/id/proxy/LoginParameterResolver.java | 86 ++ .../id/proxy/LoginParameterResolverException.java | 37 + .../id/proxy/LoginParameterResolverFactory.java | 82 ++ .../moa/id/proxy/MOAIDProxyInitializer.java | 95 ++ .../moa/id/proxy/NotAllowedException.java | 39 + .../XMLLoginParameterResolverEncryptedData.java | 678 +++++++++++++ .../proxy/XMLLoginParameterResolverPlainData.java | 422 ++++++++ .../moa/id/proxy/builder/SAMLRequestBuilder.java | 55 ++ .../proxy/invoke/GetAuthenticationDataInvoker.java | 143 +++ .../parser/AuthenticationDataAssertionParser.java | 158 +++ .../moa/id/proxy/parser/SAMLResponseParser.java | 100 ++ .../moa/id/proxy/servlet/ConfigurationServlet.java | 71 ++ .../moa/id/proxy/servlet/ProxyException.java | 35 + .../moa/id/proxy/servlet/ProxyServlet.java | 879 +++++++++++++++++ .../moa/id/util/AxisSecureSocketFactory.java | 212 ++++ .../gv/egovernment/moa/id/util/ECDSAConstants.java | 36 + .../moa/id/util/ECDSAKeyValueConverter.java | 572 +++++++++++ .../moa/id/util/HTTPRequestJSPForwarder.java | 76 ++ .../at/gv/egovernment/moa/id/util/HTTPUtils.java | 68 ++ .../moa/id/util/InOrderServletRequestWrapper.java | 374 +++++++ .../moa/id/util/MOAIDMessageProvider.java | 58 ++ .../moa/id/util/ParameterInOrderFilter.java | 62 ++ .../java/at/gv/egovernment/moa/id/util/Random.java | 22 + .../at/gv/egovernment/moa/id/util/SSLUtils.java | 180 ++++ 118 files changed, 18184 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java new file mode 100644 index 000000000..96a5e0673 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown during handling of AuthenticationSession + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationException extends MOAIDException { + + /** + * Constructor for AuthenticationException. + * @param messageId + */ + public AuthenticationException(String messageId, Object[] parameters) { + super(messageId, parameters, null); + } + /** + * Constructor for AuthenticationException. + * @param messageId + * @param parameters + * @param wrapped + */ + public AuthenticationException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java new file mode 100644 index 000000000..785dce7a3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java @@ -0,0 +1,34 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown while building an XML or HTML structure. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class BuildException extends MOAIDException { + + /** + * Constructor for BuildException. + * @param messageId + * @param parameters + */ + public BuildException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for BuildException. + * @param messageId + * @param parameters + * @param wrapped + */ + public BuildException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java new file mode 100644 index 000000000..682395a83 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java @@ -0,0 +1,34 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown while converting ECDSAKeys from/to an XML structure. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class ECDSAConverterException extends MOAIDException { + + /** + * Constructor for ECDSAConverterException. + * @param messageId + * @param parameters + */ + public ECDSAConverterException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ECDSAConverterException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ECDSAConverterException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java new file mode 100644 index 000000000..bce2c4778 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java @@ -0,0 +1,159 @@ +package at.gv.egovernment.moa.id; + +import java.io.PrintStream; +import java.io.PrintWriter; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.w3c.dom.DOMImplementation; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.util.Constants; + +/** + * Base class of technical MOA exceptions. + * + * Technical exceptions are exceptions that originate from system failure (e.g., + * a database connection fails, a component is not available, etc.) + * + * @author Patrick Peck, Ivancsics Paul + * @version $Id$ + */ +public class MOAIDException extends Exception { + /** message ID */ + private String messageId; + /** wrapped exception */ + private Throwable wrapped; + + /** + * Create a new MOAIDException. + * + * @param messageId The identifier of the message associated with this + * exception. + * @param parameters Additional message parameters. + */ + public MOAIDException(String messageId, Object[] parameters) { + super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + this.messageId = messageId; + } + + /** + * Create a new MOAIDException. + * + * @param messageId The identifier of the message associated with this + * MOAIDException. + * @param parameters Additional message parameters. + * @param wrapped The exception wrapped by this + * MOAIDException. + */ + public MOAIDException( + String messageId, + Object[] parameters, + Throwable wrapped) { + + super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + this.messageId = messageId; + this.wrapped = wrapped; + } + + /** + * Print a stack trace of this exception to System.err. + * + * @see java.lang.Throwable#printStackTrace() + */ + public void printStackTrace() { + printStackTrace(System.err); + } + + /** + * Print a stack trace of this exception, including the wrapped exception. + * + * @param s The stream to write the stack trace to. + * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) + */ + public void printStackTrace(PrintStream s) { + if (getWrapped() == null) + super.printStackTrace(s); + else { + s.print("Root exception: "); + getWrapped().printStackTrace(s); + } + } + + /** + * Print a stack trace of this exception, including the wrapped exception. + * + * @param s The stream to write the stacktrace to. + * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) + */ + public void printStackTrace(PrintWriter s) { + if (getWrapped() == null) + super.printStackTrace(s); + else { + s.print("Root exception: "); + getWrapped().printStackTrace(s); + } + } + + /** + * @return message ID + */ + public String getMessageId() { + return messageId; + } + + /** + * @return wrapped exception + */ + public Throwable getWrapped() { + return wrapped; + } + + /** + * Convert this MOAIDException to an ErrorResponse + * element from the MOA namespace. + * + * @return An ErrorResponse element, containing the subelements + * ErrorCode and Info required by the MOA schema. + */ + public Element toErrorResponse() { + DocumentBuilder builder; + DOMImplementation impl; + Document doc; + Element errorResponse; + Element errorCode; + Element info; + + // create a new document + try { + builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + impl = builder.getDOMImplementation(); + } catch (ParserConfigurationException e) { + return null; + } + + // build the ErrorResponse element + doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null); + errorResponse = doc.getDocumentElement(); + + // add MOA namespace declaration + errorResponse.setAttributeNS( + Constants.XMLNS_NS_URI, + "xmlns", + Constants.MOA_NS_URI); + + // build the child elements + errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode"); + errorCode.appendChild(doc.createTextNode(messageId)); + info = doc.createElementNS(Constants.MOA_NS_URI, "Info"); + info.appendChild(doc.createTextNode(toString())); + errorResponse.appendChild(errorCode); + errorResponse.appendChild(info); + return errorResponse; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java new file mode 100644 index 000000000..a5e0088d9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java @@ -0,0 +1,34 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown while parsing an XML structure. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ParseException extends MOAIDException { + + /** + * Constructor for ParseException. + * @param messageId + * @param parameters + */ + public ParseException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ParseException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ParseException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java new file mode 100644 index 000000000..9e6ab2361 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java @@ -0,0 +1,34 @@ +package at.gv.egovernment.moa.id; + + +/** + * Exception thrown while calling the MOA-SPSS web service. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ServiceException extends MOAIDException { + + /** + * Constructor for ServiceException. + * @param messageId + * @param parameters + */ + public ServiceException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ServiceException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ServiceException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java new file mode 100644 index 000000000..5f4ec2d29 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -0,0 +1,1019 @@ +package at.gv.egovernment.moa.id.auth; + +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Calendar; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.Vector; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; +import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; +import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * API for MOA ID Authentication Service.
+ * {@link AuthenticationSession} is stored in a session store and retrieved + * by giving the session ID. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationServer implements MOAIDAuthConstants { + + /** single instance */ + private static AuthenticationServer instance; + /** session data store (session ID -> AuthenticationSession) */ + private static Map sessionStore = new HashMap(); + /** authentication data store (assertion handle -> AuthenticationData) */ + private static Map authenticationDataStore = new HashMap(); + /** + * time out in milliseconds used by {@link cleanup} for session store + */ + private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes + /** + * time out in milliseconds used by {@link cleanup} for authentication data store + */ + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + /** + * Returns the single instance of AuthenticationServer. + * + * @return the single instance of AuthenticationServer + */ + public static AuthenticationServer getInstance() { + if (instance == null) + instance = new AuthenticationServer(); + return instance; + } + /** + * Constructor for AuthenticationServer. + */ + public AuthenticationServer() { + super(); + } + /** + * Processes request to select a BKU. + *
Processing depends on value of {@link AuthConfigurationProvider#getBKUSelectionType}. + *
For bkuSelectionType==HTMLComplete, a returnURI for the + * "BKU Auswahl" service is returned. + *
For bkuSelectionType==HTMLSelect, an HTML form for BKU selection is returned. + * @param authURL base URL of MOA-ID Auth component + * @param target "Geschäftsbereich" + * @param oaURL online application URL requested + * @param bkuSelectionTemplateURL template for BKU selection form to be used + * in case of HTMLSelect; may be null + * @param templateURL URL providing an HTML template for the HTML form to be used + * for call startAuthentication + * @return for bkuSelectionType==HTMLComplete, the returnURI for the + * "BKU Auswahl" service; + * for bkuSelectionType==HTMLSelect, an HTML form for BKU selection + * @throws WrongParametersException upon missing parameters + * @throws AuthenticationException when the configured BKU selection service cannot be reached, + * and when the given bkuSelectionTemplateURL cannot be reached + * @throws ConfigurationException on missing configuration data + * @throws BuildException while building the HTML form + */ + public String selectBKU( + String authURL, + String target, + String oaURL, + String bkuSelectionTemplateURL, + String templateURL) + throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { + + //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", "AuthURL"); + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA); + + ConnectionParameter bkuConnParam = + AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); + if (bkuConnParam == null) + throw new ConfigurationException( + "config.08", + new Object[] { "BKUSelection/ConnectionParameter" }); + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + } else { + if (!isEmpty(target)) { + Logger.info("Ignoring target parameter thus application type is \"businessService\""); + } + target = null; + } + + AuthenticationSession session = newSession(); + Logger.info("MOASession " + session.getSessionID() + " angelegt"); + session.setTarget(target); + session.setOAURLRequested(oaURL); + session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + session.setAuthURL(authURL); + session.setTemplateURL(templateURL); + session.setBusinessService(oaParam.getBusinessService()); + String returnURL = + new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); + String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); + if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { + // bkuSelectionType==HTMLComplete + String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL; + return redirectURL; + } else { + // bkuSelectionType==HTMLSelect + String bkuSelectTag; + try { + bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); + } catch (Throwable ex) { + throw new AuthenticationException( + "auth.11", + new Object[] { bkuConnParam.getUrl(), ex.toString()}, + ex); + } + String bkuSelectionTemplate = null; + // override template url by url from configuration file + if (oaParam.getBkuSelectionTemplateURL() != null) { + bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); + } + if (bkuSelectionTemplateURL != null) { + try { + bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL)); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { bkuSelectionTemplateURL, ex.toString()}, + ex); + } + } + String htmlForm = + new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag); + return htmlForm; + } + } + /** + * Method readBKUSelectTag. + * @param conf the ConfigurationProvider + * @param connParam the ConnectionParameter for that connection + * @return String + * @throws ConfigurationException on config-errors + * @throws PKIException on PKI errors + * @throws IOException on any data error + * @throws GeneralSecurityException on security errors + */ + private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam) + throws ConfigurationException, PKIException, IOException, GeneralSecurityException { + + if (connParam.isHTTPSURL()) + return SSLUtils.readHttpsURL(conf, connParam); + else + return HTTPUtils.readHttpURL(connParam.getUrl()); + } + /** + * Processes the beginning of an authentication session. + * + * @param authURL URL of the servlet to be used as data URL + * @param target "Geschäftsbereich" of the online application requested + * @param oaURL online application URL requested + * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; + * may be null; in this case, the default location will be used + * @param templateURL URL providing an HTML template for the HTML form generated + * @return HTML form + * @throws AuthenticationException + * @see GetIdentityLinkFormBuilder + * @see InfoboxReadRequestBuilder + */ + public String startAuthentication( + String authURL, + String target, + String oaURL, + String templateURL, + String bkuURL, + String sessionID) + throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { + + if (isEmpty(sessionID)) { + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", "AuthURL"); + + //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = + AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA); + } + AuthenticationSession session; + OAAuthParameter oaParam; + if (sessionID != null) { + session = getSession(sessionID); + oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + } else { + oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + } else { + target = null; + } + session = newSession(); + Logger.info("MOASession " + session.getSessionID() + " angelegt"); + session.setTarget(target); + session.setOAURLRequested(oaURL); + session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + session.setAuthURL(authURL); + session.setTemplateURL(templateURL); + session.setBusinessService(oaParam.getBusinessService()); + } + // BKU URL has not been set yet, even if session already exists + if (bkuURL == null) { + bkuURL = DEFAULT_BKU; + } + session.setBkuURL(bkuURL); + String infoboxReadRequest = + new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), + oaParam.getBusinessService(), + oaParam.getIdentityLinkDomainIdentifier()); + String dataURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_IDENTITY_LINK, + session.getSessionID()); + String template = null; + // override template url by url from configuration file + if (oaParam.getTemplateURL() != null) { + templateURL = oaParam.getTemplateURL(); + } else { + templateURL = session.getTemplateURL(); + } + if (templateURL != null) { + try { + template = new String(FileUtils.readURL(templateURL)); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { templateURL, ex.toString()}, + ex); + } + } + String pushInfobox = ""; + VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); + if (verifyInfoboxParameters != null) { + pushInfobox = verifyInfoboxParameters.getPushInfobox(); + } + String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12()); + String certInfoDataURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_START_AUTHENTICATION, + session.getSessionID()); + String htmlForm = + new GetIdentityLinkFormBuilder().build( + template, + bkuURL, + infoboxReadRequest, + dataURL, + certInfoRequest, + certInfoDataURL, + pushInfobox); + return htmlForm; + } + /** + * Processes an <InfoboxReadResponse> sent by the + * security layer implementation.
+ * + * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from + * the BKU including the <InfoboxReadResponse> + * @return String representation of the <CreateXMLSignatureRequest> + */ + public String verifyIdentityLink(String sessionID, Map infoboxReadResponseParameters) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + + String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE); + if (isEmpty(xmlInfoboxReadResponse)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); + + AuthenticationSession session = getSession(sessionID); + if (session.getTimestampIdentityLink() != null) + throw new AuthenticationException("auth.01", new Object[] { sessionID }); + session.setTimestampIdentityLink(); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + // parses the + IdentityLink identityLink = + new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); + // validates the identity link + IdentityLinkValidator.getInstance().validate(identityLink); + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = + new VerifyXMLSignatureRequestBuilder().build( + identityLink, + authConf.getMoaSpIdentityLinkTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = + new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = + new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + + if (identityLink.getIdentificationType().equalsIgnoreCase(Constants.URN_PREFIX_BASEID)) { + } + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + // if OA is type is business service the manifest validation result has to be ignored + boolean ignoreManifestValidationResult = oaParam.getBusinessService() ? true : false; + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConf.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + ignoreManifestValidationResult); + + session.setIdentityLink(identityLink); + // now validate the extended infoboxes + verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); + // builds the AUTH-block + String authBlock = buildAuthenticationBlock(session); +// session.setAuthBlock(authBlock); + // builds the + String[] transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.length == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } + String createXMLSignatureRequest = + new CreateXMLSignatureRequestBuilder().build(authBlock, + oaParam.getKeyBoxIdentifier(), + transformsInfos, + oaParam.getSlVersion12()); + return createXMLSignatureRequest; + } + /** + * Builds an authentication block <saml:Assertion> from given session data. + * @param session authentication session + * + * @return <saml:Assertion> as a String + * + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { + IdentityLink identityLink = session.getIdentityLink(); + String issuer = identityLink.getName(); + String gebDat = identityLink.getDateOfBirth(); + String identificationValue = identityLink.getIdentificationValue(); + String identificationType = identityLink.getIdentificationType(); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + session.setIssueInstant(issueInstant); + String authURL = session.getAuthURL(); + String target = session.getTarget(); + String oaURL = session.getPublicOAURLPrefix(); + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock( + issuer, + issueInstant, + authURL, + target, + identificationValue, + identificationType, + oaURL, + gebDat, + extendedSAMLAttributes, + session); + + return authBlock; + } + + /** + * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by + * calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param infoboxReadResponseParams The parameters returned from the BKU as response + * to an infobox read request (including the infobox + * tokens to be verified). + * @param hideStammzahl Indicates whether source pins (Stammzahlen) + * should be hidden in any SAML attribute that may be + * returned by a validator. + * + * @throws AuthenticationException If the verification of at least one infobox fails. + * @throws ConfigurationException If the OAuthParameter cannot be extracted. + */ + private void verifyInfoboxes( + AuthenticationSession session, Map infoboxReadResponseParams, boolean hideStammzahl) + throws ValidateException, ConfigurationException + { + + AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider.getInstance(); + // get the default VerifyInfobox parameters + Map defaultInfoboxParameters = null; + VerifyInfoboxParameters defaultVerifyInfoboxParameters = + authConfigurationProvider.getDefaultVerifyInfoboxParameters(); + if (defaultVerifyInfoboxParameters != null) { + defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters(); + } + // get the OA specific VerifyInfobox parameters + Map infoboxParameters = null; + OAAuthParameter oaParam = + authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); + if (verifyInfoboxParameters != null) { + Vector authAttributes = new Vector(); + Vector oaAttributes = new Vector(); + infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); + // get the list of infobox identifiers + List identifiers = verifyInfoboxParameters.getIdentifiers(); + if (identifiers != null) { + // step through the identifiers and verify the infoboxes + Iterator it = identifiers.iterator(); + while (it.hasNext()) { + String identifier = (String)it.next(); + // get the infobox read response from the map of parameters + String infoboxReadResponse = (String)infoboxReadResponseParams.get(identifier); + // get the configuration parameters + VerifyInfoboxParameter verifyInfoboxParameter = null; + Object object = infoboxParameters.get(identifier); + // if not present, use default + if ((object == null) && (defaultInfoboxParameters != null)) { + object = defaultInfoboxParameters.get(identifier); + } + if (object != null) { + verifyInfoboxParameter = (VerifyInfoboxParameter)object; + } + if (infoboxReadResponse != null) { + if (verifyInfoboxParameter == null) { + // should not happen because of the pushinfobox mechanism; check it anyway + Logger.error("No validator for verifying \"" + identifier + "\"-infobox configured."); + throw new ValidateException("validator.41", new Object[] {identifier}); + } else { + String friendlyName = verifyInfoboxParameter.getFriendlyName(); + // get the class for validating the infobox + InfoboxValidator infoboxValidator = null; + try { + Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + infoboxValidator = (InfoboxValidator) validatorClass.newInstance(); + } catch (Exception e) { + Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() + + "\" for \"" + identifier + "\"-infobox: " + e.getMessage()); + throw new ValidateException("validator.42", new Object[] {friendlyName}); + } + Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() + + "\" for \"" + identifier + "\"-infobox."); + // parse the infobox read reponse + List infoboxTokenList = null; + try { + infoboxTokenList = + ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); + } catch (ParseException e) { + Logger.error("InfoboxReadResponse for \"" + identifier + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ValidateException("validator.43", new Object[] {friendlyName}); + } + // build the parameters for validating the infobox + InfoboxValidatorParams infoboxValidatorParams = + InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( + session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); + // now validate the infobox + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxValidator.validate(infoboxValidatorParams); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + + Logger.info(identifier + " infobox successfully validated."); + + // get the SAML attributes to be appended to the AUTHBlock or to the final + // SAML Assertion + ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes(); + if (extendedSAMLAttributes != null) { + int length = extendedSAMLAttributes.length; + for (int i=0; i<CreateXMLSignatureResponse> sent by the + * security layer implementation.
+ *
    + *
  • Validates given <CreateXMLSignatureResponse>
  • + *
  • Parses <CreateXMLSignatureResponse> for error codes
  • + *
  • Parses authentication block enclosed in + * <CreateXMLSignatureResponse>
  • + *
  • Verifies authentication block by calling the MOA SP component
  • + *
  • Creates authentication data
  • + *
  • Creates a corresponding SAML artifact
  • + *
  • Stores authentication data in the authentication data store + * indexed by the SAML artifact
  • + *
  • Deletes authentication session
  • + *
  • Returns the SAML artifact, encoded BASE64
  • + *
+ * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <CreateXMLSignatureResponse> + * @return SAML artifact needed for retrieving authentication data, encoded BASE64 + */ + public String verifyAuthenticationBlock( + String sessionID, + String xmlCreateXMLSignatureReadResponse) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ServiceException, + ValidateException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + if (isEmpty(xmlCreateXMLSignatureReadResponse)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + // parses + CreateXMLSignatureResponse csresp = + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + try { + String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); + session.setAuthBlock(serializedAssertion); + } catch (TransformerException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } catch (IOException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } + // validates + new CreateXMLSignatureResponseValidator().validate(csresp, session); + // builds a for a MOA-SPSS call + String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); + Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); + // debug output + + // invokes the call + Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); + // debug output + + // parses the + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + vsresp, + null, + VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, + false); + + + // TODO See Bug #144 + // Compare AuthBlock Data with information stored in session, especially date and time + + + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( + vsresp, + session.getIdentityLink()); + + // builds authentication data and stores it together with a SAML artifact + AuthenticationData authData = buildAuthenticationData(session, vsresp); + String samlArtifact = + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + storeAuthenticationData(samlArtifact, authData); + // invalidates the authentication session + sessionStore.remove(sessionID); + Logger.info( + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; + } + /** + * Builds the AuthenticationData object together with the + * corresponding <saml:Assertion> + * @param session authentication session + * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP + * @return AuthenticationData object + * @throws ConfigurationException while accessing configuration data + * @throws BuildException while building the <saml:Assertion> + */ + private AuthenticationData buildAuthenticationData( + AuthenticationSession session, + VerifyXMLSignatureResponse verifyXMLSigResp) + throws ConfigurationException, BuildException { + + IdentityLink identityLink = session.getIdentityLink(); + AuthenticationData authData = new AuthenticationData(); + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + boolean businessService = oaParam.getBusinessService(); + authData.setMajorVersion(1); + authData.setMinorVersion(0); + authData.setAssertionID(Random.nextRandom()); + authData.setIssuer(session.getAuthURL()); + authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); + + authData.setIdentificationType(identityLink.getIdentificationType()); + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + authData.setDateOfBirth(identityLink.getDateOfBirth()); + authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); + authData.setBkuURL(session.getBkuURL()); + boolean provideStammzahl = oaParam.getProvideStammzahl(); + if (provideStammzahl) { + authData.setIdentificationValue(identityLink.getIdentificationValue()); + } + String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + try { + String signerCertificateBase64 = ""; + if (oaParam.getProvideCertifcate()) { + X509Certificate signerCertificate = verifyXMLSigResp.getX509certificate(); + if (signerCertificate != null) { + signerCertificateBase64 = Base64Utils.encode(signerCertificate.getEncoded()); + } else { + Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); + } + } + authData.setSignerCertificate(signerCertificateBase64); + if (businessService) { + authData.setWBPK(identityLink.getIdentificationValue()); + } else { + // only compute bPK if online applcation is a public service + String bpkBase64 = + new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + authData.setBPK(bpkBase64); + } + String ilAssertion = + oaParam.getProvideIdentityLink() + ? identityLink.getSerializedSamlAssertion() + : ""; + if (!oaParam.getProvideStammzahl()) { + ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink.getIdentificationValue(), ""); + } + String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; + String samlAssertion = + new AuthenticationDataAssertionBuilder().build( + authData, + prPerson, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + businessService, + session.getExtendedSAMLAttributesOA()); + authData.setSamlAssertion(samlAssertion); + return authData; + } catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] { "AuthenticationData", ex.toString()}, + ex); + } + } + /** + * Retrieves AuthenticationData indexed by the SAML artifact. + * The AuthenticationData is deleted from the store upon end of this call. + * + * @return AuthenticationData + */ + public AuthenticationData getAuthenticationData(String samlArtifact) + throws AuthenticationException { + String assertionHandle; + try { + assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); + } + AuthenticationData authData = null; + synchronized (authenticationDataStore) { + authData = (AuthenticationData) authenticationDataStore.get(assertionHandle); + if (authData == null) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + authenticationDataStore.remove(assertionHandle); + } + long now = new Date().getTime(); + if (now - authData.getTimestamp().getTime() > authDataTimeOut) + throw new AuthenticationException("1207", new Object[] { samlArtifact }); + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); + return authData; + } + /** + * Stores authentication data indexed by the assertion handle contained in the + * given saml artifact. + * @param samlArtifact SAML artifact + * @param authData authentication data + * @throws AuthenticationException when SAML artifact is invalid + */ + private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) + throws AuthenticationException { + + try { + SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); + // check type code 0x0001 + byte[] typeCode = parser.parseTypeCode(); + if (typeCode[0] != 0 || typeCode[1] != 1) + throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); + String assertionHandle = parser.parseAssertionHandle(); + synchronized (authenticationDataStore) { + Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); + authenticationDataStore.put(assertionHandle, authData); + } + } catch (AuthenticationException ex) { + throw ex; + } catch (Throwable ex) { + throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); + } + } + /** + * Creates a new session and puts it into the session store. + * + * @param id Session ID + * @return AuthenticationSession created + * @exception AuthenticationException + * thrown when an AuthenticationSession is running + * already for the given session ID + */ + private static AuthenticationSession newSession() throws AuthenticationException { + String sessionID = Random.nextRandom(); + AuthenticationSession newSession = new AuthenticationSession(sessionID); + synchronized (sessionStore) { + AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); + if (session != null) + throw new AuthenticationException("auth.01", new Object[] { sessionID }); + sessionStore.put(sessionID, newSession); + } + return newSession; + } + /** + * Retrieves a session from the session store. + * + * @param id session ID + * @return AuthenticationSession stored with given session ID, + * null if session ID unknown + */ + public static AuthenticationSession getSession(String id) throws AuthenticationException { + AuthenticationSession session = (AuthenticationSession) sessionStore.get(id); + if (session == null) + throw new AuthenticationException("auth.02", new Object[] { id }); + return session; + } + /** + * Cleans up expired session and authentication data stores. + */ + public void cleanup() { + long now = new Date().getTime(); + synchronized (sessionStore) { + Set keys = new HashSet(sessionStore.keySet()); + for (Iterator iter = keys.iterator(); iter.hasNext();) { + String sessionID = (String) iter.next(); + AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); + if (now - session.getTimestampStart().getTime() > sessionTimeOut) { + Logger.info( + MOAIDMessageProvider.getInstance().getMessage( + "cleaner.02", + new Object[] { sessionID })); + sessionStore.remove(sessionID); + } + } + } + synchronized (authenticationDataStore) { + Set keys = new HashSet(authenticationDataStore.keySet()); + for (Iterator iter = keys.iterator(); iter.hasNext();) { + String samlArtifact = (String) iter.next(); + AuthenticationData authData = + (AuthenticationData) authenticationDataStore.get(samlArtifact); + if (now - authData.getTimestamp().getTime() > authDataTimeOut) { + Logger.info( + MOAIDMessageProvider.getInstance().getMessage( + "cleaner.03", + new Object[] { samlArtifact })); + authenticationDataStore.remove(samlArtifact); + } + } + } + } + + /** + * Sets the sessionTimeOut. + * @param seconds Time out of the session in seconds + */ + public void setSecondsSessionTimeOut(long seconds) { + sessionTimeOut = 1000 * seconds; + } + /** + * Sets the authDataTimeOut. + * @param seconds Time out for signing AuthData in seconds + */ + public void setSecondsAuthDataTimeOut(long seconds) { + authDataTimeOut = 1000 * seconds; + } + + /** + * Checks a parameter. + * @param param parameter + * @return true if the parameter is null or empty + */ + private boolean isEmpty(String param) { + return param == null || param.length() == 0; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java new file mode 100644 index 000000000..7e5ed6ec7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -0,0 +1,52 @@ +package at.gv.egovernment.moa.id.auth; + +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Thread cleaning the AuthenticationServer session store + * and authentication data store from garbage. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationSessionCleaner implements Runnable { + + /** interval the AuthenticationSessionCleaner is run in */ + private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min + + /** + * Runs the thread. Cleans the AuthenticationServer session store + * and authentication data store from garbage, then sleeps for given interval, and restarts. + */ + public void run() { + while (true) { + try { + Logger.debug("AuthenticationSessionCleaner run"); + AuthenticationServer.getInstance().cleanup(); + } + catch (Exception e) { + Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e); + } + try { + Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); + } + catch (InterruptedException e) { + } + } + } + + /** + * start the sessionCleaner + */ + public static void start() { + // start the session cleanup thread + Thread sessionCleaner = + new Thread(new AuthenticationSessionCleaner()); + sessionCleaner.setName("SessionCleaner"); + sessionCleaner.setDaemon(true); + sessionCleaner.setPriority(Thread.MIN_PRIORITY); + sessionCleaner.start(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java new file mode 100644 index 000000000..43e88e7b5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -0,0 +1,75 @@ +package at.gv.egovernment.moa.id.auth; + +import iaik.asn1.ObjectID; + + +/** + * Constants used throughout moa-id-auth component. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public interface MOAIDAuthConstants { + + /** servlet parameter "Target" */ + public static final String PARAM_TARGET = "Target"; + /** servlet parameter "OA" */ + public static final String PARAM_OA = "OA"; + /** servlet parameter "bkuURI" */ + public static final String PARAM_BKU = "bkuURI"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** default BKU URL */ + public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; + /** servlet parameter "returnURI" */ + public static final String PARAM_RETURN = "returnURI"; + /** servlet parameter "Template" */ + public static final String PARAM_TEMPLATE = "Template"; + /** servlet parameter "MOASessionID" */ + public static final String PARAM_SESSIONID = "MOASessionID"; + /** servlet parameter "XMLResponse" */ + public static final String PARAM_XMLRESPONSE = "XMLResponse"; + /** servlet parameter "SAMLArtifact" */ + public static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */ + public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ + public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ + public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; + /** Logging hierarchy used for controlling debug output of XML structures to files */ + public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth"; + /** Header Name for controlling the caching mechanism of the browser */ + public static final String HEADER_EXPIRES = "Expires"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT"; + /** Header Name for controlling the caching mechanism of the browser */ + public static final String HEADER_PRAGMA = "Pragma"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_PRAGMA = "no-cache"; + /** Header Name for controlling the caching mechanism of the browser */ + public static final String HEADER_CACHE_CONTROL = "Cache-control"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0"; + /** + * the identity link signer X509Subject names of those identity link signer certificates + * not including the identity link signer OID. The authorisation for signing the identity + * link must be checked by using their issuer names. After february 19th 2007 the OID of + * the certificate will be used fo checking the authorisation for signing identity links. + */ + public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = + new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", + "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; + /** + * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" + */ + public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; + /** + * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); + * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 + */ + public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java new file mode 100644 index 000000000..7964e2fb6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -0,0 +1,163 @@ +package at.gv.egovernment.moa.id.auth; + +import iaik.pki.PKIException; +import iaik.pki.jsse.IAIKX509TrustManager; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Properties; + +import javax.activation.CommandMap; +import javax.activation.MailcapCommandMap; +import javax.mail.Session; +import javax.net.ssl.SSLSocketFactory; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; +import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; +import at.gv.egovernment.moa.util.Constants; + +/** + * Web application initializer + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDAuthInitializer { + + /** a boolean identifying if the MOAIDAuthInitializer has been startet */ + public static boolean initialized = false; + + /** + * Initializes the web application components which need initialization: + * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. + */ + public static void initialize() throws ConfigurationException, + PKIException, IOException, GeneralSecurityException { + if (initialized) return; + initialized = true; + Logger.setHierarchy("moa.id.auth"); + Logger.info("Default java file.encoding: " + + System.getProperty("file.encoding")); + + //JDK bug workaround according to: + // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier + // register content data handlers for S/MIME types + MailcapCommandMap mc = new MailcapCommandMap(); + CommandMap.setDefaultCommandMap(mc); + + // create some properties and get the default Session + Properties props = new Properties(); + props.put("mail.smtp.host", "localhost"); + Session session = Session.getDefaultInstance(props, null); + + // Restricts TLS cipher suites + System.setProperty( + "https.cipherSuites", + "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + // load some jsse classes so that the integrity of the jars can be + // verified + // before the iaik jce is installed as the security provider + // this workaround is only needed when sun jsse is used in conjunction + // with + // iaik-jce (on jdk1.3) + ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader(); + try { + cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar + } catch (ClassNotFoundException e) { + Logger.warn(MOAIDMessageProvider.getInstance().getMessage( + "init.01", null), e); + } + + // Initializes SSLSocketFactory store + SSLUtils.initialize(); + + // Initializes Namespace Map + Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI); + Constants.nSMap.put(Constants.ECDSA_PREFIX, + "http://www.w3.org/2001/04/xmldsig-more#"); + Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + + // Loads the configuration + AuthConfigurationProvider authConf = AuthConfigurationProvider.reload(); + ConnectionParameter moaSPConnParam = authConf + .getMoaSpConnectionParameter(); + + // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK + if (moaSPConnParam == null) { + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + ConfigurationProvider config = ConfigurationProvider + .getInstance(); + new IaikConfigurator().configure(config); + } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { + throw new ConfigurationException("config.10", new Object[] { ex + .toString() }, ex); + } + } + + // Initializes IAIKX509TrustManager logging + String log4jConfigURL = System.getProperty("log4j.configuration"); + if (log4jConfigURL != null) { + IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); + } + + // Initializes the Axis secure socket factory for use in calling the + // MOA-SP web service + if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { + SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, + moaSPConnParam); + AxisSecureSocketFactory.initialize(ssf); + } + + // sets the authentication session and authentication data time outs + String param = authConf + .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); + if (param != null) { + long sessionTimeOut = 0; + try { + sessionTimeOut = new Long(param).longValue(); + } catch (NumberFormatException ex) { + Logger + .error(MOAIDMessageProvider + .getInstance() + .getMessage( + "config.05", + new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY })); + } + if (sessionTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsSessionTimeOut(sessionTimeOut); + } + param = authConf + .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); + if (param != null) { + long authDataTimeOut = 0; + try { + authDataTimeOut = new Long(param).longValue(); + } catch (NumberFormatException ex) { + Logger + .error(MOAIDMessageProvider + .getInstance() + .getMessage( + "config.05", + new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY })); + } + if (authDataTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsAuthDataTimeOut(authDataTimeOut); + } + + } + +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java new file mode 100644 index 000000000..3ce2798ea --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.auth; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown when the AuthenticationServer API is + * called with wrong parameters provided. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class WrongParametersException extends MOAIDException { + + /** + * Constructor + */ + public WrongParametersException(String call, String parameter) { + super("auth.05", new Object[] {call, parameter}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java new file mode 100644 index 000000000..241cf0afc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -0,0 +1,88 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.text.MessageFormat; +import java.util.Iterator; +import java.util.List; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Base class for building authentication the AUTHBlock and final OA data SAML assertions. + * Encapsulates methods used by the two specific builders + * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder AuthenticationBlockAssertionBuilder} + * and + * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder AuthenticationDataAssertionBuilder} + * + * @author Harald Bratko + */ +public class AuthenticationAssertionBuilder { + + /** the NewLine representation in Java*/ + protected static String NL = "\n"; + + protected static String SAML_ATTRIBUTE = + " " + NL + + " {2}" + NL + + " "+ NL; + + /** + * Empty constructor + */ + public AuthenticationAssertionBuilder() { + } + + /** + * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion + * delivered to the online application. + * The method traverses through the list of given SAML attribute objects and builds an + * XML structure (String representation) for each of the attributes. + * + * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or + * to the SAML assertion delivered to the online application. + * @return A string representation including the XML structures of + * the SAML attributes. + * + * @throws ParseException If an error occurs on serializing an SAML attribute. + */ + protected String buildExtendedSAMLAttributes(List extendedSAMLAttributes) throws ParseException + { + StringBuffer sb = new StringBuffer(); + if (extendedSAMLAttributes!=null) { + Iterator it = extendedSAMLAttributes.iterator(); + while (it.hasNext()) { + ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); + Object value = extendedSAMLAttribute.getValue(); + String name = extendedSAMLAttribute.getName(); + String namespace = extendedSAMLAttribute.getNameSpace(); + if (value instanceof String) { + sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, value})); + } else if (value instanceof Element) { + try { + String serializedValue = DOMUtils.serializeNode((Element)(value)); + serializedValue = StringUtils.removeXMLDeclaration(serializedValue); + sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, serializedValue})); + } catch (TransformerException e) { + Logger.error("Error on serializing SAML attribute \"" + name + + " (namespace: \"" + namespace + "\"."); + throw new ParseException("parser.05", new Object[] { name, namespace}); + } catch (IOException e) { + Logger.error("Error on serializing SAML attribute \"" + name + + " (namespace: \"" + namespace + "\"."); + throw new ParseException("parser.05", new Object[] { name, namespace}); + } + } + } + } + return sb.toString(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java new file mode 100644 index 000000000..60cd11ed6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -0,0 +1,146 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; +import java.util.List; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the authentication block <saml:Assertion> + * to be included in a <CreateXMLSignatureResponse>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants { + + /** template for the Auth-Block */ + private static String AUTH_BLOCK = + "" + NL + + " " + NL + + " " + NL + + " {3}" + NL + + " " + NL + + "{4}" + + " " + NL + + " {5}" + NL + + " " + NL + + " " + NL + + " {6}" + NL + + " " + NL + + "{7}" + + " " + NL + + ""; + + private static String GESCHAEFTS_BEREICH_ATTRIBUTE = + " " + NL + + " {0}" + NL + + " " + NL; + + private static String WBPK_ATTRIBUTE = + " " + NL + + " " + NL + + " " + NL + + " {0}" + NL + + " {1}" + NL + + " " + NL + + " " + NL + + " " + NL; + + /** + * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). + */ + public static final int NUM_OF_SAML_ATTRIBUTES = 3; + + /** + * Constructor for AuthenticationBlockAssertionBuilder. + */ + public AuthenticationBlockAssertionBuilder() { + super(); + } + + /** + * Builds the authentication block <saml:Assertion> + * + * @param issuer authentication block issuer; "GivenName FamilyName" + * @param issueInstant current timestamp + * @param authURL URL of MOA-ID authentication component + * @param target "Geschäftsbereich"; maybe null if the application + * is a business application + * @param identityLinkValue the content of the <pr:Value> + * child element of the <pr:Identification> + * element derived from the Identitylink; this is the + * value of the wbPK; + * maybe null if the application is a public service + * @param identityLinkType the content of the <pr:Type> + * child element of the <pr:Identification> + * element derived from the Identitylink; this includes the + * URN prefix and the identification number of the business + * application used as input for wbPK computation; + * maybe null if the application is a public service + * @param oaURL public URL of online application requested + * @param gebDat The date of birth from the identity link. + * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock. + * + * @return String representation of authentication block + * <saml:Assertion> built + * + * @throws BuildException If an error occurs on serializing an extended SAML attribute + * to be appended to the AUTH-Block. + */ + public String buildAuthBlock( + String issuer, + String issueInstant, + String authURL, + String target, + String identityLinkValue, + String identityLinkType, + String oaURL, + String gebDat, + List extendedSAMLAttributes, + AuthenticationSession session) + throws BuildException + { + session.setSAMLAttributeGebeORwbpk(true); + String gebeORwbpk = ""; + String wbpkNSDeclaration = ""; + if (target == null) { + // OA is a business application + if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { + // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator + gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + } else { + // We do not have a wbPK, therefore no SAML-Attribute is provided + session.setSAMLAttributeGebeORwbpk(false); + } + } else { + gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + } + + String assertion; + try { + assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { + wbpkNSDeclaration, + issuer, + issueInstant, + authURL, + gebeORwbpk, + oaURL, + gebDat, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + } catch (ParseException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + + return assertion; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java new file mode 100644 index 000000000..53520c846 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -0,0 +1,156 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; +import java.util.List; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Builder for the authentication data <saml:Assertion> + * to be provided by the MOA ID Auth component. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants { + /** private static String NL contains the NewLine representation in Java*/ + private static final String NL = "\n"; + /** + * XML template for the <saml:Assertion> to be built + */ + private static final String AUTH_DATA = + "" + NL + + "" + NL + + " " + NL + + " " + NL + + " {4}" + NL + + " " + NL + + " " + MOA_NS_URI + "cm" + NL + + " {5}{6}" + NL + + " " + NL + + " " + NL + + " " + NL + + " {7}" + NL + + " " + NL + + " " + NL + + " {8}" + NL + + " " + NL + + " " + NL + + " {9}" + NL + + " " + NL + + "{10}" + + "{11}" + + "{12}" + + " " + NL + + ""; + /** + * XML template for the <saml:Attribute> named "isPublicAuthority", + * to be inserted into the <saml:Assertion> + */ + private static final String PUBLIC_AUTHORITY_ATT = + " " + NL + + " {0}" + NL + + " " + NL; + + private static final String SIGNER_CERTIFICATE_ATT = + " " + NL + + " {0}" + NL + + " " + NL; + + /** + * Constructor for AuthenticationDataAssertionBuilder. + */ + public AuthenticationDataAssertionBuilder() { + super(); + } + + /** + * Builds the authentication data <saml:Assertion>. + * + * @param authData the AuthenticationData to build the + * <saml:Assertion> from + * @param xmlPersonData lt;pr:Person> element as a String + * @param xmlAuthBlock authentication block to be included in a + * lt;saml:SubjectConfirmationData> element; may include + * the "Stammzahl" or not; may be empty + * @param xmlIdentityLink the IdentityLink + * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe + * an empty string if the signer certificate should not be provided. + * Will be ignored if the businessService parameter is + * set to false. + * @param businessService true if the online application is a + * business service, otherwise false + * @return the <saml:Assertion> + * @throws BuildException if an error occurs during the build process + */ + public String build( + AuthenticationData authData, + String xmlPersonData, + String xmlAuthBlock, + String xmlIdentityLink, + String bkuURL, + String signerCertificateBase64, + boolean businessService, + List extendedSAMLAttributes) + throws BuildException + { + + String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; + String publicAuthorityAttribute = ""; + if (authData.isPublicAuthority()) { + String publicAuthorityIdentification = authData.getPublicAuthorityCode(); + if (publicAuthorityIdentification == null) + publicAuthorityIdentification = "True"; + publicAuthorityAttribute = MessageFormat.format( + PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification }); + } + + + String signerCertificateAttribute = ""; + if (signerCertificateBase64 != "") { + signerCertificateAttribute = MessageFormat.format( + SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 }); + } + + String pkType; + String pkValue; + if (businessService) { + pkType = authData.getIdentificationType(); + pkValue = authData.getWBPK(); + + } else { + pkType = URN_PREFIX_BPK; + pkValue = authData.getBPK(); + } + + String assertion; + try { + assertion = MessageFormat.format(AUTH_DATA, new Object[] { + authData.getAssertionID(), + authData.getIssuer(), + authData.getIssueInstant(), + pkType, + pkValue, + StringUtils.removeXMLDeclaration(xmlAuthBlock), + StringUtils.removeXMLDeclaration(xmlIdentityLink), + StringUtils.removeXMLDeclaration(xmlPersonData), + isQualifiedCertificate, + bkuURL, + publicAuthorityAttribute, + signerCertificateAttribute, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + } catch (ParseException e) { + Logger.error("Error on building Authentication Data Assertion: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()}); + } + return assertion; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java new file mode 100644 index 000000000..6cc8c1be8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.security.MessageDigest; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the bPK, as defined in + * "Ableitung f¨r die bereichsspezifische Personenkennzeichnung" + * version 1.0.1 from "reference.e-government.gv.at". + * + * @author Paul Schamberger + * @version $Id$ + */ +public class BPKBuilder { + + /** + * Builds the bPK from the given parameters. + * @param identificationValue Base64 encoded "Stammzahl" + * @param target "Bereich lt. Verordnung des BKA" + * @return bPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the bPK + */ + public String buildBPK(String identificationValue, String target) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + target == null || + target.length() == 0)) + { + throw new BuildException("builder.00", + new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",target=" + target}); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java new file mode 100644 index 000000000..3a2ee07de --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java @@ -0,0 +1,59 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Base class for HTML/XML builders providing commonly useful functions. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class Builder { + + /** + * Replaces a given number of occurences of a special tag in an XML or HTML template by a value. + * @param template html template + * @param tag special tag + * @param value value replacing the tag + * @param expected specifies if the tag is expected to present; if true and the tag + * is not present, an exception is thrown; if false and the tag is + * not present, the original string is returned + * @param maxreplacements Set -1 to replace each occurence of tag, or limit replacements by a given positive number + * @return XML or HTML code, the tag replaced + * @throws BuildException when template does not contain the tag + */ + protected String replaceTag( + String template, + String tag, + String value, + boolean expected, + int maxreplacements) + throws BuildException + { + String result = template; + int index = result.indexOf(tag); + if (index < 0) { + if (expected) { + // Substring not found but should + throw new BuildException( + "builder.01", + new Object[] {"<" + tag.substring(1, tag.length() - 1) + ">"}); + } + } else { + // replace each occurence + if (maxreplacements == -1) { + return StringUtils.replaceAll(template, tag, value); + } else { + int found = 1; + while (index > -1 && (found <= maxreplacements)) { + result = result.substring(0, index) + value + result.substring(index + tag.length()); + index = result.indexOf(tag); + if (index > -1) found += 1; + } + } + } + return result; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..06c81f49e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -0,0 +1,84 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.text.MessageFormat; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.FileUtils; + +/** + * Builder for the <VerifyXMLSignatureRequest> structure + * used for presenting certificate information in the secure viewer of the security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements Constants { + + /** special tag in the VerifyXMLRequest template to be substituted for a <dsig:Signature> */ + private static final String SIGNATURE_TAG = ""; + + /** private static String nl contains the NewLine representation in Java*/ + private static final String nl = "\n"; + + /** + * XML template for the CertInfoVerifyXMLSignatureRequest to be built + */ + static final String CERTINFO_REQUEST = + "" + nl + + "<{0}:VerifyXMLSignatureRequest {2} xmlns:dsig=\"" + DSIG_NS_URI + "\">" + nl + + " <{0}:SignatureInfo>" + nl + + " <{0}:SignatureEnvironment>" + nl + + " <{1}:XMLContent xml:space=\"preserve\">" + nl + + " " + nl + + " <{0}:SignatureLocation>//dsig:Signature" + nl + + " " + nl + + ""; + + /** + * Constructor + */ + public CertInfoVerifyXMLSignatureRequestBuilder() { + super(); + } + /** + * Builds the <VerifyXMLSignatureRequest> structure. + * @return the XML structure + * @throws BuildException + */ + public String build(boolean slVersion12) throws BuildException { + + String sl10Prefix; + String sl11Prefix; + String slNsDeclaration; + + if (slVersion12) { + + sl10Prefix = SL12_PREFIX; + sl11Prefix = SL12_PREFIX; + slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\""; + + } else { + + sl10Prefix = SL10_PREFIX; + sl11Prefix = SL11_PREFIX; + slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\""; + + } + + String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration}); + String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml"; + + + try { + String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8"); + certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, true, 1); + return certInfoRequest; + } + catch (IOException ex) { + throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()}); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..e9a9f308d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -0,0 +1,93 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; + +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Builder for the <CreateXMLSignatureRequest> structure + * used for requesting a signature under the authentication block from the + * security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class CreateXMLSignatureRequestBuilder implements Constants { + /** private static String nl contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** + * XML template for the <moa:CreateXMLSignatureRequest> to be built + */ + private static final String CREATE_XML_SIGNATURE_REQUEST = + "" + nl + + "<{3}:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' {5}>" + nl + + " <{3}:KeyboxIdentifier>{1}" + nl + + " <{3}:DataObjectInfo Structure=''detached''>" + nl + + " <{4}:DataObject Reference=''''/>" + nl + + "{2}" + + " " + nl + + " <{3}:SignatureInfo>" + nl + + " <{3}:SignatureEnvironment>" + nl + + " <{4}:XMLContent>{0}" + nl + + " " + nl + + " <{3}:SignatureLocation Index=''2''>/saml:Assertion" + nl + + " " + nl + + ""; + + + /** + * Constructor for CreateXMLSignatureRequestBuilder. + */ + public CreateXMLSignatureRequestBuilder() { + super(); + } + + /** + * Builds the <CreateXMLSignatureRequest>. + * + * @param authBlock String representation of XML authentication block + * @param keyBoxIdentifier the key box identifier which will be used (e.g. CertifiedKeypair) + * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not + * @return String representation of <CreateXMLSignatureRequest> + */ + public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + + String sl10Prefix; + String sl11Prefix; + String slNsDeclaration; + + String dsigTransformInfosString = ""; + for (int i = 0; i < dsigTransformInfos.length; i++) { + dsigTransformInfosString += dsigTransformInfos[i]; + } + + if (slVersion12) { + + // replace the SecurityLayer namespace prefixes and URIs within the transforms + dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString, + SL10_PREFIX, SL12_PREFIX, + SL10_NS_URI, SL12_NS_URI); + sl10Prefix = SL12_PREFIX; + sl11Prefix = SL12_PREFIX; + slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'"; + + } else { + + sl10Prefix = SL10_PREFIX; + sl11Prefix = SL11_PREFIX; + slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'"; + + } + + String request = MessageFormat.format( + CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock, + keyBoxIdentifier, + dsigTransformInfosString, + sl11Prefix, + sl10Prefix, + slNsDeclaration }); + + return request; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java new file mode 100644 index 000000000..30cc1df5a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -0,0 +1,83 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Builds a DataURL parameter meant for the security layer implementation + * to respond to. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class DataURLBuilder { + + /** + * Constructor for DataURLBuilder. + */ + public DataURLBuilder() { + super(); + } + + /** + * Constructs a data URL for VerifyIdentityLink or VerifyAuthenticationBlock, + * including the MOASessionID as a parameter. + * + * @param authBaseURL base URL (context path) of the MOA ID Authentication component, + * including a trailing '/' + * @param authServletName request part of the data URL + * @param sessionID sessionID to be included in the dataURL + * @return String + */ + public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { + + String individualDataURLPrefix = null; + String dataURL; + try { + //check if an individual prefix is configured + individualDataURLPrefix = AuthConfigurationProvider.getInstance(). + getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); + + if (null != individualDataURLPrefix) { + + //check individualDataURLPrefix + if(!individualDataURLPrefix.startsWith("http")) + throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); + + //when ok then use it + dataURL = individualDataURLPrefix + authServletName; + } else + dataURL = authBaseURL + authServletName; + + } catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); + dataURL = authBaseURL + authServletName; + } + + dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); + return dataURL; + } + + /** + * Method addParameter. + * @param urlString represents the url + * @param paramname is the parameter to be added + * @param value is the value of that parameter + * @return String + */ + private String addParameter(String urlString, String paramname, String value) { + String url = urlString; + if (paramname != null) { + if (url.indexOf("?") < 0) + url += "?"; + else + url += "&"; + url += paramname + "=" + value; + } + return url; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java new file mode 100644 index 000000000..0d0595b69 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -0,0 +1,150 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; + +import at.gv.egovernment.moa.id.BuildException; + +/** + * Builder for HTML form requesting the security layer implementation + * to get the identity link from smartcard by a <InfoboxReadRequest>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class GetIdentityLinkFormBuilder extends Builder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** special tag in the HTML template to be substituted for the BKU URL */ + private static final String BKU_TAG = ""; + /** special tag in the HTML template to be substituted for the XML request */ + private static final String XMLREQUEST_TAG = ""; + /** special tag in the HTML template to be substituted for the data URL */ + private static final String DATAURL_TAG = ""; + /** special tag in the HTML template to be substituted for certificate info XML request */ + private static final String CERTINFO_XMLREQUEST_TAG = ""; + /** special tag in the HTML template to be substituted for the certificate info data URL */ + private static final String CERTINFO_DATAURL_TAG = ""; + /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */ + private static final String PUSHINFOBOX_TAG = ""; + /** private static int all contains the representation to replace all tags*/ + private static final int ALL = -1; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE = + "" + nl + + "" + nl + + "" + nl + + "Anmeldung mit Bürgerkarte" + nl + + "" + nl + + "" + nl + + "
" + nl + + " " + nl + + " " + nl + + " " + nl + + " " + nl + + "
" + nl + + "
" + nl + + " " + nl + + " " + nl + +// " " + nl + + " " + nl + + "
" + nl + + "" + nl + + ""; + + /** + * Constructor for GetIdentityLinkFormBuilder. + */ + public GetIdentityLinkFormBuilder() { + super(); + } + /** + * Builds the HTML form, including XML Request and data URL as parameters. + * + * @param htmlTemplate template to be used for the HTML form; + * may be null, in this case a default layout will be produced + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String build( + String htmlTemplate, + String bkuURL, + String xmlRequest, + String dataURL, + String certInfoXMLRequest, + String certInfoDataURL, + String pushInfobox) + throws BuildException + { + String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; +// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL); +//new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); + htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL); + htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL); + return htmlForm; + } + /** + * Encodes a string for inclusion as a parameter in the form. + * Double quotes are substituted by "&quot;". + * @param s the string to be encoded + * @return the string encoded + * @throws BuildException on any exception encountered + */ + public static String encodeParameter(String s) throws BuildException { + StringReader in = new StringReader(s); + StringWriter out = new StringWriter(); + try { + for (int ch = in.read(); ch >= 0; ch = in.read()) { + if (ch == '"') + out.write("""); + else if (ch == '<') + out.write("<"); + else if (ch == '>') + out.write(">"); + else if (ch == 'ä') + out.write("ä"); + else if (ch == 'ö') + out.write("ö"); + else if (ch == 'ü') + out.write("ü"); + else if (ch == 'Ä') + out.write("Ä"); + else if (ch == 'Ö') + out.write("Ö"); + else if (ch == 'Ü') + out.write("Ü"); + else if (ch == 'ß') + out.write("ß"); + else + out.write(ch); + } + } + catch (IOException ex) { + throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()}); + } + return out.toString(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java new file mode 100644 index 000000000..c2bafe43b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -0,0 +1,86 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <InfoboxReadRequest> structure + * used for requesting the identity link from the security layer implementation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class InfoboxReadRequestBuilder implements Constants { + + + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilder() { + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * + * @return <InfoboxReadRequest> as String + */ + public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) { + + String slPrefix; + String slNsDeclaration; + + if (slVersion12) { + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + } else { + slPrefix = SL10_PREFIX; + slNsDeclaration = SL10_NS_URI; + } + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>IdentityLink"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>"); + if (businessService) { + sb.append("<"); + sb.append(slPrefix); + sb.append(":BoxSpecificParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":IdentityLinkDomainIdentifier>"); + sb.append(identityLinkDomainIdentifier); + sb.append(""); + sb.append(""); + } + sb.append(""); + + return sb.toString(); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java new file mode 100644 index 000000000..038e549be --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -0,0 +1,82 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * This class provides one method for building parameters needed for + * validating an infobox token. + * + * @author Harald Bratko + */ +public class InfoboxValidatorParamsBuilder { + + // hide the default constructor + private InfoboxValidatorParamsBuilder() { + } + + /** + * Builds the parameters passed to the validator class for validating an infobox token. + * + * @param session The actual Authentication session. + * @param verifyInfoboxParameter The configuration parameters for the infobox. + * @param infoboxTokenList Contains the infobox token to be validated. + * @param hideStammzahl Indicates whether source pins (Stammzahlen) + * should be hidden in any SAML attributes returned by + * an infobox validator. + * + * @return Parameters for validating an infobox token. + */ + public static InfoboxValidatorParams buildInfoboxValidatorParams( + AuthenticationSession session, + VerifyInfoboxParameter verifyInfoboxParameter, + List infoboxTokenList, + boolean hideStammzahl) + { + InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); + IdentityLink identityLink = session.getIdentityLink(); + + // the infobox token to validate + infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList); + // configuration parameters + infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID()); + infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations()); + infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams()); + // authentication session parameters + infoboxValidatorParams.setBkuURL(session.getBkuURL()); + infoboxValidatorParams.setTarget(session.getTarget()); + infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); + // parameters from the identity link + infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); + infoboxValidatorParams.setGivenName(identityLink.getGivenName()); + infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth()); + if (verifyInfoboxParameter.getProvideStammzahl()) { + infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue()); + } + infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType()); + infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey()); + if (verifyInfoboxParameter.getProvideIdentityLink()) { + Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true); + if (!verifyInfoboxParameter.getProvideStammzahl()) { + Element identificationValueElem = + (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + if (identificationValueElem != null) { + identificationValueElem.getFirstChild().setNodeValue(""); + } + } + infoboxValidatorParams.setIdentityLink(identityLinkElem); + } + infoboxValidatorParams.setHideStammzahl(hideStammzahl); + return infoboxValidatorParams; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java new file mode 100644 index 000000000..819ed79bb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -0,0 +1,59 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Builder for the lt;pr:Person> element to be inserted + * in the authentication data lt;saml:Assertion>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class PersonDataBuilder { + + /** + * Constructor for PersonDataBuilder. + */ + public PersonDataBuilder() { + super(); + } + /** + * Builds the <pr:Person> element.
+ * Utilizes the parsed <prPerson> from the identity link + * and the information regarding inclusion of "Stammzahl" in the + * <pr:Person> data. + * + * @param identityLink IdentityLink containing the + * attribute prPerson + * @param provideStammzahl true if "Stammzahl" is to be included; + * false otherwise + * @return the <pr:Person> element as a String + * @throws BuildException on any error + */ + public String build(IdentityLink identityLink, boolean provideStammzahl) + throws BuildException { + + try { + Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true); + if (! provideStammzahl) { + Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value"); + //remove IdentificationValue + prIdentification.getFirstChild().setNodeValue(""); + } + String xmlString = DOMUtils.serializeNode(prPerson); + return xmlString; + } + catch (Exception ex) { + throw new BuildException( + "builder.00", + new Object[] {"PersonData", ex.toString()}, + ex); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java new file mode 100644 index 000000000..27e19e830 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.ByteArrayOutputStream; +import java.security.MessageDigest; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * Builder for the SAML artifact, as defined in the + * Browser/Artifact profile of SAML. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLArtifactBuilder { + + /** + * Constructor for SAMLArtifactBuilder. + */ + public SAMLArtifactBuilder() { + super(); + } + + /** + * Builds the SAML artifact, encoded BASE64. + *
    + *
  • TypeCode: 0x0001.
  • + *
  • SourceID: SHA-1 hash of the authURL
  • + *
  • AssertionHandle: SHA-1 hash of the MOASessionID
  • + *
+ * @param authURL URL auf the MOA-ID Auth component to be used for construction + * of SourceID + * @param sessionID MOASessionID to be used for construction + * of AssertionHandle + * @return the 42-byte SAML artifact, encoded BASE64 + */ + public String build(String authURL, String sessionID) throws BuildException { + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] sourceID = md.digest(authURL.getBytes()); + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + return samlArtifactBase64; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, + ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java new file mode 100644 index 000000000..64cb16181 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -0,0 +1,91 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Builder for the lt;samlp:Response> used for passing + * result and status information from the GetAuthenticationData + * web service. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLResponseBuilder implements Constants { + /** XML - Template for samlp:Response */ + private static final String RESPONSE = + "" + + "" + + " " + + " " + + " {4}" + + " " + + " {5}" + + " " + + " {6}" + + ""; + /** XML - Template for samlp:StatusCode */ + private static final String SUB_STATUS_CODE = + ""; + + /** + * Constructor for SAMLResponseBuilder. + */ + public SAMLResponseBuilder() { + super(); + } + /** + * Builds the SAML response. + * @param responseID response ID + * @param inResponseTo request ID of lt;samlp:Request> responded to + * @param issueInstant current timestamp + * @param statusCode status code + * @param subStatusCode sub-status code refining the status code; may be null + * @param statusMessage status message + * @param samlAssertion SAML assertion representing authentication data + * @return SAML response as a DOM element + */ + public Element build( + String responseID, + String inResponseTo, + String issueInstant, + String statusCode, + String subStatusCode, + String statusMessage, + String samlAssertion) + throws BuildException { + + try { + String xmlSubStatusCode = + subStatusCode == null ? + "" : + MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode}); + + String xmlResponse = MessageFormat.format(RESPONSE, new Object[] { + responseID, + inResponseTo, + issueInstant, + statusCode, + xmlSubStatusCode, + statusMessage, + StringUtils.removeXMLDeclaration(samlAssertion) }); + Element domResponse = DOMUtils.parseDocument(xmlResponse, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + return domResponse; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] { "samlp:Response", ex.toString() }, + ex); + } + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java new file mode 100644 index 000000000..312179e73 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java @@ -0,0 +1,63 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.BuildException; + +/** + * Builder for the BKU selection form requesting the user to choose + * a BKU from a list. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SelectBKUFormBuilder extends Builder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** special tag in the HTML template to be substituted for the form action which is + * a URL of MOA-ID Auth */ + private static final String ACTION_TAG = ""; + /** special tag in the HTML template to be substituted for the <select;gt; tag + * containing the BKU selection options */ + private static final String SELECT_TAG = ""; + /** + * Template for the default html-code to be returned as security-layer-selection to be built + */ + private static final String DEFAULT_HTML_TEMPLATE = + "" + nl + + "" + nl + + "" + nl + + "Auswahl der Bürgerkartenumgebung" + nl + + "" + nl + + "" + nl + + "
" + nl + + SELECT_TAG + nl + + " " + nl + + "
" + nl + + "" + nl + + ""; + + /** + * Constructor + */ + public SelectBKUFormBuilder() { + super(); + } + /** + * Method build. Builds the form + * @param htmlTemplate to be used + * @param startAuthenticationURL the url where the startAuthenticationServlet can be found + * @param bkuSelectTag if a special bku should be used + * @return String + * @throws BuildException on any error + */ + public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag) + throws BuildException { + + String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; + htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, true, 1); + htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, true, 1); + return htmlForm; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..758f28150 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -0,0 +1,206 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <VerifyXMLSignatureRequestBuilder> structure + * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureRequestBuilder { + + /** shortcut for XMLNS namespace URI */ + private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; + /** shortcut for MOA namespace URI */ + private static final String MOA_NS_URI = Constants.MOA_NS_URI; + /** The DSIG-Prefix */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + + /** The document containing the VerifyXMLsignatureRequest */ + private Document requestDoc_; + /** the VerifyXMLsignatureRequest root element */ + private Element requestElem_; + + + /** + * Builds the body for a VerifyXMLsignatureRequest including the root + * element and namespace declarations. + * + * @throws BuildException If an error occurs on building the document. + */ + public VerifyXMLSignatureRequestBuilder() throws BuildException { + try { + DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + requestDoc_ = docBuilder.newDocument(); + requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + requestDoc_.appendChild(requestElem_); + } catch (Throwable t) { + throw new BuildException( + "builder.00", + new Object[] {"VerifyXMLSignatureRequest", t.toString()}, + t); + } + } + + + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param identityLink - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * + * @return Element - The complete request as Dom-Element + * + * @throws ParseException + */ + public Element build(IdentityLink identityLink, String trustProfileID) + throws ParseException + { + try { + // build the request + Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); + requestElem_.appendChild(dateTimeElem); + Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); + dateTimeElem.appendChild(dateTime); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + // insert the base64 encoded identity link SAML assertion + String serializedAssertion = identityLink.getSerializedSamlAssertion(); + String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8")); + //replace all '\r' characters by no char. + StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i ++) { + char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } + } + base64EncodedAssertion = replaced.toString(); + Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); + // add the transforms + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); + for (int i = 0; i < dsigTransforms.length; i++) { + Element verifyTransformsInfoProfileElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); + verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); + } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + } catch (Throwable t) { + throw new ParseException("builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } + + return requestElem_; + } + + + /** + * Builds a <VerifyXMLSignatureRequest> + * from the signed AUTH-Block with a known trustProfileID which + * has to exist in MOA-SP + * @param csr - signed AUTH-Block + * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element build( + CreateXMLSignatureResponse csr, + String[] verifyTransformsInfoProfileID, + String trustProfileID) + throws BuildException { //samlAssertionObject + + try { + // build the request +// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" +// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); + verifySignatureEnvironmentElem.appendChild(xmlContentElem); + xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); + // insert the SAML assertion + xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true)); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); + // add the transform profile IDs + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { + Element verifyTransformsInfoProfileIDElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild( + requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); + } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + + } catch (Throwable t) { + throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); + } + + return requestElem_; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java new file mode 100644 index 000000000..90d79a46d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -0,0 +1,383 @@ +package at.gv.egovernment.moa.id.auth.data; + +import java.util.Date; +import java.util.List; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * Session data to be stored between AuthenticationServer API calls. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationSession { + + private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + + /** + * session ID + */ + private String sessionID; + /** + * "Geschäftsbereich" the online application belongs to; maybe null + * if the online application is a business application + */ + private String target; + /** + * public online application URL requested + */ + private String oaURLRequested; + /** + * public online application URL prefix + */ + private String oaPublicURLPrefix; + /** + * URL of MOA ID authentication component + */ + private String authURL; + /** + * HTML template URL + */ + private String templateURL; + /** + * URL of the BKU + */ + private String bkuURL; + /** + * identity link read from smartcard + */ + private IdentityLink identityLink; + /** + * authentication block to be signed by the user + */ + private String authBlock; + /** + * timestamp logging when authentication session has been created + */ + private Date timestampStart; + /** + * timestamp logging when identity link has been received + */ + private Date timestampIdentityLink; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; + + /** + * SAML attributes from an extended infobox validation to be appended + * to the SAML assertion delivered to the final online application. + */ + private List extendedSAMLAttributesOA; + + /** + * The boolean value for either a target or a wbPK is provided as + * SAML Attribute in the SAML Assertion or not. + */ + private boolean samlAttributeGebeORwbpk; + + /** + * SAML attributes from an extended infobox validation to be appended + * to the SAML assertion of the AUTHBlock. + */ + private List extendedSAMLAttributesAUTH; + + /** + * The issuing time of the AUTH-Block SAML assertion. + */ + private String issueInstant; + + /** + * Constructor for AuthenticationSession. + * + * @param id Session ID + */ + public AuthenticationSession(String id) { + sessionID = id; + setTimestampStart(); + } + + /** + * Returns the identityLink. + * @return IdentityLink + */ + public IdentityLink getIdentityLink() { + return identityLink; + } + + /** + * Returns the sessionID. + * @return String + */ + public String getSessionID() { + return sessionID; + } + + /** + * Sets the identityLink. + * @param identityLink The identityLink to set + */ + public void setIdentityLink(IdentityLink identityLink) { + this.identityLink = identityLink; + } + + /** + * Sets the sessionID. + * @param sessionId The sessionID to set + */ + public void setSessionID(String sessionId) { + this.sessionID = sessionId; + } + + /** + * Returns the oaURLRequested. + * @return String + */ + public String getOAURLRequested() { + return oaURLRequested; + } + + /** + * Returns the oaURLRequested. + * @return String + */ + public String getPublicOAURLPrefix() { + return oaPublicURLPrefix; + } + + /** + * Returns the BKU URL. + * @return String + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * Returns the target. + * @return String + */ + public String getTarget() { + return target; + } + + /** + * Sets the oaURLRequested. + * @param oaURLRequested The oaURLRequested to set + */ + public void setOAURLRequested(String oaURLRequested) { + this.oaURLRequested = oaURLRequested; + } + + /** + * Sets the oaPublicURLPrefix + * @param oaPublicURLPrefix The oaPublicURLPrefix to set + */ + public void setPublicOAURLPrefix(String oaPublicURLPrefix) { + this.oaPublicURLPrefix = oaPublicURLPrefix; + } + + /** + * Sets the bkuURL + * @param bkuURL The BKU URL to set + */ + public void setBkuURL(String bkuURL) { + this.bkuURL = bkuURL; + } + + /** + * Sets the target. If the target includes the target prefix, the prefix will be stripped off. + * @param target The target to set + */ + public void setTarget(String target) { + if (target != null && target.startsWith(TARGET_PREFIX_)) + { + // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove prefix + this.target = target.substring(TARGET_PREFIX_.length()); + Logger.debug("Target prefix stripped off; resulting target: " + this.target); + } + else + { + this.target = target; + } + } + + /** + * Returns the authURL. + * @return String + */ + public String getAuthURL() { + return authURL; + } + + /** + * Sets the authURL. + * @param authURL The authURL to set + */ + public void setAuthURL(String authURL) { + this.authURL = authURL; + } + + /** + * Returns the authBlock. + * @return String + */ + public String getAuthBlock() { + return authBlock; + } + + /** + * Sets the authBlock. + * @param authBlock The authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + /** + * Returns the timestampIdentityLink. + * @return Date + */ + public Date getTimestampIdentityLink() { + return timestampIdentityLink; + } + + /** + * Returns the businessService. + * @return true if the corresponding online application is + * a business application, otherwise false + */ + public boolean getBusinessService() { + return businessService; + } + + /** + * Sets the businessService variable. + * @param businessService the value for setting the businessService variable. + */ + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + + /** + * Returns the timestampStart. + * @return Date + */ + public Date getTimestampStart() { + return timestampStart; + } + + /** + * Sets the current date as timestampIdentityLink. + */ + public void setTimestampIdentityLink() { + timestampIdentityLink = new Date(); + } + + /** + * Sets the current date as timestampStart. + */ + public void setTimestampStart() { + timestampStart = new Date(); + } + + /** + * @return template URL + */ + public String getTemplateURL() { + return templateURL; + } + + /** + * @param string the template URL + */ + public void setTemplateURL(String string) { + templateURL = string; + } + + /** + * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe null. + * + * @return The SAML Attributes to be appended to the AUTHBlock. Maybe null. + */ + public List getExtendedSAMLAttributesAUTH() { + return extendedSAMLAttributesAUTH; + } + + /** + * Sets the SAML Attributes to be appended to the AUTHBlock. + * + * @param extendedSAMLAttributesAUTH The SAML Attributes to be appended to the AUTHBlock. + */ + public void setExtendedSAMLAttributesAUTH( + List extendedSAMLAttributesAUTH) { + this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH; + } + + /** + * Returns the SAML Attributes to be appended to the SAML assertion + * delivered to the online application. Maybe null. + * + * @return The SAML Attributes to be appended to the SAML assertion + * delivered to the online application + */ + public List getExtendedSAMLAttributesOA() { + return extendedSAMLAttributesOA; + } + + /** + * Sets the SAML Attributes to be appended to the SAML assertion + * delivered to the online application. + * + * @param extendedSAMLAttributesOA The SAML Attributes to be appended to the SAML + * assertion delivered to the online application. + */ + public void setExtendedSAMLAttributesOA( + List extendedSAMLAttributesOA) { + this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; + } + + /** + * Returns the boolean value for either a target or a wbPK is + * provided as SAML Attribute in the SAML Assertion or not. + * + * @return true either a target or a wbPK is provided as SAML Attribute + * in the SAML Assertion or false if not. + */ + public boolean getSAMLAttributeGebeORwbpk() { + return this.samlAttributeGebeORwbpk; + } + + /** + * Sets the boolean value for either a target or a wbPK is + * provided as SAML Attribute in the SAML Assertion or not. + * + * @param samlAttributeGebeORwbpk The boolean for value either a target or + * wbPK is provided as SAML Attribute in the SAML Assertion or not. + */ + public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { + this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk; + } + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + public void setIssueInstant(String issueInstant) { + this.issueInstant = issueInstant; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java new file mode 100644 index 000000000..d121f2c55 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.auth.data; + +import org.w3c.dom.Element; + +/** + * This bean saves all information of the CreateXMLSignature-Response: + * a {@link SAMLAttribute} array, the SamlAssertion-Element and the + * saml NameIdentifier + * + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class CreateXMLSignatureResponse { + /** the samlNameIdentifier */ +private String samlNameIdentifier; + /** an array of saml-attributes */ +private SAMLAttribute[] samlAttributes; + /** + * the original saml:Assertion-Element + */ + private Element samlAssertion; +/** + * Returns the samlAssertion. + * @return Element + */ +public Element getSamlAssertion() { + return samlAssertion; +} + +/** + * Returns the samlAttribute. + * @return SAMLAttribute[] + */ +public SAMLAttribute[] getSamlAttributes() { + return samlAttributes; +} + +/** + * Returns the samlNameIdentifier. + * @return String + */ +public String getSamlNameIdentifier() { + return samlNameIdentifier; +} + +/** + * Sets the samlAssertion. + * @param samlAssertion The samlAssertion to set + */ +public void setSamlAssertion(Element samlAssertion) { + this.samlAssertion = samlAssertion; +} + +/** + * Sets the samlAttribute. + * @param samlAttributes The samlAttributes to set + */ +public void setSamlAttributes(SAMLAttribute[] samlAttributes) { + this.samlAttributes = samlAttributes; +} + +/** + * Sets the samlNameIdentifier. + * @param samlNameIdentifier The samlNameIdentifier to set + */ +public void setSamlNameIdentifier(String samlNameIdentifier) { + this.samlNameIdentifier = samlNameIdentifier; +} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java new file mode 100644 index 000000000..795079227 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java @@ -0,0 +1,73 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * A SAML-Attribute to be appended to the final SAML-Assertion + * that will be passed to the online application. + */ +public interface ExtendedSAMLAttribute { + /** + * Add this attribute only to the SAML-Assertion + * passed to the online application, but not to + * the AUTH-Block. + */ + public final static int NOT_ADD_TO_AUTHBLOCK = 0; + /** + * Add this attribute to both, the AUTH-Block and the + * final SAML-Assertion passed to the online application. + */ + public final static int ADD_TO_AUTHBLOCK = 1; + /** + * Add this attribute to only the AUTH-Block, but not + * to the final SAML-Assertion passed to the online application. + */ + public final static int ADD_TO_AUTHBLOCK_ONLY = 2; + + /** + * The value of the SAML-Attribute. This must be either a + * org.w3c.Element or a java.lang.String + * object. Each other type will be ignored.
+ * If, for example, the type of the actual SAML-Attribute is a + * <xsd:boolean> the value must be either the String + * "true" or "false". + * Or the <xsd:integer> number 273 + * has to be the String "273". + * + * @return The value of the SAML-Attribute. Must not be null. + */ + public Object getValue(); + + /** + * The name of the SAML-Attribute. + * + * @return The name of the SAML-Attribute. Must not be null. + */ + public String getName(); + + /** + * The namespace of the SAML-Attribute. + * An application will use the context specific namespace URI for the attribute it returns. + * However, if the application cannot explicitely assign a namespace URI, the + * {@link at.gv.egovernment.moa.util.Constants#MOA_NS_URI default} MOA namespace URI + * should be used. + * + * @return The namespace of the SAML-Attribute. Must not be null. + */ + public String getNameSpace(); + + /** + * Specifies if this SAML-Attribute should be added to the AUTH-Block. + *
+ * Depending on the returned value, this SAML-Attribute should be only added to the + * final SAML-Assertion passed to the online application (0), to both, the final + * assertion and the AUTH-Block (1) or to the AUTH-Block only (2). + * + * @return
    + *
  • 0 - add this SAML-Attribute to the final SAML-Assertion only
  • + *
  • 1 - add this SAML-Attribute to both, the final SAML-Assertion and the + * AUTH-Block
  • + *
  • 2 - add this SAML-Attribute to the AUTH-Block only + *
+ */ + public int getAddToAUTHBlock(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java new file mode 100644 index 000000000..e7e490924 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -0,0 +1,137 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * This class contains SAML attributes to be appended to the SAML assertion delivered to + * the Online application. + * + * @author Harald Bratko + */ +public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute { + + /** + * The value of this SAML attribute. Must be either of type java.lang.String + * or org.w3c.Element. + */ + protected Object value_; + + /** + * The name of this SAML attribute. + */ + protected String name_; + + /** + * The namespace URI of this SAML attribute. + */ + protected String namespace_; + + /** + * Specifies whether this SAML attribute should be appended to AUTH Block. + */ + protected int addToAUTHBlock_; + + /** + * Sets this ExtendedSAMLAttribute. + * @param name The name of this SAML Attribute. + * @param value The value of this SAML Attribute. Must be either of type + * java.lang.String or org.w3c.dom.Element. + * @param namespace The namespace of this SAML Attribute. + * @param addToAUTHBlock Specifies if this SAML Attribute should be added to the AUTHBlock. + * The following values are allowed: + *
    + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + *
  • + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} + *
  • + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} + *
  • + *
+ * + */ + public ExtendedSAMLAttributeImpl(String name, Object value, String namespace, int addToAUTHBlock) { + name_ = name; + value_ = value; + namespace_ = namespace; + addToAUTHBlock_ = addToAUTHBlock; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue() + */ + public Object getValue() { + return value_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName() + */ + public String getName() { + return name_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace() + */ + public String getNameSpace() { + return namespace_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock() + */ + public int getAddToAUTHBlock() { + return addToAUTHBlock_; + } + + /** + * Specifies if this SAML Attribute should be added to the AUTHBlock. + * + * @param addToAUTHBlock One of the following values: + *
    + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + *
  • + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} + *
  • + *
  • + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} + *
  • + *
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + */ + public void setAddToAUTHBlock(int addToAUTHBlock) { + addToAUTHBlock_ = addToAUTHBlock; + } + + /** + * Sets the name of this SAML attribute. + * + * @param name The name of this SAML attribute. + */ + public void setName(String name) { + name_ = name; + } + + /** + * Sets the namespace of this SAML attribute. + * + * @param namespace The namespace to set. + */ + public void setNamespace(String namespace) { + namespace_ = namespace; + } + + /** + * Sets the value of this SAML attribute. + * + * @param value The value of this SAML Attribute. Must be either of type + * java.lang.String or org.w3c.dom.Element. + */ + public void setValue(Object value) { + value_ = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java new file mode 100644 index 000000000..844451035 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -0,0 +1,266 @@ +package at.gv.egovernment.moa.id.auth.data; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.util.DOMUtils; + + +/** + * Data contained in an identity link issued by BMI, relevant to the MOA ID component. + *
"IdentityLink" is the translation of "Personenbindung". + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class IdentityLink { + /** + * "identificationValue" is the translation of "Stammzahl". + */ + private String identificationValue; + /** + * "identificationType" type of the identificationValue in the IdentityLink. + */ + private String identificationType; + /** + * first name + */ + private String givenName; + /** + * family name + */ + private String familyName; + + /** + * The name as (givenName + familyName) + */ + private String name; + /** + * date of birth + */ + private String dateOfBirth; + /** + * the original saml:Assertion-Element + */ + private Element samlAssertion; + /** + * the serializes saml:Assertion + */ + private String serializedSamlAssertion; + /** + * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person + */ + private Element prPerson; + /** + * we need for each dsig:Reference Element all + * transformation elements + */ + private Element[] dsigReferenceTransforms; + + /** + * The issuing time of the identity link SAML assertion. + */ + private String issueInstant; + + /** + * we need all public keys stored in + * the identity link + */ + private PublicKey[] publicKey; + + /** + * Constructor for IdentityLink + */ + public IdentityLink() { + } + + /** + * Returns the dateOfBirth. + * @return Calendar + */ + public String getDateOfBirth() { + return dateOfBirth; + } + + /** + * Returns the familyName. + * @return String + */ + public String getFamilyName() { + return familyName; + } + + /** + * Returns the givenName. + * @return String + */ + public String getGivenName() { + return givenName; + } + + /** + * Returns the name. + * @return The name. + */ + public String getName() { + if (name == null) { + name = givenName + " " + familyName; + } + return name; + } + + /** + * Returns the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @return String + */ + public String getIdentificationValue() { + return identificationValue; + } + + /** + * Returns the identificationType. + * "identificationType" type of the identificationValue in the IdentityLink. + * @return String + */ + public String getIdentificationType() { + return identificationType; + } + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + public void setDateOfBirth(String dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * Sets the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @param identificationValue The identificationValue to set + */ + public void setIdentificationValue(String identificationValue) { + this.identificationValue = identificationValue; + } + + /** + * Sets the Type of the identificationValue. + * @param identificationType The type of identificationValue to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * Returns the samlAssertion. + * @return Element + */ + public Element getSamlAssertion() { + return samlAssertion; + } + + /** + * Returns the samlAssertion. + * @return Element + */ + public String getSerializedSamlAssertion() { + return serializedSamlAssertion; + } + + /** + * Sets the samlAssertion and the serializedSamlAssertion. + * @param samlAssertion The samlAssertion to set + */ + public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { + this.samlAssertion = samlAssertion; + this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion); + } + + /** + * Returns the dsigReferenceTransforms. + * @return Element[] + */ + public Element[] getDsigReferenceTransforms() { + return dsigReferenceTransforms; + } + + /** + * Sets the dsigReferenceTransforms. + * @param dsigReferenceTransforms The dsigReferenceTransforms to set + */ + public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { + this.dsigReferenceTransforms = dsigReferenceTransforms; + } + + /** + * Returns the publicKey. + * @return PublicKey[] + */ + public PublicKey[] getPublicKey() { + return publicKey; + } + + /** + * Sets the publicKey. + * @param publicKey The publicKey to set + */ + public void setPublicKey(PublicKey[] publicKey) { + this.publicKey = publicKey; + } + + /** + * Returns the prPerson. + * @return Element + */ + public Element getPrPerson() { + return prPerson; + } + + /** + * Sets the prPerson. + * @param prPerson The prPerson to set + */ + public void setPrPerson(Element prPerson) { + this.prPerson = prPerson; + } + + /** + * Returns the issuing time of the identity link SAML assertion. + * + * @return The issuing time of the identity link SAML assertion. + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * Sets the issuing time of the identity link SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + public void setIssueInstant(String issueInstant) { + this.issueInstant = issueInstant; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java new file mode 100644 index 000000000..6b1f24aba --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.auth.data; + +import org.w3c.dom.Element; + +/** + * Contains an infobox token included in an InfoboxReadResponse. + * Depending on whether the token is extracted from an XMLContent or a + * Base64Content it is either returned as DOM element + * ({@link #getXMLToken()}) or base64 encoded string ({@link #getBase64Token()}). + * + * @author Harald Bratko + */ +public interface InfoboxToken { + + /** + * The key of the corresponding infobox. + * This is the value of Key attribute of the <Pair> child + * element in an <AssocArrayData> content of an InfoboxReadResponse. + * Maybe null if the InfoboxReadResponse conatains BinaryFileData. + * + * + * @return The key identifier of the corresponding infobox. + */ + public String getKey(); + + /** + * Specifies if this token is the first token (e.g in an array of tokens) included in an + * InfoboxReadResponse. If true this token is the token to be + * validated by a corresponding + * {@link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator InfoboxValidator}. + * If false this token maybe needed to validate the primary token. + * + * @return True if this token is the first token. + */ + public boolean isPrimary(); + + /** + * Returns the infobox token. + * Maybe null if the token is returned by method {@link #getBase64Token()} + * as base64 encoded string. + *
+ * Note that this token is not validated against the + * application specific schema (e.g. Mandates schema in the mandates context). + * Thus the validating application has to validate the token + * against the appropriate schema. + * + * @return The infobox token. If null the token is returned by method + * {@link #getBase64Token()} as base64 encoded string. + */ + public Element getXMLToken(); + + /** + * Returns the infobox token. + * Maybe null if the token is returned by method {@link #getXMLToken()} + * as a DOM element. + *
+ * Note, that the base64 encoded string actually may include more than one infobox + * elements. + * + * @return The infobox token. If null the token is returned by method + * {@link #getBase64Token()} as base64 encoded string. + */ + public String getBase64Token(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java new file mode 100644 index 000000000..f1ff30a8a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java @@ -0,0 +1,129 @@ +package at.gv.egovernment.moa.id.auth.data; + +import org.w3c.dom.Element; + +/** + * This class contains an infobox token. + * + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken + * + * @author Harald Bratko + */ +public class InfoboxTokenImpl implements InfoboxToken { + + /** + * The key of the infobox token. + */ + private String key_; + + /** + * Specifies whether this token is the primary (first in an array) token. + */ + private boolean primary_; + + /** + * The infobox token. + */ + private Element xmlToken_; + + /** + * The base64 encoded infobox token. + */ + private String base64Token_; + + /** + * Sets an XML infobox token. + * + * @param key The key of the infobox token. + * @param primary True this token is the primary (e.g .first in an array) + * token, otherwise false + * @param xmlToken The infobox token. + */ + public InfoboxTokenImpl(String key, boolean primary, Element xmlToken) { + key_ = key; + primary_ = primary; + xmlToken_ = xmlToken; + base64Token_ = null; + } + + /** + * Sets a base64 encoded infobox token. + * + * @param key The key of the infobox token. + * @param primary True this token is the primary (e.g .first in an array) + * token, otherwise false + * @param base64Token The base64 encoded infobox token. + */ + public InfoboxTokenImpl(String key, boolean primary, String base64Token) { + key_ = key; + primary_ = primary; + base64Token_ = base64Token; + xmlToken_ = null; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getKey() + */ + public String getKey() { + return key_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#isPrimary() + */ + public boolean isPrimary() { + return primary_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getXMLToken() + */ + public Element getXMLToken() { + return xmlToken_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getBase64Token() + */ + public String getBase64Token() { + return base64Token_; + } + + /** + * Sets the key of the infobox token. + * + * @param key The key of the infobox token. + */ + public void setKey(String key) { + key_ = key; + } + + /** + * Specifies whether this token is the primary (e.g. first in an array) token. + * + * @param primary True this token is the primary (e.g .first in an array) + * token, otherwise false. + */ + public void setPrimary(boolean primary) { + primary_ = primary; + } + + /** + * Sets the base64 encoded token. + * + * @param base64Token The base64 encoded token. + */ + public void setBase64Token(String base64Token) { + base64Token_ = base64Token; + } + + /** + * Sets the infobox token. + * + * @param xmlToken The infobox token. + */ + public void setXmlToken(Element xmlToken) { + xmlToken_ = xmlToken; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java new file mode 100644 index 000000000..b8dd7f18e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java @@ -0,0 +1,57 @@ +package at.gv.egovernment.moa.id.auth.data; + + +/** + * Includes the result of an extended infobox validation. + * + * If validation succeeds, an array of + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes} + * maybe provided. Each of these SAML-Attributes will be either appended to the + * final SAML-Assertion passed to the online application or to the AUTH-Block, + * or to both. + *
+ * If validation fails the implementing class has to provide a short error message. + * + * @author Harald Bratko + */ +public interface InfoboxValidationResult { + + /** + * The method returns true if validation succeeds. In that case + * method {@link #getExtendedSamlAttributes()} may provide an array of + * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the + * AUTH-Block or to both. + *
+ * The method returns false if validation fails. In that case + * method {@link #getErrorMessage()} has to provide a short error description. + * + * @return True if validation succeeds, + * otherwise false. + */ + public boolean isValid(); + + /** + * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * ExtendedSAMLAttributes} that should be added to the SAML-Assertion + * provided to the online application. + * The SAML-Attributes in that array will be added to the final + * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged + * in the array this method returns. + * + * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * ExtendedSAMLAttributes} that should be added to the SAML-Assertion + * provided to the online application, the AUTH-Block, or both. If no attributes should + * be added this array maybe null or empty. + */ + public ExtendedSAMLAttribute[] getExtendedSamlAttributes(); + + /** + * A short error description that should be displayed by MOA-ID if + * validation of the InfoBoxReadResponse fails. + * + * @return An short error message if validation fails. + */ + public String getErrorMessage(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java new file mode 100644 index 000000000..97f52fb55 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java @@ -0,0 +1,101 @@ +package at.gv.egovernment.moa.id.auth.data; + + +/** + * Default implementation of the {@link InfoboxValidationResult} interface. + * + * @author Harald Bratko + */ +public class InfoboxValidationResultImpl implements InfoboxValidationResult { + + /** + * Indicates whether the validation was successful or not. + */ + protected boolean valid_; + + /** + * The error message. + */ + protected String errorMessage_; + + /** + * The SAML attributes returned by the infobox validator. + */ + protected ExtendedSAMLAttribute[] extendedSamlAttributes_; + + /** + * Empty constructor. + */ + public InfoboxValidationResultImpl() { + } + + /** + * Constructor to set all values. + * + * @param valid Global validation result. + * @param extendedSamlAttributes SAML attributes that should be appended to the final + * SAML Assertion or to the AUTH Block + * or to both. + * @param errorMessage An error message if infobox validation fails. + */ + public InfoboxValidationResultImpl( + boolean valid, + ExtendedSAMLAttribute[] extendedSamlAttributes, + String errorMessage) + { + valid_ = valid; + extendedSamlAttributes_ = extendedSamlAttributes; + errorMessage_ = errorMessage; + } + + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getErrorMessage() + */ + public String getErrorMessage() { + return errorMessage_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getExtendedSamlAttributes() + */ + public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { + return extendedSamlAttributes_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#isValid() + */ + public boolean isValid() { + return valid_; + } + + /** + * Sets the error message if validation fails.. + * + * @param errorMessage The error message to set. + */ + public void setErrorMessage(String errorMessage) { + errorMessage_ = errorMessage; + } + + /** + * Sets the SAML attributes returned by the infobox validatior.. + * + * @param extendedSamlAttributes The SAML attributes returned by the infobox validator. + */ + public void setExtendedSamlAttributes(ExtendedSAMLAttribute[] extendedSamlAttributes) { + extendedSamlAttributes_ = extendedSamlAttributes; + } + + /** + * Sets validation result.. + * + * @param valid True if the infobox could be validated successfully, + * otherwise false. + */ + public void setValid(boolean valid) { + valid_ = valid; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java new file mode 100644 index 000000000..c7a557290 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -0,0 +1,172 @@ +package at.gv.egovernment.moa.id.auth.data; + +import java.security.PublicKey; +import java.util.List; + +import org.w3c.dom.Element; + +/** + * Parameters for validating an infobox. + * + * This interface is used by MOA-ID to provide parameters to an + * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator + * InfoboxValidator}. + * + * @author Harald Bratko + */ +public interface InfoboxValidatorParams { + + /** + * Returns a list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} + * objects. The first token in this list is the one to be validated. Each further token + * maybe needed to validate this first token. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} + * objects. + */ + public List getInfoboxTokenList(); + + /** + * Returns the ID of the trust profile to be used for validating + * certificates. Maybe ignored by a validator, if no certificates + * has to be validated. + * + * @return The ID of a trust profile. + */ + public String getTrustProfileID(); + + /** + * Returns schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link Schema} specifying the location + * of an XML schema. + * + * @return A list of {@link Schema} objects each of them specifying the + * location of an XML schema. + */ + public List getSchemaLocations(); + + /** + * Returns the URL of the BKU. + * Maybe needed by a validator. + * + * @return The url of the BKU. + */ + public String getBkuURL(); + + /** + * Returns the target parameter. + * null in the case of a business service. + * + * @return The target parameter. + */ + public String getTarget(); + + /** + * Returns true if the application is a business + * service, otherwise false. This may be useful + * for the validating application. + * + * @return True if the application is a business + * service, otherwise false + */ + public boolean getBusinessApplication(); + + /** + * Returns the family name from the identity link. + * Maybe needed by a validator. + * + * @return The family name from the identity link. + */ + public String getFamilyName(); + + /** + * Returns the given name from the identity link. + * Maybe needed by a validator. + * + * @return The given name from the identity link. + */ + public String getGivenName(); + + /** + * The date of birth from the identity link. + * The method returns the value of the + * element from the identity link. + * Maybe needed by a validator. + * + * @return The date of birth from the identity link. + */ + public String getDateOfBirth(); + + /** + * Returns he identification value from the identity + * link. This may be the Stammzahl + * in the case of a public application or the + * wbPK in the case of a business + * application. This parameter is only returned + * if specified within the config file. + * + * @return The identification value from the identity link. + */ + public String getIdentificationValue(); + + /** + * Returns the type of the identification value + * from the identity link. This may be + * especially of interest for business + * applications. + * + * @return The type of the identification value + * from the identity link. + */ + public String getIdentificationType(); + + /** + * Returns the public keys from the identity link. + * Maybe needed by the application. + * + * @return PublicKey[] The public keys from the + * identity link. + */ + public PublicKey[] getPublicKeys(); + + /** + * Returns the identity link. + * A validator may need other data from the identity link, than + * family name, given name, date of birth and identification value. + * The identity link element is only returned if specified within the + * config file. + * + * @return The identity link. + */ + public Element getIdentityLink(); + + /** + * Indicates whether source pins (Stammzahlen) should be hidden or not. + * If an online application lying behind MOA-ID is not allowed to get source pins + * (Stammzahlen), any source pins within SAML attributes + * returned by the validator must suppressed:
+ * If the parameter getHideStammzahl is true, then the validator + * MUST hide (replace by an empty string) any source pin (Stammzahl) + * that may be included in a SAML attribute returned by the validator. + * + * @return true if source pins (Stammzahlen) must be hidden, + * otherwise false. + */ + public boolean getHideStammzahl(); + + /** + * Returns application specific parameters. + * Each child element of this element contains + * a validating application specific parameter. The + * element is passed as specified within the config + * file and its up to the implementing class to + * parse and interprete its children. + * + * @return Application specific parameters. + */ + public Element getApplicationSpecificParams(); + +} + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java new file mode 100644 index 000000000..80ba5995f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -0,0 +1,348 @@ +package at.gv.egovernment.moa.id.auth.data; + +import java.security.PublicKey; +import java.util.List; + +import org.w3c.dom.Element; + +/** + * Parameters for validating an infobox. + * + * This interface is used by MOA-ID to provide parameters to an + * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator + * InfoboxValidator}. + * + * @author Harald Bratko + */ +public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { + + /** + * A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects. + * The first token in this list is the one to be validated. Each further token + * maybe needed to validate this first token. + */ + protected List infoboxTokenList_; + + /** + * The ID of the trust profile used for validating certificates. + */ + protected String trustProfileID_; + + /** + * The locations of schemas that maybe needed for validating infobox tokens. + */ + protected List schemaLocations_; + + /** + * The URL of the BKU. + */ + protected String bkuURL_; + + /** + * Specifies whether the current online application is a business or a public application. + */ + protected boolean businessApplication_; + + /** + * The target parameter. + */ + protected String target_; + + /** + * The family name from the identity link. + */ + protected String familyName_; + + /** + * The given name from the identity link. + */ + protected String givenName_; + + /** + * The date of birth from the identity link. + */ + protected String dateOfBirth_; + + /** + * The date of identification value. + */ + protected String identificationValue_; + + /** + * The identification type. + */ + protected String identificationType_; + + /** + * The public keys from the identity link. + */ + protected PublicKey[] publicKeys_; + + /** + * The identity link. + */ + protected Element identityLink_; + + /** + * Indicates whether source pins (Stammzahlen) must be hidden or not. + */ + protected boolean hideStammzahl_; + + /** + * Application specific parameters. + */ + protected Element applicationSpecificParams_; + + /** + * Empty constructor. + */ + public InfoboxValidatorParamsImpl() { + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getInfoboxTokenList() + */ + public List getInfoboxTokenList() { + return infoboxTokenList_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTrustProfileID() + */ + public String getTrustProfileID() { + return trustProfileID_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getSchemaLocations() + */ + public List getSchemaLocations() { + return schemaLocations_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBkuURL() + */ + public String getBkuURL() { + return bkuURL_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTarget() + */ + public String getTarget() { + return target_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication() + */ + public boolean getBusinessApplication() { + return businessApplication_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getFamilyName() + */ + public String getFamilyName() { + return familyName_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getGivenName() + */ + public String getGivenName() { + return givenName_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDateOfBirth() + */ + public String getDateOfBirth() { + return dateOfBirth_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationValue() + */ + public String getIdentificationValue() { + return identificationValue_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationType() + */ + public String getIdentificationType() { + return identificationType_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getPublicKeys() + */ + public PublicKey[] getPublicKeys() { + return publicKeys_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentityLink() + */ + public Element getIdentityLink() { + return identityLink_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getHideStammzahl() + */ + public boolean getHideStammzahl() { + return hideStammzahl_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getApplicationSpecificParams() + */ + public Element getApplicationSpecificParams() { + return applicationSpecificParams_; + } + + /** + * Sets the application specific parameters. + * + * @param applicationSpecificParams The application specific parameters to set. + */ + public void setApplicationSpecificParams(Element applicationSpecificParams) { + applicationSpecificParams_ = applicationSpecificParams; + } + + /** + * Sets the bku URL. + * + * @param bkuURL The bku URL to set. + */ + public void setBkuURL(String bkuURL) { + bkuURL_ = bkuURL; + } + + /** + * Sets the business application parameter. + * + * @param businessApplication The business application parameter to set. + * (True if the application is a business + * application, otherwies false). + */ + public void setBusinessApplication(boolean businessApplication) { + businessApplication_ = businessApplication; + } + + /** + * Sets the date of birth. + * + * @param dateOfBirth The date of birth. + */ + public void setDateOfBirth(String dateOfBirth) { + dateOfBirth_ = dateOfBirth; + } + + /** + * Sets the family name. + * + * @param familyName The family name. + */ + public void setFamilyName(String familyName) { + familyName_ = familyName; + } + + /** + * Sets the given name. + * + * @param givenName The given name. + */ + public void setGivenName(String givenName) { + givenName_ = givenName; + } + + /** + * Sets the identification type. + * + * @param identificationType The identification type. + */ + public void setIdentificationType(String identificationType) { + identificationType_ = identificationType; + } + + /** + * Sets the identification value. + * + * @param identificationValue The identification value. + */ + public void setIdentificationValue(String identificationValue) { + identificationValue_ = identificationValue; + } + + /** + * Sets the identity link. + * + * @param identityLink The identity link. + */ + public void setIdentityLink(Element identityLink) { + identityLink_ = identityLink; + } + + /** + * Sets the infobox token to be validated. + * + * @param infoboxTokenList A list {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} + * objects. + */ + public void setInfoboxTokenList(List infoboxTokenList) { + infoboxTokenList_ = infoboxTokenList; + } + + /** + * Sets the public Keys. + * + * @param publicKeys The public keys. + */ + public void setPublicKeys(PublicKey[] publicKeys) { + publicKeys_ = publicKeys; + } + + /** + * Sets the schema locations. + * + * @param schemaLocations The schema locations. A list of + * {@link Schema} objects. + */ + public void setSchemaLocations(List schemaLocations) { + schemaLocations_ = schemaLocations; + } + + /** + * Sets the target. + * + * @param target The target. + */ + public void setTarget(String target) { + target_ = target; + } + + /** + * Sets the ID of the trust profile used for validating certificates. + * + * @param trustProfileID the ID of the trust profile used for validating certificates. + */ + public void setTrustProfileID(String trustProfileID) { + trustProfileID_ = trustProfileID; + } + + /** + * Sets the {@link #hideStammzahl_} parameter. This indicates whether source pins + * (Stammzahlen) must be hidden or not. + * + * @param hideStammzahl True if source pins (Stammzahlen) should + * be hidden, otherwise false. + */ + public void setHideStammzahl(boolean hideStammzahl) { + hideStammzahl_ = hideStammzahl; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java new file mode 100644 index 000000000..76ba6366d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java @@ -0,0 +1,79 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * This bean saves all data of a single SAMLAttribute: + * the name, value and namespace + * + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class SAMLAttribute { + + /** the name to be stored */ + private String name; + /** the namespace to be stored */ + private String namespace; + /** the value to be stored */ + private Object value; + + /** + * Constructor for SAMLAttribute. + */ + public SAMLAttribute(String name, String namespace, Object value) { + + this.name = name; + this.namespace = namespace; + this.value = value; + + } + + /** + * Returns the name. + * @return String + */ + public String getName() { + return name; + } + + /** + * Returns the namespace. + * @return String + */ + public String getNamespace() { + return namespace; + } + + /** + * Returns the value. + * @return String + */ + public Object getValue() { + return value; + } + + /** + * Sets the name. + * @param name The name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * Sets the namespace. + * @param namespace The namespace to set + */ + public void setNamespace(String namespace) { + this.namespace = namespace; + } + + /** + * Sets the value. + * @param value The value to set + */ + public void setValue(Object value) { + this.value = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java new file mode 100644 index 000000000..c113f16b8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java @@ -0,0 +1,26 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * Specifies the location of a schema. + * + * @author Harald Bratko + */ +public interface Schema { + + /** + * The namespace URI of this schema. + * + * @return The namespace of this schema. + */ + public String getNamespace(); + + /** + * The location URI of this schema. + * Relative paths have to be interpreted relative to the + * location of the MOA-ID config file. + * + * @return The location URI of this schema. + */ + public String getSchemaLocation(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java new file mode 100644 index 000000000..964725416 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java @@ -0,0 +1,63 @@ +package at.gv.egovernment.moa.id.auth.data; + +/** + * This class specifies the location of a schema. + * + * @author Harald Bratko + */ +public class SchemaImpl implements Schema { + + /** + * The namespace of this schema. + */ + protected String namespace_; + + /** + * The location (URI) of this schema; + */ + protected String schemaLocation_; + + /** + * Sets the namespace and schema location URIS of this schema. + * + * @param namespace The namespace URI of this schema. + * @param schemaLocation The location URI of this schema. + */ + public SchemaImpl(String namespace, String schemaLocation) { + namespace_ = namespace; + schemaLocation_ = schemaLocation; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.Schema#getNamespace() + */ + public String getNamespace() { + return namespace_; + } + + /** + * @see at.gv.egovernment.moa.id.auth.data.Schema#getSchemaLocation() + */ + public String getSchemaLocation() { + return schemaLocation_; + } + + /** + * Sets the namespace. + * + * @param namespace The namespace to set. + */ + public void setNamespace(String namespace) { + namespace_ = namespace; + } + + /** + * Sets the location URI of this schema. + * + * @param schemaLocation The schemaLocation to set. + */ + public void setSchemaLocation(String schemaLocation) { + schemaLocation_ = schemaLocation; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java new file mode 100644 index 000000000..8233d1478 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -0,0 +1,177 @@ +package at.gv.egovernment.moa.id.auth.data; + +import iaik.x509.X509Certificate; + +/** + * This bean saves all information of the MOA-SP-Answer + * after the verification of any signature + * + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class VerifyXMLSignatureResponse { + /** The xmlDsigSubjectName to be stored */ + private String xmlDsigSubjectName; + /** The signatureCheckCode to be stored */ + private int signatureCheckCode; + /** The xmlDSIGManifestCheckCode to be stored */ + private int xmlDSIGManifestCheckCode; + /** The xmlDSIGManigest to be stored */ + private boolean xmlDSIGManigest; + /** The certificateCheckCode to be stored */ + private int certificateCheckCode; + /** The publicAuthority to be stored */ + private boolean publicAuthority; + /** The publicAuthorityCode to be stored */ + private String publicAuthorityCode; + /** The qualifiedCertificate to be stored */ + private boolean qualifiedCertificate; + /** The x509certificate to be stored */ + private X509Certificate x509certificate; + + /** + * Returns the certificateCheckCode. + * @return int + */ + public int getCertificateCheckCode() { + return certificateCheckCode; + } + + /** + * Returns the signatureCheckCode. + * @return int + */ + public int getSignatureCheckCode() { + return signatureCheckCode; + } + + /** + * Returns the xmlDSIGManifestCheckCode. + * @return int + */ + public int getXmlDSIGManifestCheckCode() { + return xmlDSIGManifestCheckCode; + } + + /** + * Returns the xmlDsigSubjectName. + * @return String + */ + public String getXmlDsigSubjectName() { + return xmlDsigSubjectName; + } + + /** + * Sets the certificateCheckCode. + * @param certificateCheckCode The certificateCheckCode to set + */ + public void setCertificateCheckCode(int certificateCheckCode) { + this.certificateCheckCode = certificateCheckCode; + } + + /** + * Sets the signatureCheckCode. + * @param signatureCheckCode The signatureCheckCode to set + */ + public void setSignatureCheckCode(int signatureCheckCode) { + this.signatureCheckCode = signatureCheckCode; + } + + /** + * Sets the xmlDSIGManifestCheckCode. + * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set + */ + public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) { + this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode; + } + + /** + * Sets the xmlDsigSubjectName. + * @param xmlDsigSubjectName The xmlDsigSubjectName to set + */ + public void setXmlDsigSubjectName(String xmlDsigSubjectName) { + this.xmlDsigSubjectName = xmlDsigSubjectName; + } + + /** + * Returns the publicAuthorityCode. + * @return int + */ + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityCode The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityCode) { + this.publicAuthorityCode = publicAuthorityCode; + } + + /** + * Returns the qualifiedCertificate. + * @return boolean + */ + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + /** + * Returns the x509certificate. + * @return X509Certificate + */ + public X509Certificate getX509certificate() { + return x509certificate; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + /** + * Sets the x509certificate. + * @param x509certificate The x509certificate to set + */ + public void setX509certificate(X509Certificate x509certificate) { + this.x509certificate = x509certificate; + } + + /** + * Returns the xmlDSIGManigest. + * @return boolean + */ + public boolean isXmlDSIGManigest() { + return xmlDSIGManigest; + } + + /** + * Sets the xmlDSIGManigest. + * @param xmlDSIGManigest The xmlDSIGManigest to set + */ + public void setXmlDSIGManigest(boolean xmlDSIGManigest) { + this.xmlDSIGManigest = xmlDSIGManigest; + } + + /** + * Returns the publicAuthority. + * @return boolean + */ + public boolean isPublicAuthority() { + return publicAuthority; + } + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java new file mode 100644 index 000000000..a18cf7322 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -0,0 +1,92 @@ +package at.gv.egovernment.moa.id.auth.invoke; + +import java.util.Vector; + +import javax.xml.namespace.QName; +import javax.xml.rpc.Call; +import javax.xml.rpc.Service; +import javax.xml.rpc.ServiceFactory; + +import org.apache.axis.message.SOAPBodyElement; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.api.SignatureVerificationService; +import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; +import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; + +/** + * Invoker of the SignatureVerification web service of MOA-SPSS.
+ * Either invokes the web service, or calls the corresponding API, depending on configuration data. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class SignatureVerificationInvoker { + /** This QName Object identifies the SignatureVerification endpoint of the web service */ + private static final QName SERVICE_QNAME = new QName("SignatureVerification"); + + /** + * Method verifyXMLSignature. + * @param request to be sent + * @return Element with the answer + * @throws ServiceException if an error occurs + */ + public Element verifyXMLSignature(Element request) throws ServiceException { + return doCall(SERVICE_QNAME, request); + } + + /** + * Method doCall. + * @param serviceName the name of the service + * @param request the request to be sent + * @return Element the answer + * @throws ServiceException if an error occurs + */ + protected Element doCall(QName serviceName, Element request) throws ServiceException { + ConnectionParameter authConnParam = null; + try { + Service service = ServiceFactory.newInstance().createService(serviceName); + Call call = service.createCall(); + SOAPBodyElement body = new SOAPBodyElement(request); + SOAPBodyElement[] params = new SOAPBodyElement[] { body }; + Vector responses; + SOAPBodyElement response; + + String endPoint; + AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance(); + authConnParam = authConfigProvider.getMoaSpConnectionParameter(); + //If the ConnectionParameter do NOT exist, we try to get the api to work.... + if (authConnParam != null) { + endPoint = authConnParam.getUrl(); + call.setTargetEndpointAddress(endPoint); + responses = (Vector) call.invoke(serviceName, params); + response = (SOAPBodyElement) responses.get(0); + return response.getAsDOM(); + } + else { + SignatureVerificationService svs = SignatureVerificationService.getInstance(); + VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); + + VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); + Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); + + Logger.setHierarchy("moa.id.auth"); + return result.getDocumentElement(); + } + } + catch (Exception ex) { + if (authConnParam != null) { + throw new ServiceException("service.00", new Object[] { ex.toString()}, ex); + } else { + throw new ServiceException("service.03", new Object[] { ex.toString()}, ex); + } + } + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java new file mode 100644 index 000000000..a8b870f04 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -0,0 +1,193 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses an <InfoboxReadResponse> returned from + * the security layer + * + * @author Stefan Knirsch + * @version $Id$ + */ + +public class CreateXMLSignatureResponseParser { + // + // XPath namespace prefix shortcuts + // + + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = Constants.SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ":CreateXMLSignatureResponse/"; + /** Xpath expression to the SAML:Assertion element */ + private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion"; + /** Xpath expression to the SAML:NameIdentifier element */ + private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier"; + /** Xpath expression to the AttributeStatement element */ + private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute"; + /** Xpath expression to the AttributeValue element */ + private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue"; + + + /** This is the root element of the CreateXMLsignatureResponse */ + private Element sigResponse_; + + /** + * Parses and validates the document given as string and extracts the + * root element. + * + * @param xmlResponse <CreateXMLSignatureResponse> as String + * + * @throws AuthenticationException if any authentication error occurs + * @throws ParseException if an element cannot be parsed + */ + public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException { + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + init(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is <InfoboxReadResponse> as InputStream + * + * @throws AuthenticationException If any authentication error occurs + * @throws ParseException If an element cannot be parsed + */ + public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException { + init(is); + } + + /** + * Constructor for CreateXMLSignatureResponseParser. + * The incoming Element will be used for further operations + * @param xmlResponse <InfoboxReadResponse> as InputStream + */ + public CreateXMLSignatureResponseParser(Element xmlResponse) { + sigResponse_ = xmlResponse; + } + + /** + * Initializes the parser. + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is The CreateXMLSignatureResponse as stream. + * @throws AuthenticationException if an authentication error occurs. + * @throws ParseException If an error occurs on parsing the the document. + */ + private void init(InputStream is) throws AuthenticationException, ParseException { + try { + + Element responseElem = DOMUtils.parseXmlValidating(is); + + if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) { + sigResponse_ = responseElem; + } else { + ErrorResponseParser erp = new ErrorResponseParser(responseElem); + throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); + } + + } catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Unmarshalls the <@link sigResponse> to an + * <CreateXMLSignatureResponse> object. + * + * @return a <CreateXMLSignatureResponse> object + * @throws ParseException + */ + + public CreateXMLSignatureResponse parseResponse() throws ParseException { + CreateXMLSignatureResponse cResp; + try { + cResp = new CreateXMLSignatureResponse(); + String slPrefix = XPathUtils.getSlPrefix(sigResponse_); + cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse_, "/" + slPrefix + SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null)); + cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse_, "/" + slPrefix + SAML_ASSERTION_XPATH)); + NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse_, "/" + slPrefix + SAML_ATTRIBUTE_XPATH); + Element samlAttr; + List samlAttributes = new ArrayList(); + while ((samlAttr = (Element) attrIter.nextNode()) != null) { + String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", ""); + String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", ""); + Object attrValue; + Element attrValueElem = (Element)XPathUtils.selectSingleNode(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH); + attrValue = DOMUtils.getElementFromNodeList(attrValueElem.getChildNodes()); + if (attrValue == null) { + if (null!=attrValueElem.getFirstChild()) { + attrValue = attrValueElem.getFirstChild().getNodeValue(); + } else { + attrValue = ""; + } + } + samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue)); + } + SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()]; + samlAttributes.toArray(result); + cResp.setSamlAttributes(result); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + return cResp; + } + +// public CreateXMLSignatureResponse parseResponse() throws ParseException { +// CreateXMLSignatureResponse cResp; +// try { +// cResp = new CreateXMLSignatureResponse(); +// Element samlAssertion = (Element)sigResponse.getElementsByTagNameNS(Constants.SAML_NS_URI, "Assertion").item(0); +// cResp.setSamlAssertion(samlAssertion); +// Element samlAttributeStatement = (Element)samlAssertion.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeStatement").item(0); +// Element samlSubject = (Element)samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Subject").item(0); +// Element samlNameIdentifier = (Element)samlSubject.getElementsByTagNameNS(Constants.SAML_NS_URI, "NameIdentifier").item(0); +// cResp.setSamlNameIdentifier(samlNameIdentifier.getFirstChild().getNodeValue()); +// NodeList nl = samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Attribute"); +// List samlAttributes = new ArrayList(); +// for (int i=0; i<ErrorResponse>. + * + * @author Stefan Knirsch + * @version $Id$ + */ + +public class ErrorResponseParser { + + /** + * The error code included in this error response. + * 1000 is used as default value, if some problems occur on + * evaluating the error response. + */ + private String errorCode_ = "1000"; + + /** + * The error info included in this error response. + * <Unklassifizierter Fehler.> is used as default value, + * if some problems occur on evaluating the error response. + */ + private String errorInfo_ = "Unklassifizierter Fehler."; + + + /** + * This Constructor extracts the error code and error info included in this + * error response. + * + * @param errorElement The error element. This is the root element of + * the error response. + */ + public ErrorResponseParser(Element errorElement) throws ParseException { + if (errorElement != null) { + String namespace = errorElement.getNamespaceURI(); + NodeList nl = errorElement.getElementsByTagNameNS(namespace, "ErrorCode"); + if (nl.getLength() == 1) { + errorCode_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); + } + nl = errorElement.getElementsByTagNameNS(namespace, "Info"); + if (nl.getLength() == 1) { + errorInfo_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); + } + } + } + + /** + * Returns the error code included in this error response. + */ + public String getErrorCode() { + return errorCode_ ; + } + + /** + * Returns the information included in this error response. + * @return The error infomation String + */ + public String getErrorInfo() { + return errorInfo_ ; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java new file mode 100644 index 000000000..e493f07fb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java @@ -0,0 +1,157 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.util.Iterator; +import java.util.List; +import java.util.Vector; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.InfoboxToken; +import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * Parses and unmarshales InfoboxReadResponse. + * This parser is especially used for parsing additional responses (additional to that + * one containing the IdentityLink retuned from the BKU as an answer of + * a <PushInfobox> request. + */ +public class ExtendedInfoboxReadResponseParser { + + /** + * Hide default constructor. + */ + private ExtendedInfoboxReadResponseParser() { + } + + /** + * Parses and unmarshales the given infoboxReadResponse to a list of + * {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects. + * The method parses the given infoboxReadResponse + * + * @param infoboxReadResponse The infobox read response to be unmarshaled. + * @param infoboxName The name of the infobox the reponse corresponds to. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} + * objects. Maybe empty. + * + * @throws ParseException If an error occurs on parsing and unmarshaling the response. + */ + public static List parseInfoboxReadResponse(String infoboxReadResponse, String infoboxName) + throws ParseException + { + Element infoboxReadResponseElem = null; + try { + Document doc = + DOMUtils.parseDocument(infoboxReadResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null); + infoboxReadResponseElem = doc.getDocumentElement(); + } catch (Exception e) { + Logger.error("InfoboxReadResponse for \"" + infoboxName + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ParseException("parser.01", new Object[] {infoboxName + "-InfoboxReadResponse"}); + } + + Vector infoboxTokenList = new Vector(); + + if (infoboxReadResponseElem != null) { + // avoid using namespace URI or prefix, because it might change within the response + // (e.g.: sl11-namespace, some child sl10-namespace + List infoboxReadResponseChildren = DOMUtils.getChildElements(infoboxReadResponseElem); + String key = null; + boolean primary = true; + Element infoboxReadResponseChild = (Element)infoboxReadResponseChildren.get(0); + String infoboxReadResponseChildName = infoboxReadResponseChild.getLocalName(); + if (infoboxReadResponseChildName.equals("AssocArrayData")) { + // get the child elements from the element + List assocArrayPairs = DOMUtils.getChildElements(infoboxReadResponseChild); + Iterator assocArrayPairIt = assocArrayPairs.iterator(); + int pairCount = 0; + // step through the elemnts + while (assocArrayPairIt.hasNext()) { + Element assocArrayPair = (Element)assocArrayPairIt.next(); + // check if the element actually a "Pair" element and not only a "key" + if (assocArrayPair.getLocalName().equals("Key")) { + // do not accept only a Key + throw new ParseException("parser.07", new Object[] {infoboxName}); + } + key = assocArrayPair.getAttribute("Key"); + if (pairCount > 0) { + primary = false; + } + pairCount++; + infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(assocArrayPair, infoboxName, key, primary)); + } + + } else if (infoboxReadResponseChildName.equals("BinaryFileData")) { + infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(infoboxReadResponseChild, infoboxName, null, true)); + } + } + return infoboxTokenList; + } + + /** + * Unmarshales the <XMLContent> or + * <Base64Content> child of the given element to a list of + * infobox token. + * + * @param contentParent The elment including the <XMLContent> or + * <Base64Content> child to unmarshal the + * infobox token from. + * @param infoboxName The name of the infobox. + * @param key The key of an AssocArrayData-Pair. + * Maybe null. + * @param primary Specifies whether this token is the first (e.g. in an + * AssocArrayData) token. + * + * @return A infobox token list. + * + * @throws ParseException If the contentParent has no <XMLContent> + * or <Base64Content> child or the + * <XMLContent> is empty. + */ + public static List getTokenFromXMLOrBase64Content( + Element contentParent, + String infoboxName, + String key, + boolean primary) + throws ParseException + { + Vector tokenList = new Vector(); + // get the or + List content = DOMUtils.getChildElements(contentParent); + if (content.size() == 1) { + Element contentElem = (Element)content.get(0); + if (contentElem.getLocalName().equals("XMLContent")) { + List xmlContentChildren = DOMUtils.getChildElements(contentElem); + if (xmlContentChildren.size() == 0) { + throw new ParseException("parser.06", new Object[] {infoboxName, "Inhalt", "XMLContent"}); + } + int xmlCount = 0; + Iterator contentIt = xmlContentChildren.iterator(); + while (contentIt.hasNext()) { + Element xmlToken = (Element)contentIt.next(); + if (xmlCount > 0) { + primary = false; + } + InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, xmlToken); + tokenList.add(infoboxToken); + xmlCount++; + } + } else { + String base64Token = contentElem.getFirstChild().getNodeValue(); + InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, base64Token); + tokenList.add(infoboxToken); + } + } else { + throw new ParseException("parser.06", + new Object[] {infoboxName, "XMLContent oder Base64Content", contentParent.getLocalName()}); + } + return tokenList; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java new file mode 100644 index 000000000..d8a57fd2f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -0,0 +1,319 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.ECDSAConverterException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses an identity link <saml:Assertion> + * @author Paul Ivancsics + * @version $Id$ + */ +public class IdentityLinkAssertionParser { + + // + // XPath namespace prefix shortcuts + // + + /** Xpath prefix for reaching PersonData Namespaces */ + private static final String PDATA = Constants.PD_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = Constants.SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath prefix for reaching ECDS Namespaces */ + private static final String ECDSA = Constants.ECDSA_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ""; + /** Xpath expression to the SAMLSubjectConfirmationData element */ + private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Subject/" + + SAML + + "SubjectConfirmation/" + + SAML + + "SubjectConfirmationData"; + /** Xpath expression to the PersonData element */ + private static final String PERSON_XPATH = + SAML_SUBJECT_CONFIRMATION_DATA_XPATH + + "/" + + PDATA + + "Person"; + /** Xpath expression to the PersonData GivenName element */ + private static final String PERSON_GIVEN_NAME_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Name/" + + PDATA + + "GivenName"; + /** Xpath expression to the PersonData FamilyName element */ + private static final String PERSON_FAMILY_NAME_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Name/" + + PDATA + + "FamilyName"; + /** Xpath expression to the PersonData DateOfBirth element */ + private static final String PERSON_DATE_OF_BIRTH_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "DateOfBirth"; + /** Xpath expression to the Identification element */ + private static final String PERSON_IDENT_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification"; + + /** Xpath expression to the Identification Value element */ + public static final String PERSON_IDENT_VALUE_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification/" + + PDATA + + "Value"; + + /** Xpath expression to the Identification Value element */ + private static final String PERSON_IDENT_TYPE_XPATH = + PERSON_XPATH + + "/" + + PDATA + + "Identification/" + + PDATA + + "Type"; + + /** Xpath expression to the RSAKeyValue element */ + private static final String RSA_KEY_VALUE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/" + + SAML + + "AttributeValue/" + + DSIG + + "RSAKeyValue"; + + /** Xpath expression to the ECKeyValue element */ + private static final String ECDSA_KEY_VALUE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/" + + SAML + + "AttributeValue/" + + ECDSA + + "ECDSAKeyValue"; + + + /** Xpath expression to the RSA Modulus element */ + private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus"; + /** Xpath expression to the RSA Exponent element */ + private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent"; + /** Xpath expression to the DSIG X509Certificate element */ + private static final String DSIG_CERTIFICATES_XPATH = + ROOT + + DSIG + + "Signature/" + + DSIG + + "KeyInfo/" + + DSIG + + "X509Data/" + + DSIG + + "X509Certificate"; + /** Xpath expression to the DSIG Transforms element */ + private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH = + ROOT + + DSIG + + "Signature/" + + DSIG + + "SignedInfo/" + + DSIG + + "Reference/" + + DSIG + + "Transforms"; + + /** The IssueInstant attribute of the SAML assertion */ + private static final String ISSUE_INSTANT_ATTR = "IssueInstant"; + + /**This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element assertionElem; + + /** + * Constructor for IdentityLinkAssertionParser. + * A DOM-representation of the incoming String will be created + * @param xmlAssertion <saml:Assertion> as String + * @throws ParseException on any parsing error + */ + public IdentityLinkAssertionParser(String xmlAssertion) throws ParseException { + try { + InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8")); + assertionElem = DOMUtils.parseXmlValidating(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Sets the <@link assertionElem>. + * @param xmlAssertion the assertion element + * @throws ParseException on any parsing error + */ + public IdentityLinkAssertionParser(Element xmlAssertion) throws ParseException { + assertionElem = xmlAssertion; + } + + /** + * Constructor for IdentityLinkAssertionParser. + * A DOM-representation of the incoming Inputstream will be created + * @param xmlAssertion <saml:Assertion> as InputStream + * @throws ParseException on any parsing error + */ + public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception { + try { + assertionElem = DOMUtils.parseXmlValidating(xmlAssertion); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + } + + /** + * Parses the identity link from the <saml:Assertion> + * @return Identity link + * @throws ParseException on any parsing error + */ + + public IdentityLink parseIdentityLink() throws ParseException { + IdentityLink identityLink; + try { + identityLink = new IdentityLink(); + identityLink.setSamlAssertion(assertionElem); + identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR)); + identityLink.setPrPerson((Element) + XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH)); + identityLink.setIdentificationValue( + XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); + identityLink.setIdentificationType( + XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, "")); + identityLink.setGivenName( + XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "")); + identityLink.setFamilyName( + XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, "")); + identityLink.setDateOfBirth( + XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, "")); + NodeIterator dsigRefTransforms = + XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH); + List transElems = new ArrayList(); + Element transformsElem; + while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) { + transElems.add(transformsElem); + } + Element[] result = new Element[transElems.size()]; + transElems.toArray(result); + identityLink.setDsigReferenceTransforms(result); + + identityLink.setPublicKey(getPublicKeys()); + + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + + return identityLink; + } + + /** + * Parses an array of Public Keys from the <InfoboxReadResponse> + * @return RSAPublicKey[] + * @throws IOException can occur when decoding the base64 values of the modulus and exponent + */ + public PublicKey[] getPublicKeys() throws IOException, ECDSAConverterException{ + + + List pubKeys = new ArrayList(); + //Try to get RSA-Keys + NodeIterator rsaIter = + XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, RSA_KEY_VALUE_XPATH); + Element rsaElem; + + while ((rsaElem = (Element) rsaIter.nextNode()) != null) { + String modulus = + XPathUtils.getElementValue(rsaElem, RSA_KEY_MODULUS_XPATH, ""); + String exponent = + XPathUtils.getElementValue(rsaElem, RSA_KEY_EXPONENT_XPATH, ""); + + RSAPublicKey resPub = + new iaik.security.rsa.RSAPublicKey( + new BigInteger(1, Base64Utils.decode(modulus, true)), + new BigInteger(1, Base64Utils.decode(exponent, true))); + pubKeys.add(resPub); + } + + //Try to get ECDSA-Keys + NodeIterator ecdsaIter = + XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, ECDSA_KEY_VALUE_XPATH); + Element ecdsaElem; + PublicKey ecPubKey = null; + while ((ecdsaElem = (Element) ecdsaIter.nextNode()) != null) { + try { + ecPubKey = ECDSAKeyValueConverter.element2ECDSAPublicKey(ecdsaElem); + pubKeys.add(ecPubKey); + } + catch(Exception e) { + throw new ECDSAConverterException("parser.03", new Object[] { e.toString() }, e); + } + } + + PublicKey[] result = new PublicKey[pubKeys.size()]; + pubKeys.toArray(result); + return result; + + } + /** + * Parses a string array of decoded base64 certificates from + * the <InfoboxReadResponse> found in the dsig-signature + * @return String[] with raw-certificates from the dsig-signature keyinfo + * @throws Exception + */ + public String[] getCertificates() throws Exception { + List certs = new ArrayList(); + NodeIterator rsaIter = + XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH); + Element certElem; + while ((certElem = (Element) rsaIter.nextNode()) != null) { + String content = DOMUtils.getText(certElem); + certs.add(new String(Base64Utils.decode(content, true))); + } + String[] result = new String[certs.size()]; + certs.toArray(result); + return result; + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java new file mode 100644 index 000000000..e59c88ddc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -0,0 +1,165 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses an <InfoboxReadResponse>. + * + * @author Stefan Knirsch + * @version $Id$ + */ + +public class InfoboxReadResponseParser { + + /** This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element infoBoxElem_; + + /** + * Parses and validates the document given as string and extracts the + * root element. + * + * @param xmlResponse <InfoboxReadResponse> as String + * @throws ParseException If an element cannot be parsed + * @throws AuthenticationException If any authentication error occurs + */ + public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException { + + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + init(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is <InfoboxReadResponse> as InputStream + * @throws ParseException If an element cannot be parsed + * @throws AuthenticationException If any authentication error occurs + */ + public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException { + init(is); + } + + /** + * Initializes the parser. + * Parses and validates the document given as stream and extracts the + * root element. + * + * @param is The InfoBoxReadResponse as stream. + * @throws AuthenticationException If an authentication error occurs. + * @throws ParseException If an error occurs on parsing the the document. + */ + private void init(InputStream is) throws AuthenticationException, ParseException { + try { + + Element responseElem = DOMUtils.parseXmlValidating(is); + + if ("InfoboxReadResponse".equals(responseElem.getLocalName())) { + infoBoxElem_ = responseElem; + } else { + ErrorResponseParser erp = new ErrorResponseParser(responseElem); + throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()}); + } + + } catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + + + /** + * Parses the embedded <saml:Assertion> element from <InfoboxReadResponse> + * @return <saml:Assertion> as String + * @throws ParseException on any parsing error + */ +// public String parseSAMLAssertion() throws ParseException { +// try { +// +// String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_); +// StringBuffer sb = new StringBuffer("/"); +// sb.append(slPrefix); +// sb.append(":InfoboxReadResponse/"); +// sb.append(slPrefix); +// sb.append(":BinaryFileData/"); +// sb.append(slPrefix); +// sb.append(":XMLContent/"); +// sb.append(Constants.SAML_PREFIX); +// sb.append(":Assertion"); +// String samlAssertionXPath = sb.toString(); +// Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath); +// return DOMUtils.serializeNode(samlAssertion); +// +// } +// catch (Throwable t) { +// throw new ParseException("parser.01", new Object[] { t.toString()}, t); +// } +// } + + /** + * Parses the embedded <saml:Assertion> element from <InfoboxReadResponse> + * @return <saml:Assertion> as String + * @throws ParseException on any parsing error + */ + public Element parseSAMLAssertion() throws ParseException { + try { + + String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_); + StringBuffer sb = new StringBuffer("/"); + sb.append(slPrefix); + sb.append(":InfoboxReadResponse/"); + sb.append(slPrefix); + sb.append(":BinaryFileData/"); + sb.append(slPrefix); + sb.append(":XMLContent/"); + sb.append(Constants.SAML_PREFIX); + sb.append(":Assertion"); + String samlAssertionXPath = sb.toString(); + Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath); + return samlAssertion; + + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + } + + /** + * Parses the identity link from the <saml:Assertion> + * @return Identity link + * @throws ParseException on any parsing error + */ + +// public IdentityLink parseIdentityLink() throws ParseException { +// String samlAssertionString = parseSAMLAssertion(); +// IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString); +// return ilParser.parseIdentityLink(); +// } + + /** + * Parses the identity link from the <saml:Assertion> + * @return Identity link + * @throws ParseException on any parsing error + */ + public IdentityLink parseIdentityLink() throws ParseException { + Element samlAssertion = parseSAMLAssertion(); + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + return ilParser.parseIdentityLink(); + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java new file mode 100644 index 000000000..7c4c01abe --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java @@ -0,0 +1,58 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.IOException; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * Parser for a SAML artifact. + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLArtifactParser { + /** byte array containing the SamlArtifact bytes */ + private byte[] samlArtifactBytes; + + /** + * Constructor + * @param samlArtifact as String + * @throws ParseException on any parsing error + */ + public SAMLArtifactParser(String samlArtifact) throws ParseException { + try { + samlArtifactBytes = Base64Utils.decode(samlArtifact, false); + } + catch (IOException ex) { + throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); + } + } + /** + * Parses the type code. + * @return type code + * @throws ParseException when SAML artifact is invalid + */ + public byte[] parseTypeCode() throws ParseException { + try { + byte[] typeCode = new byte[] {samlArtifactBytes[0], samlArtifactBytes[1]}; + return typeCode; + } + catch (Throwable ex) { + throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); + } + } + /** + * Parses the assertion handle. + * @return assertion handle + * @throws ParseException when SAML artifact is invalid + */ + public String parseAssertionHandle() throws ParseException { + try { + return new String(samlArtifactBytes, 22, 20); + } + catch (Throwable ex) { + throw new ParseException("parser.02", new Object[] {ex.toString()}, ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java new file mode 100644 index 000000000..4c49afb76 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -0,0 +1,156 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import iaik.utils.Base64InputStream; +import iaik.x509.X509Certificate; +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.*; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parses a <VerifyXMLSignatureResponse> returned by + * MOA-SPSS. + * This class implements the Singleton pattern + * + * @author Stefan Knirsch + * @version $Id$ + */ + + +public class VerifyXMLSignatureResponseParser { + // + // XPath namespace prefix shortcuts + // + /** Xpath prefix for reaching MOA Namespaces */ + private static final String MOA = Constants.MOA_PREFIX + ":"; + /** Xpath prefix for reaching DSIG Namespaces */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/"; + + /** Xpath expression to the X509SubjectName element */ + private static final String DSIG_SUBJECT_NAME_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + DSIG + "X509SubjectName"; + /** Xpath expression to the X509Certificate element */ + private static final String DSIG_X509_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + DSIG + "X509Certificate"; + /** Xpath expression to the PublicAuthority element */ + private static final String PUBLIC_AUTHORITY_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + MOA + "PublicAuthority"; + /** Xpath expression to the PublicAuthorityCode element */ + private static final String PUBLIC_AUTHORITY_CODE_XPATH = + PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code"; + /** Xpath expression to the QualifiedCertificate element */ + private static final String QUALIFIED_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + + MOA + "QualifiedCertificate"; + + /** Xpath expression to the SignatureCheckCode element */ + private static final String SIGNATURE_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureCheck/" + MOA + "Code"; + /** Xpath expression to the XMLDSIGManifestCheckCode element */ + private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; + /** Xpath expression to the CertificateCheckCode element */ + private static final String CERTIFICATE_CHECK_CODE_XPATH = + ROOT + MOA + "CertificateCheck/" + MOA + "Code"; + + + /** This is the root element of the XML-Document provided by the Security Layer Card*/ + private Element verifyXMLSignatureResponse; + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * A DOM-representation of the incoming String will be created + * @param xmlResponse <InfoboxReadResponse> as String + * @throws ParseException on any parsing error + */ + public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{ + try { + InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + + verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * A DOM-representation of the incoming Inputstream will be created + * @param xmlResponse <InfoboxReadResponse> as InputStream + * @throws Exception on any parsing error + */ + public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception + { + try { + verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse); + } + catch (Throwable t) { + throw new ParseException("parser.01", null, t); + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. + * The incoming Element will be used for further operations + * @param xmlResponse <InfoboxReadResponse> as Element + */ + public VerifyXMLSignatureResponseParser(Element xmlResponse) + { + verifyXMLSignatureResponse =xmlResponse; + + } + + /** + * Parse identity link from <InfoboxReadResponse> + * @return Identity link + * @throws ParseException on any parsing error + */ + + public VerifyXMLSignatureResponse parseData() throws ParseException { + + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + + try { + respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); + Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); + respData.setQualifiedCertificate(e!=null); + + Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( + verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); + + respData.setX509certificate(new X509Certificate(in)); + Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH); + respData.setPublicAuthority(publicAuthority != null); + respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); + respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); + + String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); + if (xmlDsigCheckCode!=null) + { + respData.setXmlDSIGManigest(true); + respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); + } + else + respData.setXmlDSIGManigest(false); + respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + } + catch (Throwable t) { + throw new ParseException("parser.01", null, t); + } + return respData; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java new file mode 100644 index 000000000..96e8e6dd6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -0,0 +1,202 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileItem; +import org.apache.commons.fileupload.FileItemFactory; +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.fileupload.disk.DiskFileItemFactory; +import org.apache.commons.fileupload.servlet.ServletFileUpload; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLDecoder; + +/** + * Base class for MOA-ID Auth Servlets, providing standard error handling + * and constant names. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { + + + /** + * Handles an error.
+ *
    + *
  • Logs the error
  • + *
  • Places error message and exception thrown into the request + * as request attributes (to be used by "/errorpage-auth.jsp")
  • + *
  • Sets HTTP status 500 (internal server error)
  • + *
+ * + * @param errorMessage error message + * @param exceptionThrown exception thrown + * @param req servlet request + * @param resp servlet response + */ + protected void handleError( + String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + + + if(null != errorMessage) { + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage ); + } + + if (null != exceptionThrown) { + if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + req.setAttribute("ExceptionThrown", exceptionThrown); + } + + //forward this to errorpage-auth.jsp where the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + + } + /** + * Handles a WrongParametersException. + * @param req servlet request + * @param resp servlet response + */ + protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) { + Logger.error(ex.toString()); + req.setAttribute("WrongParameters", ex.getMessage()); + + // forward this to errorpage-auth.jsp where the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + } + + /** + * Logs all servlet parameters for debugging purposes. + */ + protected void logParameters(HttpServletRequest req) { + for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) { + String parname = (String)params.nextElement(); + Logger.debug("Parameter " + parname + req.getParameter(parname)); + } + } + + /** + * Parses the request input stream for parameters, assuming parameters are encoded UTF-8 + * (no standard exists how browsers should encode them). + * + * @param req servlet request + * + * @return mapping parameter name -> value + * + * @throws IOException if parsing request parameters fails. + * + * @throws FileUploadException if parsing request parameters fails. + */ + protected Map getParameters(HttpServletRequest req) + throws IOException, FileUploadException { + + Map parameters = new HashMap(); + + + if (ServletFileUpload.isMultipartContent(req)) + { + // request is encoded as mulitpart/form-data + FileItemFactory factory = new DiskFileItemFactory(); + ServletFileUpload upload = null; + upload = new ServletFileUpload(factory); + List items = null; + items = upload.parseRequest(req); + for (int i = 0; i < items.size(); i++) + { + FileItem item = (FileItem) items.get(i); + if (item.isFormField()) + { + // Process only form fields - no file upload items + parameters.put(item.getFieldName(), item.getString("UTF-8")); + Logger.debug("Processed multipart/form-data request parameter: \nName: " + + item.getFieldName() + "\nValue: " + + item.getString("UTF-8")); + } + } + } + + else + { + // request is encoded as application/x-www-urlencoded + InputStream in = req.getInputStream(); + + String paramName; + String paramValueURLEncoded; + do { + paramName = new String(readBytesUpTo(in, '=')); + if (paramName.length() > 0) { + paramValueURLEncoded = readBytesUpTo(in, '&'); + String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); + parameters.put(paramName, paramValue); + } + } + while (paramName.length() > 0); + in.close(); + } + + return parameters; + } + + /** + * Reads bytes up to a delimiter, consuming the delimiter. + * @param in input stream + * @param delimiter delimiter character + * @return String constructed from the read bytes + * @throws IOException + */ + protected String readBytesUpTo(InputStream in, char delimiter) throws IOException { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + boolean done = false; + int b; + while (! done && (b = in.read()) >= 0) { + if (b == delimiter) + done = true; + else + bout.write(b); + } + return bout.toString(); + } + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java new file mode 100644 index 000000000..f33377547 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -0,0 +1,75 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.text.DateFormat; +import java.util.Date; +import java.util.Locale; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for updating the MOA-ID Auth configuration from configuration file + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ConfigurationServlet extends HttpServlet { + + /** + * Handle a HTTP GET request, used to indicated that the MOA + * configuration needs to be updated (reloaded). + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); + + try { + MOAIDAuthInitializer.initialized=false; + MOAIDAuthInitializer.initialize(); + String message = msg.getMessage("config.00", new Object[] + { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); + + Logger.info(message); + HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response); + + } catch (Throwable t) { + String errorMessage = msg.getMessage("config.04", null); + Logger.error(errorMessage, t); + HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response); + } + } + + /** + * Do the same as doGet. + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + doGet(request, response); + } + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); + } + +} + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java new file mode 100644 index 000000000..c41b514c8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -0,0 +1,135 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.util.Calendar; + +import org.apache.axis.AxisFault; +import org.w3c.dom.Element; + +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Web service for picking up authentication data created in the MOA-ID Auth component. + * + * @author Paul Ivancsics + * @version $Id$ + * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData + */ +public class GetAuthenticationDataService implements Constants { + + /** + * Constructor for GetAuthenticationDataService. + */ + public GetAuthenticationDataService() { + super(); + } + + /** + * Takes a lt;samlp:Request> containing a + * SAML artifact and returns the corresponding + * authentication data lt;saml:Assertion> + * (obtained from the AuthenticationServer), + * enclosed in a lt;samlp:Response>. + *
Bad requests are mapped into various lt;samlp:StatusCode>s, + * possibly containing enclosed sub-lt;samlp:StatusCode>s. + * The status codes are defined in the SAML specification. + * + * @param requests request elements of type lt;samlp:Request>; + * only 1 request element is allowed + * @return response element of type lt;samlp:Response>, + * packed into an Element[] + * @throws AxisFault thrown when an error occurs in assembling the + * lt;samlp:Response> + */ + public Element[] Request(Element[] requests) + throws AxisFault { + + Element request = requests[0]; + Element[] responses = new Element[1]; + String requestID = ""; + String statusCode = ""; + String subStatusCode = null; + String statusMessageCode = null; + String statusMessage = null; + String samlAssertion = ""; + if (requests.length > 1) { + // more than 1 request given as parameter + statusCode = "samlp:Requester"; + subStatusCode = "samlp:TooManyResponses"; + statusMessageCode = "1201"; + } + else { + try { + DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); + NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); + if (samlArtifactList.getLength() == 0) { + // no SAML artifact given in request + statusCode = "samlp:Requester"; + statusMessageCode = "1202"; + } + else if (samlArtifactList.getLength() > 1) { + // too many SAML artifacts given in request + statusCode = "samlp:Requester"; + subStatusCode = "samlp:TooManyResponses"; + statusMessageCode = "1203"; + } + else { + Element samlArtifactElem = (Element)samlArtifactList.item(0); + requestID = samlArtifactElem.getAttribute("RequestID"); + String samlArtifact = DOMUtils.getText(samlArtifactElem); + try { + AuthenticationData authData = AuthenticationServer.getInstance(). + getAuthenticationData(samlArtifact); + // success + samlAssertion = authData.getSamlAssertion(); + statusCode = "samlp:Success"; + statusMessageCode = "1200"; + } + catch (AuthenticationException ex) { + // no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); + } + } + } + catch (Throwable t) { + // invalid request format + statusCode = "samlp:Requester"; + statusMessageCode = "1204"; + } + } + try { + String responseID = Random.nextRandom(); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + if (statusMessage == null) + statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); + responses[0] = new SAMLResponseBuilder().build( + responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); + } + catch (MOAIDException e) { + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + throw fault; + } + catch (Throwable t) { + MOAIDException e = new MOAIDException("1299", null, t); + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + throw fault; + } + return responses; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java new file mode 100644 index 000000000..4dc69c70b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -0,0 +1,99 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.OutputStreamWriter; +import java.io.Writer; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for selecting a BKU. + *
In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete, + * the browser is redirected to the configured "BKU-Auswahl-URL". + *
In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect, + * the list of available BKU's is fetched from a BKU-Auswahl server, and presented + * to the user in an HTML form. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SelectBKUServlet extends AuthServlet { + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + + /** + * Responds with an HTML form which requests the user to choose a BKU. + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET SelectBKU"); + String authURL = + req.getScheme() + "://" + + req.getServerName() + ":" + + req.getServerPort() + + req.getContextPath() + "/"; + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); + String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); + String templateURL = req.getParameter(PARAM_TEMPLATE); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); + resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); + resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); + + try { + String returnValue = AuthenticationServer.getInstance().selectBKU( + authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); + String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); + if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { + // bkuSelectionType==HTMLComplete + String redirectURL = returnValue; + resp.setContentType("text/html"); + resp.sendRedirect(redirectURL); + Logger.info("REDIRECT TO: " + redirectURL); + } else { + // bkuSelectionType==HTMLSelect + String htmlForm = returnValue; + resp.setContentType("text/html;charset=UTF-8"); + Logger.debug("HTML-Form: " + htmlForm); + Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); + out.write(htmlForm); + out.flush(); + Logger.debug("Finished GET SelectBKU"); + } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + catch (Throwable ex) { + handleError(null, ex, req, resp); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java new file mode 100644 index 000000000..6098f5138 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -0,0 +1,103 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for starting a MOA ID authentication session. + * Utilizes the {@link AuthenticationServer}. + * + * @author Paul Ivancsics + * @version $Id$ + * @see AuthenticationServer#startAuthentication + */ +public class StartAuthenticationServlet extends AuthServlet { + + /** + * Responds with an HTML form which upon submit requests the identity link + * from the security layer implementation. + *
+ * Response: + *
    + *
  • Content type: "text/html"
  • + *
  • Content: see return value of {@link AuthenticationServer#startAuthentication}
  • + *
  • Error status: 500 + *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET StartAuthentication"); + String authURL = + req.getScheme() + "://" + + req.getServerName() + ":" + + req.getServerPort() + + req.getContextPath() + "/"; + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String sessionID = req.getParameter(PARAM_SESSIONID); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); + resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); + resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); + try { + String getIdentityLinkForm = + AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID); + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET StartAuthentication"); + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + + + /** + * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doGet(req, resp); + } + + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java new file mode 100644 index 000000000..6ec4a247d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -0,0 +1,120 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileUploadException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for verifying the signed authentication block + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class VerifyAuthenticationBlockServlet extends AuthServlet { + + + /** + * Constructor for VerifyAuthenticationBlockServlet. + */ + public VerifyAuthenticationBlockServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET VerifyAuthenticationBlock"); + } + + /** + * Verifies the signed authentication block and redirects the browser + * to the online application requested, adding a parameter needed for + * retrieving the authentication data. + *
+ * Request parameters: + *
    + *
  • MOASessionID: ID of associated authentication session
  • + *
  • XMLResponse: <CreateXMLSignatureResponse>
  • + *
+ * Response: + *
    + *
  • Status: 302
  • + *
  • Header "Location": URL of the online application requested, with + * parameters "Target"(only if the online application is + * a public service) and "SAMLArtifact" added
  • + *
  • Error status: 500 + *
+ * @see AuthenticationServer#verifyAuthenticationBlock + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST VerifyAuthenticationBlock"); + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + String samlArtifactBase64 = + AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + String redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + + } + /** + * Adds a parameter to a URL. + * @param url the URL + * @param paramname parameter name + * @param paramvalue parameter value + * @return the URL with parameter added + */ + private static String addURLParameter(String url, String paramname, String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java new file mode 100644 index 000000000..2134c1444 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -0,0 +1,107 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.Enumeration; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.fileupload.FileUploadException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for verifying the identity link + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class VerifyIdentityLinkServlet extends AuthServlet { + + /** + * Constructor for VerifyIdentityLinkServlet. + */ + public VerifyIdentityLinkServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET VerifyIdentityLink"); + } + + /** + * Verifies the identity link and responds with a new + * CreateXMLSignatureRequest. + *
+ * Request parameters: + *
    + *
  • MOASessionID: ID of associated authentication session
  • + *
  • XMLResponse: <InfoboxReadResponse>
  • + *
+ * Response: + *
    + *
  • Content type: "text/xml"
  • + *
  • Content: see return value of {@link AuthenticationServer#verifyIdentityLink}
  • + *
  • Error status: 500 + *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST VerifyIdentityLink"); + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + + String createXMLSignatureRequest = + AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + resp.setStatus(307); + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + resp.addHeader("Location", dataURL); + + //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) + resp.setContentType("text/xml;charset=UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(createXMLSignatureRequest.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST VerifyIdentityLink"); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java new file mode 100644 index 000000000..e6c9f4bee --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -0,0 +1,274 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import java.util.Iterator; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * + * This class is used to validate an {@link CreateXMLSignatureResponse} + * returned by the security layer. + * This class implements the Singleton pattern. + * @author Stefan Knirsch + * @version $Id$ + */ +public class CreateXMLSignatureResponseValidator { + + + /** Xpath expression to the dsig:Signature element */ + private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; + + + /** Singleton instance. null, if none has been created. */ + private static CreateXMLSignatureResponseValidator instance; + + /** + * Constructor for a singleton CreateXMLSignatureResponseValidator. + * @return an instance of CreateXMLSignatureResponseValidator + * @throws ValidateException if no instance can be created + */ + public static synchronized CreateXMLSignatureResponseValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new CreateXMLSignatureResponseValidator(); + } + return instance; + } + + + /** + * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} + * @param createXMLSignatureResponse + * @param session + * @throws ValidateException + */ + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) + throws ValidateException { + + // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier + + String gbTarget = session.getTarget(); + String oaURL = session.getPublicOAURLPrefix(); + boolean businessService = session.getBusinessService(); + + IdentityLink identityLink = session.getIdentityLink(); + + Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); + String issuer = samlAssertion.getAttribute("Issuer"); + if (issuer == null) { + // should not happen, because parser would dedect this + throw new ValidateException("validator.32", null); + } + String issueInstant = samlAssertion.getAttribute("IssueInstant"); + if (!issueInstant.equals(session.getIssueInstant())) { + throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); + } + + String name = identityLink.getName(); + if (!issuer.equals(name)) { + throw new ValidateException("validator.33", new Object[] {issuer, name}); + } + + SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); + + boolean foundOA = false; + boolean foundGB = false; + boolean foundWBPK = false; + int offset = 0; + + // check number of SAML aatributes + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + int extendedSAMLAttributesNum = 0; + if (extendedSAMLAttributes != null) { + extendedSAMLAttributesNum = extendedSAMLAttributes.size(); + } + int expectedSAMLAttributeNumber = + AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + extendedSAMLAttributesNum; + if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--; + int actualSAMLAttributeNumber = samlAttributes.length; + if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) { + Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + + expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber); + throw new ValidateException( + "validator.36", + new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)}); + } + + SAMLAttribute samlAttribute; + if (session.getSAMLAttributeGebeORwbpk()) { + // check the first attribute ("Geschaeftsbereich" or "wbPK") + samlAttribute = samlAttributes[0]; + if (businessService) { + if (!samlAttribute.getName().equals("wbPK")) { + if (samlAttribute.getName().equals("Geschaeftsbereich")) { + throw new ValidateException("validator.26", null); + } else { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)}); + } + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundWBPK = true; + try { + Element attrValue = (Element)samlAttribute.getValue(); + String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue(); + String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue(); + if (!value.equals(identityLink.getIdentificationValue())) { + throw new ValidateException("validator.28", null); + } + if (!type.equals(identityLink.getIdentificationType())) { + throw new ValidateException("validator.28", null); + } + } catch (Exception ex) { + throw new ValidateException("validator.29", null); + } + } else { + throw new ValidateException("validator.30", null); + } + } else { + if (!samlAttribute.getName().equals("Geschaeftsbereich")) { + if (samlAttribute.getName().equals("wbPK")) { + throw new ValidateException("validator.26", null); + } else { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)}); + } + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundGB = true; + if (!gbTarget.equals((String)samlAttribute.getValue())) { + throw new ValidateException("validator.13", null); + } + } else { + throw new ValidateException("validator.12", null); + } + } + } else { + offset--; + } + + // check the second attribute (must be "OA") + samlAttribute = samlAttributes[1 + offset]; + if (!samlAttribute.getName().equals("OA")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundOA = true; + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); + } + } else { + throw new ValidateException("validator.15", null); + } + + // check the third attribute (must be "Geburtsdatum") + samlAttribute = samlAttributes[2 + offset]; + if (!samlAttribute.getName().equals("Geburtsdatum")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlDateOfBirth = (String)samlAttribute.getValue(); + String dateOfBirth = identityLink.getDateOfBirth(); + if (!samlDateOfBirth.equals(dateOfBirth)) { + throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); + } + } else { + throw new ValidateException("validator.35", null); + } + + // now check the extended SAML attributes + int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; + if (extendedSAMLAttributes != null) { + Iterator it = extendedSAMLAttributes.iterator(); + while (it.hasNext()) { + ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); + samlAttribute = samlAttributes[i]; + String actualName = samlAttribute.getName(); + String expectedName = extendedSAMLAttribute.getName(); + if (!actualName.equals(expectedName)) { + throw new ValidateException( + "validator.38", + new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName }); + } + String actualNamespace = samlAttribute.getNamespace(); + String expectedNamespace = extendedSAMLAttribute.getNameSpace(); + if (!actualNamespace.equals(expectedNamespace)) { + throw new ValidateException( + "validator.38", + new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, }); + } + Object expectedValue = extendedSAMLAttribute.getValue(); + Object actualValue = samlAttribute.getValue(); + try { + if (expectedValue instanceof String) { + // replace \r\n because text might be base64-encoded + String expValue = StringUtils.replaceAll((String)expectedValue,"\r",""); + expValue = StringUtils.replaceAll(expValue,"\n",""); + String actValue = StringUtils.replaceAll((String)actualValue,"\r",""); + actValue = StringUtils.replaceAll(actValue,"\n",""); + if (!expValue.equals(actValue)) { + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue }); + } + } else if (expectedValue instanceof Element) { + // only check the name of the element + String actualElementName = ((Element)actualValue).getNodeName(); + String expectedElementName = ((Element)expectedValue).getNodeName(); + if (!(expectedElementName.equals(actualElementName))){ + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName}); + } + } else { + // should not happen + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()}); + } + } catch (ClassCastException e) { + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()}); + } + i++; + } + } + + + if (!foundOA) throw new ValidateException("validator.14", null); + if (businessService) { + if (session.getSAMLAttributeGebeORwbpk() && !foundWBPK) throw new ValidateException("validator.31", null); + } else { + if (!foundGB) throw new ValidateException("validator.11", null); + } + + //Check if dsig:Signature exists +// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); +// if (nl.getLength() != 1) { +// throw new ValidateException("validator.05", null); +// } + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH); + if (dsigSignature == null) { + throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java new file mode 100644 index 000000000..444f706e4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -0,0 +1,159 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * This class is used to validate an {@link IdentityLink} + * returned by the security layer + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class IdentityLinkValidator implements Constants { + + // + // XPath namespace prefix shortcuts + // + /** Xpath prefix for reaching PersonData Namespaces */ + private static final String PDATA = PD_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = DSIG_PREFIX + ":"; + /** Xpath prefix for reaching ECDSA Namespaces */ + private static final String ECDSA = ECDSA_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ""; + /** Xpath expression to the SAML:SubjectConfirmationData element */ + private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Subject/" + + SAML + + "SubjectConfirmation/" + + SAML + + "SubjectConfirmationData"; +/** Xpath expression to the PersonData:Person element */ + private static final String PERSON_XPATH = + SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; + /** Xpath expression to the SAML:Attribute element */ + private static final String ATTRIBUTE_XPATH = + ROOT + SAML + "AttributeStatement/" + SAML + "Attribute"; + /** Xpath expression to the SAML:AttributeName attribute */ + private static final String ATTRIBUTE_NAME_XPATH = + ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName"; + /** Xpath expression to the SAML:AttributeNamespace attribute */ + private static final String ATTRIBUTE_NAMESPACE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/@AttributeNamespace"; + /** Xpath expression to the SAML:AttributeValue element */ + private static final String ATTRIBUTE_VALUE_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Attribute/" + + SAML + + "AttributeValue"; + + /** Singleton instance. null, if none has been created. */ + private static IdentityLinkValidator instance; + + /** + * Constructor for a singleton IdentityLinkValidator. + * @return a new IdentityLinkValidator instance + * @throws ValidateException if no instance can be created + */ + public static synchronized IdentityLinkValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new IdentityLinkValidator(); + } + return instance; + } + + /** + * Method validate. Validates the {@link IdentityLink} + * @param identityLink The identityLink to validate + * @throws ValidateException on any validation error + */ + public void validate(IdentityLink identityLink) throws ValidateException { + + Element samlAssertion = identityLink.getSamlAssertion(); + //Search the SAML:ASSERTION Object (A2.054) + if (samlAssertion == null) { + throw new ValidateException("validator.00", null); + } + + // Check how many saml:Assertion/saml:AttributeStatement/ + // saml:Subject/ saml:SubjectConfirmation/ + // saml:SubjectConfirmationData/pr:Person of type + // PhysicalPersonType exist (A2.056) + NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH); + // If we have just one Person-Element we don't need to check the attributes + int counterPhysicalPersonType = 0; + if (nl.getLength() > 1) + for (int i = 0; i < nl.getLength(); i++) { + String xsiType = + ((Element) nl.item(i)) + .getAttributeNodeNS( + "http://www.w3.org/2001/XMLSchema-instance", + "type") + .getNodeValue(); + // We have to check if xsiType contains "PhysicalPersonType" + // An equal-check will fail because of the Namespace-prefix of the attribute value + if (xsiType.indexOf("PhysicalPersonType") > -1) + counterPhysicalPersonType++; + } + if (counterPhysicalPersonType > 1) + throw new ValidateException("validator.01", null); + + //Check the SAML:ATTRIBUTES + nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH); + for (int i = 0; i < nl.getLength(); i++) { + String attributeName = + XPathUtils.getAttributeValue( + (Element) nl.item(i), + "@AttributeName", + null); + String attributeNS = + XPathUtils.getAttributeValue( + (Element) nl.item(i), + "@AttributeNamespace", + null); + if (attributeName.equals("CitizenPublicKey")) { + + if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") || + attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) { + Element attributeValue = + (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue"); + if (attributeValue==null) + attributeValue = + (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); + if (attributeValue == null) + throw new ValidateException("validator.02", null); + + } + else + throw new ValidateException("validator.03", new Object [] {attributeNS} ); + } + else + throw new ValidateException("validator.04", new Object [] {attributeName} ); + } + + //Check if dsig:Signature exists + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature"); + if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java new file mode 100644 index 000000000..c776418ab --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -0,0 +1,32 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; + +/** + * Validates an InfoboxReadResponse. + * An implementing class has to validate the content of the InfoboxReadResponse + * according to the type specific rules and guidelines of the underlying + * application. + */ +public interface InfoboxValidator { + + /** + * This method validates an InfoboxReadResponse. + * The method validates the content of the passed infoboxReadResponse + * according to the type specific rules and guidelines of the underlying + * application. + * + * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams + * Parameters} needed by the validator. + * + * @return True if validation succeeds, + * otherwise false. + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (InfoboxValidatorParams params) + throws ValidateException; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java new file mode 100644 index 000000000..a6685fca8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java @@ -0,0 +1,35 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while validating an incoming XML structure + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ValidateException extends MOAIDException { + + /** + * Constructor for ValidateException. + * @param messageId + * @param parameters + */ + public ValidateException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ValidateException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ValidateException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java new file mode 100644 index 000000000..1f2ebc37c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -0,0 +1,177 @@ +package at.gv.egovernment.moa.id.auth.validator; + +import iaik.asn1.structures.Name; +import iaik.security.ecc.ecdsa.ECPublicKey; +import iaik.utils.RFC2253NameParserException; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * This class is used to validate an {@link VerifyXMLSignatureResponse} + * returned by MOA-SPSS + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureResponseValidator { + + /** Identification string for checking identity link */ + public static final String CHECK_IDENTITY_LINK = "IdentityLink"; + /** Identification string for checking authentication block */ + public static final String CHECK_AUTH_BLOCK = "AuthBlock"; + + /** Singleton instance. null, if none has been created. */ + private static VerifyXMLSignatureResponseValidator instance; + + /** + * Constructor for a singleton VerifyXMLSignatureResponseValidator. + */ + public static synchronized VerifyXMLSignatureResponseValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new VerifyXMLSignatureResponseValidator(); + } + return instance; + } + + /** + * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. + * + * @param verifyXMLSignatureResponse the <VerifyXMLSignatureResponse> + * @param identityLinkSignersSubjectDNNames subject names configured + * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated + * @param ignoreManifestValidationResult specifies whether the validation result of the + * manifest has to be ignored (identityLink validation if + * the OA is a business service) or not + * @throws ValidateException on any validation error + */ + public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, + List identityLinkSignersSubjectDNNames, + String whatToCheck, + boolean ignoreManifestValidationResult) + throws ValidateException { + + if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) + throw new ValidateException("validator.06", null); + + if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { + String checkFailedReason =""; + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); + + if (whatToCheck.equals(CHECK_IDENTITY_LINK)) + throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); + else + throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); + } + + if (ignoreManifestValidationResult) { + Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); + } else { + if (verifyXMLSignatureResponse.isXmlDSIGManigest()) + if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) + throw new ValidateException("validator.08", null); + } + + + // TODO See Bug #322 + // Check result of SignatureManifestCheck + + + //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not + if (identityLinkSignersSubjectDNNames != null) { + String subjectDN = ""; + X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); + try { + subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); + } + catch (RFC2253NameParserException e) { + throw new ValidateException("validator.17", null); + } + // check the authorisation to sign the identity link + if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { + // subject DN check failed, try OID check: + try { + if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) { + throw new ValidateException("validator.18", new Object[] { subjectDN }); + } else { + Logger.debug("Identity link signer cert accepted for signing identity link: " + + "subjectDN check failed, but OID check successfully passed."); + } + } catch (X509ExtensionInitException e) { + throw new ValidateException("validator.49", null); + } + } else { + Logger.debug("Identity link signer cert accepted for signing identity link: " + + "subjectDN check successfully passed."); + } + + } + } + + /** + * Method validateCertificate. + * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse + * @param idl The Identitylink + * @throws ValidateException + */ + public void validateCertificate( + VerifyXMLSignatureResponse verifyXMLSignatureResponse, + IdentityLink idl) + throws ValidateException { + + X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); + PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); + + PublicKey pubKeySignature = x509Response.getPublicKey(); + + boolean found = false; + for (int i = 0; i < pubKeysIdentityLink.length; i++) { + + //compare RSAPublicKeys + if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) && + (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) { + + RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature; + RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; + + if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus()) + && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent())) + found = true; + } + + //compare ECDSAPublicKeys + if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) && + (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) { + + ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature; + ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i]; + + if(ecdsakey.equals(ecdsaPubKeySignature)) + found = true; + } + } + + if (!found) + throw new ValidateException("validator.09", null); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java new file mode 100644 index 000000000..90b780526 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -0,0 +1,894 @@ +package at.gv.egovernment.moa.id.config; + +import iaik.pki.pathvalidation.ChainingModes; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +import java.math.BigInteger; +import java.security.Principal; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Vector; + +import org.w3c.dom.Attr; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.id.auth.data.SchemaImpl; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; +import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathException; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * A class that builds configuration data from a DOM based representation. + * + * @author Patrick Peck + * @author Stefan Knirsch + * @version $Id$ + */ +public class ConfigurationBuilder { + + // + // XPath namespace prefix shortcuts + // + /** an XPATH-Expression */ + protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; + /** an XPATH-Expression */ + protected static final String DSIG = Constants.DSIG_PREFIX + ":"; + + // + // chaining mode constants appearing in the configuration file + // + /** an XPATH-Expression */ + protected static final String CM_CHAINING = "chaining"; + /** an XPATH-Expression */ + protected static final String CM_PKIX = "pkix"; + /** an XPATH-Expression */ + protected static final String DEFAULT_ENCODING = "UTF-8"; + + // + // XPath expressions to select certain parts of the configuration + // + /** an XPATH-Expression */ + protected static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; + + /** an XPATH-Expression */ + protected static final String AUTH_BKU_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection"; + /** an XPATH-Expression */ + protected static final String AUTH_BKUSELECT_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; + /** an XPATH-Expression */ + protected static final String AUTH_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID"; + /** an XPATH-Expression */ + protected static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID"; + + /** an XPATH-Expression */ + protected static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName"; + + /** an XPATH-Expression */ + public static final String AUTH_VERIFY_INFOBOXES_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes"; + + /** an XPATH-Expression */ + protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; + /** an XPATH-Expression */ + protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH = + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH = + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; + /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETER_URL_XPATH = + CONF + "ConnectionParameter/@URL"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = + CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = + CONF + "ConnectionParameter/" + CONF + "ClientKeyStore"; + /** an XPATH-Expression */ + protected static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = + CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password"; + /** an XPATH-Expression */ + protected static final String GENERIC_CONFIGURATION_XPATH = + ROOT + CONF + "GenericConfiguration"; + + /** an XPATH-Expression */ + protected static final String CHAINING_MODES_XPATH = + ROOT + CONF + "ChainingModes"; + /** an XPATH-Expression */ + protected static final String CHAINING_MODES_DEFAULT_XPATH = + CHAINING_MODES_XPATH + "/@systemDefaultMode"; + /** an XPATH-Expression */ + protected static final String TRUST_ANCHOR_XPATH = + ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; + /** an XPATH-Expression */ + protected static final String ISSUER_XPATH = DSIG + "X509IssuerName"; + /** an XPATH-Expression */ + protected static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; + /** an XPATH-Expression */ + protected static final String TRUSTED_CA_CERTIFICATES_XPATH = + ROOT + CONF + "TrustedCACertificates"; + + /** an XPATH-Expression */ + protected static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile"; + /** an XPATH-Expression */ + protected static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID"; + /** an XPATH-Expression */ + protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox"; + + + + + /** + * main configuration file directory name used to configure MOA-ID + */ + protected String rootConfigFileDir_; + + /** The root element of the MOA-ID configuration */ + protected Element configElem_; + + /** + * Creates a new MOAConfigurationProvider. + * + * @param configElem The root element of the MOA-ID configuration. + */ + public ConfigurationBuilder(Element configElem, String rootConfigDir) { + configElem_ = configElem; + rootConfigFileDir_ = rootConfigDir; + } + + /** + * Returns the root element of the MOA-ID configuration. + * + * @return The root element of the MOA-ID configuration. + */ + public Element getConfigElem() { + return configElem_; + } + + /** + * Build a ConnectionParameter object containing all information + * of the moa-sp element in the authentication component + * @return ConnectionParameter of the authentication component moa-sp element + */ + public ConnectionParameter buildAuthBKUConnectionParameter() { + + Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); + if (authBKU==null) return null; + return buildConnectionParameter(authBKU); + } + + /** + * Method buildAuthBKUSelectionType. + * + * Build a string with the configuration value of BKUSelectionAlternative + * + * @return String + */ + public String buildAuthBKUSelectionType() { + + Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); + if (authBKU==null) return null; + return (authBKU).getAttribute("BKUSelectionAlternative"); + } + + /** + * Build a string array with all filenames leading + * to the Transforms Information for the Security Layer + * @param contextNode The node from which should be searched + * @param xpathExpr The XPATH expression for the search + * @return String[] of filenames to the Security Layer Transforms Information + * or null if no transforms are included + */ + public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) { + + List transformsInfoFileNames = new ArrayList(); + + try { + NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); + + Attr tiElem; + while ((tiElem = (Attr) tiIter.nextNode()) != null) { + String tiFileName = tiElem.getNodeValue(); + transformsInfoFileNames.add(tiFileName); + } + + String[] result = new String[transformsInfoFileNames.size()]; + transformsInfoFileNames.toArray(result); + + return result; + } catch (XPathException xpe) { + return new String[0]; + } + } + + + /** + * Loads the transformsInfos from files. + * @throws Exception on any exception thrown + */ + public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { + + String[] transformsInfos = new String[transformsInfoFileNames.length]; + for (int i = 0; i < transformsInfoFileNames.length; i++) { + String fileURL = transformsInfoFileNames[i]; + + //if fileURL is relative to rootConfigFileDir make it absolute + fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); + String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); + transformsInfos[i] = transformsInfo; + } + return transformsInfos; + } + + /** + * Build a ConnectionParameter bean containing all information + * of the authentication component moa-sp element + * @return ConnectionParameter of the authentication component moa-sp element + */ + public ConnectionParameter buildMoaSpConnectionParameter() { + + Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_MOA_SP_XPATH); + if (connectionParameter==null) return null; + return buildConnectionParameter(connectionParameter); + } + + /** + * Return a string with a url-reference to the VerifyIdentityLink trust + * profile id within the moa-sp part of the authentication component + * @return String with a url-reference to the VerifyIdentityLink trust profile ID + */ + public String getMoaSpIdentityLinkTrustProfileID() { + return XPathUtils.getElementValue( + configElem_, + AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH, + ""); + } + /** + * Return a string representation of an URL pointing to trusted CA Certificates + * @return String representation of an URL pointing to trusted CA Certificates + */ + public String getTrustedCACertificates() { + return XPathUtils.getElementValue( + configElem_, + TRUSTED_CA_CERTIFICATES_XPATH,null); + } + + /** + * Return a string with a url-reference to the VerifyAuthBlock trust + * profile id within the moa-sp part of the authentication component + * @return String with a url-reference to the VerifyAuthBlock trust profile ID + */ + public String getMoaSpAuthBlockTrustProfileID() { + return XPathUtils.getElementValue( + configElem_, + AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH, + ""); + } + /** + * Build a string array with references to all verify transform info + * IDs within the moa-sp part of the authentication component + * @return A string array containing all urls to the + * verify transform info IDs + */ + public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() { + + List verifyTransformsInfoIDs = new ArrayList(); + NodeIterator vtIter = + XPathUtils.selectNodeIterator( + configElem_, + AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH); + Element vtElem; + + while ((vtElem = (Element) vtIter.nextNode()) != null) { + + String vtInfoIDs = DOMUtils.getText(vtElem); + verifyTransformsInfoIDs.add(vtInfoIDs); + } + String[] result = new String[verifyTransformsInfoIDs.size()]; + verifyTransformsInfoIDs.toArray(result); + + return result; + } + + + /** + * Returns a list containing all X509 Subject Names + * of the Identity Link Signers + * @return a list containing the configured identity-link signer X509 subject names + */ + public List getIdentityLink_X509SubjectNames() { + + Vector x509SubjectNameList = new Vector(); + NodeIterator x509Iter = + XPathUtils.selectNodeIterator( + configElem_, + AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH); + Element x509Elem; + + while ((x509Elem = (Element) x509Iter.nextNode()) != null) { + String vtInfoIDs = DOMUtils.getText(x509Elem); + x509SubjectNameList.add(vtInfoIDs); + } + + // now add the default identity link signers + String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; + for (int i=0; inull
. + * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating + * the identity link signer certificate. Needed for + * checking if this ID is not used for validating other + * infoboxes. + * + * @return An OAProxyParameter array containing beans + * with all relevant information for the authentication component of the online + * application + */ + public OAAuthParameter[] buildOnlineApplicationAuthParameters( + VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID) + throws ConfigurationException + { + + String bkuSelectionTemplateURL = + XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); + String templateURL = + XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + + List OA_set = new ArrayList(); + NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); + + for (int i = 0; i < OAIter.getLength(); i++) { + Element oAElem = (Element) OAIter.item(i); + Element authComponent = + (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH); + + OAAuthParameter oap = new OAAuthParameter(); + String publicURLPrefix = oAElem.getAttribute("publicURLPrefix"); + oap.setPublicURLPrefix(publicURLPrefix); + oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); + + // get the type of the online application + String oaType = oAElem.getAttribute("type"); + oap.setOaType(oaType); + String slVersion = "1.1"; + if ("businessService".equalsIgnoreCase(oaType)) { + if (authComponent==null) { + Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + Element identificationNumberElem = + (Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH); + if (identificationNumberElem==null) { + Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes()); + if (identificationNumberChild == null) { + Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) { + oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild)); + } else { + // If we have business service and want to dealt with GDA, the security layer can be advised to calulate + // the Health Professional Identifier HPI instead of the wbPK + Logger.info("OA uses HPI for Identification"); + oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI); + } + + // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file + Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2"); + slVersion = "1.2"; + + } else { + + if (authComponent!=null) { + slVersion = authComponent.getAttribute("slVersion"); + } + + } + oap.setSlVersion(slVersion); + //Check if there is an Auth-Block to read from configuration + + if (authComponent!=null) + { + oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl"))); + oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); + oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); + oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); + oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); + oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + // load OA specific transforms if present + String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); + try { + oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames)); + } catch (Exception ex) { + Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms."); + } + Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH); + oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters( + verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); + } + OA_set.add(oap); + } + OAAuthParameter[] result = + new OAAuthParameter[OA_set.size()]; + OA_set.toArray(result); + + return result; + + } + + /** + * Builds the URL for a BKUSelectionTemplate or a Template. The method selects + * the uri string from the MOA ID configuration file via the given xpath expression + * and returns either this string or the default value. + * + * @param oaAuthComponent The AuthComponent element to get the template from. + * @param xpathExpr The xpath expression for selecting the template uri. + * @param defaultURL The default template url. + * @return The template url. This may either the via xpath selected uri + * or, if no template is specified within the online appliacation, + * the default url. Both may be null. + */ + protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) { + String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL); + if (templateURL != null) { + templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_); + } + return templateURL; + } + + + /** + * Method buildConnectionParameter: internal Method for creating a + * ConnectionParameter object with all data found in the incoming element + * @param root This Element contains the ConnectionParameter + * @return ConnectionParameter + */ + protected ConnectionParameter buildConnectionParameter(Element root) + { + ConnectionParameter result = new ConnectionParameter(); + result.setAcceptedServerCertificates( + XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null)); + + result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL( + result.getAcceptedServerCertificates(), rootConfigFileDir_)); + + result.setUrl( + XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, "")); + result.setClientKeyStore( + XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null)); + + result.setClientKeyStore(FileUtils.makeAbsoluteURL( + result.getClientKeyStore(), rootConfigFileDir_)); + + result.setClientKeyStorePassword( + XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,"")); + + if ((result.getAcceptedServerCertificates()==null) + && (result.getUrl()=="") + && (result.getClientKeyStore()==null) + && (result.getClientKeyStorePassword()=="")) + return null; + + return result; + } + + + /** + * Build the mapping of generic configuration properties. + * + * @return a {@link Map} of generic configuration properties (a name to value + * mapping) from the configuration. + */ + public Map buildGenericConfiguration() { + + Map genericConfiguration = new HashMap(); + NodeIterator gcIter = + XPathUtils.selectNodeIterator( + configElem_, + GENERIC_CONFIGURATION_XPATH); + Element gcElem; + + while ((gcElem = (Element) gcIter.nextNode()) != null) { + String gcName = gcElem.getAttribute("name"); + String gcValue = gcElem.getAttribute("value"); + + genericConfiguration.put(gcName, gcValue); + } + + return genericConfiguration; + } + + + /** + * Returns the default chaining mode from the configuration. + * + * @return The default chaining mode. + */ + public String getDefaultChainingMode() { + String defaultChaining = + XPathUtils.getAttributeValue( + configElem_, + CHAINING_MODES_DEFAULT_XPATH, + CM_CHAINING); + + return translateChainingMode(defaultChaining); + + } + /** + * Build the chaining modes for all configured trust anchors. + * + * @return The mapping from trust anchors to chaining modes. + */ + public Map buildChainingModes() { + Map chainingModes = new HashMap(); + NodeIterator trustIter = + XPathUtils.selectNodeIterator(configElem_, TRUST_ANCHOR_XPATH); + Element trustAnchorElem; + + while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { + IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem); + String mode = trustAnchorElem.getAttribute("mode"); + + if (issuerAndSerial != null) { + chainingModes.put(issuerAndSerial, translateChainingMode(mode)); + } + } + + return chainingModes; + } + + /** + * Build an IssuerAndSerial from the DOM representation. + * + * @param root The root element (being of type dsig: + * X509IssuerSerialType. + * @return The issuer and serial number contained in the root + * element or null if could not be built for any reason. + */ + protected IssuerAndSerial buildIssuerAndSerial(Element root) { + String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null); + String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null); + + if (issuer != null && serial != null) { + try { + RFC2253NameParser nameParser = new RFC2253NameParser(issuer); + Principal issuerDN = nameParser.parse(); + + return new IssuerAndSerial(issuerDN, new BigInteger(serial)); + } catch (RFC2253NameParserException e) { + warn("config.09", new Object[] { issuer, serial }, e); + return null; + } catch (NumberFormatException e) { + warn("config.09", new Object[] { issuer, serial }, e); + return null; + } + } + return null; + } + + /** + * Translate the chaining mode from the configuration file to one used in the + * IAIK MOA API. + * + * @param chainingMode The chaining mode from the configuration. + * @return The chaining mode as provided by the ChainingModes + * interface. + * @see iaik.pki.pathvalidation.ChainingModes + */ + protected String translateChainingMode(String chainingMode) { + if (chainingMode.equals(CM_CHAINING)) { + return ChainingModes.CHAIN_MODE; + } else if (chainingMode.equals(CM_PKIX)) { + return ChainingModes.PKIX_MODE; + } else { + return ChainingModes.CHAIN_MODE; + } + } + + /** + * Builds the IdentityLinkDomainIdentifier as needed for providing it to the + * SecurityLayer for computation of the wbPK. + *

e.g.:
+ * input element: + *
+ * <pr:Firmenbuchnummer Identifier="FN">000468 i</pr:Firmenbuchnummer> + *

+ * return value: urn:publicid:gv.at+wbpk+FN468i + * + * @param number The element holding the identification number of the business + * company. + * @return The domain identifier + */ + protected String buildIdentityLinkDomainIdentifier(Element number) { + if (number == null) { + return null; + } + String identificationNumber = number.getFirstChild().getNodeValue(); + String identifier = number.getAttribute("Identifier"); + // remove all blanks + identificationNumber = StringUtils.removeBlanks(identificationNumber); + if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) { + // delete zeros from the beginning of the number + identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); + // remove hyphens + identificationNumber = StringUtils.removeToken(identificationNumber, "-"); + } + StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK); + identityLinkDomainIdentifier.append("+"); + if (!identificationNumber.startsWith(identifier)) { + identityLinkDomainIdentifier.append(identifier); + } + identityLinkDomainIdentifier.append("+"); + identityLinkDomainIdentifier.append(identificationNumber); + return identityLinkDomainIdentifier.toString(); + } + + /** + * Builds the parameters for verifying additional infoboxes (additional to the + * IdentityLink infobox). + * + * @param verifyInfoboxesElem The VerifyInfoboxes element from the + * config file. This maybe the global element or the + * elment from an Online application. + * @param defaultVerifyInfoboxParameters Default parameters to be used, if no + * VerifyInfoboxes element is present. + * This only applies to parameters + * of an specific online application and is set to + * null when building the global parameters. + * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating + * the identity link signer certificate. Needed for + * checking if this ID is not used for validating other + * infoboxes. + * + * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters} + * object needed for verifying additional infoboxes. + * + * @throws ConfigurationException If the trust profile for validating the identity link + * signer certificate is used for validating another infobox. + */ + public VerifyInfoboxParameters buildVerifyInfoboxParameters( + Node verifyInfoboxesElem, + VerifyInfoboxParameters defaultVerifyInfoboxParameters, + String moaSpIdentityLinkTrustProfileID) + throws ConfigurationException + { + + if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) { + return null; + } + Vector identifiers = new Vector(); + List defaultIdentifiers = null; + Map defaultInfoboxParameters = null; + if (defaultVerifyInfoboxParameters != null) { + defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers(); + defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters(); + } + Hashtable infoboxParameters = new Hashtable(); + if (verifyInfoboxesElem != null) { + // get the DefaultTrustProfileID + String defaultTrustProfileID = null; + Node defaultTrustProfileNode = + XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH); + if (defaultTrustProfileNode != null) { + Node trustProfileIDNode = + XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH); + defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue(); + if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) { + throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID}); + } + } + // get the Infoboxes + NodeList infoboxes = + XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH); + for (int i=0; iMOAConfigurationException. + */ + public ConfigurationException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Create a MOAConfigurationException. + */ + public ConfigurationException( + String messageId, + Object[] parameters, + Throwable wrapped) { + + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java new file mode 100644 index 000000000..e65c47bad --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -0,0 +1,128 @@ +package at.gv.egovernment.moa.id.config; + +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.Map; + +import at.gv.egovernment.moa.id.data.IssuerAndSerial; + +/** + * Base class for AuthConfigurationProvider and ProxyConfigurationProvider, + * providing functions common to both of them. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ConfigurationProvider { + + /** + * Constructor + */ + public ConfigurationProvider() { + super(); + } + + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String CONFIG_PROPERTY_NAME = + "moa.id.configuration"; + + /** + * The name of the generic configuration property giving the certstore directory path. + */ + public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = + "DirectoryCertStoreParameters.RootDir"; + + /** + * The name of the generic configuration property switching the ssl revocation checking on/off + */ + public static final String TRUST_MANAGER_REVOCATION_CHECKING = + "TrustManager.RevocationChecking"; + + + /** + * A Map which contains generic configuration information. Maps a + * configuration name (a String) to a configuration value (also a + * String). + */ + protected Map genericConfiguration; + + /** The default chaining mode. */ + protected String defaultChainingMode; + + /** + * A Map which contains the IssuerAndSerial to + * chaining mode (a String) mapping. + */ + protected Map chainingModes; + + /** + * the URL for the trusted CA Certificates + */ + protected String trustedCACertificates; + + /** + * main configuration file directory name used to configure MOA-ID + */ + protected String rootConfigFileDir; + + /** + * Returns the main configuration file directory used to configure MOA-ID + * + * @return the directory + */ + public String getRootConfigFileDir() { + return rootConfigFileDir; + } + + /** + * Returns the mapping of generic configuration properties. + * + * @return The mapping of generic configuration properties (a name to value + * mapping) from the configuration. + */ + public Map getGenericConfiguration() { + return genericConfiguration; + } + + /** + * Returns the value of a parameter from the generic configuration section. + * + * @return the parameter value; null if no such parameter + */ + public String getGenericConfigurationParameter(String parameter) { + if (! genericConfiguration.containsKey(parameter)) + return null; + return (String)genericConfiguration.get(parameter); + } + + /** + * Return the chaining mode for a given trust anchor. + * + * @param trustAnchor The trust anchor for which the chaining mode should be + * returned. + * @return The chaining mode for the given trust anchor. If the trust anchor + * has not been configured separately, the system default will be returned. + */ + public String getChainingMode(X509Certificate trustAnchor) { + Principal issuer = trustAnchor.getIssuerDN(); + BigInteger serial = trustAnchor.getSerialNumber(); + IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); + + String mode = (String) chainingModes.get(issuerAndSerial); + return mode != null ? mode : defaultChainingMode; + } + + /** + * Returns the trustedCACertificates. + * @return String + */ + public String getTrustedCACertificates() { + + return trustedCACertificates; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java new file mode 100644 index 000000000..30b09cfe0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -0,0 +1,106 @@ +package at.gv.egovernment.moa.id.config; + +/** + * This bean class is used to store data for various connectionParameter + * within the MOA-ID configuration + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class ConnectionParameter { + + /** + * Server URL + */ + private String url; + /** + * File URL for a directory containing PKCS#12 server SSL certificates. + * From these certificates, a X509 trust store will be assembled for use + * by a JSSE TrustManager. + * This field will only be used in case of an HTTPS URL. + */ + private String acceptedServerCertificates; + /** + * File URL of a X509 key store containing the private key to be used + * for an HTTPS connection when the server requires client authentication. + * This field will only be used in case of an HTTPS URL. + */ + private String clientKeyStore; + /** + * Password protecting the client key store. + */ + private String clientKeyStorePassword; + + /** + * Checks whether the URL scheme is "https". + * @return true in case of an URL starting with "https" + */ + public boolean isHTTPSURL() { + return getUrl().indexOf("https") == 0; + } + + /** + * Returns the url. + * @return String + */ + public String getUrl() { + return url; + } + + /** + * Returns the acceptedServerCertificates. + * @return String + */ + public String getAcceptedServerCertificates() { + return acceptedServerCertificates; + } + + /** + * Sets the acceptedServerCertificates. + * @param acceptedServerCertificates The acceptedServerCertificates to set + */ + public void setAcceptedServerCertificates(String acceptedServerCertificates) { + this.acceptedServerCertificates = acceptedServerCertificates; + } + + /** + * Sets the url. + * @param url The url to set + */ + public void setUrl(String url) { + this.url = url; + } + + /** + * Returns the clientKeyStore. + * @return String + */ + public String getClientKeyStore() { + return clientKeyStore; + } + + /** + * Returns the clientKeyStorePassword. + * @return String + */ + public String getClientKeyStorePassword() { + return clientKeyStorePassword; + } + + /** + * Sets the clientKeyStore. + * @param clientKeyStore The clientKeyStore to set + */ + public void setClientKeyStore(String clientKeyStore) { + this.clientKeyStore = clientKeyStore; + } + + /** + * Sets the clientKeyStorePassword. + * @param clientKeyStorePassword The clientKeyStorePassword to set + */ + public void setClientKeyStorePassword(String clientKeyStorePassword) { + this.clientKeyStorePassword = clientKeyStorePassword; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java new file mode 100644 index 000000000..19a27b463 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -0,0 +1,76 @@ +package at.gv.egovernment.moa.id.config; + +/** + * Configuration parameters belonging to an online application, + * to be used within both, the MOA ID Auth and the + * MOA ID PROXY component. + * + * @author Harald Bratko + */ +public class OAParameter { + + /** + * type of the online application (maybe "PublicService" or "BusinessService") + */ + private String oaType; + + /** + * specifies whether the online application is a business application or not + * (true if value of {@link #oaType} is "businessService" + */ + private boolean businessService; + + /** + * public URL prefix of the online application + */ + private String publicURLPrefix; + + /** + * Returns the type of the online application. + * @return the type of the online application. + */ + public String getOaType() { + return oaType; + } + + /** + * Returns true is the OA is a businss application, otherwise + * false. + * @return true is the OA is a businss application, otherwise + * false + */ + public boolean getBusinessService() { + return this.businessService; + } + + /** + * Returns the publicURLPrefix. + * @return String + */ + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + /** + * + * Sets the type of the online application. + * If the type is "businessService" the value of businessService + * ({@link #getBusinessService()}) is also set to true + * @param oaType The type of the online application. + */ + public void setOaType(String oaType) { + this.oaType = oaType; + if ("businessService".equalsIgnoreCase(oaType)) { + this.businessService = true; + } + } + + /** + * Sets the publicURLPrefix. + * @param publicURLPrefix The publicURLPrefix to set + */ + public void setPublicURLPrefix(String publicURLPrefix) { + this.publicURLPrefix = publicURLPrefix; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java new file mode 100644 index 000000000..b4af6592c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -0,0 +1,414 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.MalformedURLException; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * A class providing access to the Auth Part of the MOA-ID configuration data. + * + *

Configuration data is read from an XML file, whose location is given by + * the moa.id.configuration system property.

+ *

This class implements the Singleton pattern. The reload() + * method can be used to update the configuration data. Therefore, it is not + * guaranteed that consecutive calls to getInstance() will return + * the same AuthConfigurationProvider all the time. During the + * processing of a web service request, the current + * TransactionContext should be used to obtain the + * AuthConfigurationProvider local to that request.

+ * + * @author Patrick Peck + * @author Stefan Knirsch + * + * @version $Id$ + */ +public class AuthConfigurationProvider extends ConfigurationProvider { + + /** DEFAULT_ENCODING is "UTF-8" */ + private static final String DEFAULT_ENCODING="UTF-8"; + /** + * The name of the generic configuration property giving the authentication session time out. + */ + public static final String AUTH_SESSION_TIMEOUT_PROPERTY = + "AuthenticationSession.TimeOut"; + /** + * The name of the generic configuration property giving the authentication data time out. + */ + public static final String AUTH_DATA_TIMEOUT_PROPERTY = + "AuthenticationData.TimeOut"; + + /** + * BKUSelectionType HTMLComplete, according to schema type BKUSelectionType + */ + public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = + "HTMLComplete"; + + /** + * BKUSelectionType HTMLSelect, according to schema type BKUSelectionType + */ + public static final String BKU_SELECTION_TYPE_HTMLSELECT = + "HTMLSelect"; + + /** + * The name of the generic configuration property allowing https connection to + * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) + */ + public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = + "FrontendServlets.EnableHTTPConnection"; + + /** + * The name of the generic configuration property allowing to set a individual + * DATA URL used to communicate with the BKU (SecurityLayer) + */ + public static final String INDIVIDUAL_DATA_URL_PREFIX = + "FrontendServlets.DataURLPrefix"; + + /** Singleton instance. null, if none has been created. */ + private static AuthConfigurationProvider instance; + + // + // configuration data + // + + /** + * configuration files containing transformations for rendering in the + * secure viewer of the security layer implementation; + * multiple files can be given for different mime types + */ + private String[] transformsInfoFileNames; + + /** + * transformations for rendering in the secure viewer of the security layer implementation, + * read from {@link transformsInfoFileNames}; + * multiple transformation can be given for different mime types + */ + private String[] transformsInfos; + + /** + * parameters for connection to MOA SP component + */ + private ConnectionParameter moaSpConnectionParameter; + /** + * trust profile ID to be used for verifying the identity link signature via MOA ID SP + */ + private String moaSpIdentityLinkTrustProfileID; + /** + * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP + */ + private String moaSpAuthBlockTrustProfileID; + /** + * transformations to be used for verifying the AUTH block signature via MOA ID SP + */ + private String[] moaSpAuthBlockVerifyTransformsInfoIDs; + /** + * X509 SubjectNames which will be trusted + */ + private List identityLinkX509SubjectNames; + /** + * default parameters for verifying additional infoboxes. + */ + private VerifyInfoboxParameters defaultVerifyInfoboxParameters; + + /** + * configuration parameters for online applications + */ + private OAAuthParameter[] onlineApplicationAuthParameters; + /** + * the Selection Type of the bku Selection Element + */ + private String bKUSelectionType; + /** + * is the bku Selection Element present? + */ + private boolean bKUSelectable; + /** + * the bku Selection Connection Parameters + */ + private ConnectionParameter bKUConnectionParameter; + + /** + * Return the single instance of configuration data. + * + * @return AuthConfigurationProvider The current configuration data. + * @throws ConfigurationException + */ + public static synchronized AuthConfigurationProvider getInstance() + throws ConfigurationException { + + if (instance == null) { + reload(); + } + return instance; + } + + /** + * Reload the configuration data and set it if successful. + * + * @return AuthConfigurationProvider The loaded configuration data. + * @throws ConfigurationException Failure to load the configuration data. + */ + public static synchronized AuthConfigurationProvider reload() + throws ConfigurationException { + String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + if (fileName == null) { + throw new ConfigurationException("config.01", null); + } + Logger.info("Loading MOA-ID-AUTH configuration " + fileName); + + instance = new AuthConfigurationProvider(fileName); + return instance; + } + + /** + * Constructor for AuthConfigurationProvider. + * @param fileName + * @throws ConfigurationException + */ + public AuthConfigurationProvider(String fileName) + throws ConfigurationException { + + load(fileName); + } + + /** + * Load the configuration data from XML file with the given name and build + * the internal data structures representing the MOA ID configuration. + * + * @param fileName The name of the XML file to load. + * @throws ConfigurationException The MOA configuration could not be + * read/built. + */ + private void load(String fileName) throws ConfigurationException { + InputStream stream = null; + Element configElem; + ConfigurationBuilder builder; + + try { + // load the main config file + stream = new BufferedInputStream(new FileInputStream(fileName)); + configElem = DOMUtils.parseXmlValidating(stream); + } catch (Throwable t) { + throw new ConfigurationException("config.03", null, t); + } + finally { + try { + if (stream != null) { + stream.close(); + } + } catch (IOException e) { + } + } + try { + // determine the directory of the root config file + rootConfigFileDir = new File(fileName).getParent(); + try { + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + } catch (MalformedURLException t) { + throw new ConfigurationException("config.03", null, t); + } + + // build the internal datastructures + builder = new ConfigurationBuilder(configElem, rootConfigFileDir); + bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); + bKUSelectable = (bKUConnectionParameter!=null); + bKUSelectionType = builder.buildAuthBKUSelectionType(); + genericConfiguration = builder.buildGenericConfiguration(); + transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); + transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); + moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); + moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); + moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); + moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); + defaultVerifyInfoboxParameters = null; + Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); + if (defaultVerifyInfoboxParamtersElem != null) { + defaultVerifyInfoboxParameters = + builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); + } + onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); + identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); + defaultChainingMode = builder.getDefaultChainingMode(); + chainingModes = builder.buildChainingModes(); + trustedCACertificates = builder.getTrustedCACertificates(); + trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + + } catch (Throwable t) { + throw new ConfigurationException("config.02", null, t); + } + } + + /** + * Loads the transformsInfos from files. + * @throws Exception on any exception thrown + */ +// private void loadTransformsInfos() throws Exception { +// +// transformsInfos = new String[transformsInfoFileNames.length]; +// for (int i = 0; i < transformsInfoFileNames.length; i++) { +// String fileURL = transformsInfoFileNames[i]; +// +// //if fileURL is relative to rootConfigFileDir make it absolute +// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); +// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); +// transformsInfos[i] = transformsInfo; +// } +// } + + /** + * Loads the transformsInfos from files. + * @throws Exception on any exception thrown + */ + private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { + + String[] transformsInfos = new String[transformsInfoFileNames.length]; + for (int i = 0; i < transformsInfoFileNames.length; i++) { + String fileURL = transformsInfoFileNames[i]; + + //if fileURL is relative to rootConfigFileDir make it absolute + fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); + String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); + transformsInfos[i] = transformsInfo; + } + return transformsInfos; + } + /** + * Return a string array with all filenames leading + * to the Transforms Information for the Security Layer + * @return String[] of filenames to the Security Layer Transforms Information + */ + public String[] getTransformsInfoFileNames() { + return transformsInfoFileNames; + } + + /** + * Build an array of the OnlineApplication Parameters containing information + * about the authentication component + * @return An OAProxyParameter array containing beans + * with all relevant information for theauthentication component of the online + * application + */ + public OAAuthParameter[] getOnlineApplicationParameters() { + return onlineApplicationAuthParameters; + } + + /** + * Provides configuration information regarding the online application behind + * the given URL, relevant to the MOA-ID Auth component. + * + * @param oaURL URL requested for an online application + * @return an OAAuthParameter, or null + * if none is applicable + */ + public OAAuthParameter getOnlineApplicationParameter(String oaURL) { + OAAuthParameter[] oaParams = getOnlineApplicationParameters(); + for (int i = 0; i < oaParams.length; i++) { + OAAuthParameter oaParam = oaParams[i]; + if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0) + return oaParam; + } + return null; + } + + /** + * Return a string with a url-reference to the VerifyAuthBlock trust + * profile id within the moa-sp part of the authentication component + * + * @return String with a url-reference to the VerifyAuthBlock trust profile ID + */ + public String getMoaSpAuthBlockTrustProfileID() { + return moaSpAuthBlockTrustProfileID; + } + + /** + * Return a string array with references to all verify transform info + * IDs within the moa-sp part of the authentication component + * @return A string array containing all urls to the + * verify transform info IDs + */ + public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() { + return moaSpAuthBlockVerifyTransformsInfoIDs; + } + + /** + * Return a ConnectionParameter bean containing all information + * of the authentication component moa-sp element + * @return ConnectionParameter of the authentication component moa-sp element + */ + public ConnectionParameter getMoaSpConnectionParameter() { + return moaSpConnectionParameter; + } + + /** + * Return a string with a url-reference to the VerifyIdentityLink trust + * profile id within the moa-sp part of the authentication component + * @return String with a url-reference to the VerifyIdentityLink trust profile ID + */ + public String getMoaSpIdentityLinkTrustProfileID() { + return moaSpIdentityLinkTrustProfileID; + } + /** + * Returns the transformsInfos. + * @return String[] + */ + public String[] getTransformsInfos() { + return transformsInfos; + } + + /** + * Returns the identityLinkX509SubjectNames. + * @return List + */ + public List getIdentityLinkX509SubjectNames() { + return identityLinkX509SubjectNames; + } + + /** + * Returns the bKUConnectionParameter. + * @return ConnectionParameter + */ + public ConnectionParameter getBKUConnectionParameter() { + return bKUConnectionParameter; + } + + /** + * Returns the bKUSelectable. + * @return boolean + */ + public boolean isBKUSelectable() { + return bKUSelectable; + } + + /** + * Returns the bKUSelectionType. + * @return String + */ + public String getBKUSelectionType() { + return bKUSelectionType; + } + + /** + * Returns the defaultVerifyInfoboxParameters. + * + * @return The defaultVerifyInfoboxParameters. + */ + public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() { + return defaultVerifyInfoboxParameters; + } + +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java new file mode 100644 index 000000000..ba3b61f9d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -0,0 +1,268 @@ +package at.gv.egovernment.moa.id.config.auth; + +import at.gv.egovernment.moa.id.config.OAParameter; + +/** + * Configuration parameters belonging to an online application, + * to use with the MOA ID Auth component. + * + * @author Stefan Knirsch + * @version $Id$ + */ +/** + * + * + * @author Harald Bratko + */ +public class OAAuthParameter extends OAParameter { + /** + * Sercurity Layer version + */ + private String slVersion; + /** + * true, if the Security Layer version is version 1.2, otherwise false + */ + private boolean slVersion12; + /** + * identityLinkDomainIdentifier + * (e.g urn:publicid:gv.at+wbpk+FN468i for a "Firmenbuchnummer") + *
+ * only used within a business application context for providing it to the + * security layer as input for wbPK computation + */ + private String identityLinkDomainIdentifier; + /** + * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) + */ + private String keyBoxIdentifier; + /** + * transformations for rendering in the secure viewer of the security layer + * implementation; multiple transformation can be given for different mime types + */ + private String[] transformsInfos; + /** + * determines whether "Stammzahl" is to be included in the authentication data + */ + private boolean provideStammzahl; + /** + * determines whether AUTH block is to be included in the authentication data + */ + private boolean provideAuthBlock; + /** + * determines whether identity link is to be included in the authentication data + */ + private boolean provideIdentityLink; + /** + * determines whether the certificate is to be included in the authentication data + */ + private boolean provideCertificate; + /** + * url to a template for web page "Auswahl der Bürgerkartenumgebung" + */ + private String bkuSelectionTemplateURL; + /** + * template for web page "Anmeldung mit Bürgerkarte" + */ + private String templateURL; + /** + * Parameters for verifying infoboxes. + */ + private VerifyInfoboxParameters verifyInfoboxParameters; + + /** + * Returns true if the Security Layer version is version 1.2, + * otherwise false. + * @return true if the Security Layer version is version 1.2, + * otherwise false + */ + public boolean getSlVersion12() { + return slVersion12; + } + + /** + * Returns the security layer version. + * @return the security layer version. + */ + public String getSlVersion() { + return slVersion; + } + + /** + * Returns the identityLinkDomainIdentifier. + * @return the identityLinkDomainIdentifier. + */ + public String getIdentityLinkDomainIdentifier() { + return identityLinkDomainIdentifier; + } + + /** + * Returns the transformsInfos. + * @return the transformsInfos. + */ + public String[] getTransformsInfos() { + return transformsInfos; + } + + /** + * Returns the provideAuthBlock. + * @return String + */ + public boolean getProvideAuthBlock() { + return provideAuthBlock; + } + + /** + * Returns the provideIdentityLink. + * @return String + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink; + } + + /** + * Returns the provideStammzahl. + * @return String + */ + public boolean getProvideStammzahl() { + return provideStammzahl; + } + + /** + * Returns true if the certificate should be provided within the + * authentication data, otherwise false. + * @return true if the certificate should be provided, + * otherwise false + */ + public boolean getProvideCertifcate() { + return provideCertificate; + } + + /** + * Returns the key box identifier. + * @return String + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * Returns the BkuSelectionTemplate url. + * @return The BkuSelectionTemplate url or null if no url for + * a BkuSelectionTemplate is set. + */ + public String getBkuSelectionTemplateURL() { + return bkuSelectionTemplateURL; + } + + /** + * Returns the TemplateURL url. + * @return The TemplateURL url or null if no url for + * a Template is set. + */ + public String getTemplateURL() { + return templateURL; + } + + /** + * Returns the parameters for verifying additional infoboxes. + * + * @return The parameters for verifying additional infoboxes. + * Maybe null. + */ + public VerifyInfoboxParameters getVerifyInfoboxParameters() { + return verifyInfoboxParameters; + } + + /** + * Sets the security layer version. + * Also sets slVersion12 ({@link #getSlVersion12()}) + * to true if the Security Layer version is 1.2. + * @param slVersion The security layer version to be used. + */ + public void setSlVersion(String slVersion) { + this.slVersion = slVersion; + if ("1.2".equals(slVersion)) { + this.slVersion12 = true; + } + } + /** + * Sets the IdentityLinkDomainIdentifier. + * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. + */ + public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { + this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; + } + /** + * Sets the transformsInfos. + * @param transformsInfos The transformsInfos to be used. + */ + public void setTransformsInfos(String[] transformsInfos) { + this.transformsInfos = transformsInfos; + } + /** + * Sets the provideAuthBlock. + * @param provideAuthBlock The provideAuthBlock to set + */ + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + /** + * Sets the provideIdentityLink. + * @param provideIdentityLink The provideIdentityLink to set + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + + /** + * Sets the provideStammzahl. + * @param provideStammzahl The provideStammzahl to set + */ + public void setProvideStammzahl(boolean provideStammzahl) { + this.provideStammzahl = provideStammzahl; + } + + /** + * Sets the provideCertificate variable. + * @param provideCertificate The provideCertificate value to set + */ + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + /** + * Sets the key box identifier. + * @param keyBoxIdentifier to set + */ + public void setKeyBoxIdentier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * Sets the BkuSelectionTemplate url. + * @param bkuSelectionTemplateURL The url string specifying the location + * of a BkuSelectionTemplate. + */ + public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { + this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; + } + + /** + * Sets the Template url. + * @param templateURL The url string specifying the location + * of a Template. + */ + public void setTemplateURL(String templateURL) { + this.templateURL = templateURL; + } + + /** + * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. + * + * @param verifyInfoboxParameters The verifyInfoboxParameters to set. + */ + public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { + this.verifyInfoboxParameters = verifyInfoboxParameters; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java new file mode 100644 index 000000000..fbd42f975 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java @@ -0,0 +1,360 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.io.IOException; +import java.util.Iterator; +import java.util.List; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class is a container for parameters that maybe needed for verifying an infobox. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameter { + + /** + * The default package name (first part) of a infobox validator class. + */ + public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator."; + + /** + * The identifier of the infobox to be verified. This identifier must exactly the + * identifier of the infobox returned by BKU. + */ + protected String identifier_; + + /** + * The friendly name of the infobox. + * This name is used within browser messages, thus it should be the german equivalent of + * the {@link #identifier_ infobox identifier} (e.g. "Stellvertretungen" + * for "Mandates" or "GDAToken" for + * "EHSPToken". + *
If not specified within the config file the {@link #identifier_ infobox identifier} + * will be used. + */ + protected String friendlyName_; + + /** + * The Id of the TrustProfile to be used for validating certificates. + */ + protected String trustProfileID_; + + /** + * The full name of the class to be used for verifying the infobox. + */ + protected String validatorClassName_; + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + */ + protected List schemaLocations_; + + /** + * Application specific parameters that may be needed for verifying an infobox. + */ + protected Element applicationSpecificParams_; + + /** + * Specifies if the infobox is be required to be returned by the BKU. + */ + protected boolean required_; + + /** + * Specifies whether the Stammzahl should be passed to the verifying + * application or not. + */ + protected boolean provideStammzahl_; + + /** + * Specifies whether the identity link should be passed to the verifying + * application or not. + */ + protected boolean provideIdentityLink_; + + /** + * Initializes this VerifiyInfoboxParamater with the given identifier and a default + * validator class name. + * + * @param identifier The identifier of the infobox to be verified. + */ + public VerifyInfoboxParameter(String identifier) { + identifier_ = identifier; + StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK); + sb.append(identifier.toLowerCase()); + sb.append("."); + sb.append(identifier.substring(0, 1).toUpperCase()); + sb.append(identifier.substring(1)); + sb.append("Validator"); + validatorClassName_ = sb.toString(); + } + + /** + * Returns application specific parameters. + * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_} + * + * @see #applicationSpecificParams_ + * + * @return Application specific parameters. + */ + public Element getApplicationSpecificParams() { + return applicationSpecificParams_; + } + + /** + * Sets the application specific parameters. + * + * @see #applicationSpecificParams_ + * + * @param applicationSpecificParams The application specific parameters to set. + */ + public void setApplicationSpecificParams(Element applicationSpecificParams) { + applicationSpecificParams_ = applicationSpecificParams; + } + + /** + * Returns the friendly name. + * + * @see #friendlyName_ + * + * @return The friendly name. + */ + public String getFriendlyName() { + return friendlyName_; + } + + /** + * Sets the friendly name. + * + * @param friendlyName The friendly name to set. + */ + public void setFriendlyName(String friendlyName) { + friendlyName_ = friendlyName; + } + + /** + * Returns the infobox identifier. + * + * @see #identifier_ + * + * @return The infobox identifier. + */ + public String getIdentifier() { + return identifier_; + } + + /** + * Sets the the infobox identifier. + * + * @see #identifier_ + * + * @param identifier The infobox identifier to set. + */ + public void setIdentifier(String identifier) { + identifier_ = identifier; + } + + /** + * Specifies whether the identity link should be passed to the verifying application + * or not. + * + * @return True if the identity link should be passed to the verifying + * application, otherwise false. + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink_; + } + + /** + * Sets the {@link #provideIdentityLink_} parameter. + * + * @param provideIdentityLink True if the identity link should be passed to + * the verifying application, otherwise false. + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + provideIdentityLink_ = provideIdentityLink; + } + + /** + * Specifies whether the Stammzahl should be passed to the verifying + * application or not. + * + * @return True if the Stammzahl should be passed to the + * verifying application, otherwise false. + */ + public boolean getProvideStammzahl() { + return provideStammzahl_; + } + + /** + * Sets the {@link #provideStammzahl_} parameter. + * + * @param provideStammzahl True if the Stammzahl should be + * passed to the verifying application, otherwise false. + */ + public void setProvideStammzahl(boolean provideStammzahl) { + provideStammzahl_ = provideStammzahl; + } + + /** + * Specifies whether the infobox is required or not. + * + * @return True if the infobox is required to be returned by the BKU, + * otherwise false. + */ + public boolean isRequired() { + return required_; + } + + /** + * Sets the {@link #required_} parameter. + * + * @param required True if the infobox is required to be returned by the + * BKU, otherwise false. + */ + public void setRequired(boolean required) { + required_ = required; + } + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects + * each of them specifying the location of an XML schema. + */ + public List getSchemaLocations() { + return schemaLocations_; + } + + /** + * Sets the schema locations. + * + * @see #schemaLocations_ + * + * @param schemaLocations The schema location list to be set. + */ + public void setSchemaLocations(List schemaLocations) { + schemaLocations_ = schemaLocations; + } + + /** + * Returns the ID of the trust profile to be used for verifying certificates. + * + * @return The ID of the trust profile to be used for verifying certificates. + * Maybe null. + */ + public String getTrustProfileID() { + return trustProfileID_; + } + + /** + * Sets the ID of the trust profile to be used for verifying certificates. + * + * @param trustProfileID The ID of the trust profile to be used for verifying certificates. + */ + public void setTrustProfileID(String trustProfileID) { + trustProfileID_ = trustProfileID; + } + + /** + * Returns the name of the class to be used for verifying this infobox. + * + * @return The name of the class to be used for verifying this infobox. + */ + public String getValidatorClassName() { + return validatorClassName_; + } + + /** + * Sets the name of the class to be used for verifying this infobox. + * + * @param validatorClassName The name of the class to be used for verifying this infobox. + */ + public void setValidatorClassName(String validatorClassName) { + validatorClassName_ = validatorClassName; + } + + /** + * Get a string representation of this object. + * This method is for debugging purposes only. + * + * @return A string representation of this object. + */ + public String toString() { + + StringBuffer buffer = new StringBuffer(1024); + + buffer.append(" "); + buffer.append("\n"); + if (friendlyName_ != null) { + buffer.append(" "); + buffer.append(friendlyName_); + buffer.append(""); + buffer.append("\n"); + } + if (trustProfileID_ != null) { + buffer.append(" "); + buffer.append(trustProfileID_); + buffer.append(""); + buffer.append("\n"); + } + if (validatorClassName_ != null) { + buffer.append(" "); + buffer.append(validatorClassName_); + buffer.append(""); + buffer.append("\n"); + } + if (schemaLocations_ != null) { + buffer.append(" "); + buffer.append("\n"); + Iterator it = schemaLocations_.iterator(); + while (it.hasNext()) { + buffer.append(" \n"); + } + buffer.append(" "); + buffer.append("\n"); + } + if (applicationSpecificParams_ != null) { + try { + String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_); + buffer.append(" "); + buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams)); + buffer.append("\n"); + } catch (TransformerException e) { + // do nothing + } catch (IOException e) { + // do nothing + } + } + buffer.append(" "); + + + return buffer.toString() ; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java new file mode 100644 index 000000000..15c0c328c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java @@ -0,0 +1,135 @@ +package at.gv.egovernment.moa.id.config.auth; + +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * This class contains the parameters for verifying all the infoboxes configured for an + * online application. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameters { + + /** + * A map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + */ + protected Map infoboxParameters_; + + /** + * A list of the identifiers of the infoboxes supported by this + * VerifyInfoboxParameters; + */ + protected List identifiers_; + + /** + * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate + * in the context of the actual online application. + * The string will be added as value of the PushInfobox parameter in the + * HTML form used for reading the infoboxes from the BKU. + */ + protected String pushInfobox_; + + /** + * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_} + * map. + */ + public VerifyInfoboxParameters() { + infoboxParameters_ = new Hashtable(); + pushInfobox_ = ""; + } + + /** + * Initializes this VerifyInfoboxParameters with the given + * infoboxParameters map and builds the {@link #pushInfobox_} string + * from the keys of the given map. + */ + public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) { + identifiers_ = identifiers; + infoboxParameters_ = infoboxParameters; + // build the pushInfobox string + if ((identifiers != null) && (!identifiers.isEmpty())) { + StringBuffer identifiersSB = new StringBuffer(); + int identifiersNum = identifiers.size(); + int i = 1; + Iterator it = identifiers.iterator(); + while (it.hasNext()) { + identifiersSB.append((String)it.next()); + if (i != identifiersNum) { + identifiersSB.append(","); + } + i++; + } + pushInfobox_ = identifiersSB.toString(); + } else { + pushInfobox_ = ""; + } + } + + /** + * Returns the (comma separated) identifiers of the infoboxes configured for the actual + * online application. + * + * @see #pushInfobox_ + * + * @return The (comma separated) identifiers of the infoboxes configured for the actual + * online application. + */ + public String getPushInfobox() { + return pushInfobox_; + } + + /** + * Sets the {@link #pushInfobox_} string. + * + * @param pushInfobox The pushInfobox string to be set. + */ + public void setPushInfobox(String pushInfobox) { + pushInfobox_ = pushInfobox; + } + + /** + * Returns map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + * + * @return The map of {@link VerifyInfoboxParameter} objects. + */ + public Map getInfoboxParameters() { + return infoboxParameters_; + } + + /** + * Sets the map of {@link VerifyInfoboxParameter} objects. + * + * @see #infoboxParameters_ + * + * @param infoboxParameters The infoboxParameters to set. + */ + public void setInfoboxParameters(Map infoboxParameters) { + infoboxParameters_ = infoboxParameters; + } + + /** + * Returns the identifiers of the supported infoboxes. + * + * @return The identifiers. + */ + public List getIdentifiers() { + return identifiers_; + } + + /** + * Sets the identifiers. + * + * @param identifiers The identifiers to set. + */ + public void setIdentifiers(List identifiers) { + identifiers_ = identifiers; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java new file mode 100644 index 000000000..d25cb3b2b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java @@ -0,0 +1,173 @@ +package at.gv.egovernment.moa.id.config.proxy; + +import java.util.HashMap; +import java.util.Map; + +/** + * Holds configuration data concerning an online application for use by the MOA-ID Proxy component. + * These include the login type (stateful or stateless), the HTTP authentication type, + * and information needed to add authentication parameters or headers for a URL connection + * to the remote online application. + * @see MOAIDConfiguration-1.1.xsd, element Configuration + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class OAConfiguration { + + /** Constant for an login method */ + public static final String LOGINTYPE_STATEFUL = "stateful"; + /** Constant for an login method */ + public static final String LOGINTYPE_STATELESS = "stateless"; + + /** Constant for an auth method */ + public static final String BASIC_AUTH = "basic"; + /** Constant for an auth method */ + public static final String HEADER_AUTH = "header"; + /** Constant for an auth method */ + public static final String PARAM_AUTH = "param"; + + + /** Constant for binding */ + public static final String BINDUNG_USERNAME = "userName"; + /** Constant for binding */ + public static final String BINDUNG_FULL = "full"; + /** Constant for binding */ + public static final String BINDUNG_NONE = "none"; + /** Constant for binding */ + public static final String BINDUNG_NOMATCH = "noMatch"; + + /** login type: stateful or stateless */ + String loginType; + /** authentication type: basic, header, or param */ + String authType; + /** + * mapping of parameter names to AuthenticationData field names + * in case of authentication type "header-auth" + */ + Map paramAuthMapping; + /** + * mapping of parameter names to AuthenticationData field names + * in case of authentication type "param-auth" + */ + Map headerAuthMapping; + /** mapping for user ID to be used in case of authentication type "basic-auth" */ + String basicAuthUserIDMapping; + /** mapping for password to be used in case of authentication type "basic-auth" */ + String basicAuthPasswordMapping; + /** Binding for basic authentication */ + String binding; + + /** + * Returns the basicAuthPasswordMapping. + * @return String + */ + public String getBasicAuthPasswordMapping() { + return basicAuthPasswordMapping; + } + + /** + * Returns the basicAuthUserIDMapping. + * @return String + */ + public String getBasicAuthUserIDMapping() { + return basicAuthUserIDMapping; + } + + /** + * Returns the headerAuthMapping. + * @return HashMap + */ + public Map getHeaderAuthMapping() { + return headerAuthMapping; + } + + /** + * Returns the loginType. + * @return String + */ + public String getLoginType() { + return loginType; + } + + /** + * Returns the paramAuthMapping. + * @return HashMap + */ + public Map getParamAuthMapping() { + return paramAuthMapping; + } + + /** + * Returns the binding. + * @return String + */ + public String getBinding() { + return binding; + } + + /** + * Sets the basicAuthPasswordMapping. + * @param basicAuthPassword The basicAuthPasswordMapping to set + */ + public void setBasicAuthPasswordMapping(String basicAuthPassword) { + this.basicAuthPasswordMapping = basicAuthPassword; + } + + /** + * Sets the basicAuthUserIDMapping. + * @param basicAuthUserID The basicAuthUserIDMapping to set + */ + public void setBasicAuthUserIDMapping(String basicAuthUserID) { + this.basicAuthUserIDMapping = basicAuthUserID; + } + + /** + * Sets the headerAuthMapping. + * @param headerAuth The headerAuthMapping to set + */ + public void setHeaderAuthMapping(HashMap headerAuth) { + this.headerAuthMapping = headerAuth; + } + + /** + * Sets the loginType. + * @param loginType The loginType to set + */ + public void setLoginType(String loginType) { + this.loginType = loginType; + } + + /** + * Sets the paramAuthMapping. + * @param paramAuth The paramAuthMapping to set + */ + public void setParamAuthMapping(HashMap paramAuth) { + this.paramAuthMapping = paramAuth; + } + + /** + * Returns the authType. + * @return String + */ + public String getAuthType() { + return authType; + } + + /** + * Sets the authType. + * @param authLoginType The authType to set + */ + public void setAuthType(String authLoginType) { + this.authType = authLoginType; + } + + /** + * Sets the binding. + * @param binding The binding to be set. + */ + public void setBinding (String binding) { + this.binding = binding; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java new file mode 100644 index 000000000..83ab73dcd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -0,0 +1,184 @@ +package at.gv.egovernment.moa.id.config.proxy; + +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.OAParameter; + +/** + * Configuration parameters belonging to an online application, + * to use with the MOA ID Proxy component. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class OAProxyParameter extends OAParameter { + +// /** +// * public URL prefix of the online application +// */ +// private String publicURLPrefix; + /** + * URL of online application configuration file; + * defaults to relative URL /moaconfig.xml + */ + private String configFileURL; + /** + * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface + * to be used for authenticating the online application; + * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver} + */ + private String loginParameterResolverImpl; + + /** + * Configuration Parameter of LoginParameterResolver + */ + private String loginParameterResolverConfiguration; + + /** + * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface + * to be used for connecting to the online application; + * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder} + */ + private String connectionBuilderImpl; + /** + * session time out to be used in case of a stateless online application + */ + private int sessionTimeOut; + /** + * parameters regarding the connection from the proxy to the online application + */ + private ConnectionParameter connectionParameter; + /** + * parameters for logging into the online application + */ + private OAConfiguration oaConfiguration; + + + /** + * Returns the configFileURL. + * @return String + */ + public String getConfigFileURL() { + return configFileURL; + } + + /** + * Returns the sessionTimeOut. + * @return int + */ + public int getSessionTimeOut() { + return sessionTimeOut; + } + + /** + * Returns the connectionParameter. + * @return ConnectionParameter + */ + public ConnectionParameter getConnectionParameter() { + return connectionParameter; + } + + /** + * Sets the configFileURL for the proxy. + * @param oaProxyConfigFileURL The configFileURL to set + */ + public void setConfigFileURL(String oaProxyConfigFileURL) { + this.configFileURL = oaProxyConfigFileURL; + } + + /** + * Sets the sessionTimeOut for the proxy. + * @param oaProxySessionTimeOut The sessionTimeOut to set + */ + public void setSessionTimeOut(int oaProxySessionTimeOut) { + this.sessionTimeOut = oaProxySessionTimeOut; + } + + /** + * Sets the connectionParameter for the proxy. + * @param proxyConnectionParameter The connectionParameter to set + */ + public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) { + this.connectionParameter = proxyConnectionParameter; + } + +// /** +// * Returns the publicURLPrefix. +// * @return String +// */ +// public String getPublicURLPrefix() { +// return publicURLPrefix; +// } +// +// /** +// * Sets the publicURLPrefix. +// * @param publicURLPrefix The publicURLPrefix to set +// */ +// public void setPublicURLPrefix(String url) { +// this.publicURLPrefix = url; +// } + + /** + * Returns the connectionBuilderImpl. + * @return String + */ + public String getConnectionBuilderImpl() { + return connectionBuilderImpl; + } + + /** + * Returns the loginParameterResolverImpl. + * @return String + */ + public String getLoginParameterResolverImpl() { + return loginParameterResolverImpl; + } + + /** + * Returns the loginParameterResolverConfiguration. + * @return String + */ + public String getLoginParameterResolverConfiguration() { + return loginParameterResolverConfiguration; + } + + /** + * Sets the connectionBuilderImpl for the proxy. + * @param connectionBuilderImpl The connectionBuilderImpl to set + */ + public void setConnectionBuilderImpl(String connectionBuilderImpl) { + this.connectionBuilderImpl = connectionBuilderImpl; + } + + /** + * Sets the loginParameterResolverImpl for the proxy. + * @param loginParameterResolverImpl The loginParameterResolverImpl to set + */ + public void setLoginParameterResolverImpl(String loginParameterResolverImpl) { + this.loginParameterResolverImpl = loginParameterResolverImpl; + } + + /** + * Sets the loginParameterResolverConfiguration for the proxy. + * @param loginParameterResolverConfiguration The loginParameterResolverImpl to set + */ + public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) { + this.loginParameterResolverConfiguration = loginParameterResolverConfiguration; + } + + /** + * Returns the oaConfiguration. + * @return OAConfiguration + */ + public OAConfiguration getOaConfiguration() { + return oaConfiguration; + } + + /** + * Sets the oaConfiguration. + * @param oaConfiguration The oaConfiguration to set + */ + public void setOaConfiguration(OAConfiguration oaConfiguration) { + this.oaConfiguration = oaConfiguration; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java new file mode 100644 index 000000000..f578ea634 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -0,0 +1,268 @@ +// Copyright (C) 2002 IAIK +// http://jce.iaik.tugraz.at +// +// Copyright (C) 2007 Stiftung Secure Information and +// Communication Technologies SIC +// http://www.sic.st +// +// All rights reserved. +// +// This source is provided for inspection purposes and recompilation only, +// unless specified differently in a contract with IAIK. This source has to +// be kept in strict confidence and must not be disclosed to any third party +// under any circumstances. Redistribution in source and binary forms, with +// or without modification, are permitted in any case! +// +// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +// SUCH DAMAGE. + +package at.gv.egovernment.moa.id.config.proxy; + +import java.io.ByteArrayInputStream; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.w3c.dom.traversal.NodeIterator; + +import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Builds the configuration for MOA-ID Proxy. + */ +public class ProxyConfigurationBuilder extends ConfigurationBuilder { + + /** + * Default online application configuration file name + * (used when /OnlineApplication/ProxyComponent@configFileURL is null). + */ + public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml"; + + /** an XPATH-Expression */ + private static final String PROXY_AUTH_XPATH = + ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent"; + /** an XPATH-Expression */ + protected static final String ROOTOA = "/" + CONF + "Configuration/"; + /** an XPATH-Expression */ + private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent"; + /** an XPATH-Expression */ + private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent"; + /** an XPATH-Expression */ + private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL"; + /** an XPATH-Expression */ + private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut"; + /** an XPATH-Expression */ + private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; + /** an XPATH-Expression */ + private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; + /** an XPATH-Expression */ + private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; + /** an XPATH-Expression */ + protected static final String OACONF_LOGIN_TYPE_XPATH = + ROOTOA + CONF + "LoginType"; + /** an XPATH-Expression */ + protected static final String OACONF_BINDING_TYPE_XPATH = + ROOTOA + CONF + "Binding"; + /** an XPATH-Expression */ + protected static final String OACONF_PARAM_AUTH_PARAMETER_XPATH = + ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter"; + /** an XPATH-Expression */ + protected static final String OACONF_USER_ID_XPATH = + ROOTOA + CONF + "BasicAuth/" + CONF + "UserID"; + /** an XPATH-Expression */ + protected static final String OACONF_PASSWORD_XPATH = + ROOTOA + CONF + "BasicAuth/" + CONF + "Password"; + /** an XPATH-Expression */ + protected static final String OACONF_HEADER_AUTH_HEADER_XPATH = + ROOTOA + CONF + "HeaderAuth/" + CONF + "Header"; + + /** + * Creates a new MOAConfigurationProvider. + * + * @param configElem The root element of the MOA-ID configuration. + */ + public ProxyConfigurationBuilder(Element configElem, String rootConfigDir) { + super(configElem, rootConfigDir); + } + + /** + * Method buildOAConfiguration. + * + * Build an {@link OAConfiguration} Object from the given configuration DOM element + * + * @param root + * @return OAConfiguration + * @throws ConfigurationException + */ + public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{ + + OAConfiguration oaConfiguration = new OAConfiguration(); + + //The LoginType hast to be "stateless" or "stateful" to be valid + + oaConfiguration.setLoginType( + XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null)); + + oaConfiguration.setBinding( + XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL)); + + //Try to build the Parameter Auth Parameters + NodeIterator paramAuthIter = + XPathUtils.selectNodeIterator( + root, + OACONF_PARAM_AUTH_PARAMETER_XPATH); + Element paramAuthElem; + HashMap paramAuthMap = new HashMap(); + while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) { + String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); + String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); + if (paramAuthMap.containsKey(name)) + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + paramAuthMap.put(name, value); + } + oaConfiguration.setParamAuthMapping(paramAuthMap); + // Try to build the BasicAuthParameters + oaConfiguration.setBasicAuthUserIDMapping( + XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null)); + oaConfiguration.setBasicAuthPasswordMapping( + XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null)); + + //Try to build the Parameter Auth Parameters + NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH); + + Element headerAuthElem; + HashMap headerAuthMap = new HashMap(); + while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) { + String name = + XPathUtils.getAttributeValue(headerAuthElem, "@Name", null); + String value = + XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); + // Contains Key (Neue Config-Exception: doppelte werte) + if (headerAuthMap.containsKey(name)) + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + headerAuthMap.put(name, value); + } + oaConfiguration.setHeaderAuthMapping(headerAuthMap); + + if (paramAuthMap.size() == 0) { + if (oaConfiguration.getBasicAuthUserIDMapping() == null) { + oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH); + } + else + oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH); + } + else + oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH); + + return oaConfiguration; + } + + + /** + * Build an array of OnlineApplication Parameter Beans containing information + * about the proxy component + * @return An OAProxyParameter array containing beans + * with all relevant information for the proxy component of the online + * application + */ + public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{ + + List oA_list = new ArrayList(); + NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); + + for (int i = 0; i < OAIter.getLength(); i++) { + Element oAElem = (Element) OAIter.item(i); + + Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH); + if (proxyComponentElem != null) { + OAProxyParameter oap = new OAProxyParameter(); + + oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); + oap.setOaType(oAElem.getAttribute("type")); + oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null)); + oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir_)); + // default session time out: 3600 sec = 1 h + oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue()); + oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null)); + oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); + oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_)); + oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); + + ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); + oap.setConnectionParameter(conPara); + + OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap)); + oap.setOaConfiguration(oaConf); + + oA_list.add(oap); + } + } + OAProxyParameter[] result = + new OAProxyParameter[oA_list.size()]; + oA_list.toArray(result); + + return result; + + } + + /** + * Reads the configuration file of the online application, and creates a DOM tree from it. + * If /OnlineApplication/ProxyComponent@configFileURL is not given, + * uses default configuration file location. + * + * @param oap configuration data of online application, meant for use by MOA-ID-PROXY + * @return Element DOM tree root element + * @throws ConfigurationException on any exception thrown + */ + private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException + { + try { + String configFileURL = oap.getConfigFileURL(); + if (configFileURL == null) { + // use default config file URL, when config file URL is not given + configFileURL = oap.getConnectionParameter().getUrl(); + if (configFileURL.charAt(configFileURL.length() - 1) != '/') + configFileURL += "/"; + configFileURL += DEFAULT_OA_CONFIG_FILENAME; + } + Logger.info("Loading MOA-OA configuration " + configFileURL); + Element configElem = DOMUtils.parseXmlValidating( + new ByteArrayInputStream(FileUtils.readURL(configFileURL))); + return configElem; + } + catch (Throwable t) { + throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t); + } + } + + /** + * Build a bean containing all information about the ProxyComponent + * @return The ConnectionParameter for the Proxy Component + */ + public ConnectionParameter buildAuthComponentConnectionParameter() + { + + Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, PROXY_AUTH_XPATH); + if (connectionParameter==null) return null; + return buildConnectionParameter(connectionParameter); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java new file mode 100644 index 000000000..572ce5708 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -0,0 +1,188 @@ +package at.gv.egovernment.moa.id.config.proxy; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.net.MalformedURLException; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; + +/** + * A class providing access to the Proxy Part of the MOA-ID configuration data. + * + *

Configuration data is read from an XML file, whose location is given by + * the moa.id.configuration system property.

+ *

This class implements the Singleton pattern. The reload() + * method can be used to update the configuration data. Therefore, it is not + * guaranteed that consecutive calls to getInstance() will return + * the same ProxyConfigurationProvider all the time. During the + * processing of a web service request, the current + * TransactionContext should be used to obtain the + * ProxyConfigurationProvider local to that request.

+ * + * @author Stefan Knirsch + */ +public class ProxyConfigurationProvider extends ConfigurationProvider { + + /** Singleton instance. null, if none has been created. */ + private static ProxyConfigurationProvider instance; + + + // + // configuration data + // + /** + * connection parameters for connection to MOA ID Auth component + */ + private ConnectionParameter authComponentConnectionParameter; + /** + * configuration parameters for online applications + */ + private OAProxyParameter[] onlineApplicationProxyParameter; + + /** + * Return the single instance of configuration data. + * + * @return ProxyConfigurationProvider The current configuration data. + * @throws ConfigurationException + */ + public static synchronized ProxyConfigurationProvider getInstance() + throws ConfigurationException { + + if (instance == null) { + reload(); + } + return instance; + } + + /** + * Reload the configuration data and set it if successful. + * + * @return ProxyConfigurationProvider The loaded configuration data. + * @throws ConfigurationException Failure to load the configuration data. + */ + public static synchronized ProxyConfigurationProvider reload() + throws ConfigurationException { + String fileName = System.getProperty(CONFIG_PROPERTY_NAME); + if (fileName == null) { + throw new ConfigurationException("config.01", null); + } + Logger.info("Loading MOA-ID-PROXY configuration " + fileName); + + instance = new ProxyConfigurationProvider(fileName); + return instance; + } + + /** + * Constructor for ProxyConfigurationProvider. + */ + public ProxyConfigurationProvider(String fileName) + throws ConfigurationException { + + load(fileName); + } + + /** + * Load the configuration data from XML file with the given name and build + * the internal data structures representing the MOA configuration. + * + * @param fileName The name of the XML file to load. + * @throws ConfigurationException The MOA configuration could not be + * read/built. + */ + private void load(String fileName) throws ConfigurationException { + FileInputStream stream = null; + Element configElem; + ProxyConfigurationBuilder builder; + + try { + // load the main config file + stream = new FileInputStream(fileName); + configElem = DOMUtils.parseXmlValidating(stream); + } + catch (Throwable t) { + throw new ConfigurationException("config.03", null, t); + } + finally { + try { + if (stream != null) { + stream.close(); + } + } + catch (IOException e) { + } + } + try { + // determine the directory of the root config file + rootConfigFileDir = new File(fileName).getParent(); + try { + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + } catch (MalformedURLException t) { + throw new ConfigurationException("config.03", null, t); + } + + // build the internal datastructures + builder = new ProxyConfigurationBuilder(configElem, rootConfigFileDir); + authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter(); + + onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters(); + for(int i = 0; i < onlineApplicationProxyParameter.length; i++) { + onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir)); + } + + genericConfiguration = builder.buildGenericConfiguration(); + defaultChainingMode = builder.getDefaultChainingMode(); + chainingModes = builder.buildChainingModes(); + trustedCACertificates = builder.getTrustedCACertificates(); + trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + + } + catch (Throwable t) { + throw new ConfigurationException("config.02", null, t); + } + } + + /** + * Return a bean containing all information about the ProxyComponent + * @return The ConnectionParameter for the Proxy Component + */ + public ConnectionParameter getAuthComponentConnectionParameter() { + return authComponentConnectionParameter; + } + + /** + * Build an array of OnlineApplication Parameter Beans containing all + * information about the proxy component of the online application + * @return An OAProxyParameter array containing beans + * with all relevant information for the proxy component of the online + * application + */ + public OAProxyParameter[] getOnlineApplicationParameters() { + return onlineApplicationProxyParameter; + } + /** + * Provides configuration information regarding the online application behind + * the given URL, relevant to the MOA-ID Proxy component. + * + * @param oaURL URL requested for an online application + * @return an OAProxyParameter, or null + * if none is applicable + */ + public OAProxyParameter getOnlineApplicationParameter(String oaURL) { + OAProxyParameter[] oaParams = getOnlineApplicationParameters(); + for (int i = 0; i < oaParams.length; i++) { + OAProxyParameter oaParam = oaParams[i]; + if (oaURL.startsWith(oaParam.getPublicURLPrefix())) + return oaParam; + } + return null; + } + +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java new file mode 100644 index 000000000..4fc35c1e6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -0,0 +1,394 @@ +package at.gv.egovernment.moa.id.data; + +import java.util.Date; + +/** + * Encapsulates authentication data contained in a <saml:Assertion>. + * + * @author Paul Ivancsics + * @version $Id$ + */ + +public class AuthenticationData { + /** + * major version number of the SAML assertion + */ + private int majorVersion; + /** + * minor version number of the SAML assertion + */ + private int minorVersion; + /** + * identifier for this assertion + */ + private String assertionID; + /** + * URL of the MOA-ID Auth component issueing this assertion + */ + private String issuer; + /** + * time instant of issue of this assertion + */ + private String issueInstant; + /** + * user identification value (Stammzahl); null, + * if the authentication module is configured not to return this data + */ + private String identificationValue; + /** + * user identification type + */ + private String identificationType; + /** + * application specific user identifier (bPK) + */ + private String bPK; + /** + * private sector-specific personal identifier (wbPK) + */ + private String wbPK; + /** + * given name of the user + */ + private String givenName; + /** + * family name of the user + */ + private String familyName; + /** + * date of birth of the user + */ + private String dateOfBirth; + /** + * says whether the certificate is a qualified certificate or not + */ + private boolean qualifiedCertificate; + /** + * says whether the certificate is a public authority or not + */ + private boolean publicAuthority; + /** + * public authority code (Behördenkennzeichen - BKZ) + */ + private String publicAuthorityCode; + /** + * The base64 encoded signer certificate. + */ + private String signerCertificate; + /** + * URL of the BKU + */ + private String bkuURL; + /** + * the corresponding lt;saml:Assertion> + */ + private String samlAssertion; + /** + * creation timestamp + */ + Date timestamp; + + /** + * Constructor for AuthenticationData. + */ + public AuthenticationData() { + timestamp = new Date(); + } + + /** + * Returns the minorVersion. + * @return int + */ + public int getMinorVersion() { + return minorVersion; + } + + /** + * Returns the publicAuthority. + * @return boolean + */ + public boolean isPublicAuthority() { + return publicAuthority; + } + + /** + * Returns the publicAuthorityCode. + * @return String + */ + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + /** + * Returns the qualifiedCertificate. + * @return boolean + */ + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + /** + * Returns the bPK. + * @return String + */ + public String getBPK() { + return bPK; + } + + /** + * Returns the wbPK. + * @return String the wbPK. + */ + public String getWBPK() { + return wbPK; + } + + /** + * Sets the minorVersion. + * @param minorVersion The minorVersion to set + */ + public void setMinorVersion(int minorVersion) { + this.minorVersion = minorVersion; + } + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityIdentification The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityIdentification) { + this.publicAuthorityCode = publicAuthorityIdentification; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + /** + * Sets the bPK. + * @param bPK The bPK to set + */ + public void setBPK(String bPK) { + this.bPK = bPK; + } + + /** + * Sets the wbPK. + * @param wbPK The wbPK to set + */ + public void setWBPK(String wbPK) { + this.wbPK = wbPK; + } + + /** + * Returns the assertionID. + * @return String + */ + public String getAssertionID() { + return assertionID; + } + + /** + * Returns the dateOfBirth. + * @return String + */ + public String getDateOfBirth() { + return dateOfBirth; + } + + /** + * Returns the familyName. + * @return String + */ + public String getFamilyName() { + return familyName; + } + + /** + * Returns the givenName. + * @return String + */ + public String getGivenName() { + return givenName; + } + + /** + * Returns the identificationValue. + * @return String + */ + public String getIdentificationValue() { + return identificationValue; + } + + /** + * Returns the identificationType + * @return String + */ + public String getIdentificationType() { + return identificationType; + } + + /** + * Returns the issueInstant. + * @return String + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * Returns the issuer. + * @return String + */ + public String getIssuer() { + return issuer; + } + + /** + * Returns the majorVersion. + * @return int + */ + public int getMajorVersion() { + return majorVersion; + } + + /** + * Returns the BKU URL. + * @return String + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * Returns the signer certificate. + * @return String + */ + public String getSignerCertificate() { + return signerCertificate; + } + + /** + * Sets the assertionID. + * @param assertionID The assertionID to set + */ + public void setAssertionID(String assertionID) { + this.assertionID = assertionID; + } + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + public void setDateOfBirth(String dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * Sets the identificationValue. + * @param identificationValue The identificationValue to set + */ + public void setIdentificationValue(String identificationValue) { + this.identificationValue = identificationValue; + } + + /** + * Sets the identificationType. + * @param identificationType The identificationType to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * Sets the issueInstant. + * @param issueInstant The issueInstant to set + */ + public void setIssueInstant(String issueInstant) { + this.issueInstant = issueInstant; + } + + /** + * Sets the issuer. + * @param issuer The issuer to set + */ + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + /** + * Sets the majorVersion. + * @param majorVersion The majorVersion to set + */ + public void setMajorVersion(int majorVersion) { + this.majorVersion = majorVersion; + } + + /** + * Sets the bkuURL + * @param url The BKU URL to set + */ + public void setBkuURL(String url) { + this.bkuURL = url; + } + + /** + * Sets the signer certificate + * @param signerCertificate The signer certificate + */ + public void setSignerCertificate(String signerCertificate) { + this.signerCertificate = signerCertificate; + } + + /** + * Returns the samlAssertion. + * @return String + */ + public String getSamlAssertion() { + return samlAssertion; + } + + /** + * Sets the samlAssertion. + * @param samlAssertion The samlAssertion to set + */ + public void setSamlAssertion(String samlAssertion) { + this.samlAssertion = samlAssertion; + } + + /** + * Returns the timestamp. + * @return Date + */ + public Date getTimestamp() { + return timestamp; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java new file mode 100644 index 000000000..6ed133c5a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java @@ -0,0 +1,119 @@ +package at.gv.egovernment.moa.id.data; +import java.util.HashMap; +import java.util.Iterator; +import java.util.StringTokenizer; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * The Cookie-class provides methods to save and return cookies for + * each single session + * + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class Cookie { + /** A HahsMap containing all our cookies */ + HashMap cookies = new HashMap(); + /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication + * to send them back to the client/browser as soon as possible */ + HashMap cookies401 = new HashMap(); + + /** + * Adds a Cookie from a response with response-code 401 to the cookie-pool + * for sending it back to the browser / client + * @param cookieString The complete 'Set-Cookie' - String + */ + public void add401(String cookieString) + { + cookies401.put(getKey(cookieString),cookieString); + } + + /** + * Get the HashMap containing all cookies to be sent to the browser / client + * @return HashMap with all cookies + */ + public HashMap get401() + { + return cookies401; + } + + /** + * Clear the 401 cookie-pool + */ + public void clear401() + { + cookies401.clear(); + } + + /** + * Set a cookie that comes from the Online-Application + * and save it in our "normal" cookie-pool + * @param value The complete "Set-Cookie" - String from the Online-Application + */ + public void setCookie(String value) { + cookies.put(getKey(value), getValue(value)); + } + + /** + * Method saveOldCookies. + * @param value The complete "Set-Cookie" - String from the Online-Application + */ + public void saveOldCookies(String value) { + StringTokenizer st = new StringTokenizer(value,";"); + while (st.hasMoreTokens()) + { + // We have to trim because the Tokenizer returns cookies including spaces at the beginning + StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"="); + String cookieKey = st2.nextToken().trim(); + if (st2.hasMoreTokens()) + { + String cookieValue = st2.nextToken().trim(); + if (!cookies.containsKey(cookieKey)) + cookies.put(cookieKey , cookieValue); + } + } + Logger.debug("Found these cookies: " + getCookies()); + } + + /** + * Get a String containing all cookies saved in that session seperated by '; ' + * to be sent back to the Online-Application + * @return String containing all cookies saved in that session seperated by '; ' + */ + public String getCookies() { + String result = ""; + if (cookies.size()==0) + return null; + Iterator i = cookies.keySet().iterator(); + while (i.hasNext()) { + String key = (String) i.next(); + result += key + "=" + (String)cookies.get(key) + "; "; + } + return result.substring(0, result.length() - 2); + } + + /** + * Returns the key of a key-value-pair of a cookie + * getKey("CookieA=1234") returns CookieA + * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie + * @return String the key of a key-value-pair of a cookie + */ + private String getKey(String input) { + return input.substring(0, input.indexOf("=")); + } + + /** + * Returns the value of a key-value-pair of a cookie + * getKey("CookieA=1234") returns 1234 + * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie + * @return String the value of a key-value-pair of a cookie + */ + private String getValue(String input) { + if (input.indexOf(";") == -1) + return input.substring(input.indexOf("=") + 1, input.getBytes().length); + return input.substring(input.indexOf("=") + 1, input.indexOf(";")); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java new file mode 100644 index 000000000..1762a52b7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java @@ -0,0 +1,114 @@ +package at.gv.egovernment.moa.id.data; + +import java.util.HashMap; + +/** + * The CookieManager is a singleton to manage a Cookie-Object for + * each session + * @author Stefan Knirsch + * @version $Id$ + * + */ +public class CookieManager { + /** the singleton instance of the CookieManager */ + private static CookieManager instance; + /** a HashMap to bind a Cookie-object to every single session*/ + private static HashMap cookies = new HashMap(); + + /** + * Create a singleton of the CookieManager + * @return CookieManager + */ + public static CookieManager getInstance() + { + if(instance==null) instance=new CookieManager(); + return instance; + } + + /** + * Save a cookie to a specified session-id + * @param id The session id + * @param cookie_string The complete 'Set-Cookie' String from the OnlineApplication + */ + public void saveCookie(String id, String cookie_string) + { + getCookieWithID(id).setCookie(cookie_string); + } + + /** + * Method saveOldCookies. + * @param id + * @param cookie_string + */ + public void saveOldCookies(String id,String cookie_string) + { + getCookieWithID(id).saveOldCookies(cookie_string); + } + + /** + * Get a Cookie-Object for a specified session-id + * @param id The session id + * @return Cookie object containing all saved cookies for this session + */ + public Cookie getCookieWithID(String id) + { + Cookie c = null; + if(cookies.containsKey(id)) + c = (Cookie)cookies.get(id); + else + { + c = new Cookie(); + cookies.put(id,c); + } + return c; + } + + + /** + * Get a String containing all cookies of a specified session-id + * saved in that session seperated by '; ' to be sent back to + * the Online-Application + * @param id the session-id + * @return String containing all cookies saved in that session seperated by '; ' + */ + public String getCookie(String id) + { + Cookie result = (Cookie)cookies.get((String)id); + if (result==null) + return null; + return result.getCookies(); + + } + + /** + * Adds a Cookie for a special session from a response with + * response-code 401 to the cookie-pool for sending it back + * to the browser / client + * @param id The session-id + * @param value The complete 'Set-Cookie' - String + */ + public void add401(String id,String value) + { + getCookieWithID(id).add401(value); + } + + /** + * Clear the 401 cookie-pool of a session + * @param id the session-id + */ + public void clear401(String id) + { + getCookieWithID(id).clear401(); + } + + /** + * Get the HashMap containing all cookies of a session to be sent to the browser / client + * @param id the session-id + * @return HashMap with all cookies + */ + public HashMap get401(String id) + { + return getCookieWithID(id).get401(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java new file mode 100644 index 000000000..a47dd8b29 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java @@ -0,0 +1,111 @@ +package at.gv.egovernment.moa.id.data; + +import java.math.BigInteger; +import java.security.Principal; + +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +/** + * A class containing the issuer and serial number of a certificate, which can + * be used to uniquely identify the certificate. + * + * @author Patrick Peck + * @version $Id$ + */ +public class IssuerAndSerial { + /** store the issuer as String*/ + private String issuerDN; + /** store the serial as BigInteger*/ + private BigInteger serial; + + /** + * Create an IssuerAndSerial object. + * + * The name of the issuer is converted to RFC2253. If it cannot be parsed, the + * DN contained in the issuer is set. + * + * @param issuer The isser of a certificate. + * @param serial The serial number of the certificate. + */ + public IssuerAndSerial(Principal issuer, BigInteger serial) { + RFC2253NameParser parser = new RFC2253NameParser(issuer.getName()); + + try { + this.issuerDN = ((Name) parser.parse()).getRFC2253String(); + } catch (RFC2253NameParserException e) { + this.issuerDN = issuer.getName(); + } + this.serial = serial; + } + + /** + * Create an IssuerAndSerial object. + * + * @param issuerDN The issuer distinguished name. Should be an RFC2253 name. + * @param serial The serial number of the certificate. + */ + public IssuerAndSerial(String issuerDN, BigInteger serial) { + this.issuerDN = issuerDN; + this.serial = serial; + } + + /** + * Return the issuer DN in RFC2253 format. + * + * @return The issuer part of this object. + */ + public String getIssuerDN() { + return issuerDN; + } + + /** + * Return the serial number. + * + * @return The serial number of this object. + */ + public BigInteger getSerial() { + return serial; + } + + /** + * Compare this IssuerAndSerial to another object. + * + * @return true, if other is an + * IssuerAndSerial object and the issuer and + * serial fields are both equal. false otherwise. + * @see java.lang.Object#equals(java.lang.Object) + */ + public boolean equals(Object other) { + if (other instanceof IssuerAndSerial) { + IssuerAndSerial ias = (IssuerAndSerial) other; + return getIssuerDN().equals(ias.getIssuerDN()) + && getSerial().equals(ias.getSerial()); + } + return false; + } + + /** + * Return the hash code of this IssuerAndSerial. + * + * @return The hash code of this IssuerAndSerial. + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return issuerDN.hashCode() ^ serial.hashCode(); + } + + /** + * Return a String representation of this + * IssuerAndSerial object. + * + * @return The String representation. + * @see java.lang.Object#toString() + */ + public String toString() { + return ("(IssuerAndSerial - Issuer<" + getIssuerDN()) + + ("> Serial<" + serial.toString() + ">)"); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java new file mode 100644 index 000000000..ed61827b6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java @@ -0,0 +1,59 @@ +package at.gv.egovernment.moa.id.data; + +/** + * Data contained in a <samlp:Status> + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLStatus { + + /** main status code */ + private String statusCode; + /** sub status code */ + private String subStatusCode; + /** status message */ + private String statusMessage; + + /** + * @return status code + */ + public String getStatusCode() { + return statusCode; + } + + /** + * @return status message + */ + public String getStatusMessage() { + return statusMessage; + } + + /** + * @return enclosed sub-status code + */ + public String getSubStatusCode() { + return subStatusCode; + } + + /** + * @param string the status code + */ + public void setStatusCode(String string) { + statusCode = string; + } + + /** + * @param string the status message + */ + public void setStatusMessage(String string) { + statusMessage = string; + } + + /** + * @param string the enclosed sub-status code + */ + public void setSubStatusCode(String string) { + subStatusCode = string; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java new file mode 100644 index 000000000..c338e96fc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -0,0 +1,96 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import java.io.File; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; +import at.gv.egovernment.moa.util.FileUtils; +import iaik.pki.store.certstore.CertStoreConfiguration; +import iaik.pki.store.certstore.CertStoreParameters; +import iaik.pki.store.certstore.CertStoreTypes; +import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; + +/** + * Implementation of interface needed to initialize an IAIK JSSE TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class CertStoreConfigurationImpl extends ObservableImpl + implements CertStoreConfiguration, DirectoryCertStoreParameters { + /** identifies the rootDirectory */ + private String rootDirectory; + /** ConfigurationProvider */ + private ConfigurationProvider conf; + /** Array for storing all CertStoreParameters */ + private CertStoreParameters[] parameters; + + /** + * Create a new CertStoreConfigurationImpl. + * + * @param conf The MOA configuration from which the configuration data is + * @throws ConfigurationException an any config-error + * being read. + */ + public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { + this.conf=conf; + String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY; + String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName); + if (certStoreRootDirParam == null) + throw new ConfigurationException( + "config.08", new Object[] {paramName}); + + rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); + if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6); + File f = new File(rootDirectory); + if (!f.isDirectory()) + throw new ConfigurationException( + "config.05", new Object[] {paramName}); + + parameters = new CertStoreParameters[] { this }; + } + + /** + * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() + */ + public CertStoreParameters[] getParameters() { + return parameters; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() + */ + public String getRootDirectory() { + return rootDirectory; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() + */ + public boolean createNew() { + return false; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#getId() + */ + public String getId() { + return "MOA ID Directory CertStore"; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() + */ + public boolean isReadOnly() { + return false; + } + + /** + * @return CertStoreTypes.DIRECTORY + * @see iaik.pki.store.certstore.CertStoreParameters#getType() + */ + public String getType() { + return CertStoreTypes.DIRECTORY; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java new file mode 100644 index 000000000..3cd02a2b5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import iaik.logging.LogConfigurationException; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.util.Properties; + +/** + * Implementation of interface TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class LoggerConfigImpl implements iaik.logging.LoggerConfig { + + /** logging properties **/ + private Properties loggingProperties; + + /** + * Constructor + */ + public LoggerConfigImpl(String propertyFileURL) throws IOException { + InputStream in = new URL(propertyFileURL).openStream(); + loggingProperties = new Properties(); + loggingProperties.load(in); + in.close(); + } + + /** + * @see iaik.logging.LoggerConfig#getFactory() + */ + public String getFactory() { + return "iaik.logging.impl.Log4jFactory"; + } + + /** + * @see iaik.logging.LoggerConfig#getProperties() + */ + public Properties getProperties() throws LogConfigurationException { + return loggingProperties; + } + + /** + * @see iaik.logging.LoggerConfig#getNodeId() + */ + public String getNodeId() { + return "iaik"; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java new file mode 100644 index 000000000..b41de3c44 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java @@ -0,0 +1,66 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import iaik.pki.PKIConfiguration; +import iaik.pki.pathvalidation.ValidationConfiguration; +import iaik.pki.revocation.RevocationConfiguration; +import iaik.pki.store.certstore.CertStoreConfiguration; +import iaik.pki.store.revocation.archive.ArchiveConfiguration; + +/** + * Implementation of interface PKIConfiguration needed to + * initialize an IAIK JSSE TrustManager + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class PKIConfigurationImpl implements PKIConfiguration { + /** The configuration for the CertStore */ + private CertStoreConfiguration certStoreConfiguration; + /** The configuration for the RevocationChecks */ + private RevocationConfiguration revocationConfiguration; + /** The configuration for the Validation */ + private ValidationConfiguration validationConfiguration; + + /** + * Constructor + * @param conf the Configuration for the PKIConfig + * @throws ConfigurationException for any config error + */ + public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { + + certStoreConfiguration = new CertStoreConfigurationImpl(conf); + revocationConfiguration = new RevocationConfigurationImpl(); + validationConfiguration = new ValidationConfigurationImpl(conf); + } + + /** + * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration() + */ + public CertStoreConfiguration getCertStoreConfiguration() { + return certStoreConfiguration; + } + + /** + * @see iaik.pki.PKIConfiguration#getRevocationConfiguration() + */ + public RevocationConfiguration getRevocationConfiguration() { + return revocationConfiguration; + } + + /** + * @see iaik.pki.PKIConfiguration#getArchiveConfiguration() + */ + public ArchiveConfiguration getArchiveConfiguration() { + return null; + } + + /** + * @see iaik.pki.PKIConfiguration#getValidationConfiguration() + */ + public ValidationConfiguration getValidationConfiguration() { + return validationConfiguration; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java new file mode 100644 index 000000000..fff75775d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import iaik.pki.revocation.RevocationConfiguration; + +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Date; +import java.util.Set; + +import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; + +/** + * Implementation of interface needed to initialize an IAIK JSSE TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration { + + /** + * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date) + */ + public Set getAlternativeDistributionPoints( + X509Certificate arg0, + X509Certificate arg1, + Date arg2) { + return Collections.EMPTY_SET; + } + + /** + * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String) + */ + public boolean archiveRevocationInfo(String arg0, String arg1) { + return false; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java new file mode 100644 index 000000000..c500e2e8e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.iaik.config; + +import iaik.pki.pathvalidation.ValidationConfiguration; + +import java.security.cert.X509Certificate; +import java.security.spec.AlgorithmParameterSpec; + +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; + +/** + * Implementation of interface needed to initialize an IAIK JSSE TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class ValidationConfigurationImpl extends ObservableImpl + implements ValidationConfiguration { + /** The ConfigurationProvider for the validation*/ + private ConfigurationProvider conf; + + /** + * Constructor + * @param conf with the configuration + */ + public ValidationConfigurationImpl(ConfigurationProvider conf) { + this.conf = conf; + } + + /** + * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate) + */ + public String getChainingMode(X509Certificate trustAnchor) { + String chainingMode = conf.getChainingMode(trustAnchor); + return chainingMode; + } + + /** + * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate) + */ + public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) { + return null; + } + + /** + * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate) + */ + public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) { + return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java new file mode 100644 index 000000000..3c37706e1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java @@ -0,0 +1,186 @@ +package at.gv.egovernment.moa.id.iaik.pki; + +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Set; + +import iaik.pki.PKIProfile; +import iaik.pki.pathvalidation.ValidationProfile; +import iaik.pki.revocation.RevocationProfile; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; + +import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; + +/** + * Implementation of the PKIProfile interface and subinterfaces + * providing information needed for certificate path validation. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class PKIProfileImpl extends ObservableImpl + implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile { + + /** + * URI to the truststore + */ + private String trustStoreURI; + + /** + * revocation checking; + */ + private boolean revocationChecking; + + /** + * The trust profile identifier. + */ + private String id; + + + /** + * Create a new PKIProfileImpl. + * + * @param trustStoreURI trust store URI + */ + public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) { + this.trustStoreURI = trustStoreURI; + this.revocationChecking = revocationChecking; + String id = String.valueOf(System.currentTimeMillis()); + setId("id-" + id); + } + + /** + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ + public boolean autoAddCertificates() { + return true; + } + + /** + * @see iaik.pki.PKIProfile#getRevocationProfile() + */ + public RevocationProfile getRevocationProfile() { + return this; + } + + /** + * @see iaik.pki.PKIProfile#getTrustStoreProfile() + */ + public TrustStoreProfile getTrustStoreProfile() { + return this; + } + + /** + * @see iaik.pki.PKIProfile#getValidationProfile() + */ + public ValidationProfile getValidationProfile() { + return this; + } + + /** + * @see iaik.pki.PKIProfile#useAuthorityInfoAccess() + */ + public boolean useAuthorityInfoAccess() { + return true; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String) + */ + public long getMaxRevocationAge(String arg0) { + return 0; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm() + */ + public String getOCSPRequestHashAlgorithm() { + return null; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate) + */ + public String[] getPreferredServiceOrder(X509Certificate arg0) { + return new String[] {RevocationSourceTypes.CRL}; + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getType() + */ + public String getType() { + return TrustStoreTypes.DIRECTORY; + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getURI() + */ + public String getURI() { + return trustStoreURI; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit() + */ + public boolean getInitialAnyPolicyInhibit() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy() + */ + public boolean getInitialExplicitPolicy() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit() + */ + public boolean getInitialPolicyMappingInhibit() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet() + */ + public Set getInitialPolicySet() { + return Collections.EMPTY_SET; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing() + */ + public boolean getNameConstraintsProcessing() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing() + */ + public boolean getPolicyProcessing() { + return false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking() + */ + public boolean getRevocationChecking() { + return this.revocationChecking; + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getId() + */ + public String getId() { + return id; + } + /** + * Sets the trust profile identifier. + * @param id The id to set. + */ + public void setId(String id) { + this.id = id; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java new file mode 100644 index 000000000..9da006d35 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java @@ -0,0 +1,119 @@ +package at.gv.egovernment.moa.id.iaik.pki.jsse; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; + +import iaik.pki.jsse.IAIKX509TrustManager; + +/** + * TrustManager implementation featuring CRL checking (inherited from + * IAIKX509TrustManager), plus server-end-SSL-certificate checking. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDTrustManager extends IAIKX509TrustManager { + + /** an x509Certificate array containing all accepted server certificates*/ + private X509Certificate[] acceptedServerCertificates; + + /** + * Constructor + * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store + * @throws GeneralSecurityException occurs on security errors + * @throws IOException occurs on IO errors + */ + public MOAIDTrustManager(String acceptedServerCertificateStoreURL) + throws IOException, GeneralSecurityException { + + if (acceptedServerCertificateStoreURL != null) + buildAcceptedServerCertificates(acceptedServerCertificateStoreURL); + else + acceptedServerCertificates = null; + } + + + /** + * Initializes the LoggingContextManager logging context. + * Fixes a bug occuring in the case MOA-SP is called by API. + * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP. + * This method must be called before a MOAIDTrustManager is constructed, + * from every thread. + */ + public static void initializeLoggingContext() { + if (LoggingContextManager.getInstance().getLoggingContext() == null) + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext(Thread.currentThread().getName())); + } + + + /** + * Builds an Array of accepted server certificates from an URL, + * and stores it in acceptedServerCertificates. + * @param acceptedServerCertificateStoreURL file URL pointing to the directory + * containing accepted server X509 certificates + * @throws GeneralSecurityException on security errors + * @throws IOException on any IO errors + */ + private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) + throws IOException, GeneralSecurityException { + + List certList = new ArrayList(); + URL storeURL = new URL(acceptedServerCertificateStoreURL); + File storeDir = new File(storeURL.getFile()); + // list certificate files in directory + File[] certFiles = storeDir.listFiles(); + for (int i = 0; i < certFiles.length; i++) { + // for each: create an X509Certificate and store it in list + File certFile = certFiles[i]; + FileInputStream fis = new FileInputStream(certFile.getPath()); + CertificateFactory certFact = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis); + fis.close(); + certList.add(cert); + } + // store acceptedServerCertificates + acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]); + } + + /** + * Does additional server-end-SSL-certificate checking. + * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[]) + */ + public boolean isServerTrusted(X509Certificate[] certChain) { + boolean trusted = super.isServerTrusted(certChain); + if (! trusted || acceptedServerCertificates == null) + return trusted; + else { + // check server-end-SSL-certificate with acceptedServerCertificates + X509Certificate serverCert = certChain[0]; + for (int i = 0; i < acceptedServerCertificates.length; i++) { + X509Certificate acceptedServerCert = acceptedServerCertificates[i]; + if (serverCert.equals(acceptedServerCert)) + return true; + } + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null)); + return false; + } + } + /** + * In rare cases, this method is being called although it should not be. + * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[]) + */ + public boolean isClientTrusted(java.security.cert.X509Certificate arg0[]) + { + return true; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java new file mode 100644 index 000000000..8f36ac5c0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java @@ -0,0 +1,46 @@ +package at.gv.egovernment.moa.id.iaik.servertools.observer; + +import iaik.pki.store.observer.NotificationData; +import iaik.pki.store.observer.Observable; +import iaik.pki.store.observer.Observer; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + + +/** + * Implementation of interface TrustManager + * @author Paul Ivancsics + * @version $Id$ + */ +public class ObservableImpl implements Observable { + /** a List for all observers */ + private List observers = new ArrayList(); + + /** + * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer) + */ + public void addObserver(Observer observer) { + observers.add(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer) + */ + public boolean removeObserver(Observer observer) { + return observers.remove(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData) + */ + public void notify(NotificationData data) { + Iterator iter = observers.iterator(); + for (iter = observers.iterator(); iter.hasNext();) { + Observer observer = (Observer) iter.next(); + observer.notify(data); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java new file mode 100644 index 000000000..731212ef8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java @@ -0,0 +1,64 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; + +/** + * Builder for {@link java.net.URLConnection} objects used to forward requests + * to the remote online application. + * + * @author Paul Ivancsics + * @version $Id$ + */ + +public interface ConnectionBuilder { + + /** + * Builds an HttpURLConnection to a {@link java.net.URL} which is derived + * from an {@link HttpServletRequest} URL, by substitution of a + * public URL prefix for the real URL prefix.
+ * The HttpURLConnection has been created by {@link java.net.URL#openConnection}, but + * it has not yet been connected to by {@link java.net.URLConnection#connect}.
+ * The field settings of the HttpURLConnection are: + *
    + *
  • allowUserInteraction = false
  • + *
  • doInput = true
  • + *
  • doOutput = true
  • + *
  • requestMethod = request.getMethod()
  • + *
  • useCaches = false
  • + *
+ * + * @param request the incoming request which shall be forwarded + * @param publicURLPrefix the public URL prefix to be substituted by the real URL prefix + * @param realURLPrefix the URL prefix to substitute the public URL prefix + * @param sslSocketFactory factory to be used for creating an SSL socket in case + * of a URL for scheme "https:"; + *
if null, the default SSL socket factory would be used + * @param parameters parameters to be forwarded + * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to + * the requested URL with publicURLPrefix substituted by realURLPrefix + * @throws IOException if an I/O exception occurs during opening the connection + * @see java.net.URL#openConnection() + * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory() + */ + public HttpURLConnection buildConnection( + HttpServletRequest request, + String publicURLPrefix, + String realURLPrefix, + SSLSocketFactory sslSocketFactory, + Vector parameters) throws IOException; + + + /** + * Disconnects the HttpURLConnection if necessary. + * The implementation of the Connectionbuilder decides wether + * if this should be happen or not. + * + * @param con the HttpURLConnection which is normaly to be closed + */ + public void disconnect(HttpURLConnection con); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java new file mode 100644 index 000000000..ff7787839 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; + +/** + * Factory delivering a {@link ConnectionBuilder} implementation for + * an online application, initialized from configuration data. + * @author Paul Ivancsics + * @version $Id$ + */ +public class ConnectionBuilderFactory { + + /** default connection builder to be used for online application + * where no special implementation of the ConnectionBuilder + * interface is configured + */ + private static ConnectionBuilder defaultConnectionBuilder; + /** mapping from online application public URL prefix to an implementation + * of the ConnectionBuilder interface to be used; + * if no mapping is given for an online application, the + * DefaultConnectionBuilder will be used */ + private static Map connectionBuilderMap; + + /** + * Initializes the ConnectionBuilder map from the configuration data. + * @throws ConfigurationException when the configuration cannot be read, + * or when a class name configured cannot be instantiated + */ + public static void initialize() throws ConfigurationException { + defaultConnectionBuilder = new DefaultConnectionBuilder(); + connectionBuilderMap = new HashMap(); + ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); + for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { + OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; + String publicURLPrefix = oaParam.getPublicURLPrefix(); + String className = oaParam.getConnectionBuilderImpl(); + if (className != null) { + try { + ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance(); + connectionBuilderMap.put(publicURLPrefix, cb); + } + catch (Throwable ex) { + throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); + } + } + } + } + + /** + * Gets the ConnectionBuilder implementation to be used for the given + * online application. + * @param publicURLPrefix public URL prefix of the online application + * @return ConnectionBuilder implementation + */ + public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) { + ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix); + if (cb == null) + return defaultConnectionBuilder; + else + return cb; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java new file mode 100644 index 000000000..151b1cec3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -0,0 +1,149 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; +import java.net.URL; +import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Iterator; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; + +import com.sun.net.ssl.HostnameVerifier; +import com.sun.net.ssl.HttpsURLConnection; + +/** + * Defaultimplementierung von ConnectionBuilder. + * @author Paul Ivancsics + * @version $Id$ + */ +public class DefaultConnectionBuilder implements ConnectionBuilder { + + /** a boolean to disable the HostnameVerification (default = false)*/ + private static boolean cbDisableHostnameVerification = false; + + /** + * Constructor for DefaultConnectionBuilder. + * @throws ConfigurationException on any config error + */ + public DefaultConnectionBuilder() throws ConfigurationException { + cbDisableHostnameVerification = BoolUtils.valueOf( + ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( + "ProxyComponent.DisableHostnameVerification")); + //TODO MOA-ID BRZ undocumented feature + if (cbDisableHostnameVerification) + Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); + } + + /** + * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection + */ + public HttpURLConnection buildConnection( + HttpServletRequest req, + String publicURLPrefix, + String realURLPrefix, + SSLSocketFactory sslSocketFactory, + Vector parameters) + throws IOException { + + String requestedURL = req.getRequestURL().toString(); + // check whether requested URL starts with publicURLPrefix + + //Temporary allow http:// urls instead of the https:// in publicURLPrefix + //if (req.getSession().getAttribute("authorizationkey")==null) { + // if (! requestedURL.startsWith(publicURLPrefix)) + // throw new IOException(MOAIDMessageProvider.getInstance().getMessage( + // "proxy.01", new Object[] {requestedURL, publicURLPrefix})); + //} + + // in case of GET request, append query string to requested URL; + // otherwise, HttpURLConnection would perform a POST request + if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) { + requestedURL = appendQueryString(requestedURL, parameters); + } + // build real URL in online application + String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); + URL url = new URL(realURLString); + Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); + + HttpURLConnection conn = (HttpURLConnection)url.openConnection(); + conn.setRequestMethod(req.getMethod()); + conn.setDoInput(true); + conn.setDoOutput(true); + //conn.setUseCaches(false); + //conn.setAllowUserInteraction(true); + conn.setInstanceFollowRedirects(false); + if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + HttpsURLConnection httpsConn = (HttpsURLConnection) conn; + httpsConn.setSSLSocketFactory(sslSocketFactory); + if (cbDisableHostnameVerification) + httpsConn.setHostnameVerifier(new HostnameNonVerifier()); + } + return conn; + } + + + /** + * Disconnects the HttpURLConnection if necessary. + * The implementation of the Connectionbuilder decides wether + * if this should be happen or not. + * + * @param conn the HttpURLConnection which is normaly to be closed + */ + public void disconnect(HttpURLConnection conn) { + conn.disconnect(); + } + + + /** + * @param requestedURL + * @param parameters + * @return + */ + private String appendQueryString(String requestedURL, Vector parameters) { + String newURL = requestedURL; + String parameter[] = new String[2]; + String paramValue =""; + String paramName =""; + String paramString =""; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + try { + parameter = (String[]) iter.next(); + //next two lines work not with OWA-SSL-Login-form + paramName = URLEncoder.encode((String) parameter[0], "UTF-8"); + paramValue = URLEncoder.encode((String) parameter[1], "UTF-8"); + + } catch (UnsupportedEncodingException e) { + //UTF-8 should be supported + } + paramString = "&" + paramName + "=" + paramValue + paramString; + } + if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1); + return newURL; + } + + /** + * @author Stefan Knirsch + * @version $Id$ + * A private class to change the standard HostName verifier to disable the + * Hostname Verification Check + */ + private class HostnameNonVerifier implements HostnameVerifier { + + /** + * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) + */ + public boolean verify(String arg0, String arg1) { + return true; + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java new file mode 100644 index 000000000..3df76656b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -0,0 +1,142 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; + +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.URLEncoder; + +/** + * Implementation of interface LoginParameterResolver + * @author Paul Ivancsics + * @version $Id$ + */ +public class DefaultLoginParameterResolver implements LoginParameterResolver { + + /** + * Constructor + */ + public DefaultLoginParameterResolver() { + } + + /** + * Configuration mehtod (not used) + */ + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { + } + + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String) + */ + public Map getAuthenticationHeaders( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) { + + Map result = new HashMap(); + + if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) { + String useridPredicate = oaConf.getBasicAuthUserIDMapping(); + String userid = resolveValue(useridPredicate, authData, clientIPAddress); + String passwordPredicate = oaConf.getBasicAuthPasswordMapping(); + String password = resolveValue(passwordPredicate, authData, clientIPAddress); + + try { + String userIDPassword = userid + ":" + password; + String credentials = Base64Utils.encode(userIDPassword.getBytes()); + result.put("Authorization", "Basic " + credentials); + } + catch (IOException ignore) { + } + } + else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) { + for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) { + String key = (String) iter.next(); + String predicate = (String) oaConf.getHeaderAuthMapping().get(key); + String resolvedValue = resolveValue(predicate, authData, clientIPAddress); + result.put(key, resolvedValue); + } + } + + return result; + } + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String) + */ + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) { + + Map result = new HashMap(); + + if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) { + for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) { + String key = (String) iter.next(); + String predicate = (String) oaConf.getParamAuthMapping().get(key); + String resolvedValue; + try { + resolvedValue = + URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1"); + } catch (UnsupportedEncodingException e) { + //ISO-8859-1 is supported + resolvedValue = null; + } + result.put(key, resolvedValue); + } + } + + return result; + } + + /** + * Resolves a login header or parameter value. + * @param predicate header or parameter predicate name from online application configuration + * @param authData authentication data for current login + * @param clientIPAddress client IP address + * @return header or parameter value resolved; null if unknown name is given + */ + private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) { + if (predicate.equals(MOAGivenName)) + return authData.getGivenName(); + if (predicate.equals(MOAFamilyName)) + return authData.getFamilyName(); + if (predicate.equals(MOADateOfBirth)) + return authData.getDateOfBirth(); + if (predicate.equals(MOABPK)) + return authData.getBPK(); + if (predicate.equals(MOAWBPK)) + return authData.getWBPK(); + if (predicate.equals(MOAPublicAuthority)) + if (authData.isPublicAuthority()) + return "true"; + else + return "false"; + if (predicate.equals(MOABKZ)) + return authData.getPublicAuthorityCode(); + if (predicate.equals(MOAQualifiedCertificate)) + if (authData.isQualifiedCertificate()) + return "true"; + else + return "false"; + if (predicate.equals(MOAStammzahl)) + return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); + if (predicate.equals(MOAIPAddress)) + return clientIPAddress; + else return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java new file mode 100644 index 000000000..909e2d51e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -0,0 +1,249 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; + +import com.ibm.webdav.HTTPHeaders; +import com.ibm.webdav.protocol.URLStreamHandlerFactory; +import com.ibm.webdav.protocol.http.WebDAVURLConnection; +import java.util.StringTokenizer; +import java.net.URL; +import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.net.URLStreamHandler; +import java.util.Iterator; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; + +import com.sun.net.ssl.HostnameVerifier; +import com.sun.net.ssl.HttpsURLConnection; + +/** + * Defaultimplementierung von ConnectionBuilder. + * @author Paul Ivancsics + * @version $Id$ + */ +public class ElakConnectionBuilder implements ConnectionBuilder { + + /** a boolean to disable the HostnameVerification (default = false)*/ + private static boolean cbDisableHostnameVerification = false; + + /** a boolean to indicat if webdav protocol handler was already set */ + private static boolean webdavPHSet = false; + + /** + * The system property name used to register a protocol handler. + */ + public final static String PROTOCOL_HANDLER_PROPERTY_NAME = "java.protocol.handler.pkgs"; + + /** + * The package providing the ldap protocol handler. + */ + public final static String WEBDAV_PROTOCOL_HANDLER = "com.ibm.webdav.protocol"; + + /** + * The pipe character used to sepearte different protocol handlers. + */ + public final static char PIPE_CHAR = '|'; + + + + + + /** + * Constructor for ElakConnectionBuilder. + * @throws ConfigurationException on any config error + */ + public ElakConnectionBuilder() throws ConfigurationException { + cbDisableHostnameVerification = BoolUtils.valueOf( + ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( + "ProxyComponent.DisableHostnameVerification")); + //TODO MOA-ID BRZ undocumented feature + if (cbDisableHostnameVerification) + Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); + } + + /** + * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection + */ + public HttpURLConnection buildConnection( + HttpServletRequest req, + String publicURLPrefix, + String realURLPrefix, + SSLSocketFactory sslSocketFactory, + Vector parameters) + throws IOException { + + String requestedURL = req.getRequestURL().toString(); + // check whether requested URL starts with publicURLPrefix + if (! requestedURL.startsWith(publicURLPrefix)) + throw new IOException(MOAIDMessageProvider.getInstance().getMessage( + "proxy.01", new Object[] {requestedURL, publicURLPrefix})); + + + + // in case of GET request, append query string to requested URL; + // otherwise, HttpURLConnection would perform a POST request + //FIXME right parameters + /* + if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) { + requestedURL = appendQueryString(requestedURL, parameters); + } + */ + //TODO RSCH check functionality + if (null != req.getQueryString() && 0 != req.getQueryString().length() ) { + String query = req.getQueryString(); + requestedURL = requestedURL + "?" + query; + + String parameter[] = new String[2]; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + parameter = (String[]) iter.next(); + if(query.indexOf(parameter[0]) >= 0) iter.remove(); + } + } + + // build real URL in online application + String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); + + + Logger.info("Registering WebDAV protocol handler"); + String protocolHandlers = System.getProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME); + if (protocolHandlers == null) { + protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER; + System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers); + } else { + // check, if WEBDAV protocol handler is already configured + boolean isConfigured = false; + StringTokenizer tokenizer = new StringTokenizer(protocolHandlers, "| "); + while (tokenizer.hasMoreTokens()) { + String protocolHandler = tokenizer.nextToken(); + if (protocolHandler.equals(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER)) { + isConfigured = true; + break; + } + } + // if it has not been configured yet, configure it + if (!isConfigured) { + protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ElakConnectionBuilder.PIPE_CHAR + protocolHandlers; + System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers); + } + } + Logger.info("Registered protocol handlers: " + protocolHandlers); + Class webdavSH = null; + try + { + webdavSH = Class.forName(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ".http.Handler"); + } + catch (ClassNotFoundException e) + { + // TODO Auto-generated catch block + e.printStackTrace(); + } + URLStreamHandler urlStreamHandler = null; + try + { + urlStreamHandler = (URLStreamHandler) webdavSH.newInstance(); + } + catch (InstantiationException e1) + { + // TODO Auto-generated catch block + e1.printStackTrace(); + } + catch (IllegalAccessException e1) + { + // TODO Auto-generated catch block + e1.printStackTrace(); + } + //URL testURL = new URL("http", realURLString.substring("http://localhost:82".length()), 82, "", urlStreamHandler); + //WebDAVURLConnection webDavTest = (WebDAVURLConnection) testURL.openConnection(); + + + URL testURL = new URL(realURLString); + Logger.debug("TEST URL ist von der Klasse: " + testURL.getClass().getName()); + + //URL url = new URL(realURLString); + URL testURL2 = new URL(realURLString); + + URL url = new URL("http", "localhost", 82, realURLString.substring("http://localhost:82".length()), urlStreamHandler); + + Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); + WebDAVURLConnection webDavConn = (WebDAVURLConnection) url.openConnection(); + HttpURLConnection conn = (HttpURLConnection)webDavConn; + webDavConn.setRequestMethod(req.getMethod()); + webDavConn.setDoInput(true); + webDavConn.setDoOutput(true); + //conn.setUseCaches(false); + webDavConn.setAllowUserInteraction(true); + webDavConn.setInstanceFollowRedirects(false); + if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + HttpsURLConnection httpsConn = (HttpsURLConnection) conn; + httpsConn.setSSLSocketFactory(sslSocketFactory); + if (cbDisableHostnameVerification) + httpsConn.setHostnameVerifier(new HostnameNonVerifier()); + } + return conn; + } + + /** + * Disconnects the HttpURLConnection if necessary. + * The implementation of the Connectionbuilder decides wether + * if this should be happen or not. + * + * @param conn the HttpURLConnection which is normaly to be closed + */ + public void disconnect(HttpURLConnection conn) { + conn.disconnect(); + } + + /** + * @param requestedURL + * @param parameters + * @return + */ + private String appendQueryString(String requestedURL, Vector parameters) { + String newURL = requestedURL; + String parameter[] = new String[2]; + String paramValue =""; + String paramName =""; + String paramString =""; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + try { + parameter = (String[]) iter.next(); + //Following two lines do not work with OWA-SSL-Login-form + paramName = URLEncoder.encode((String) parameter[0], "UTF-8"); + paramValue = URLEncoder.encode((String) parameter[1], "UTF-8"); + + } catch (UnsupportedEncodingException e) { + //UTF-8 should be supported + } + paramString = "&" + paramName + "=" + paramValue + paramString; + } + if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1); + return newURL; + } + + /** + * @author Stefan Knirsch + * @version $Id$ + * A private class to change the standard HostName verifier to disable the + * Hostname Verification Check + */ + private class HostnameNonVerifier implements HostnameVerifier { + + /** + * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) + */ + public boolean verify(String arg0, String arg1) { + return true; + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java new file mode 100644 index 000000000..f934ab80b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -0,0 +1,211 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.io.IOException; +import java.net.URL; +import java.net.URLStreamHandler; +import java.util.Iterator; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; + +import com.sun.net.ssl.HostnameVerifier; +import HTTPClient.HttpURLConnection; +import HTTPClient.HTTPConnection; + + +/** + * Outlook Web Access (OWA) Implementierung von ConnectionBuilder. + * uses the HTTP(s)Client from Ronald Tschalär. + * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/ + * + * @author pdanner + */ +public class EnhancedConnectionBuilder implements ConnectionBuilder { + + /** a boolean to disable the HostnameVerification (default = false)*/ + private static boolean cbDisableHostnameVerification = false; + /** Name of the Parameter for the Target */ + private static final String PARAM_TARGET = "Target"; + /** Name of the Parameter for the SAMLArtifact */ + private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; + /** Name of the Attribute for marking the session as authenticated*/ + private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched"; + + static { + HTTPConnection.setDefaultTimeout(0); + try { + HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.AuthorizationModule")); + HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RedirectionModule")); + HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.CookieModule")); + //HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RetryModule")); + } catch (ClassNotFoundException e) { + + } + } + + /** + * Constructor for OWAConnectionBuilder. + * @throws ConfigurationException on any config error + */ + public EnhancedConnectionBuilder() throws ConfigurationException { + cbDisableHostnameVerification = BoolUtils.valueOf( + ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( + "ProxyComponent.DisableHostnameVerification")); + //TODO MOA-ID BRZ undocumented feature + if (cbDisableHostnameVerification) + Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); + } + + /** + * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection + */ + public java.net.HttpURLConnection buildConnection(HttpServletRequest req, String publicURLPrefix, String realURLPrefix, SSLSocketFactory sslSocketFactory, Vector parameters) throws IOException { + + String requestedURL = req.getRequestURL().toString(); + // check whether requested URL starts with publicURLPrefix + + if (! requestedURL.startsWith(publicURLPrefix.substring(0,5))) + throw new IOException(MOAIDMessageProvider.getInstance().getMessage( + "proxy.01", new Object[] {requestedURL, publicURLPrefix})); + + String query = req.getQueryString(); + if (req.getSession().getAttribute(ATT_AUTHDATAFETCHED)!=null) { + query = removeParameter(query, PARAM_SAMLARTIFACT); + query = removeParameter(query, PARAM_TARGET); + req.getSession().removeAttribute(ATT_AUTHDATAFETCHED); + } + if (null != query && 0 != query.length() ) { + requestedURL = requestedURL + "?" + query; + + String parameter[] = new String[2]; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + parameter = (String[]) iter.next(); + if(query.indexOf(parameter[0]) >= 0) iter.remove(); + } + } + + // build real URL in online application + String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length()); + + // build real URL in online application + URLStreamHandler urlStreamHandler = null; + + //URL url = new URL(realURLString); + if (realURLString.startsWith("https")) { + urlStreamHandler = new HTTPClient.https.Handler(); + } else{ + urlStreamHandler = new HTTPClient.http.Handler(); + } + URL url = new URL(null, realURLString, urlStreamHandler); + Logger.debug("OA Request: " + req.getMethod() + " " + url.toString()); + + HttpURLConnection conn = (HttpURLConnection)url.openConnection(); + + conn.setRequestMethod(req.getMethod()); + conn.setDoInput(true); + conn.setDoOutput(true); + //conn.setUseCaches(false); + //conn.setAllowUserInteraction(true); + conn.setInstanceFollowRedirects(false); + + if (realURLString.startsWith("https") && sslSocketFactory != null) { + conn.setSSLSocketFactory(sslSocketFactory); + //Not available in HTTPClient + //if (cbDisableHostnameVerification) + // conn.setHostnameVerifier(new HostnameNonVerifier()); + } + + return conn; + + } + + /** + * Disconnects the HttpURLConnection if necessary. + * The implementation of the Connectionbuilder decides wether + * if this should be happen or not. + * + * @param conn the HttpURLConnection which is normaly to be closed + */ + public void disconnect(java.net.HttpURLConnection conn) { + // In HTTPClient there must not be an diconnect! + // conn.disconnect(); + } + + /** + * @author Stefan Knirsch + * @version $Id$ + * A private class to change the standard HostName verifier to disable the + * Hostname Verification Check + */ + private class HostnameNonVerifier implements HostnameVerifier { + + /** + * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) + */ + public boolean verify(String arg0, String arg1) { + return true; + } + } + + /** + * Removes parameters from the query-URL recursively + * + * @param query the query from which the parameter is to be removed + * @param parameter the parameter to be removed + * @return the parameterclean query + */ + private String removeParameter(String query, String parameter) { + return removeParameter(query, parameter, true); + } + + /** + * Removes one parameter from the query-URL recursively + * + * @param query the query from which the parameter is to be removed + * @param parameter the parameter to be removed + * @param remove. Boolean value wether a parameter was removed in last call or not. In initial call set to true to check for new occurrences + * @return the parameterclean query + */ + private String removeParameter(String query, String parameter, boolean remove) { + String result = query; + if (remove && query!=null && !query.equals("") && parameter!=null && !parameter.equals("")) { + String param = parameter; + int capEnd=0; + if (!param.endsWith("=")) param=param+"="; + if (query.startsWith(param)) { + //remove leading + result=""; + } else { + if (!param.startsWith("&")) param="&"+param; + capEnd = query.indexOf(param); + if (capEnd!=-1) { + //leading part + result=query.substring(0, capEnd); + } + } + if (capEnd!=-1) { + //trailing part + capEnd += param.length(); + int capBegin = -1; + if (capEnd MOAIDConfiguration-1.2.xsd, type MOAAuthDataType, + * naming predicates used by the LoginParameterResolver. */ + public static final String MOAGivenName = "MOAGivenName"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAFamilyName = "MOAFamilyName"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOADateOfBirth = "MOADateOfBirth"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOABPK = "MOABPK"; + /** Constant used in MOAIDConfiguration-1.3.xsd, type MOAAuthDataType */ + public static final String MOAWBPK = "MOAWBPK"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAPublicAuthority = "MOAPublicAuthority"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOABKZ = "MOABKZ"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAStammzahl = "MOAStammzahl"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAIdentificationValueType = "MOAIdentificationValueType"; + /** Constant used in MOAIDConfiguration-1.2.xsd, type MOAAuthDataType */ + public static final String MOAIPAddress = "MOAIPAddress"; + + /** + * Returns authentication headers to be added to a URLConnection. + * + * @param oaConf configuration data + * @param authData authentication data + * @param clientIPAddress client IP address + * @param businessService boolean value for recognizing (w)bPK-mode + * @param publicURLPrefix to distinguish different online applications + * @return A map, the keys being header names and values being corresponding header values. + *
In case of authentication type "basic-auth", header fields + * username and password. + *
In case of authentication type "header-auth", header fields + * derived from parameter mapping and authentication data provided. + *
Otherwise, an empty map. + */ + public Map getAuthenticationHeaders( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; + + /** + * Returns request parameters to be added to a URLConnection. + * + * @param oaConf configuration data + * @param authData authentication data + * @param clientIPAddress client IP address + * @param businessService boolean value for recognizing (w)bPK-mode + * @param publicURLPrefix to distinguish different online applications + * @return A map, the keys being parameter names and values being corresponding parameter values. + *
In case of authentication type "param-auth", parameters + * derived from parameter mapping and authentication data provided. + *
Otherwise, an empty map. + */ + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; + + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java new file mode 100644 index 000000000..3aa2368bf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.proxy; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while proxying a request to the online application + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class LoginParameterResolverException extends MOAIDException { + + /** + * Constructor for LoginParameterResolverException. + * @param messageId + * @param parameters + */ + public LoginParameterResolverException( + String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for LoginParameterResolverException. + * @param messageId + * @param parameters + * @param wrapped + */ + public LoginParameterResolverException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java new file mode 100644 index 000000000..8edd23438 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java @@ -0,0 +1,82 @@ +package at.gv.egovernment.moa.id.proxy; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; + +/** + * Factory delivering a {@link LoginParameterResolver} implementation for + * an online application, initialized from configuration data. + * @author Paul Ivancsics + * @version $Id$ + */ +public class LoginParameterResolverFactory { + + /** default login parameter resolver to be used for online application + * where no special implementation of the LoginParameterResolver + * interface is configured + */ + private static LoginParameterResolver defaultLoginParameterResolver; + /** mapping from online application public URL prefix to an implementation + * of the LoginParameterResolver interface to be used; + * if no mapping is given for an online application, the + * DefaultLoginParameterResolver will be used */ + private static Map loginParameterResolverMap; + + /** + * Initializes the LoginParameterResolver map from the configuration data. + * @throws ConfigurationException when the configuration cannot be read, + * or when a class name configured cannot be instantiated + */ + public static void initialize() throws ConfigurationException { + defaultLoginParameterResolver = new DefaultLoginParameterResolver(); + loginParameterResolverMap = new HashMap(); + ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); + for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) { + OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i]; + String publicURLPrefix = oaParam.getPublicURLPrefix(); + String className = oaParam.getLoginParameterResolverImpl(); + String configuration = oaParam.getLoginParameterResolverConfiguration(); + if (className != null) { + try { + Class lprClass = Class.forName(className); + LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance(); + + Class[] argumentTypes = { String.class, Boolean.class }; + Method confMethod = lprClass.getMethod( "configure", argumentTypes ); + + Object[] arguments = { new String(configuration), new Boolean(oaParam.getBusinessService()) }; + confMethod.invoke( lpr, arguments ); + + loginParameterResolverMap.put(publicURLPrefix, lpr); + } + catch (InvocationTargetException lpex) { + throw new ConfigurationException("config.11", new Object[] {className}, lpex); + } + catch (Throwable ex) { + throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex); + } + } + } + } + + /** + * Gets the LoginParameterResolver implementation to be used for the given + * online application. + * @param publicURLPrefix public URL prefix of the online application + * @return LoginParameterResolver implementation + */ + public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) { + LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix); + if (lpr == null) + return defaultLoginParameterResolver; + else + return lpr; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java new file mode 100644 index 000000000..3f615b01c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -0,0 +1,95 @@ +package at.gv.egovernment.moa.id.proxy; + +import iaik.pki.PKIException; +import iaik.pki.jsse.IAIKX509TrustManager; + +import java.io.IOException; +import java.security.GeneralSecurityException; + +import javax.net.ssl.SSLSocketFactory; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; +import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Web application initializer + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDProxyInitializer { + + /** + * Initializes the web application components which need initialization: + * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. + */ + public static void initialize() + throws ConfigurationException, IOException, GeneralSecurityException, PKIException { + + Logger.setHierarchy("moa.id.proxy"); + + // Restricts TLS cipher suites + System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); + + // load some jsse classes so that the integrity of the jars can be verified + // before the iaik jce is installed as the security provider + // this workaround is only needed when sun jsse is used in conjunction with + // iaik-jce (on jdk1.3) + ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader(); + try { + cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar + } + catch (ClassNotFoundException e) { + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e); + } + + // Initializes the SSLSocketFactory store + SSLUtils.initialize(); + + // Initializes IAIKX509TrustManager logging + String log4jConfigURL = System.getProperty("log4j.configuration"); + if (log4jConfigURL != null) { + IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); + } + + // Loads the configuration + ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload(); + + // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service, + // using configuration data + ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); + if (connParamAuth!=null) { + if (connParamAuth.isHTTPSURL()) { + SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); + AxisSecureSocketFactory.initialize(ssf); + } + } else { + throw new ConfigurationException("config.16", null); + } + + // Initializes the Axis secure socket factories for use in calling the online applications, + // using configuration data + OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters(); + for (int i = 0; i < oaParams.length; i++) { + OAProxyParameter oaParam = oaParams[i]; + ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); + if (oaConnParam.isHTTPSURL()) + SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + } + + // Initializes the ConnectionBuilderFactory from configuration data + ConnectionBuilderFactory.initialize(); + + // Initializes the LoginParameterResolverFactory from configuration data + LoginParameterResolverFactory.initialize(); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java new file mode 100644 index 000000000..849160a7b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.proxy; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while proxying a request to the online application + * Reason for this exception: the dedicated LoginParameterResolver does + * not allow access to the desired ressource. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class NotAllowedException extends MOAIDException { + + /** + * Constructor for NotAllowedException. + * @param messageId + * @param parameters + */ + public NotAllowedException( + String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for NotAllowedException. + * @param messageId + * @param parameters + * @param wrapped + */ + public NotAllowedException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java new file mode 100644 index 000000000..9bfd9de9b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -0,0 +1,678 @@ +package at.gv.egovernment.moa.id.proxy; + +import iaik.security.provider.IAIK; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Security; +import java.util.HashMap; +import java.util.Map; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.IvParameterSpec; +import javax.xml.parsers.ParserConfigurationException; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.URLEncoder; + +/** + * XMLLoginParameterResolver an implementation of implementation of interface + * LoginParameterResolver + * This implementation used to map identities stored in an XML file to parameters + * which are given to OAs. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class XMLLoginParameterResolverEncryptedData implements LoginParameterResolver { + + //file which is parsed and interpreted for paremeter resolving. + private String identityFile; + + private Cipher blowfishCipher; + private Key key; + /** + * inner class used to store mapped parameters + */ + class LPRParams { + + /** + * getter method for parameter Enabled. + * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver + */ + public boolean getEnabled() { + return enabled.booleanValue(); + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or null not set. + */ + public String getUN() { + return UN; + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or null not set. + */ + //TODO XMLLPR decrypt + public String getPlainUN() { + //Security.addProvider(); + + + return UN; + } + + + /** + * getter method for parameter PW (password) + * @return Parameter PW or null not set. + */ + public String getPW() { + return PW; + } + + /** + * getter method for generic parameter Param1 + * @return Parameter Param1 or null not set. + */ + public String getParam1() { + return Param1; + } + + /** + * getter method for generic parameter Param2 + * @return Parameter Param2 or null not set. + */ + public String getParam2() { + return Param2; + } + + /** + * getter method for generic parameter Param3 + * @return Parameter Param3 or null not set. + */ + public String getParam3() { + return Param3; + } + + /** + * Returns a string representation of LPRParams + * + * @return a String representation of this object. + * @see XMLLoginParameterResolver.LPRParams + */ + public String toString() { + return "Enabled: " + + enabled.toString() + + "UN: '" + + UN + + "' PW: '" + + PW + + "' Param1: '" + + Param1 + + "' Param2: '" + + Param2 + + "' Param3: '" + + Param3 + + "'\n"; + } + + //private member variables used to store the parameters + private Boolean enabled = null; + private String UN = null; + private String PW = null; + private String Param1 = null; + private String Param2 = null; + private String Param3 = null; + + /** + * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication + * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication + * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { + this.enabled = new Boolean(enabled); + this.UN = UN; + this.PW = PW; + this.Param1 = Param1; + this.Param2 = Param2; + this.Param3 = Param3; + } + + /** + * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW) { + this(enabled, UN, PW, null, null, null); + } + } + + /** + * Constructs a newly allocated XMLLoginParameterResolver object. + **/ + public XMLLoginParameterResolverEncryptedData() { + bPKMap = new HashMap(); + namedMap = new HashMap(); + } + + /** + * configuration method + * @param configuration enabled enable user mapping to parameter set for the parameter set. + */ + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { + File idFile; + Element rootElement; + + Security.addProvider(new IAIK()); + try { + blowfishCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding", "IAIK"); + + } catch (NoSuchPaddingException e) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: NoSuchPaddingException \n" + e.toString()}); + } catch (NoSuchProviderException e) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: NoSuchProviderException \n" + e.toString()}); + } catch (NoSuchAlgorithmException e) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: NoSuchAlgorithmException \n" + e.toString()}); + } + + String plaintext = "start"; + String encrypted = encryptData(plaintext, "1234567890123456", "123hochgeheim"); + String decrypted = decryptData(encrypted, "1234567890123456", "123hochgeheim"); + Logger.debug("plaintext: " + plaintext); + Logger.debug("encrypted: " + encrypted); + Logger.debug("decrypted: " + decrypted); + + //make file name absolut (if it is relative to main config file) + //TODO MOAID XMLLPR check + String moaIDConfigFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + String rootConfigFileDir = new File(moaIDConfigFileName).getParent(); + this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir); + + if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) { + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " }); + } + try { + rootElement = readXMLFile(identityFile); + } catch (IOException lex) { + Logger.error(lex.toString()); + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " }); + + } catch (SAXException sex) { + Logger.error(sex.toString()); + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", sex.toString() }); + } catch (ParserConfigurationException e) { + // TODO XMLPR Auto-generated catch block + Logger.error(e.toString()); + throw new LoginParameterResolverException("config.11", + new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() }); + } + buildInfo(rootElement, businessService.booleanValue()); + isConfigured = true; + } + + /** + * encryptData method uses parameters masterSecret and bPK as key information to encrypt plaintext + * @param plaintext + * @param bPK + * @param masterSecret + * @return encrypted data (blowfish encrypted, base64 encoded) + * @throws LoginParameterResolverException + */ + public String encryptData(String plaintext, String bPK, String masterSecret) throws LoginParameterResolverException + { + try { + String keyString = bPK + masterSecret; + key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish"); + IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0}); + + blowfishCipher.init(Cipher.ENCRYPT_MODE, key, param); + byte [] cipherText = blowfishCipher.doFinal(plaintext.getBytes("UTF-8")); + return Base64Utils.encode(cipherText); + } catch (UnsupportedEncodingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidKeyException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (BadPaddingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalBlockSizeException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalStateException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidAlgorithmParameterException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IOException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } + } + + + /** + * encryptData method uses parameters masterSecret and bPK as key information to decrypt ciphertext + * @param ciphertext (blowfish encrypted, base64encoded) + * @param bPK + * @param masterSecret + * @return decrypted Data (plaintext) + * @throws LoginParameterResolverException + */ + public String decryptData(String ciphertext, String bPK, String masterSecret) throws LoginParameterResolverException + { + try { + String keyString = bPK + masterSecret; + key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish"); + IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0}); + blowfishCipher.init(Cipher.DECRYPT_MODE, key, param); + byte [] plaintext = blowfishCipher.doFinal(Base64Utils.decode(ciphertext, true)); + return new String(plaintext); + } catch (UnsupportedEncodingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidKeyException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (BadPaddingException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalBlockSizeException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IllegalStateException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (InvalidAlgorithmParameterException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } catch (IOException e) { + throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()}); + } + } + + + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String) + */ + public Map getAuthenticationHeaders( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { + Map result = new HashMap(); + + if (!isConfigured) { + //TODO XMLLPR + throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" + + identityFile + "' is not configured!", null); + } + + //get the Identity of the user + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + LPRParams params = null; + boolean userFound = false; + + //try (w)bPK and named search + params = bPKIdentitySearch(bPK, wType); + + if (null == params) + params = namedIdentitySearch(famName, givenName, dateOfBirth); + + //if both searches failed, report error. + if(null == params) + throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + + //HTTP 401 - Basic Authentication + if (oaConf.getAuthType().equals("basic")) { + userid = (null != params.getUN()) ? params.getUN() : ""; + password = (null != params.getPW()) ? params.getPW() : ""; + + try { + String userIDPassword = userid + ":" + password; + String credentials = Base64Utils.encode(userIDPassword.getBytes("UTF-8")); + Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials); + result.put("Authorization", "Basic " + credentials); + } catch (IOException ignore) { + throw new LoginParameterResolverException("config.14", new Object[] {"internal error while encoding in Base64"}); + } + } else if (oaConf.getAuthType().equals("header")) { //HTTP Authentication + String key; + String resolvedValue; + //TODO MOAID XMLLPR select value through OA-ConfigFile; + if(null != params.getUN()) result.put("UN", params.getUN()); + if(null != params.getPW()) result.put("UN", params.getPW()); + if(null != params.getParam1()) result.put("UN", params.getParam1()); + if(null != params.getParam2()) result.put("UN", params.getParam2()); + if(null != params.getParam3()) result.put("UN", params.getParam3()); + + } else { + throw new LoginParameterResolverException("config.14", new Object[] {"AuthType not supported"}); + } + + return result; + } + + /** + * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String) + */ + public Map getAuthenticationParameters( + OAConfiguration oaConf, + AuthenticationData authData, + String clientIPAddress, + boolean businessService, + String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { + + Map result = new HashMap(); + + if (!isConfigured) { + Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured"); + return result; + } + + String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); + String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); + String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + LPRParams params = null; + + //try (w)bPK and named search + params = bPKIdentitySearch(bPK, wType); + + if (null == params) + params = namedIdentitySearch(famName, givenName, dateOfBirth); + + //if both searches failed, report error. + if(null == params) + throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null); + + //TODO MOAID XMLLPR URLEncoder.encode + if (oaConf.getAuthType().equals("param")) { + try { + if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1")); + if(null != params.getPW()) result.put(XSD_PWATTR, URLEncoder.encode(params.getPW(),"ISO-8859-1")); + if(null != params.getParam1()) result.put(XSD_PARAM1ATTR, URLEncoder.encode(params.getParam1(),"ISO-8859-1")); + if(null != params.getParam2()) result.put(XSD_PARAM2ATTR, URLEncoder.encode(params.getParam2(),"ISO-8859-1")); + if(null != params.getParam3()) result.put(XSD_PARAM3ATTR, URLEncoder.encode(params.getParam3(),"ISO-8859-1")); + } catch (UnsupportedEncodingException e) { + // ISO-8859-1 is supported + throw new LoginParameterResolverException("URLEncoder error", null); + } + } else { + throw new LoginParameterResolverException("AuthType not supported", null); + } + return result; + } + + /** + * Resolves a login header or parameter value. + * @param predicate header or parameter predicate name from online application configuration + * @param authData authentication data for current login + * @param clientIPAddress client IP address + * @return header or parameter value resolved; null if unknown name is given + */ + private static String resolveValue( + String predicate, + AuthenticationData authData, + String clientIPAddress) { + if (predicate.equals("MOAGivenName")) + return authData.getGivenName(); + if (predicate.equals("MOAFamilyName")) + return authData.getFamilyName(); + if (predicate.equals("MOADateOfBirth")) + return authData.getDateOfBirth(); + if (predicate.equals("MOABPK")) + return authData.getBPK(); + if (predicate.equals("MOAWBPK")) + return authData.getWBPK(); + if (predicate.equals("MOAPublicAuthority")) + if (authData.isPublicAuthority()) + return "true"; + else + return "false"; + if (predicate.equals("MOABKZ")) + return authData.getPublicAuthorityCode(); + if (predicate.equals("MOAQualifiedCertificate")) + if (authData.isQualifiedCertificate()) + return "true"; + else + return "false"; + if (predicate.equals("MOAStammzahl")) + return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); + if (predicate.equals("MOAIPAddress")) + return clientIPAddress; + else + return null; + } + + /** + * reads, parses the configuration file of XMLLoginParameterResolver and returns the document element. + * @param fileName of the configuration file. + */ + private Element readXMLFile(String fileName) throws ParserConfigurationException, SAXException, IOException { + Logger.info("XMLLoginParameterResolver: Loading and parsing XMLPLoginParameterConfiguration configuration: " + fileName); + + InputStream stream = null; + Element configElem; + + stream = new BufferedInputStream(new FileInputStream(fileName)); + configElem = DOMUtils.parseDocument(stream, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + return configElem; + } + + /** + * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file. + * @param root document root element. + */ + private void buildInfo(Element root, boolean businessService) { + NodeList idList = root.getElementsByTagName(XSD_IDELEM); + NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM); + String wType =""; + if (businessService) wType = "w"; + for (int i = 0; i < idList.getLength(); i++) + Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName()); + + for (int i = 0; i < paramList.getLength(); i++) + Logger.debug("XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName()); + + for (int i = 0; i < idList.getLength(); i++) { + Element tmpElem = (Element) idList.item(i); + NodeList tmpList = tmpElem.getElementsByTagName(XSD_NAMEDIDELEM); + for (int j = 0; j < tmpList.getLength(); j++) + Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName()); + + //Search for NamedIdentity Elements + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = tmpElem.getAttribute(XSD_SURNAMEATTR) + "," + + tmpElem.getAttribute(XSD_GIVENNAMEATTR) + "," + + tmpElem.getAttribute(XSD_BIRTHDATEATTR); + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + //TODO XMLLPR remove + Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) + + " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) + + " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) + + " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) + + " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) ); + namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), + tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), + tmpElem.getAttribute(XSD_PARAM3ATTR)) ); + } else { + + //(w)bPKIdentity Elements + if (businessService) { + tmpList = tmpElem.getElementsByTagName(XSD_WBPKIDELEM); + } else { + tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM); + } + if (1 == tmpList.getLength()) { + tmpElem = (Element) tmpList.item(0); + String tmpStr = ""; + if (businessService) { + tmpStr = tmpElem.getAttribute(XSD_WBPKATTR); + } else { + tmpStr = tmpElem.getAttribute(XSD_BPKATTR); + } + boolean tmpBool = false; + if (tmpElem.getFirstChild() != null + && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element) paramList.item(i); + Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) + + " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) + + " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) + + " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) + + " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) ); + namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR), + tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR), + tmpElem.getAttribute(XSD_PARAM3ATTR)) ); + } else { + if (businessService) { + Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_WBPKIDELEM + " found"); + } else { + Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found"); + } + } + } + } + + Logger.debug("namedMap:" + namedMap.toString()); + Logger.debug(wType + "bPKMap:" + bPKMap.toString()); + } + + + + + /** + * searches for a given bPK and returns the appropriate LPRParams structure + * @param bPK search argument + * @return LPRParams if bPK could be found in internal mappings or null otherwise. + */ + LPRParams bPKIdentitySearch(String bPK, String wType) { + //search for mapping with (w)bPK of the user + Logger.info("XMLLoginParameterResolver: search for login data mapped to " + wType + "bPK:" + bPK); + LPRParams params = (LPRParams) bPKMap.get(bPK); + if (null == params) { + Logger.info("XMLLoginParameterResolver: params for " + wType + "bPK: " + bPK + " not found!"); + return null; + } else if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; + } + Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list but user is NOT enabled"); + return null; + } + + /** + * searches for a given namedIdentity and returns the appropriate LPRParams structure + * @param surName surname search argument + * @param givenName givenname search argument + * @param dateOfBirth dateofbirth search argument + * @return LPRParams if (w)bPK could be found in internal mappings or null otherwise. + */ + LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) { + Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + " GivenName: " + givenName + " DateOfBirth" + dateOfBirth); + //try first a search with surname, givenname and birthdate + LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth); + if (null == params) { + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + "BirthDate: " + dateOfBirth + " not found!"); + //try a search with surname, givenname only + params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR); + if(null == params) { + Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + " not found!"); + return null; + } + } + + if (params.getEnabled()) { + Logger.info("XMLLoginParameterResolver: Surname:" + surName + " GivenName: " + givenName + " found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolver: using: " + params.toString()); + return params; + } + Logger.info("XMLLoginParameterResolver: SurName:" + surName + " GivenName: " + givenName + "found in list; user is NOT enabled"); + return null; + } + + //public static final String XSD_MAPPING = "Mapping"; + //public static final String XSD_DOCELEM = "MOAIdentities"; + public static final String XSD_IDELEM = "Identity"; + public static final String XSD_NAMEDIDELEM = "NamedIdentity"; + public static final String XSD_BPKIDELEM = "bPKIdentity"; + public static final String XSD_WBPKIDELEM = "wbPKIdentity"; + public static final String XSD_PARAMELEM = "Parameters"; + public static final String XSD_SURNAMEATTR = "SurName"; + public static final String XSD_GIVENNAMEATTR = "GivenName"; + public static final String XSD_BIRTHDATEATTR = "BirthDate"; + public static final String XSD_BIRTHDATEBLANKATTR = "any"; + public static final String XSD_BPKATTR = "bPK"; + public static final String XSD_WBPKATTR = "wbPK"; + public static final String XSD_UNATTR = "UN"; + public static final String XSD_PWATTR = "PW"; + public static final String XSD_PARAM1ATTR = "Param1"; + public static final String XSD_PARAM2ATTR = "Param2"; + public static final String XSD_PARAM3ATTR = "Param3"; + private Map bPKMap; + private Map namedMap; + private boolean isConfigured = false; +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java new file mode 100644 index 000000000..aedafdf85 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -0,0 +1,422 @@ +package at.gv.egovernment.moa.id.proxy; + +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import java.io.IOException; +import java.util.*; +import org.apache.xerces.parsers.DOMParser; +import org.w3c.dom.*; + +// Referenced classes of package at.gv.egovernment.moa.id.proxy: +// +// TODO MOA-ID test full functionality + +public class XMLLoginParameterResolverPlainData + implements LoginParameterResolver +{ + private String configuration; + + /** + * inner class used to store mapped parameters + */ + class LPRParams { + + /** + * getter method for parameter Enabled. + * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver + */ + public boolean getEnabled() { + return enabled.booleanValue(); + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or null not set. + */ + public String getUN() { + return UN; + } + + /** + * getter method for parameter UN (username) + * @return Parameter UN or null not set. + */ + public String getPlainUN() { + return UN; + } + + + /** + * getter method for parameter PW (password) + * @return Parameter PW or null not set. + */ + public String getPW() { + return PW; + } + + /** + * getter method for generic parameter Param1 + * @return Parameter Param1 or null not set. + */ + public String getParam1() { + return Param1; + } + + /** + * getter method for generic parameter Param2 + * @return Parameter Param2 or null not set. + */ + public String getParam2() { + return Param2; + } + + /** + * getter method for generic parameter Param3 + * @return Parameter Param3 or null not set. + */ + public String getParam3() { + return Param3; + } + + /** + * Returns a string representation of LPRParams + * + * @return a String representation of this object. + * @see XMLLoginParameterResolver.LPRParams + */ + public String toString() { + return "Enabled: " + + enabled.toString() + + "UN: '" + + UN + + "' PW: '" + + PW + + "' Param1: '" + + Param1 + + "' Param2: '" + + Param2 + + "' Param3: '" + + Param3 + + "'\n"; + } + + //private member variables used to store the parameters + private Boolean enabled = null; + private String UN = null; + private String PW = null; + private String Param1 = null; + private String Param2 = null; + private String Param3 = null; + + /** + * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication + * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication + * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { + this.enabled = new Boolean(enabled); + this.UN = UN; + this.PW = PW; + this.Param1 = Param1; + this.Param2 = Param2; + this.Param3 = Param3; + } + + /** + * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. + * + * @param enabled enable user mapping to parameter set for the parameter set. + * @param UN username used in HTTP 401 - BasicAuthentication + * @param PW password used in HTTP 401 - BasicAuthentication + **/ + LPRParams(boolean enabled, String UN, String PW) { + this(enabled, UN, PW, null, null, null); + } + } + + //TODO document + public XMLLoginParameterResolverPlainData() + { + bPKMap = new HashMap(); + namedMap = new HashMap(); + + } + + //TODO document + public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException + { + Map result = new HashMap(); + if(oaConf.getAuthType().equals("basic")) + { + String famName = resolveValue(MOAFamilyName, authData, clientIPAddress); + String givenName = resolveValue(MOAGivenName, authData, clientIPAddress); + String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress); + String bPK =""; + String wType= ""; + if (businessService) { + bPK = resolveValue(MOAWBPK, authData, clientIPAddress); + wType = "w"; + } else { + bPK = resolveValue(MOABPK, authData, clientIPAddress); + } + String userid = ""; + String password = ""; + String param1 = ""; + String param2 = ""; + String param3 = ""; + + LPRParams params = null; + boolean userFound = false; + + //first step: search for (w)bPK entry in user list + Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for "+ wType + "bPK:" + bPK); + params = (LPRParams)bPKMap.get(bPK); + if(params == null) + Logger.debug("XMLLoginParameterResolverPlainData: params for "+ wType + "bPK: " + bPK + " not found in file!"); + else + if(params.getEnabled()) + { //if user is enabled: get related parameters + Logger.debug("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); + userid = params.getUN(); + password = params.getPW(); + param1 = params.getParam1(); + param2 = params.getParam2(); + param3 = params.getParam3(); + userFound = true; + } else + { + Logger.info("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is NOT enabled"); + } + if(!userFound) //secound step: search for name entry in user list + { + Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth); + params = (LPRParams)namedMap.get(famName + "," + givenName + "," + dateOfBirth); + if(params == null) { + Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " not found in file!"); + //try also with wildcard ("*") birthdate + params = (LPRParams)namedMap.get(famName + "," + givenName + "," + "*"); + if(params != null) Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + "*" + " found!"); + } + + if(null != params && params.getEnabled()) + { + Logger.debug("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " found in file; user is enabled"); + Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); + userid = params.getUN(); + password = params.getPW(); + param1 = params.getParam1(); + param2 = params.getParam2(); + param3 = params.getParam3(); + userFound = true; + } + } + if(!userFound) //third step: search for default user in user list + { + //third step: search for (w)bPK for the default user entry in user list + Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for default user"); + params = (LPRParams)bPKMap.get("default"); + if(params == null) + Logger.debug("XMLLoginParameterResolverPlainData: params for default user not found in file!"); + else + if(params.getEnabled()) + { //if user is enabled: get related parameters + Logger.debug("XMLLoginParameterResolverPlainData: default user found in list; user is enabled"); + Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); + userid = params.getUN(); + password = params.getPW(); + param1 = params.getParam1(); + param2 = params.getParam2(); + param3 = params.getParam3(); + userFound = true; + } else + { + Logger.info("XMLLoginParameterResolverPlainData: default user found in list; user is NOT enabled"); + } + } + + if(!userFound) //if user is not found then throw NotAllowedException exception + { + //TODO MOA-ID proove this with testcases! + Logger.info("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login"); + throw new NotAllowedException("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login ", new Object[] { }); + } + try //if user was found: generate Authorization header entry with associated credemtials + { + String userIDPassword = userid + ":" + password; + String credentials = Base64Utils.encode(userIDPassword.getBytes()); + Logger.debug("XMLLoginParameterResolverPlainData: calculated credentials: " + credentials); + result.put("Authorization", "Basic " + credentials); + } + catch(IOException ignore) { } + } else + if(oaConf.getAuthType().equals("header")) + { + String key; + String resolvedValue; + for(Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) + { + key = (String)iter.next(); + String predicate = (String)oaConf.getHeaderAuthMapping().get(key); + resolvedValue = resolveValue(predicate, authData, clientIPAddress); + } + + } + return result; + } + + public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) + { + Map result = new HashMap(); + if(oaConf.getAuthType().equals("param")) + { + String key; + String resolvedValue; + for(Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) + { + key = (String)iter.next(); + String predicate = (String)oaConf.getParamAuthMapping().get(key); + resolvedValue = resolveValue(predicate, authData, clientIPAddress); + } + + } + return result; + } + + private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) + { + if(predicate.equals(MOAGivenName)) + return authData.getGivenName(); + if(predicate.equals(MOAFamilyName)) + return authData.getFamilyName(); + if(predicate.equals(MOADateOfBirth)) + return authData.getDateOfBirth(); + if(predicate.equals(MOABPK)) + return authData.getBPK(); + if(predicate.equals(MOAWBPK)) + return authData.getWBPK(); + if(predicate.equals(MOAPublicAuthority)) + if(authData.isPublicAuthority()) + return "true"; + else + return "false"; + if(predicate.equals(MOABKZ)) + return authData.getPublicAuthorityCode(); + if(predicate.equals(MOAQualifiedCertificate)) + if(authData.isQualifiedCertificate()) + return "true"; + else + return "false"; + if(predicate.equals(MOAStammzahl)) + return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); + if(predicate.equals(MOAIPAddress)) + return clientIPAddress; + else + return null; + } + + private Document readXMLFile(String fileName) throws LoginParameterResolverException + { + Logger.info("XMLLoginParameterResolverPlainData: Loading MOA-OA configuration " + fileName); + DOMParser parser = new DOMParser(); + try + { + parser.setFeature("http://xml.org/sax/features/validation", true); + parser.setFeature("http://apache.org/xml/features/validation/schema", true); + parser.parse(fileName); + return parser.getDocument(); + } + catch(Exception e) + { + String msg = e.toString(); + throw new LoginParameterResolverException("proxy.13", new Object[] {": XMLLoginParameterResolverPlainData: Error parsing file " + fileName, "detail problem: " + msg}); + } + } + + private void buildInfo(Document doc, boolean businessService) + { + Element root = doc.getDocumentElement(); + NodeList idList = root.getElementsByTagName("Identity"); + NodeList paramList = root.getElementsByTagName("Parameters"); + String wType =""; + if (businessService) wType = "w"; + for(int i = 0; i < idList.getLength(); i++) + Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName()); + + for(int i = 0; i < paramList.getLength(); i++) + Logger.debug("XMLLoginParameterResolverPlainData: LocalName paramList: " + paramList.item(i).getLocalName()); + + for(int i = 0; i < idList.getLength(); i++) + { + Element tmpElem = (Element)idList.item(i); + NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); + for(int j = 0; j < tmpList.getLength(); j++) + Logger.debug("XMLLoginParameterResolverPlainData: LocalName tmp: " + tmpList.item(j).getLocalName()); + + if(1 == tmpList.getLength()) + { + tmpElem = (Element)tmpList.item(0); + String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName") + "," + tmpElem.getAttribute("BirthDate"); + boolean tmpBool = false; + if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element)paramList.item(i); + Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW")); + namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); + } else + { + tmpList = tmpElem.getElementsByTagName(wType + "bPKIdentity"); + if(1 == tmpList.getLength()) + { + tmpElem = (Element)tmpList.item(0); + String tmpStr = tmpElem.getAttribute(wType + "bPK"); + boolean tmpBool = false; + if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) + tmpBool = true; + Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); + tmpElem = (Element)paramList.item(i); + Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1")); + bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); + } else + { + Logger.warn("XMLLoginParameterResolverPlainData: wrong format or incorrect mode; no NamedIdentity or " + wType + "bPKIdentity found"); + } + } + } + + Logger.debug("namedMap:" + namedMap.toString()); + Logger.debug(wType + "bPKMap:" + bPKMap.toString()); + } + + //public static final String XSD_DOCELEM = "MOAIdentities"; + //public static final String XSD_IDELEM = "Identity"; + //public static final String XSD_NAMEDIDELEM = "NamedIdentity"; + //public static final String XSD_BPKIDELEM = "bPKIdentity"; + //public static final String XSD_PARAMELEM = "Parameters"; + //public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration"; + private Map bPKMap; + private Map namedMap; + + + public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { + Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration); + this.configuration = configuration; + String fileName = configuration; + if(fileName == null) { + fileName = "file:conf/moa-id/Identities.xml"; + Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName); + } + Document doc = readXMLFile(fileName); + buildInfo(doc, businessService.booleanValue() ); + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java new file mode 100644 index 000000000..e0e1fde4a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.proxy.builder; + +import java.text.MessageFormat; +import java.util.Calendar; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; + +/** + * Builder for the <samlp:Request> used for querying + * the authentication data <saml:Assertion>. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLRequestBuilder implements Constants { + /** samlp-Request template */ + private static final String REQUEST = + "" + + "{2}" + + ""; + + /** + * Constructor for SAMLRequestBuilder. + */ + public SAMLRequestBuilder() { + super(); + } + + /** + * Builds the <samlp:Request>. + * @param requestID request ID + * @param samlArtifactBase64 SAML artifact, encoded BASE64 + * @return the DOM element + */ + public Element build(String requestID, String samlArtifactBase64) throws BuildException { + try { + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64}); + Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + return requestElem; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] {"samlp:Request", ex.toString()}, + ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java new file mode 100644 index 000000000..f7e5299ab --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -0,0 +1,143 @@ +package at.gv.egovernment.moa.id.proxy.invoke; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.Vector; + +import javax.xml.namespace.QName; +import javax.xml.rpc.Call; +import javax.xml.rpc.Service; +import javax.xml.rpc.ServiceFactory; + +import org.apache.axis.message.SOAPBodyElement; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; +import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; +import at.gv.egovernment.moa.id.proxy.servlet.ProxyException; +import at.gv.egovernment.moa.id.util.Random; + +/** + * Invoker of + *
    + *
  • either the GetAuthenticationData web service of MOA-ID Auth
  • + *
  • or the API call {@link at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData},
  • + *
+ * depending of the configuration. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class GetAuthenticationDataInvoker { + /** Create a new QName object for the webservice endpoint */ + private static final QName SERVICE_QNAME = new QName("GetAuthenticationData"); + + /** invoked object for API call of MOA-ID Auth */ + private static Object apiServer = null; + /** invoked method for API call of MOA-ID Auth */ + private static Method apiMethod = null; + + /** + * Invokes the service passing domain model objects. + * @param samlArtifact SAML artifact + * @return AuthenticationData object + * @throws ServiceException on any exception thrown + */ + /** + * Get authentication data from the MOA-ID Auth component, + * either via API call or via web service call. + * @param samlArtifact SAML artifact to be used as a parameter + * @return AuthenticationData + */ + public AuthenticationData getAuthenticationData(String samlArtifact) + throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { + + ConnectionParameter authConnParam = + ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); + if (authConnParam == null) { + try { + if (apiServer == null) { + Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer"); + Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null); + apiServer = getInstanceMethod.invoke(null, (Object[]) null); + apiMethod = serverClass.getMethod( + "getAuthenticationData", new Class[] {String.class}); + } + AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact}); + return authData; + } + catch (InvocationTargetException ex) { + Throwable targetEx = ex.getTargetException(); + if (targetEx instanceof AuthenticationException) + throw (AuthenticationException) targetEx; + else + throw new ProxyException("proxy.09", new Object[] {targetEx.toString()}); + } + catch (Throwable ex) { + throw new ProxyException("proxy.09", new Object[] {ex.toString()}); + } + } + else { + Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact); + Element samlpResponse = getAuthenticationData(samlpRequest); + SAMLResponseParser srp = new SAMLResponseParser(samlpResponse); + SAMLStatus status = srp.parseStatusCode(); + if (! "samlp:Success".equals(status.getStatusCode())) { + // on error status throw exception + String code = status.getStatusCode(); + if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0) + code += "(" + status.getSubStatusCode() + ")"; + throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()}); + } + return srp.parseAuthenticationData(); + } + } + + /** + * Invokes the service passing DOM elements. + * @param request request DOM element + * @return response DOM element + * @throws ServiceException on any exception thrown + */ + public Element getAuthenticationData(Element request) throws ServiceException { + try { + Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME); + Call call = service.createCall(); + SOAPBodyElement body = + new SOAPBodyElement(request); + SOAPBodyElement[] params = new SOAPBodyElement[] {body}; + Vector responses; + SOAPBodyElement response; + + String endPoint; + ConnectionParameter authConnParam = + ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); + + //If the ConnectionParameter do NOT exist, we throw an exception .... + if (authConnParam!=null) { + endPoint = authConnParam.getUrl(); + call.setTargetEndpointAddress(endPoint); + responses = (Vector) call.invoke(SERVICE_QNAME, params); + response = (SOAPBodyElement) responses.get(0); + return response.getAsDOM(); + } + else + { + throw new ServiceException("service.01", null); + } + } + catch (Exception ex) { + throw new ServiceException("service.00", new Object[] {ex.toString()}, ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java new file mode 100644 index 000000000..6bf5da02b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -0,0 +1,158 @@ +package at.gv.egovernment.moa.id.proxy.parser; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parser for the <saml:Assertion> returned by the + * GetAuthenticationData web service. + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationDataAssertionParser implements Constants { + + /** Prefix for SAML-Xpath-expressions */ + private static String SAML = SAML_PREFIX + ":"; + /** Prefix for PersonData-Xpath-expressions */ + private static String PR = PD_PREFIX + ":"; + /** Prefix for Attribute MajorVersion in an Xpath-expression */ + private static String MAJOR_VERSION_XPATH = + "@MajorVersion"; + /** Prefix for Attribute MinorVersion in an Xpath-expression */ + private static String MINOR_VERSION_XPATH = + "@MinorVersion"; + /** Prefix for Attribute AssertionID in an Xpath-expression */ + private static String ASSERTION_ID_XPATH = + "@AssertionID"; + /** Prefix for Attribute Issuer in an Xpath-expression */ + private static String ISSUER_XPATH = + "@Issuer"; + /** Prefix for Attribute IssueInstant in an Xpath-expression */ + private static String ISSUE_INSTANT_XPATH = + "@IssueInstant"; + /** Prefix for Element AttributeStatement in an Xpath-expression */ + private static String ATTRIBUTESTATEMENT_XPATH = + SAML + "AttributeStatement/"; + /** Prefix for Element NameIdentifier in an Xpath-expression */ + private static String PK_XPATH = + ATTRIBUTESTATEMENT_XPATH + + SAML + "Subject/" + + SAML + "NameIdentifier"; + private static String NAME_QUALIFIER_XPATH = + PK_XPATH + "/@NameQualifier"; + /** Prefix for Element Person in an Xpath-expression */ + private static String PERSONDATA_XPATH = + ATTRIBUTESTATEMENT_XPATH + + SAML + "Attribute[@AttributeName=\"PersonData\"]/" + + SAML + "AttributeValue/" + + PR + "Person/"; + /** Prefix for Element Value in an Xpath-expression */ + private static String IDENTIFICATION_VALUE_XPATH = + PERSONDATA_XPATH + + PR + "Identification/" + + PR + "Value"; + private static String IDENTIFICATION_TYPE_XPATH = + PERSONDATA_XPATH + + PR + "Identification/" + + PR + "Type"; + /** Prefix for Element GivenName in an Xpath-expression */ + private static String GIVEN_NAME_XPATH = + PERSONDATA_XPATH + + PR + "Name/" + + PR + "GivenName"; + /** Prefix for Element FamilyName in an Xpath-expression */ + private static String FAMILY_NAME_XPATH = + PERSONDATA_XPATH + + PR + "Name/" + + PR + "FamilyName"; + /** Prefix for Element DateOfBirth in an Xpath-expression */ + private static String DATE_OF_BIRTH_XPATH = + PERSONDATA_XPATH + + PR + "DateOfBirth"; + /** Prefix for Element AttributeValue in an Xpath-expression */ + private static String IS_QUALIFIED_CERT_XPATH = + ATTRIBUTESTATEMENT_XPATH + + SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" + + SAML + "AttributeValue"; + /** Prefix for Element AttributeValue in an Xpath-expression */ + private static String PUBLIC_AUTHORITY_XPATH = + ATTRIBUTESTATEMENT_XPATH + + SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" + + SAML + "AttributeValue"; + /** Element samlAssertion represents the SAML:Assertion */ + private Element samlAssertion; + + /** + * Constructor + * @param samlAssertion samlpResponse the <samlp:Response> as a DOM element + */ + public AuthenticationDataAssertionParser(Element samlAssertion) { + this.samlAssertion = samlAssertion; + } + + /** + * Parses the <saml:Assertion>. + * @return AuthenticationData object + * @throws ParseException on any error + */ + public AuthenticationData parseAuthenticationData() + throws ParseException { + + try { + AuthenticationData authData = new AuthenticationData(); + //ÄNDERN: NUR der Identification-Teil + authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); + authData.setMajorVersion(new Integer( + XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue()); + authData.setMinorVersion(new Integer( + XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue()); + authData.setAssertionID( + XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, "")); + authData.setIssuer( + XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, "")); + authData.setIssueInstant( + XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); + String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, ""); + if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) { + authData.setBPK(pkValue); + } else { + authData.setWBPK(pkValue); + } + authData.setIdentificationValue( + XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); + authData.setIdentificationType( + XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, "")); + authData.setGivenName( + XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, "")); + authData.setFamilyName( + XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, "")); + authData.setDateOfBirth( + XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, "")); + authData.setQualifiedCertificate(BoolUtils.valueOf( + XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, ""))); + String publicAuthority = + XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null); + if (publicAuthority == null) { + authData.setPublicAuthority(false); + authData.setPublicAuthorityCode(""); + } + else { + authData.setPublicAuthority(true); + if (! publicAuthority.equalsIgnoreCase("true")) + authData.setPublicAuthorityCode(publicAuthority); + } + return authData; + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java new file mode 100644 index 000000000..9f77578fd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java @@ -0,0 +1,100 @@ +package at.gv.egovernment.moa.id.proxy.parser; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Parser for the <samlp:Response> returned by the + * GetAuthenticationData web service. + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLResponseParser implements Constants { + /** Element containing the samlResponse */ + private Element samlResponse; + /** Xpath prefix for reaching SAMLP Namespaces */ + private static String SAMLP = SAMLP_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ + private static String SAML = SAML_PREFIX + ":"; + /** Xpath prefix for reaching PersonData Namespaces */ + private static String PR = PD_PREFIX + ":"; + /** Xpath expression for reaching the SAMLP:Response element */ + private static final String ROOT = + "/" + SAMLP + "Response/"; + /** Xpath expression for reaching the SAMLP:Status element */ + private static final String STATUS_XPATH = + ROOT + + SAMLP + "Status/"; + /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */ + private static final String STATUSCODE_XPATH = + STATUS_XPATH + + SAMLP + "StatusCode/@Value"; + /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */ + private static final String SUBSTATUSCODE_XPATH = + STATUS_XPATH + + SAMLP + "StatusCode/" + + SAMLP + "StatusCode/@Value"; + /** Xpath expression for reaching the SAMLP:StatusMessage element */ + private static final String STATUSMESSAGE_XPATH = + STATUS_XPATH + + SAMLP + "StatusMessage"; + /** Xpath expression for reaching the SAML:Assertion element */ + private static String ASSERTION_XPATH = + ROOT + + SAML + "Assertion"; + + /** + * Constructor + * @param samlResponse the <samlp:Response> as a DOM element + */ + public SAMLResponseParser(Element samlResponse) { + this.samlResponse = samlResponse; + } + + /** + * Parses the <samlp:StatusCode> from the <samlp:Response>. + * @return AuthenticationData object + * @throws ParseException on any parsing error + */ + public SAMLStatus parseStatusCode() + throws ParseException { + + SAMLStatus status = new SAMLStatus(); + try { + status.setStatusCode( + XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, "")); + status.setSubStatusCode( + XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, "")); + status.setStatusMessage( + XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, "")); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + return status; + } + + /** + * Parses the <saml:Assertion> from the <samlp:Response>. + * @return AuthenticationData object + * @throws ParseException on any parsing error + */ + public AuthenticationData parseAuthenticationData() + throws ParseException { + + Element samlAssertion; + try { + samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString() }, t); + } + return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java new file mode 100644 index 000000000..4ab2e2cf7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.proxy.servlet; + +import java.io.IOException; +import java.text.DateFormat; +import java.util.Date; +import java.util.Locale; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; +import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for updating the MOA-ID Auth configuration from configuration file + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ConfigurationServlet extends HttpServlet { + + /** + * Handle a HTTP GET request, used to indicated that the MOA + * configuration needs to be updated (reloaded). + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); + try { + MOAIDProxyInitializer.initialize(); + + String message = msg.getMessage("config.00", new Object[] + { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); + Logger.info(message); + + HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response); + } catch (Throwable t) { + String errorMessage = msg.getMessage("config.04", null); + Logger.error(errorMessage, t); + HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response); + } + } + + /** + * Do the same as doGet. + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + doGet(request, response); + } + +/** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ +public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); +} + +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java new file mode 100644 index 000000000..0080c010e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java @@ -0,0 +1,35 @@ +package at.gv.egovernment.moa.id.proxy.servlet; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while proxying a request to the online application + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ProxyException extends MOAIDException { + + /** + * Constructor for ProxyException. + * @param messageId + * @param parameters + */ + public ProxyException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for ProxyException. + * @param messageId + * @param parameters + * @param wrapped + */ + public ProxyException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java new file mode 100644 index 000000000..6d215c35e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -0,0 +1,879 @@ +package at.gv.egovernment.moa.id.proxy.servlet; + +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.PrintWriter; +import java.io.StringWriter; +import java.net.HttpURLConnection; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.Vector; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.CookieManager; +import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; +import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory; +import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; +import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException; +import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; +import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; +import at.gv.egovernment.moa.id.proxy.NotAllowedException; +import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * Servlet requested for logging in at an online application, + * and then for proxying requests to the online application. + * @author Paul Ivancsics + * @version $Id$ + */ +public class ProxyServlet extends HttpServlet { + /** Name of the Parameter for the Target */ + private static final String PARAM_TARGET = "Target"; + /** Name of the Parameter for the SAMLArtifact */ + private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; + + /** Name of the Attribute for marking the session as authenticated*/ + private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched"; + /** Name of the Attribute for the PublicURLPrefix */ + private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix"; + /** Name of the Attribute for the RealURLPrefix */ + private static final String ATT_REAL_URLPREFIX = "RealURLPrefix"; + /** Name of the Attribute for the SSLSocketFactory */ + private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory"; + /** Name of the Attribute for the LoginHeaders */ + private static final String ATT_LOGIN_HEADERS = "LoginHeaders"; + /** Name of the Attribute for the LoginParameters */ + private static final String ATT_LOGIN_PARAMETERS = "LoginParameters"; + /** Name of the Attribute for the SAMLARTIFACT */ + private static final String ATT_SAML_ARTIFACT = "SamlArtifact"; + /** Name of the Attribute for the state of the browser request for login dialog*/ + private static final String ATT_BROWSERREQU = "BrowserLoginRequest"; + /** Name of the Attribute for the state of the browser request for login dialog*/ + private static final String ATT_OA_CONF = "oaConf"; + /** Name of the Attribute for the Logintype of the OnlineApplication*/ + private static final String ATT_OA_LOGINTYPE = "LoginType"; + /** Name of the Attribute for the number of the try to login into the OnlineApplication*/ + private static final String ATT_OA_LOGINTRY = "LoginTry"; + /** Maximum permitted login tries */ + private static final int MAX_OA_LOGINTRY = 3; + /** Name of the Attribute for authorization value for further connections*/ + private static final String ATT_OA_AUTHORIZATION_HEADER = "authorizationkey"; + /** Name of the Attribute for user binding */ + private static final String ATT_OA_USER_BINDING = "UserBinding"; + /** For extended internal debug messages */ + private static final boolean INTERNAL_DEBUG = false; + /** Message to be given if browser login failed */ + private static final String RET_401_MSG = "Ein Fehler ist aufgetreten

Fehler bei der Anmeldung

Bei der Anmeldung ist ein Fehler aufgetreten.

Fehler bei der Anmeldung.
Prüfen Sie bitte ihre Berechtigung.
Abbruch durch den Benutzer.

"; + + /** + * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) + */ + protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + + Logger.debug("getRequestURL:" + req.getRequestURL().toString()); + try { + if (req.getParameter(PARAM_SAMLARTIFACT) != null) { + // check if SAML Artifact was already used in this session (in case of page reload) + HttpSession session = req.getSession(); + if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { + if (session.getAttribute(ATT_BROWSERREQU)==null) { + tunnelRequest(req, resp); + }else{ + login(req, resp); //login after browser login dialog + } + } else + // it is the first time that the SAML Artifact was used + login(req, resp); + } + else + tunnelRequest(req, resp); + } + catch (MOAIDException ex) { + handleError(ex.getMessage(), ex, req, resp); + } + catch (Throwable ex) { + handleError(ex.getMessage(), ex, req, resp); + } + } + + /** + * Login to online application at first call of servlet for a user session.
+ *
    + *
  • Acquires authentication data from the MOA-ID Auth component.
  • + *
  • Reads configuration data for the online application.
  • + *
  • Resolves login parameters.
  • + *
  • Sets up an SSLSocketFactory in case of a secure connection to the online application.
  • + *
  • For a stateless online application, stores data in the HttpSession.
  • + *
  • Tunnels the request to the online application.
  • + *
+ * @param req + * @param resp + * @throws ConfigurationException when wrong configuration is encountered + * @throws ProxyException when wrong configuration is encountered + * @throws BuildException while building the request for MOA-ID Auth + * @throws ServiceException while invoking MOA-ID Auth + * @throws ParseException while parsing the response from MOA-ID Auth + */ + private void login(HttpServletRequest req, HttpServletResponse resp) throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { + + HttpSession session = req.getSession(); + String samlArtifact = ""; + Map loginHeaders = null; + Map loginParameters = null; + String publicURLPrefix = ""; + String realURLPrefix = ""; + SSLSocketFactory ssf = null; + String urlRequested = req.getRequestURL().toString(); + OAConfiguration oaConf = null; + String loginType = ""; + String binding = ""; + + if (session.getAttribute(ATT_BROWSERREQU)==null) { + + samlArtifact = req.getParameter(PARAM_SAMLARTIFACT); + Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact); + // String target = req.getParameter(PARAM_TARGET); parameter given but not processed + // boolean targetprovided = req.getParameter(PARAM_TARGET) != null; + + // get authentication data from the MOA-ID Auth component + AuthenticationData authData; + try { + authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); + } catch (ServiceException ex) { + throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); + } catch (ProxyException ex) { + throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); + } + session.setAttribute(ATT_AUTHDATAFETCHED, "true"); + + // read configuration data + ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); + OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested); + if (oaParam == null) { + throw new ProxyException("proxy.02", new Object[] { urlRequested }); + } + publicURLPrefix = oaParam.getPublicURLPrefix(); + Logger.debug("OA: " + publicURLPrefix); + oaConf = oaParam.getOaConfiguration(); + ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); + realURLPrefix = oaConnParam.getUrl(); + + // resolve login parameters to be forwarded to online application + LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); + String clientIPAddress = req.getRemoteAddr(); + boolean businessService = oaParam.getBusinessService(); + try { + if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) { + loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress, businessService, publicURLPrefix); + } else { + loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress, businessService, publicURLPrefix); + for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { + //extract user-defined bindingValue + String headerKey = (String) iter.next(); + String headerKeyValue = (String) loginHeaders.get(headerKey); + if (headerKey.equalsIgnoreCase("binding")) { + binding = (String) loginHeaders.get(headerKey); + } + for (int i = 1; i <= 3; i++) { + if (headerKey.equalsIgnoreCase("param" + i)) { + int sep = headerKeyValue.indexOf("="); + if (sep>-1) { + if (sep>0) { + String value = ""; + if (headerKeyValue.length()>sep+1) value = headerKeyValue.substring(sep+1); + if (loginParameters == null) loginParameters = new HashMap(); + loginParameters.put(headerKeyValue.substring(0,sep) , value); + } + } else { + loginParameters.put(headerKey, ""); + } + } + } + } + loginHeaders.remove("binding"); + loginHeaders.remove("param1"); + loginHeaders.remove("param2"); + loginHeaders.remove("param3"); + } + } catch (LoginParameterResolverException ex) { + throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); + } catch (NotAllowedException e) { + throw new ProxyException("proxy.15", new Object[] { }); + } + + // setup SSLSocketFactory for communication with the online application + if (oaConnParam.isHTTPSURL()) { + try { + ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + } catch (Throwable ex) { + throw new ProxyException( + "proxy.05", + new Object[] { oaConnParam.getUrl(), ex.toString()}, + ex); + } + } + + // for stateless online application, store data in HttpSession + loginType = oaConf.getLoginType(); + if ("".equalsIgnoreCase(binding)) { + binding = oaConf.getBinding(); + if ("".equalsIgnoreCase(binding)) binding = "full"; + } + Logger.debug("Login type: " + loginType); + if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) { + int sessionTimeOut = oaParam.getSessionTimeOut(); + if (sessionTimeOut == 0) + sessionTimeOut = 60 * 60; // default 1 h + + session.setMaxInactiveInterval(sessionTimeOut); + session.setAttribute(ATT_PUBLIC_URLPREFIX, publicURLPrefix); + session.setAttribute(ATT_REAL_URLPREFIX, realURLPrefix); + session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf); + session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders); + session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters); + session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact); + session.setAttribute(ATT_OA_CONF, oaConf); + session.setAttribute(ATT_OA_LOGINTYPE, loginType); + session.setAttribute(ATT_OA_USER_BINDING, binding); + session.removeAttribute(ATT_BROWSERREQU); + session.removeAttribute(ATT_OA_AUTHORIZATION_HEADER); + session.removeAttribute(ATT_OA_LOGINTRY); + Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " angelegt"); + } + + } else { + loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); + publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); + realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); + ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); + loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); + loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS); + samlArtifact = (String) session.getAttribute(ATT_SAML_ARTIFACT); + oaConf = (OAConfiguration) session.getAttribute(ATT_OA_CONF); + loginType = (String) session.getAttribute(ATT_OA_LOGINTYPE); + binding = (String) session.getAttribute(ATT_OA_USER_BINDING); + session.removeAttribute(ATT_BROWSERREQU); + Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " aufgenommen"); + } + + try { + int respcode = 0; + + // tunnel request to the online application + respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); + if (respcode == 401) { + if (OAConfiguration.BINDUNG_FULL.equals(binding) && oaConf.getLoginType().equals(OAConfiguration.LOGINTYPE_STATELESS)) { + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + } + } + } catch (ProxyException ex) { + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + } catch (Throwable ex) { + throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex); + } + } + + /** + * Tunnels a request to the stateless online application using data stored in the HTTP session. + * @param req HTTP request + * @param resp HTTP response + * @throws IOException if an I/O error occurs + */ + private void tunnelRequest(HttpServletRequest req, HttpServletResponse resp) throws ProxyException, IOException { + + //Logger.debug("Tunnel request (stateless)"); + HttpSession session = req.getSession(false); + + if (session == null) + throw new ProxyException("proxy.07", null); + String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); + //A session is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method) + //additional check if publicURLPrefix is OK, if not throw an Exception + if (publicURLPrefix == null) + throw new ProxyException("proxy.07", null); + + String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); + SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); + Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); + Map loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS); + String binding = (String) session.getAttribute(ATT_OA_USER_BINDING); + if (publicURLPrefix == null || realURLPrefix == null) + throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()}); + + int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); + if (respcode == -401) // #tries to login exceeded + throw new ProxyException("proxy.16", new Object[] {realURLPrefix, Integer.toString(MAX_OA_LOGINTRY)}); + } + +/** + * Tunnels a request to the online application using given URL mapping and SSLSocketFactory. + * This method returns the ResponseCode of the request to the online application. + * @param req HTTP request + * @param resp HTTP response + * @param loginHeaders header field/values to be inserted for purposes of authentication; + * may be null + * @param loginParameters parameter name/values to be inserted for purposes of authentication; + * may be null + * @param publicURLPrefix prefix of request URL to be substituted for the realURLPrefix + * @param realURLPrefix prefix of online application URL to substitute the publicURLPrefix + * @param ssf SSLSocketFactory to use + * @throws IOException if an I/O error occurs + */ +private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf, String binding) + throws IOException { + + String originBinding = binding; + String browserUserID = ""; + String browserPassword = ""; + //URL url = new URL(realURLPrefix); + //String realURLHost = url.getHost(); + if (INTERNAL_DEBUG && !binding.equals("")) Logger.debug("Binding: " + binding); + + // collect headers from request + Map headers = new HashMap(); + for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) { + String headerKey = (String) enu.nextElement(); + String headerKeyValue = req.getHeader(headerKey); + if (INTERNAL_DEBUG) Logger.debug("Incoming:" + headerKey + "=" + headerKeyValue); + //Analyze Basic-Auth-Headers from the client + if (headerKey.equalsIgnoreCase("Authorization")) { + if (headerKeyValue.substring(0,6).equalsIgnoreCase("Basic ")) { + String credentials = headerKeyValue.substring(6); + byte [] bplaintextcredentials = Base64Utils. decode(credentials, true); + String plaintextcredentials = new String(bplaintextcredentials); + browserUserID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":")); + browserPassword = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); + //deactivate following line for security + //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword ); + } + if (headerKeyValue.substring(0,9).equalsIgnoreCase("Negotiate")) { + //deactivate following line for security + //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: Found NTLM Aut.: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword ); + } + } + else + { + /* Headers MUST NOT be repaced according to our Spec. + if (headerKey.equalsIgnoreCase("Host")) { + headerKeyValue = realURLHost; + //headerKeyValue= realURLPrefix.substring(hoststartpos); + if (INTERNAL_DEBUG) Logger.debug("replaced:" + headerKey + "=" + headerKeyValue); + } + */ + headers.put(headerKey, headerKeyValue); + } + } + + + // collect login headers, possibly overwriting headers from request + String authorizationvalue=""; + if (req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) { + + if (OAConfiguration.BINDUNG_NOMATCH.equals(binding)) { + int loginTry = getLoginTry(req); + Logger.debug("Binding: mode = " + OAConfiguration.BINDUNG_NOMATCH + "(try #" + Integer.toString(loginTry) + ")"); + if (loginTry==1) { + binding = OAConfiguration.BINDUNG_FULL; + } else { + binding = OAConfiguration.BINDUNG_USERNAME; + } + } + + /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können: + //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first + // full binding will be covered by next block + if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) { + //1st try: if we have a password, try this one first + for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { + String headerKey = (String) iter.next(); + String headerKeyValue = (String) loginHeaders.get(headerKey); + if (isBasicAuthenticationHeader(headerKey, headerKeyValue)) { + String credentials = headerKeyValue.substring(6); + byte [] bplaintextcredentials = Base64Utils.decode(credentials, true); + String plaintextcredentials = new String(bplaintextcredentials); + String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); + if (password!=null && !password.equals("")) { + Logger.debug("Binding: found predefined password. Trying full binding first"); + binding = OAConfiguration.BINDUNG_FULL; + break; + } + } + } + } + */ + + + + //we have a connection with not having logged on + if (loginHeaders != null && (browserPassword.length()!=0 || browserUserID.length()!=0 || OAConfiguration.BINDUNG_FULL.equals(binding))) { + for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) { + String headerKey = (String) iter.next(); + String headerKeyValue = (String) loginHeaders.get(headerKey); + //customize loginheaders if necessary + if (isBasicAuthenticationHeader(headerKey, headerKeyValue)) + { + if (OAConfiguration.BINDUNG_FULL.equals(binding)) { + authorizationvalue = headerKeyValue; + Logger.debug("Binding: full binding to user established"); + } else { + String credentials = headerKeyValue.substring(6); + byte [] bplaintextcredentials = Base64Utils.decode(credentials, true); + String plaintextcredentials = new String(bplaintextcredentials); + String userID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":")); + String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); + String userIDPassword = ":"; + if (OAConfiguration.BINDUNG_USERNAME.equals(binding)) { + Logger.debug("Binding: Access with necessary binding to user"); + userIDPassword = userID + ":" + browserPassword; + } else if (OAConfiguration.BINDUNG_NONE.equals(binding)) { + Logger.debug("Binding: Access without binding to user"); + //If first time + if (browserUserID.length()==0) browserUserID = userID; + if (browserPassword.length()==0) browserPassword = password; + userIDPassword = browserUserID + ":" + browserPassword; + } else { + userIDPassword = userID + ":" + password; + } + credentials = Base64Utils.encode(userIDPassword.getBytes()); + authorizationvalue = "Basic " + credentials; + headerKeyValue = authorizationvalue; + } + } + headers.put(headerKey, headerKeyValue); + } + } + }else{ + //if OA needs Authorization header in each further request + authorizationvalue = (String) req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER); + if (loginHeaders != null) headers.put("Authorization", authorizationvalue); + } + + + Vector parameters = new Vector(); + + for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) { + String paramName = (String) enu.nextElement(); + if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { + if (INTERNAL_DEBUG) Logger.debug("Req Parameter-put: " + paramName + ":" + req.getParameter(paramName)); + String parameter[] = new String[2]; + parameter[0]= paramName; + parameter[1]= req.getParameter(paramName); + parameters.add(parameter); + } + } + // collect login parameters, possibly overwriting parameters from request + if (loginParameters != null) { + for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) { + String paramName = (String) iter.next(); + if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { + if (INTERNAL_DEBUG) Logger.debug("Req Login-Parameter-put: " + paramName + ":" + loginParameters.get(paramName)); + String parameter[] = new String[2]; + parameter[0]= paramName; + parameter[1]= (String) loginParameters.get(paramName); + parameters.add(parameter); + } + } + } + + ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix); + HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters); + + // set headers as request properties of URLConnection + for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) { + String headerKey = (String) iter.next(); + String headerValue = (String) headers.get(headerKey); + String LogStr = "Req header " + headerKey + ": " + headers.get(headerKey); + if (isBasicAuthenticationHeader(headerKey, headerValue)) { + String credentials = headerValue.substring(6); + byte [] bplaintextcredentials = Base64Utils. decode(credentials, true); + String plaintextcredentials = new String(bplaintextcredentials); + String uid = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":")); + String pwd = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1); + //Sollte AuthorizationInfo vom HTTPClient benutzt werden: cb.addBasicAuthorization(publicURLPrefix, uid, pwd); + //deactivate following line for security + //if (INTERNAL_DEBUG && Logger.isDebugEnabled()) LogStr = LogStr + " >UserID:Password< >" + uid + ":" + pwd + "<"; + } + conn.setRequestProperty(headerKey, headerValue); + if (INTERNAL_DEBUG) Logger.debug(LogStr); + } + + StringWriter sb = new StringWriter(); + + // Write out parameters into output stream of URLConnection. + // On GET request, do not send parameters in any case, + // otherwise HttpURLConnection would send a POST. + if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) { + boolean firstParam = true; + String parameter[] = new String[2]; + for (Iterator iter = parameters.iterator(); iter.hasNext();) { + parameter = (String[]) iter.next(); + String paramName = parameter[0]; + String paramValue = parameter[1]; + if (firstParam) + firstParam = false; + else + sb.write("&"); + sb.write(paramName); + sb.write("="); + sb.write(paramValue); + if (INTERNAL_DEBUG) Logger.debug("Req param " + paramName + ": " + paramValue); + } + } + + // For WebDAV and POST: copy content + if (!"get".equalsIgnoreCase(req.getMethod())) { + if (INTERNAL_DEBUG && !"post".equalsIgnoreCase(req.getMethod())) Logger.debug("---- WEBDAV ---- copying content"); + try { + OutputStream out = conn.getOutputStream(); + InputStream in = req.getInputStream(); + if (!parameters.isEmpty()) out.write(sb.toString().getBytes()); //Parameter nicht mehr mittels Printwriter schreiben + copyStream(in, out, null, req.getMethod()); + out.flush(); + out.close(); + } catch (IOException e) { + if (!"post".equalsIgnoreCase(req.getMethod())) + Logger.debug("---- WEBDAV ---- streamcopy problem"); + else + Logger.debug("---- POST ---- streamcopy problem"); + } + } + + // connect + if (INTERNAL_DEBUG) Logger.debug("Connect Request"); + conn.connect(); + if (INTERNAL_DEBUG) Logger.debug("Connect Response"); + + // check login tries + if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { + int loginTry = getLoginTry(req); + req.getSession().setAttribute(ATT_OA_LOGINTRY, Integer.toString(loginTry)); + if (loginTry > MAX_OA_LOGINTRY) { + Logger.debug("Found 401 UNAUTHORIZED, maximum tries exceeded; leaving..."); + cb.disconnect(conn); + return -401; + } + } + + + + if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED && OAConfiguration.BINDUNG_FULL.equals(originBinding)) { + Logger.debug("Found 401 UNAUTHORIZED, leaving..."); + cb.disconnect(conn); + return conn.getResponseCode(); + } + + + resp.setStatus(conn.getResponseCode()); + resp.setContentType(conn.getContentType()); + + if (loginHeaders != null && (conn.getResponseCode()==HttpURLConnection.HTTP_OK || conn.getResponseCode()==HttpURLConnection.HTTP_MOVED_TEMP) && req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) { + req.getSession().setAttribute(ATT_OA_AUTHORIZATION_HEADER, authorizationvalue); + Logger.debug("Login OK. Saving authorization header to remember in further requests"); + } + + // Read response headers + // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set. + // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests. + // See JavaDoc of javax.servlet.http.HttpServlet: + // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header. + Vector respHeaders = new Vector(); + + boolean chunked = false; + String contentLengthKey = null; + String transferEncodingKey = null; + int i = 1; + String headerKey; + String loginType = (String) req.getSession().getAttribute(ATT_OA_LOGINTYPE); + while ((headerKey = conn.getHeaderFieldKey(i)) != null) { + String headerValue = conn.getHeaderField(i); + // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) + if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) { + headerValue = "Basic realm=\"" + publicURLPrefix + "\""; + if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) { + headerValue = "Basic realm=\"Bitte Passwort eingeben\""; + } else if (OAConfiguration.BINDUNG_NONE.equals(originBinding)) { + headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\""; + } + } + String respHeader[] = new String[2]; + if ((conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) && headerKey.equalsIgnoreCase("content-length")) { + //alter the unauthorized message with template for login + //TODO: supply a special login form on unauthorized messages with bindings!=full + headerValue = Integer.toString(RET_401_MSG.length()); + } + respHeader[0]= headerKey; + respHeader[1]= headerValue; + + if (!(OAConfiguration.BINDUNG_FULL.equals(originBinding) && OAConfiguration.LOGINTYPE_STATELESS.equals(loginType) && headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\""))) { + respHeaders.add(respHeader); + if (INTERNAL_DEBUG) Logger.debug("Resp header " + headerKey + ": " + headerValue); + } else { + Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue); + } + if (isTransferEncodingChunkedHeader(headerKey, headerValue)) { + chunked = true; + transferEncodingKey = headerKey; + } + if ("content-length".equalsIgnoreCase(headerKey)) + contentLengthKey = headerKey; + i++; + } + if (chunked && contentLengthKey != null) { + respHeaders.remove(transferEncodingKey); + Logger.debug("Resp header " + transferEncodingKey + " REMOVED"); + } + + String headerValue; + String respHeader[] = new String[2]; + + //write out all Responseheaders + for (Iterator iter = respHeaders.iterator(); iter.hasNext();) { + respHeader = (String[]) iter.next(); + headerKey = respHeader[0]; + headerValue = respHeader[1]; + resp.addHeader(headerKey, headerValue); + } + + //Logger.debug(">>>> Copy Content"); + //Logger.debug(" from ()" + conn.getURL()); + //Logger.debug(" to (" + req.getRemoteAddr() + ":"+ ") " +req.getRequestURL()); + + // read response stream + Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode()); + // Load content unless the server lets us know that the content is NOT MODIFIED... + if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED ) { + BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream()); + //Logger.debug("Got Inputstream"); + BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream()); + //Logger.debug("Got Outputstream"); + + byte [] buffer = new byte[4096]; + if (respOut != null) { + int bytesRead; + while ((bytesRead = respIn.read(buffer)) >= 0) { + if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(buffer, 0, bytesRead); + } + } else { + while (respIn.read(buffer) >= 0); + } + + + /* + int ch; + StringBuffer strBuf = new StringBuffer(""); + while ((ch = respIn.read()) >= 0) { + if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(ch); + strBuf.append((char)ch); + } + Logger.debug("Resp Content:"); + if (strBuf.toString().length()>500) + Logger.debug(strBuf.toString().substring(0,500)); + else + Logger.debug(strBuf.toString()); + */ + + + if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { + respOut.write(RET_401_MSG.getBytes()); + } + respOut.flush(); + respOut.close(); + respIn.close(); + if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { + Logger.debug("Found 401 UNAUTHORIZED..."); + cb.disconnect(conn); + return conn.getResponseCode(); + } + } else { + //if (conn.getResponseCode()==HttpURLConnection.HTTP_NOT_MODIFIED) + Logger.debug("Found 304 NOT MODIFIED..."); + } + + cb.disconnect(conn); + Logger.debug("Request done"); + + return conn.getResponseCode(); +} + +/** + * Gets the current amount of the login try at the online application + * + * @param req the HttpServletRequest + * @return the number off the current login try + */ +private int getLoginTry(HttpServletRequest req) { + String oa_loginTry = (String) req.getSession().getAttribute(ATT_OA_LOGINTRY); + int loginTry = 1; + if (oa_loginTry!=null) loginTry = Integer.parseInt(oa_loginTry)+1; + return loginTry; +} +/** + * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..." + * + * @param headerKey header name + * @param headerValue header value + * @return true for a basic authentication header + */ +private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) { + if (!"authorization".equalsIgnoreCase(headerKey)) + return false; + if (headerValue.length() < "basic".length()) + return false; + String authenticationSchema = headerValue.substring(0, "basic".length()); + return "basic".equalsIgnoreCase(authenticationSchema); +} +/** + * Determines whether a basic authentication header of the kind "Authorization: Basic ..." + * is included in a HTTP request + * @param req HTTP request + * @return true for a basic authentication header provided + */ +private boolean isBasicAuthenticationHeaderProvided(HttpServletRequest req) { + for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) { + String headerKey = (String) enu.nextElement(); + String headerValue = req.getHeader(headerKey); + if (isBasicAuthenticationHeader(headerKey, headerValue)) + return true; + } + return false; +} +/** + * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked" + * + * @param headerKey header name + * @param headerValue header value + * @return true for a "Transfer-encoding: chunked" header + */ +private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) { + if (!"transfer-encoding".equalsIgnoreCase(headerKey)) + return false; + return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0; +} + +/** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ +public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); + try { + MOAIDProxyInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex); + throw new ServletException(ex); + } +} + +/** + * Handles an error.
+ *
    + *
  • Logs the error
  • + *
  • Places error message and exception thrown into the request + * as request attributes (to be used by "/errorpage-proxy.jsp")
  • + *
  • Sets HTTP status 500 (internal server error)
  • + *
+ * + * @param errorMessage error message + * @param exceptionThrown exception thrown + * @param req servlet request + * @param resp servlet response + */ +protected void handleError( + String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + + + if(null != errorMessage) { + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage ); + } + + if (null != exceptionThrown) { + if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + //req.setAttribute("ExceptionThrown", exceptionThrown); + } + + //forward this to errorpage-proxy.jsp where the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + +} + + +// * taken from iaik.utils.util.copyStream: +/** + * Reads all data (until EOF is reached) from the given source to the + * destination stream. If the destination stream is null, all data is dropped. + * It uses the given buffer to read data and forward it. If the buffer is + * null, this method allocates a buffer. + * + * @param source The stream providing the data. + * @param destination The stream that takes the data. If this is null, all + * data from source will be read and discarded. + * @param buffer The buffer to use for forwarding. If it is null, the method + * allocates a buffer. + * @exception IOException If reading from the source or writing to the + * destination fails. + */ +private static void copyStream(InputStream source, OutputStream destination, byte[] buffer, String method) throws IOException { + if (source == null) { + throw new NullPointerException("Argument \"source\" must not be null."); + } + if (buffer == null) { + buffer = new byte[4096]; + } + + if (destination != null) { + int bytesRead; + while ((bytesRead = source.read(buffer)) >= 0) { + destination.write(buffer, 0, bytesRead); + //if (method.equalsIgnoreCase("POST")) Logger.debug(buffer.toString()); + } + } else { + while (source.read(buffer) >= 0); + } +} + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java new file mode 100644 index 000000000..954a87e62 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java @@ -0,0 +1,212 @@ +package at.gv.egovernment.moa.id.util; + +import java.io.BufferedWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.PrintWriter; +import java.net.Socket; +import java.security.GeneralSecurityException; +import java.util.Hashtable; + +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + +import org.apache.axis.components.net.BooleanHolder; +import org.apache.axis.components.net.DefaultSocketFactory; +import org.apache.axis.components.net.SecureSocketFactory; +import org.apache.axis.components.net.TransportClientProperties; +import org.apache.axis.components.net.TransportClientPropertiesFactory; +import org.apache.axis.utils.Messages; +import org.apache.axis.utils.XMLUtils; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * Secure socket factory for Axis webs service clients of the MOA-ID component, + * which are the MOA-SP calls from MOA-ID Auth, + * and the MOA-ID Auth calls from MOA-ID Proxy. + *
Use this initialization code:
+ * // ConnectionParameter connParam = ... get from ConfigurationProvider + * AxisSecureSocketFactory.initialize(connParam); + *
See the Apache Axis documentation on how to configure this class + * as the default secure socket factory to be used by Axis. + *
+ * This code has been copied from JSSESocketFactory, the + * method initialize() has been added. + * + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AxisSecureSocketFactory + extends DefaultSocketFactory implements SecureSocketFactory { + + /** Field sslFactory */ + private static SSLSocketFactory sslFactory; + + /** + * Constructor for AxisSecureSocketFactory. + * @param attributes ??? + */ + public AxisSecureSocketFactory(Hashtable attributes) { + super(attributes); + } + /** + * Initializes the factory by setting the connection parameters to be used for + * setting the secure socket factory, and by setting the system property + * axis.socketSecureFactory. + * @param ssf SSLSocketFactory to initialize with + */ + public static void initialize(SSLSocketFactory ssf) + throws IOException, GeneralSecurityException { + + Logger.debug("Initialize AxisSecureSocketFactory"); + sslFactory = ssf; + } + + /** + * creates a secure socket + * + * @param host + * @param port + * @param otherHeaders + * @param useFullURL + * + * @return Socket + * @throws Exception + */ + public Socket create( + String host, + int port, + StringBuffer otherHeaders, + BooleanHolder useFullURL) + throws Exception { + if (port == -1) { + port = 443; + } + + TransportClientProperties tcp = + TransportClientPropertiesFactory.create("https"); + + boolean hostInNonProxyList = + isHostInNonProxyList(host, tcp.getNonProxyHosts()); + + Socket sslSocket = null; + if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) { + // direct SSL connection + sslSocket = sslFactory.createSocket(host, port); + } + else { + + // Default proxy port is 80, even for https + int tunnelPort = + (tcp.getProxyPort().length() != 0) + ? Integer.parseInt(tcp.getProxyPort()) + : 80; + if (tunnelPort < 0) + tunnelPort = 80; + + // Create the regular socket connection to the proxy + Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort); + + // The tunnel handshake method (condensed and made reflexive) + OutputStream tunnelOutputStream = tunnel.getOutputStream(); + PrintWriter out = + new PrintWriter( + new BufferedWriter(new OutputStreamWriter(tunnelOutputStream))); + + // More secure version... engage later? + // PasswordAuthentication pa = + // Authenticator.requestPasswordAuthentication( + // InetAddress.getByName(tunnelHost), + // tunnelPort, "SOCK", "Proxy","HTTP"); + // if(pa == null){ + // printDebug("No Authenticator set."); + // }else{ + // printDebug("Using Authenticator."); + // tunnelUser = pa.getUserName(); + // tunnelPassword = new String(pa.getPassword()); + // } + out.print( + "CONNECT " + + host + + ":" + + port + + " HTTP/1.0\r\n" + + "User-Agent: AxisClient"); + if (tcp.getProxyUser().length() != 0 + && tcp.getProxyPassword().length() != 0) { + + // add basic authentication header for the proxy + String encodedPassword = + XMLUtils.base64encode( + (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes()); + + out.print("\nProxy-Authorization: Basic " + encodedPassword); + } + out.print("\nContent-Length: 0"); + out.print("\nPragma: no-cache"); + out.print("\r\n\r\n"); + out.flush(); + InputStream tunnelInputStream = tunnel.getInputStream(); + + if (log.isDebugEnabled()) { + log.debug( + Messages.getMessage( + "isNull00", + "tunnelInputStream", + "" + (tunnelInputStream == null))); + } + String replyStr = ""; + + // Make sure to read all the response from the proxy to prevent SSL negotiation failure + // Response message terminated by two sequential newlines + int newlinesSeen = 0; + boolean headerDone = false; /* Done on first newline */ + + while (newlinesSeen < 2) { + int i = tunnelInputStream.read(); + + if (i < 0) { + throw new IOException("Unexpected EOF from proxy"); + } + if (i == '\n') { + headerDone = true; + ++newlinesSeen; + } + else if (i != '\r') { + newlinesSeen = 0; + if (!headerDone) { + replyStr += String.valueOf((char) i); + } + } + } + if (!replyStr.startsWith("HTTP/1.0 200") + && !replyStr.startsWith("HTTP/1.1 200")) { + throw new IOException( + Messages.getMessage( + "cantTunnel00", + new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr })); + } + + // End of condensed reflective tunnel handshake method + sslSocket = sslFactory.createSocket(tunnel, host, port, true); + if (log.isDebugEnabled()) { + log.debug( + Messages.getMessage( + "setupTunnel00", + tcp.getProxyHost(), + "" + tunnelPort)); + } + } + + ((SSLSocket) sslSocket).startHandshake(); + if (log.isDebugEnabled()) { + log.debug(Messages.getMessage("createdSSL00")); + } + return sslSocket; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java new file mode 100644 index 000000000..c5dad8bc4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java @@ -0,0 +1,36 @@ +/* + * Created on 20.01.2005 + * + * @author rschamberger + * $ID$ + */ +package at.gv.egovernment.moa.id.util; + + +/** + * Class used to define Constants used in Class ECDSAKeyValueConverter + * + * * @author rschamberger + */ +public class ECDSAConstants { + + /* ECDSA Namespace + */ + static String NAMESPACE_ECDSAKEYVALUE_ = "http://www.w3.org/2001/04/xmldsig-more#"; + + /* Schema instance NS + */ + static String NAMESPACE_XSI_ = "http://www.w3.org/2001/XMLSchema-instance"; + + /* ecdsa prefix value + */ + static String NS_PREFIX_ECDSAKEYVALUE_ = "ecdsa"; + + /* namespace namespace + */ + static String NAMESPACE_NAMESPACES_ = "http://www.w3.org/XML/1998/namespace"; + + /* si prefix value + */ + static String NS_PREFIX_XSI_ = "si"; +}; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java new file mode 100644 index 000000000..6fb78edb7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java @@ -0,0 +1,572 @@ +package at.gv.egovernment.moa.id.util; + +import iaik.security.ecc.ecdsa.ECDSAParameter; +import iaik.security.ecc.ecdsa.ECPublicKey; +import iaik.security.ecc.math.ecgroup.AffineCoordinate; +import iaik.security.ecc.math.ecgroup.Coordinate; +import iaik.security.ecc.math.ecgroup.CoordinateTypes; +import iaik.security.ecc.math.ecgroup.ECGroupFactory; +import iaik.security.ecc.math.ecgroup.ECPoint; +import iaik.security.ecc.math.ecgroup.EllipticCurve; +import iaik.security.ecc.math.field.Field; +import iaik.security.ecc.math.field.FieldElement; +import iaik.security.ecc.math.field.PrimeField; +import iaik.security.ecc.parameter.ECCParameterFactory; +import iaik.security.ecc.spec.ECCParameterSpec; + +import java.math.BigInteger; +import java.security.PublicKey; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Vector; + +import org.w3c.dom.Attr; +import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +public class ECDSAKeyValueConverter +{ + + + //TODO enhance javadoc + + /** + * converter class which can be used to convert ECDSA keys encoded in XML + * to a PublicKey data structure + * @param keyValueElem ECDSAKeyValue Element + * @return ECPublicKey encoded in PublicKey data structure + * @throws Exception + */ + public static PublicKey element2ECDSAPublicKey(Element keyValueElem) throws Exception + { + String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_; + + // Domain parameters + Element domainParams = getChildElement(keyValueElem, ecdsaNS, "DomainParameters", 1); + if (domainParams == null) throw new Exception("Domain parameters must not be implicit."); + + Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1); + ECCParameterSpec eccParameterSpec; + + if (namedCurve != null) + { + // URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN")); + String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8); + ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance(); + // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4)); + eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID); + } + else + { + Element excplicitParams = getChildElement(domainParams, ecdsaNS, "ExplicitParams", 1); + Element fieldParams = getChildElement(excplicitParams, ecdsaNS, "FieldParams", 1); + Element curveParams = getChildElement(excplicitParams, ecdsaNS, "CurveParams", 1); + Element basePointParams = getChildElement(excplicitParams, ecdsaNS, "BasePointParams", 1); + + // Field parameters + String fieldParamsTypeStr = fieldParams.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type"); + String ecdsaNSPrefix = getECDSANSPrefix(fieldParams); + BigInteger p = null; + int fieldParamsType = 0; + final int FIELD_TYPE_PRIME = 1; + final int FIELD_TYPE_TNB = 2; + final int FIELD_TYPE_PNB = 3; + int m = -1, k = -1, k1 = -1, k2 = -1, k3 = -1; + if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PrimeFieldParamsType")) + { + fieldParamsType = FIELD_TYPE_PRIME; + String pStr = getChildElementText(fieldParams, ecdsaNS, "P", 1); + p = new BigInteger(pStr, 10); + } + else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":TnBFieldParamsType")) + { + fieldParamsType = FIELD_TYPE_TNB; + String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1); + m = Integer.parseInt(mStr); + String kStr = getChildElementText(fieldParams, ecdsaNS, "K", 1); + k = Integer.parseInt(kStr); + } + else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PnBFieldParamsType")) + { + fieldParamsType = FIELD_TYPE_PNB; + String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1); + m = Integer.parseInt(mStr); + String k1Str = getChildElementText(fieldParams, ecdsaNS, "K1", 1); + k1 = Integer.parseInt(k1Str); + String k2Str = getChildElementText(fieldParams, ecdsaNS, "K2", 1); + k2 = Integer.parseInt(k2Str); + String k3Str = getChildElementText(fieldParams, ecdsaNS, "K3", 1); + k3 = Integer.parseInt(k3Str); + } + else throw new Exception("Unknown field parameters."); + + // Curve parameters + Element aElem = getChildElement(curveParams, ecdsaNS, "A", 1); + String aStr = aElem.getAttributeNS(null, "Value"); + Element bElem = getChildElement(curveParams, ecdsaNS, "B", 1); + String bStr = bElem.getAttributeNS(null, "Value"); + String seedStr = getChildElementText(curveParams, ecdsaNS, "Seed", 1); + BigInteger seed = (seedStr != null) ? new BigInteger(seedStr, 10) : null; + + // Base point parameters + Element basePoint = getChildElement(basePointParams, ecdsaNS, "BasePoint", 1); + Element basePointXElem = getChildElement(basePoint, ecdsaNS, "X", 1); + String basePointXStr = basePointXElem.getAttributeNS(null, "Value"); + Element basePointYElem = getChildElement(basePoint, ecdsaNS, "Y", 1); + String basePointYStr = basePointYElem.getAttributeNS(null, "Value"); + String orderStr = getChildElementText(basePointParams, ecdsaNS, "Order", 1); + BigInteger order = new BigInteger(orderStr, 10); + String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1); + BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null; + + if (fieldParamsType == FIELD_TYPE_PRIME) + { + BigInteger a = new BigInteger(aStr, 10); + BigInteger b = new BigInteger(bStr, 10); + BigInteger basePointX = new BigInteger(basePointXStr, 10); + BigInteger basePointY = new BigInteger(basePointYStr, 10); + eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX, + basePointY, null); + } + else + { + int[] irreducible = new int[m/32 + ((m % 32 != 0) ? 1 : 0)]; + if (fieldParamsType == FIELD_TYPE_TNB) + { + irreducible[m/32] = 1 << m % 32; + irreducible[k/32] += 1 << k % 32; + irreducible[0] += 1; + } + else + { + irreducible[m/32] = 1 << m % 32; + irreducible[k3/32] += 1 << k3 % 32; + irreducible[k2/32] += 1 << k2 % 32; + irreducible[k1/32] += 1 << k1 % 32; + irreducible[0] += 1; + } + eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr), + octetString2IntArray(bStr), octetString2IntArray(basePointXStr), + octetString2IntArray(basePointYStr), null); + } + } + + // Public key + Element publicKeyElem = getChildElement(keyValueElem, ecdsaNS, "PublicKey", 1); + Element publicKeyXElem = getChildElement(publicKeyElem, ecdsaNS, "X", 1); + String publicKeyXStr = publicKeyXElem.getAttributeNS(null, "Value"); + Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1); + String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value"); + + ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES); + ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance(); + EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(), + eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES); + Field field = eCurve.getField(); + + // Detect type of public key field elements + String elementType = publicKeyXElem.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type"); + String elementTypeLocalName = elementType.substring(elementType.indexOf(':') + 1); + int FIELD_TYPE_PRIME = 1, FIELD_TYPE_CHAR_TWO = 2; + int fieldElemType = ("PrimeFieldElemType".equals(elementTypeLocalName)) + ? FIELD_TYPE_PRIME + : FIELD_TYPE_CHAR_TWO; + + FieldElement publicKeyPointX, publicKeyPointY; + if (fieldElemType == FIELD_TYPE_PRIME) + { + +// Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10)); +// publicKeyPointX = field.newElement(xValue); + PrimeField pf = (PrimeField) field; + publicKeyPointX = pf.newElement(new BigInteger(publicKeyXStr, 10)); +// Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10)); +// publicKeyPointY = field.newElement(yValue); + publicKeyPointY = pf.newElement(new BigInteger(publicKeyYStr, 10)); + } + else + { + publicKeyPointX = field.newElement(octetString2ByteArray(publicKeyXStr)); + publicKeyPointY = field.newElement(octetString2ByteArray(publicKeyYStr)); + } +// ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX, +// publicKeyPointY, field.getONEelement()); + Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX, + publicKeyPointY).toProjective(); + ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate); + ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint); + + return publicKey; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + /* + public static Element publicKey2ECDSAKeyValueElement(boolean implParams, String curveOID, + ECDSAPublicKey publicKey, Document factoryDoc) + { + String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_; + String ecdsaNSP = ECDSAConstants.NS_PREFIX_ECDSAKEYVALUE_; + String nsNS = ECDSAConstants.NAMESPACE_NAMESPACES_; + String xsiNS = ECDSAConstants.NAMESPACE_XSI_; + String xsiNSP = ECDSAConstants.NS_PREFIX_XSI_; + + ECDSAParameter params = (ECDSAParameter)publicKey.getParameter(); + EllipticCurve curve = params.getG().getCurve(); + Field field = curve.getField(); + int fieldId = curve.getField().getFieldId(); + + Element eCDSAKeyValue = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ECDSAKeyValue"); + eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + ecdsaNSP, ecdsaNS); + eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + xsiNSP, xsiNS); + + // Detect field type + int coeffPositions[] = new int[3]; + int fieldType = 0; + String fieldElemTypeString = null; + final int FT_PRIME = 1, FT_TNB = 2, FT_PNB = 3; + if (fieldId == Field.PRIME_FIELD) + { + fieldType = FT_PRIME; + fieldElemTypeString = ecdsaNSP + ":PrimeFieldElemType"; + } + else + { + // Get irreducible polynomal + BinaryField binaryField = (BinaryField)field; + BinaryFieldValue irreducible = binaryField.getIrreducible(); + + // Get coefficients of irreducible polynomal + int order = irreducible.getOrder(); + int coeffCount = 2; + for (int i = 1; i < order - 1; i++) + { + if (irreducible.testBit(i)) + { + coeffPositions[coeffCount - 2] = i; + coeffCount++; + if (coeffCount == 5) break; + } + } + + // Set polynomal type (TNB or + fieldType = (coeffCount == 3) ? FT_TNB : FT_PNB; + fieldElemTypeString = ecdsaNSP + ":CharTwoFieldElemType"; + } + + if (!implParams) + { + Element domainParameters = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":DomainParameters"); + eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n ")); + eCDSAKeyValue.appendChild(domainParameters); + + if (curveOID != null) + { + // Named curve + Element namedCurve = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":NamedCurve"); + namedCurve.setAttributeNS(null, "URN", "urn:oid:" + curveOID); + domainParameters.appendChild(factoryDoc.createTextNode("\n ")); + domainParameters.appendChild(namedCurve); + domainParameters.appendChild(factoryDoc.createTextNode("\n ")); + } + else + { + // Explicit parameters + Element explicitParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ExplicitParams"); + + // Field parameters + Element fieldParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":FieldParams"); + explicitParams.appendChild(factoryDoc.createTextNode("\n ")); + explicitParams.appendChild(fieldParams); + + if (fieldType == FT_PRIME) + { + fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PrimeFieldParamsType"); + Element p = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":P"); + p.appendChild(factoryDoc.createTextNode(curve.getField().getSize().toString(10))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(p); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + } + else if (fieldType == FT_TNB) + { + fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":TnBFieldParamsType"); + Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M"); + m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder()))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(m); + + Element k = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K"); + k.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0], 10))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(k); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + } + else + { + fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PnBFieldParamsType"); + Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M"); + m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder()))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(m); + + Element k1 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K1"); + k1.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0]))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(k1); + + Element k2 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K2"); + k2.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[1]))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(k2); + + Element k3 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K3"); + k3.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[2]))); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + fieldParams.appendChild(k3); + fieldParams.appendChild(factoryDoc.createTextNode("\n ")); + } + + // Curve parameters + Element curveParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":CurveParams"); + explicitParams.appendChild(factoryDoc.createTextNode("\n ")); + explicitParams.appendChild(curveParams); + + Element a = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":A"); + a.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + a.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? curve.getA().getValue().toBigInt().toString(10) + : evenStringLength(curve.getA().getValue().toBigInt().toString(16))); + curveParams.appendChild(factoryDoc.createTextNode("\n ")); + curveParams.appendChild(a); + + Element b = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":B"); + b.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + b.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? curve.getB().getValue().toBigInt().toString(10) + : evenStringLength(curve.getB().getValue().toBigInt().toString(16))); + curveParams.appendChild(factoryDoc.createTextNode("\n ")); + curveParams.appendChild(b); + + if (params.getS() != null) + { + Element seed = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Seed"); + seed.appendChild(factoryDoc.createTextNode(evenStringLength(params.getS().toString(16)))); + curveParams.appendChild(factoryDoc.createTextNode("\n ")); + curveParams.appendChild(seed); + } + + curveParams.appendChild(factoryDoc.createTextNode("\n ")); + + // Base point params + Element basePointParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePointParams"); + explicitParams.appendChild(factoryDoc.createTextNode("\n ")); + explicitParams.appendChild(basePointParams); + + Element basePoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePoint"); + basePointParams.appendChild(factoryDoc.createTextNode("\n ")); + basePointParams.appendChild(basePoint); + + Element x = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X"); + x.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + x.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? params.getG().getCoordinates().getX().getValue().toBigInt().toString(10) + : evenStringLength(params.getG().getCoordinates().getX().getValue().toBigInt().toString(16))); + basePoint.appendChild(factoryDoc.createTextNode("\n ")); + basePoint.appendChild(x); + + Element y = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y"); + y.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + y.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? params.getG().getCoordinates().getY().getValue().toBigInt().toString(10) + : evenStringLength(params.getG().getCoordinates().getY().getValue().toBigInt().toString(16))); + basePoint.appendChild(factoryDoc.createTextNode("\n ")); + basePoint.appendChild(y); + basePoint.appendChild(factoryDoc.createTextNode("\n ")); + + Element order = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Order"); + order.appendChild(factoryDoc.createTextNode(params.getR().toString(10))); + basePointParams.appendChild(factoryDoc.createTextNode("\n ")); + basePointParams.appendChild(order); + + if (params.getK() != null) + { + Element cofactor = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Cofactor"); + cofactor.appendChild(factoryDoc.createTextNode(params.getK().toString(10))); + basePointParams.appendChild(factoryDoc.createTextNode("\n ")); + basePointParams.appendChild(cofactor); + } + + basePointParams.appendChild(factoryDoc.createTextNode("\n ")); + explicitParams.appendChild(factoryDoc.createTextNode("\n ")); + + domainParameters.appendChild(factoryDoc.createTextNode("\n ")); + domainParameters.appendChild(explicitParams); + domainParameters.appendChild(factoryDoc.createTextNode("\n ")); + } + } + + // Public key point + Element publicKeyPoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":PublicKey"); + + Element publicKeyX = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X"); + publicKeyX.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + publicKeyX.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(10) + : evenStringLength(publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(16))); + publicKeyPoint.appendChild(factoryDoc.createTextNode("\n ")); + publicKeyPoint.appendChild(publicKeyX); + + Element publicKeyY = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y"); + publicKeyY.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString); + publicKeyY.setAttributeNS(null, "Value", + (fieldId == Field.PRIME_FIELD) + ? publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(10) + : evenStringLength(publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(16))); + publicKeyPoint.appendChild(factoryDoc.createTextNode("\n ")); + publicKeyPoint.appendChild(publicKeyY); + publicKeyPoint.appendChild(factoryDoc.createTextNode("\n ")); + + eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n ")); + eCDSAKeyValue.appendChild(publicKeyPoint); + eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n ")); + + return eCDSAKeyValue; + } + */ + /* ---------------------------------------------------------------------------------------------------- */ + + private static String getECDSANSPrefix(Element element) + { + // FIXXME: Review this function (GK, 11.06.2002) - should return a list of strings, since more than + // one NS prefix can be bound to the ECDSA namespace + + HashMap inScopeNSAttrs = getInScopeNSAttrs(element); + Iterator inScopeNSAttrsIt = inScopeNSAttrs.keySet().iterator(); + while (inScopeNSAttrsIt.hasNext()) + { + Attr currentAttr = (Attr)inScopeNSAttrs.get(inScopeNSAttrsIt.next()); + if (ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_.equals(currentAttr.getValue())) + { + return ("xmlns".equals(currentAttr.getNodeName())) ? "" : currentAttr.getNodeName().substring(6); + } + } + return null; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + // Converts an octet string representation into an int array as needed for the IAIK ECC library + // String: rightmost byte is least significant byte + // IntArray: rightmost byte is LEAST significant byte + private static int[] octetString2IntArray(String octetString) + { + int byteCount = octetString.length()/2; + int[] intArray = new int[byteCount/4 + ((byteCount % 4 != 0) ? 1 : 0)]; + for (int i = 0; i < byteCount; i++) + { + int oSStartPos = octetString.length() - (i + 1) * 2; + int currentByte = Integer.parseInt(octetString.substring(oSStartPos, oSStartPos + 2), 16); + intArray[i/4] += (currentByte & 0xFF) << ((i % 4) * 8); + } + return intArray; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + // Converts an octet string representation into a byte array as needed for the IAIK ECC library + // String: rightmost byte is least significant byte + // ByteArray: rightmost byte is MOST significant byte + private static byte[] octetString2ByteArray(String octetString) + { + int byteCount = octetString.length()/2; + byte[] byteArray = new byte[byteCount]; + for (int i = 0; i < byteCount; i++) + { + int oSStartPos = octetString.length() - (i + 1) * 2; + byteArray[byteCount - i - 1] = (byte) Integer.parseInt(octetString.substring( + oSStartPos, oSStartPos + 2), 16); + } + return byteArray; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private static String evenStringLength(String hexString) + { + return (hexString.length() % 2 != 0) ? "0" + hexString : hexString; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private static Element getChildElement(Element parent, String namespace, String localName, + int instance) + { + NodeList namedElements = parent.getElementsByTagNameNS(namespace, localName); + if (namedElements.getLength() < instance) return null; + return (Element)namedElements.item(instance - 1); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private static String getChildElementText(Element parent, String namespace, String localName, + int instance) + { + Element child = getChildElement(parent, namespace, localName, instance); + if (child == null) return null; + NodeList childNodes = child.getChildNodes(); + int nodeCount = 0; + while (nodeCount < childNodes.getLength()) + { + Node currentNode = childNodes.item(nodeCount); + if (currentNode.getNodeType() == Node.TEXT_NODE) return currentNode.getNodeValue(); + nodeCount++; + } + return null; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public static HashMap getInScopeNSAttrs(Element element) + { + // Get all ancestors of element + Vector ancestors = new Vector(); + ancestors.add(element); + Node currentAncestor = element; + while ((currentAncestor = currentAncestor.getParentNode()) != null && + currentAncestor.getNodeType() == Node.ELEMENT_NODE) + { + ancestors.add(currentAncestor); + } + + // Scan all ancestors for NS attributes + HashMap inScopeNSAttrs = new HashMap(); + for (int i = ancestors.size() - 1; i >= 0; i--) + { + Element currentAncestorElem = (Element)ancestors.get(i); + NamedNodeMap attrs = currentAncestorElem.getAttributes(); + for (int j = 0; j < attrs.getLength(); j++) + { + Attr currentAttr = (Attr)attrs.item(j); + String currentAttrName = currentAttr.getNodeName(); + if ("xmlns".equals(currentAttrName) || currentAttrName.startsWith("xmlns:")) + { + inScopeNSAttrs.put(currentAttrName, currentAttr); + } + } + } + + // Check if default NS attribute is in list; if value is empty remove it from list + Attr defaultNSAttr = (Attr)inScopeNSAttrs.get("xmlns"); + if (defaultNSAttr != null && "".equals(defaultNSAttr.getValue())) inScopeNSAttrs.remove("xmlns"); + + return inScopeNSAttrs; + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java new file mode 100644 index 000000000..7c4731555 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java @@ -0,0 +1,76 @@ +/* + * Created on 17.02.2004 + * + * To change the template for this generated file go to + * Window>Preferences>Java>Code Generation>Code and Comments + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author rschamberger + * + * To change the template for this generated type comment go to + * Window>Preferences>Java>Code Generation>Code and Comments + */ +public class HTTPRequestJSPForwarder { + + /** + * Forwards the HttpServletRequest to a customizable JSP Page and serves the Response.
+ *
    + *
  • Logs the message
  • + *
+ * + * @param message message text + * @param jspPageURI URI of the JSP page + * @param context the servlet context of the servlet belonging to the req, resp + * @param req servlet request + * @param resp servlet response + */ + public static void forwardNamed( + String message, + String jspPageURI, + ServletContext context, + HttpServletRequest req, + HttpServletResponse resp) { + + if (null != message) { + Logger.info(message); + req.setAttribute("Message", message); + } + + //forward this to the given jsp page where the HTML response is generated + try { + context.getRequestDispatcher(jspPageURI).forward(req, resp); + } catch (IOException e) { + Logger.error(e); + } catch (ServletException e) { + Logger.error(e); + } + } + + /** + * Forwards the HttpServletRequest to the customizable JSP Page 'message.jsp' and serves the Response.
+ *
    + *
  • Logs the message
  • + *
+ * + * @param message message text + * @param context the servlet context of the servlet belonging to the req, resp + * @param req servlet request + * @param resp servlet response + */ + public static void forwardDefault( + String message, + ServletContext context, + HttpServletRequest req, + HttpServletResponse resp) { + forwardNamed(message, "/message.jsp", context, req, resp); + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java new file mode 100644 index 000000000..035c47eb9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.util; + +/** + * HTTP Utilities + * + * @author Rudolf Schamberger + * @version $Id$ + */ + +import java.io.BufferedInputStream; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.net.HttpURLConnection; +import java.net.URL; + +import org.apache.regexp.RE; +import org.apache.regexp.RESyntaxException; + +/** + * + * @author Rudolf Schamberger + * + */ +public class HTTPUtils { + + /** + * Utility used to obtainin correct encoded HTTP content. + * Reads a given Content adressed by HTTP-URL into String. + * Content encoding is considered by using the Content-Type HTTP header charset value. + * @param URL HTTP URL to read from. + * @return String representation of content + * @throws IOException on data-reading problems + */ + public static String readHttpURL(String URL) + throws IOException { + + URL url = new URL(URL); + HttpURLConnection conn = (HttpURLConnection)url.openConnection(); + conn.setRequestMethod("GET"); + String contentType = conn.getContentType(); + RE regExp = null; + try { + regExp = new RE("(;.*charset=)(\"*)(.*[^\"])"); + } catch (RESyntaxException e) { + //RESyntaxException is not possible = expr. is costant + } + boolean charsetSupplied = regExp.match(contentType); + String encoding = "ISO-8859-1"; //default HTTP encoding + if (charsetSupplied) { + encoding = regExp.getParen(3); + } + InputStream instream = new BufferedInputStream(conn.getInputStream()); + InputStreamReader isr = new InputStreamReader(instream, encoding); + Reader in = new BufferedReader(isr); + int ch; + StringBuffer buffer = new StringBuffer(); + while ((ch = in.read()) > -1) { + buffer.append((char)ch); + } + in.close(); + conn.disconnect(); + return buffer.toString(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java new file mode 100644 index 000000000..4330133f0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java @@ -0,0 +1,374 @@ +/* + * Created on 01.10.2004 + * + * @author rschamberger + * $ID$ + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.StringTokenizer; +import java.util.Vector; + +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequestWrapper; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLDecoder; + +/** + * Special ServletRequestWrapper class which provides a more precise implementation of the getParameter* + * family. This implementation cares about the order of the parameters from Query String and HTTP POST + * Body. Use this as Filter class for Servlets which such needs. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class InOrderServletRequestWrapper extends HttpServletRequestWrapper { + + /** + * standard encoding used to decode the URL string. + */ + // + public static final String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1"; + /** + * Vector that stores the order of the query paramters + */ + private Vector queryParamOrder; + + /** + * Hashtable that stores the content of the query paramters + */ + private Hashtable queryParameters; + + /** + * Vector that stores the order of the HTTP body paramters + */ + private Vector bodyParamOrder; + + /** + * Hashtable that stores the content of the HTTP body paramters + */ + private Hashtable bodyParameters; + + /** + * ServletContext + */ + private ServletContext context; + + /** + * Identifier used to identify query parameters + */ + public static final int QUERY_PARAM = 1; + + /** + * Identifier used to identify HTTP body parameters + */ + public static final int BODY_PARAM = 2; + + /** + * @see HttpServletRequestWrapper + */ + public InOrderServletRequestWrapper(final HttpServletRequest request, final ServletContext sContext) { + super(request); + this.context = sContext; + } + + /** + * parses the Query and if availlable also HTTP POST parameters + * + * @param req a HttpServletRequest which should be parsed + */ + protected final void parseParameters(final HttpServletRequest req) + { + queryParamOrder = new Vector(); + queryParameters = new Hashtable(); + bodyParamOrder = new Vector(); + bodyParameters = new Hashtable(); + + //Insert code for Query string parsing + String rawQuery = req.getQueryString(); + queryParameters = tokenize(queryParameters, queryParamOrder, rawQuery, DEFAULT_CHARACTER_ENCODING, true); + + //analyze HTTP Post body parameters + if (req.getMethod().equalsIgnoreCase("POST")) + { + //get body encoding + String enc = req.getCharacterEncoding(); + if (enc == null) enc = DEFAULT_CHARACTER_ENCODING; + + if (req.getContentType().equals("application/x-www-form-urlencoded")) + { + try + { + bodyParameters = parsePostData(bodyParameters, req.getContentLength(), req.getInputStream(), enc); + } + catch (IOException e) + { + context.log("could not open input stream of reqest \n" + e.toString()); + } + } + else + { + //TODO add multipart code + context.log( + "ERROR other Content-Types than 'application/x-www-form-urlencoded' not supported!"); + } + + }// end POST + } + + /** + * parses the HTTP POST parameters + * + * @param ht parameter Hashtable to put parameters in. + * @param length of content + * @param instream the ServletInputStream of the request + * @param encoding encoding of the instream + * + * @return the Hashtable with the parsed data + */ + private Hashtable parsePostData(Hashtable ht, final int length, final ServletInputStream instream, + final String encoding) + { + int inputLen, offset; + byte[] postedBytes = null; + boolean dataRemaining = true; + String postedBody; + + StringBuffer sb = new StringBuffer(); + + if (length <= 0) + { + return null; + } + + postedBytes = new byte[length]; + try + { + offset = 0; + while (dataRemaining) + { + inputLen = instream.read(postedBytes, offset, length - offset); + if (inputLen <= 0) + { + throw new IOException("read error during reading the HTTP POST body"); + } + offset += inputLen; + if ((length - offset) == 0) + { + dataRemaining = false; + } + } + } + catch (IOException e) + { + System.out.println("Exception =" + e); + return null; + } + + postedBody = new String(postedBytes); + Hashtable ht2 = tokenize(ht, bodyParamOrder, postedBody, encoding, false); + return ht2; + } + + + /** + * tokenizes parameter strings + * + * @param ht parameter Hashtable to put parameters in. + * @param order Vector in which the order of the tokenized parameters will be stored. + * @param parameterString String to tokenize. + * @param encoding which will be used to decode the parameterString. + * + * @return the Hashtable with the parsed data + */ + private Hashtable tokenize(Hashtable ht, Vector order, final String parameterString, final String encoding, boolean decode) + { + String[] valArray = null; + + if (null == parameterString) return ht; + + StringTokenizer st = new StringTokenizer(parameterString, "&"); + + String key = null; + String val = null; + + while (st.hasMoreTokens()) + { + String pair = (String) st.nextToken(); + int pos = pair.indexOf('='); + if (pos == -1) + { + throw new IllegalArgumentException(); + } + try + { + if (decode) { + key = URLDecoder.decode(pair.substring(0, pos), encoding); + val = URLDecoder.decode(pair.substring(pos + 1, pair.length()), encoding); + } else { + key = pair.substring(0, pos); + val = pair.substring(pos + 1, pair.length()); + } + //Logger.debug("(" + Integer.toString(key.length()) + "=" + Integer.toString(pair.substring(0, pos).length()) + ")"+key+"|--|"+pair.substring(0, pos)); + //Logger.debug("(" + Integer.toString(val.length()) + "=" + Integer.toString(pair.substring(pos + 1, pair.length()).length()) + ")"+val+"|--|"+pair.substring(pos + 1, pair.length())); + } + catch (Exception e) + { + throw new IllegalArgumentException(); + } + if (ht.containsKey(key)) + { + String oldVals[] = (String[]) ht.get(key); + valArray = new String[oldVals.length + 1]; + for (int i = 0; i < oldVals.length; i++) + { + valArray[i] = oldVals[i]; + } + valArray[oldVals.length] = val; + } + else + { + valArray = new String[1]; + valArray[0] = val; + } + ht.put(key, valArray); + order.addElement(key); + } + return ht; + + } + + /** + * Returns the value of a request parameter as a String, or null if the + * parameter does not exist. Request parameters are extra information sent with the request. For HTTP + * servlets, parameters are contained in the query string or posted form data. + * + *

+ * You should only use this method when you are sure the parameter has only one value. If the parameter + * might have more than one value, use {@link #getParameterValues(String, int)}. + * + *

+ * If you use this method with a multivalued parameter, the value returned is equal to the first value in + * the array returned by getParameterValues. + * + *

+ * If the parameter data was sent in the request body, such as occurs with an HTTP POST request, then + * reading the body directly via {@link #getInputStream} or {@link #getReader}can interfere with the + * execution of this method. + * + * @param name a String containing the name of the parameter whose value is requested + * + * @return a String representing the single value of the parameter + * + * @see #getParameterValues(String, int) + * + */ + public final String getParameter(final String name) { + String val = getParameter(name, QUERY_PARAM); + return (null != val) ? val : getParameter(name, BODY_PARAM); + } + + /** + * Returns the value of a request parameter as a String, or null if the + * parameter does not exist. + * + * @param name a String containing the name of the parameter whose value is requested + * @param parameterType type of parameter + * @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#QUERY_PARAM + * and @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#BODY_PARAM + * @see #getParameterValues(String) + * @return value of the (single) parameter or null if not availlable + **/ + public final String getParameter(final String name, final int parameterType) + { + + Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters; + String[] vals = (String[]) parameters.get(name); + if (vals == null) + { + return null; + } + return vals[0]; + } + + + /** + * Returns an array of String objects containing all of the values the given request + * parameter has, or null if the parameter does not exist. + * + *

+ * If the parameter has a single value, the array has a length of 1. + * + * @param name a String containing the name of the parameter whose value is requested + * @param parameterType type of parameter + * @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#QUERY_PARAM + * and @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#BODY_PARAM + * @return an array of String objects containing the parameter's values or null + * + * @see #getParameter + */ + public final String getParameterValues(final String name, final int parameterType) + { + Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters; + String[] vals = (String[]) parameters.get(name); + if (vals == null) + { + return null; + } + String vallist = vals[0]; + for (int i = 1; i < vals.length; i++) + { + vallist = vallist + "," + vals[i]; + } + return vallist; + } + + /** + * + * Returns an Enumeration of String objects containing the names of the + * parameters. If there are no parameters, the method returns an empty + * Enumeration. + * + * @return an Enumeration of String objects, each String + * containing the name of a request parameter; or an empty Enumeration if the + * request has no parameters + * + */ + public final Enumeration getParameterNames() + { + Vector FullParamOrder = new Vector(); + for (Enumeration enu = queryParamOrder.elements(); enu.hasMoreElements();) { + FullParamOrder.addElement(enu.nextElement()); + } + for (Enumeration enu = bodyParamOrder.elements(); enu.hasMoreElements();) { + FullParamOrder.addElement(enu.nextElement()); + } + return FullParamOrder.elements(); + } + + /** + * + * Returns an Enumeration of String objects containing the names of the + * parameters contained in this request. If the request has no parameters, the method returns an empty + * Enumeration. + * @param parameterType type of parameter + * + * @return an Enumeration of String objects, each String + * containing the name of a request parameter; or an empty Enumeration if the + * request has no parameters + * + */ + public final Enumeration getParameterNames(final int parameterType) + { + if (QUERY_PARAM == parameterType) + return queryParamOrder.elements(); + else + return bodyParamOrder.elements(); + } +} //End InOrderServletRequestWrapper \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java new file mode 100644 index 000000000..d31aa6ec1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java @@ -0,0 +1,58 @@ +package at.gv.egovernment.moa.id.util; + +import java.util.Locale; + +import at.gv.egovernment.moa.util.Messages; + +/** + * A singleton wrapper around a Message object, providing the messages used in MOA-ID. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDMessageProvider { + + /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */ + private static final String[] DEFAULT_MESSAGE_RESOURCES = + { "resources/properties/id_messages" }; + /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */ + private static final Locale[] DEFAULT_MESSAGE_LOCALES = + new Locale[] { new Locale("de", "AT") }; + /** The instance for our singleton */ + private static MOAIDMessageProvider instance; + /** The Messages */ + private Messages messages; + + /** + * Returns the single instance of MOAIDMessageProvider. + * + * @return the single instance of MOAIDMessageProvider + */ + public static MOAIDMessageProvider getInstance() { + if (instance == null) + instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); + return instance; + } + + /** + * Create a MOAIDMessageProvider. + * + * @param resourceNames The names of the resources containing the messages. + * @param locales The corresponding locales. + */ + protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) { + this.messages = new Messages(resourceNames, locales); + } + + /** + * Get the message corresponding to a given message ID. + * + * @param messageId The ID of the message. + * @param parameters The parameters to fill in into the message arguments. + * @return The formatted message. + */ + public String getMessage(String messageId, Object[] parameters) { + return messages.getMessage(messageId, parameters); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java new file mode 100644 index 000000000..3f5fddba2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java @@ -0,0 +1,62 @@ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +/** + * @author rschamberger + * + */ +/** + * A Filter class wich uses the InOrderServletRequestWrapper to provide servlets a more precise + * implementation of the getParameter* family. This implementation cares about the order of the parameters + * from Query String and HTTP POST Body. Use this as Filter class for Servlets which such needs. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class ParameterInOrderFilter implements Filter +{ + + /** + * filterConfig + */ + private FilterConfig filterConfig; + + /** + * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) + */ + public final void init(final FilterConfig config) + { + this.filterConfig = config; + } + + /** + * @see javax.servlet.Filter#destroy() + */ + public final void destroy() + { + }; + + /** + * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, + * javax.servlet.FilterChain) + */ + public final void doFilter(final ServletRequest request, final ServletResponse response, + final FilterChain chain) throws IOException, ServletException + { + InOrderServletRequestWrapper sRequ = new InOrderServletRequestWrapper((HttpServletRequest) request, + filterConfig.getServletContext()); + //parse the Query (and Body) parameters + sRequ.parseParameters((HttpServletRequest) request); + //process the rest of filter chain + chain.doFilter(sRequ, response); + } +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java new file mode 100644 index 000000000..da75b4213 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.util; + +import java.util.Date; + +/** + * Random number generator used to generate ID's + * @author Paul Ivancsics + * @version $Id$ + */ +public class Random { + + /** random number generator used */ + private static java.util.Random random = new java.util.Random(new Date().getTime()); + /** + * Creates a new random number, to be used as an ID. + * + * @return random long as a String + */ + public static String nextRandom() { + return "" + random.nextLong(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java new file mode 100644 index 000000000..9fa0803c4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -0,0 +1,180 @@ +package at.gv.egovernment.moa.id.util; + +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIProfile; +import iaik.pki.jsse.IAIKX509TrustManager; + +import java.io.BufferedInputStream; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.Reader; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.Security; +import java.util.HashMap; +import java.util.Map; + +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; + +import org.apache.regexp.RE; +import org.apache.regexp.RESyntaxException; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl; +import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl; +import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Utility for a obtaining a secure socket factory using IAIKX509TrustManager. + * This TrustManager implementation features CRL checking.
+ * SSLUtils caches secure socket factories for given ConnectionParameters. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SSLUtils { + + /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ + private static Map sslSocketFactories = new HashMap(); + + /** + * Initializes the SSLSocketFactory store. + */ + public static void initialize() { + sslSocketFactories = new HashMap(); + Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + } + + /** + * Creates an SSLSocketFactory which utilizes an + * IAIKX509TrustManager for the given trust store, + * and the given key store. + * + * @param conf configuration provider providing a generic properties pointing + * to trusted CA store and certificate store root + * @param connParam connection parameter containing the client key store settings + * to be used in case of client authentication; + * if connParam.getClientKeyStore() == null, client authentication + * is assumed to be disabled + * @return SSLSocketFactory to be used by an HttpsURLConnection + * @throws IOException thrown while reading key store file + * @throws GeneralSecurityException thrown while creating the socket factory + * @throws ConfigurationException on invalid configuration data + * @throws PKIException while initializing the IAIKX509TrustManager + */ + public static SSLSocketFactory getSSLSocketFactory( + ConfigurationProvider conf, + ConnectionParameter connParam) + throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + + Logger.debug("Get SSLSocketFactory for " + connParam.getUrl()); + // retrieve SSLSocketFactory if already created + SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl()); + if (ssf != null) + return ssf; + // else create new SSLSocketFactory + String trustStoreURL = conf.getTrustedCACertificates(); + if (trustStoreURL == null) + throw new ConfigurationException( + "config.08", new Object[] {"TrustedCACertificates"}); + String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); + TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL); + KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( + "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword()); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(kms, tms, null); + ssf = ctx.getSocketFactory(); + // store SSLSocketFactory + sslSocketFactories.put(connParam.getUrl(), ssf); + return ssf; + } + + /** + * Initializes an IAIKX509TrustManager for a given trust store, + * using configuration data. + * + * @param conf MOA-ID configuration provider + * @param trustStoreURL trust store URL + * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates + * @return TrustManager array containing the IAIKX509TrustManager + * @throws ConfigurationException on invalid configuration data + * @throws IOException on data-reading problems + * @throws PKIException while initializing the IAIKX509TrustManager + */ + public static TrustManager[] getTrustManagers( + ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL) + throws ConfigurationException, PKIException, IOException, GeneralSecurityException { + + PKIConfiguration cfg = null; + if (! PKIFactory.getInstance().isAlreadyConfigured()) + cfg = new PKIConfigurationImpl(conf); + String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); + //not using BoolUtils because default value hast to be true! + boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); + PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); + // This call fixes a bug occuring when PKIConfiguration is + // initialized by the MOA-SP initialization code, in case + // MOA-SP is called by API + MOAIDTrustManager.initializeLoggingContext(); + IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); + tm.init(cfg, profile); + return new TrustManager[] {tm}; + } + /** + * Reads a file, given by URL, into a byte array, + * securing the connection by IAIKX509TrustManager. + * @param connParam containing URL and accepted server certificates + * @param conf ConfigurationProvider for reading + * @return String representation of content + * @throws ConfigurationException on invalid configuration data + * @throws PKIException on invalid configuration data + * @throws IOException on data-reading problems + * @throws GeneralSecurityException on security issues + */ + public static String readHttpsURL(ConfigurationProvider conf, ConnectionParameter connParam) + throws ConfigurationException, PKIException, IOException, GeneralSecurityException { + + URL url = new URL(connParam.getUrl()); + HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); + conn.setRequestMethod("GET"); + conn.setDoInput(true); + SSLSocketFactory sslSocketFactory = getSSLSocketFactory(conf, connParam); + conn.setSSLSocketFactory(sslSocketFactory); + conn.connect(); + String contentType = conn.getContentType(); + RE regExp = null; + try { + regExp = new RE("(;.*charset=)(\"*)(.*[^\"])"); + } catch (RESyntaxException e) { + //RESyntaxException is not possible = expr. is costant + } + boolean charsetSupplied = regExp.match(contentType); + String encoding = "ISO-8859-1"; //default HTTP encoding + if (charsetSupplied) { + encoding = regExp.getParen(3); + } + InputStream instream = new BufferedInputStream(conn.getInputStream()); + InputStreamReader isr = new InputStreamReader(instream, encoding); + Reader in = new BufferedReader(isr); + int ch; + StringBuffer buffer = new StringBuffer(); + while ((ch = in.read()) > -1) { + buffer.append((char)ch); + } + in.close(); + conn.disconnect(); + return buffer.toString(); + } +} -- cgit v1.2.3 From b6ce5c19802ccaec60081091746f64a06dde5a8b Mon Sep 17 00:00:00 2001 From: hbratko Date: Wed, 22 Aug 2007 09:22:12 +0000 Subject: Added field for signature manifest check code. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@921 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/data/VerifyXMLSignatureResponse.java | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index 8233d1478..4f0fe5ac7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -29,6 +29,11 @@ public class VerifyXMLSignatureResponse { private boolean qualifiedCertificate; /** The x509certificate to be stored */ private X509Certificate x509certificate; + /** + * The result of the signature manifest check. The default value -1 + * indicates that the signature manifest has not been checked. + */ + private int signatureManifestCheckCode = -1; /** * Returns the certificateCheckCode. @@ -174,4 +179,22 @@ public class VerifyXMLSignatureResponse { this.publicAuthority = publicAuthority; } + /** + * Returns the the resulting code of the signature manifest check. + * + * @return The code of the sigature manifest check. + */ + public int getSignatureManifestCheckCode() { + return signatureManifestCheckCode; + } + + /** + * Sets the signatureManifestCode. + * + * @param signatureManifestCode The signatureManifestCode to set. + */ + public void setSignatureManifestCheckCode(int signatureManifestCheckCode) { + this.signatureManifestCheckCode = signatureManifestCheckCode; + } + } -- cgit v1.2.3 From 00121a68675e85aa30c38036bc15e118e08b920f Mon Sep 17 00:00:00 2001 From: hbratko Date: Wed, 22 Aug 2007 09:23:33 +0000 Subject: Unmarshal text value from /. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@922 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../parser/VerifyXMLSignatureResponseParser.java | 61 ++++++++++++---------- 1 file changed, 34 insertions(+), 27 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 4c49afb76..995c9aba5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -11,6 +11,7 @@ import at.gv.egovernment.moa.id.*; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.OutputXML2File; import at.gv.egovernment.moa.util.XPathUtils; /** @@ -60,6 +61,9 @@ public class VerifyXMLSignatureResponseParser { /** Xpath expression to the XMLDSIGManifestCheckCode element */ private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; + /** Xpath expression to the SignatureManifestCheckCode element */ + private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code"; /** Xpath expression to the CertificateCheckCode element */ private static final String CERTIFICATE_CHECK_CODE_XPATH = ROOT + MOA + "CertificateCheck/" + MOA + "Code"; @@ -119,34 +123,37 @@ public class VerifyXMLSignatureResponseParser { */ public VerifyXMLSignatureResponse parseData() throws ParseException { - - VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); - + + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + try { - respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); - Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); - respData.setQualifiedCertificate(e!=null); - - Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( - verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); - - respData.setX509certificate(new X509Certificate(in)); - Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH); - respData.setPublicAuthority(publicAuthority != null); - respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); - respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); - - String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); - if (xmlDsigCheckCode!=null) - { - respData.setXmlDSIGManigest(true); - respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); - } - else - respData.setXmlDSIGManigest(false); - respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); - } - catch (Throwable t) { + respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); + Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); + respData.setQualifiedCertificate(e!=null); + + Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( + verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); + + respData.setX509certificate(new X509Certificate(in)); + Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH); + respData.setPublicAuthority(publicAuthority != null); + respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); + respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); + + String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); + if (xmlDsigCheckCode!=null) { + respData.setXmlDSIGManigest(true); + respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); + } else { + respData.setXmlDSIGManigest(false); + } + String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null); + if (signatureManifestCheckCode != null) { + respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue()); + } + respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + } + catch (Throwable t) { throw new ParseException("parser.01", null, t); } return respData; -- cgit v1.2.3 From d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f Mon Sep 17 00:00:00 2001 From: hbratko Date: Wed, 22 Aug 2007 09:27:06 +0000 Subject: Evaluate result from signature manifest check and throw exception if an error code is returned (tranforms within signature do not match expected transforms from profile) - only in the case of AUTHBlock verification. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@923 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/validator/VerifyXMLSignatureResponseValidator.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 1f2ebc37c..d5650b897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -92,9 +92,12 @@ public class VerifyXMLSignatureResponseValidator { } - // TODO See Bug #322 - // Check result of SignatureManifestCheck - + // Check the signature manifest only when verifying the signed AUTHBlock + if (whatToCheck.equals(CHECK_AUTH_BLOCK)) { + if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) { + throw new ValidateException("validator.50", null); + } + } //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not if (identityLinkSignersSubjectDNNames != null) { -- cgit v1.2.3 From 7db9b2bcb7af96c7787843213864de577a5072f7 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 22 Aug 2007 12:50:16 +0000 Subject: Bugfix: in der Klasse "at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService" wurde das "RequestID"-Attribut immer vom -Element anstelle des -Elements genommen. Da das -Element aber kein solches Attribut hat, war das immer der leere String. Deshalb hatte dann im SOAP-Response das "InResponseTo"-Attribut immer den leeren String als Wert (siehe attachte Datei "soapResponseWrong.xml"): Richtig ist: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@926 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java index c41b514c8..0ea858a71 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -86,7 +86,7 @@ public class GetAuthenticationDataService implements Constants { } else { Element samlArtifactElem = (Element)samlArtifactList.item(0); - requestID = samlArtifactElem.getAttribute("RequestID"); + requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); try { AuthenticationData authData = AuthenticationServer.getInstance(). -- cgit v1.2.3 From 90d582de5e84815e72436b728ac7fd12f0a2d657 Mon Sep 17 00:00:00 2001 From: pdanner Date: Mon, 27 Aug 2007 10:18:47 +0000 Subject: changed JavaDoc git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@962 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index c776418ab..95cd65608 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -20,8 +20,7 @@ public interface InfoboxValidator { * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams * Parameters} needed by the validator. * - * @return True if validation succeeds, - * otherwise false. + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} * * @throws ValidateException If an error occurs on validating the * InfoboxReadResponse. -- cgit v1.2.3 From 9ede2ad26816afcd3969a3c7e58c4572f38d0c38 Mon Sep 17 00:00:00 2001 From: pdanner Date: Mon, 27 Aug 2007 12:56:18 +0000 Subject: changed JavaDoc git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@963 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index 4f0fe5ac7..de636b6cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -191,8 +191,8 @@ public class VerifyXMLSignatureResponse { /** * Sets the signatureManifestCode. * - * @param signatureManifestCode The signatureManifestCode to set. - */ + * @param signatureManifestCheckCode The signatureManifestCode to set. + */ public void setSignatureManifestCheckCode(int signatureManifestCheckCode) { this.signatureManifestCheckCode = signatureManifestCheckCode; } -- cgit v1.2.3 From 83f01ddf24d98dbb5df41fb627a14edee2d57df7 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 17 Oct 2007 16:18:44 +0000 Subject: Implemented and integrated party representation and integrated mandates as per default available Now Eclipse projects are available. The Web Tools Platform can be used to run the web applications git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1014 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 435 ++++++++++--- .../moa/id/auth/MOAIDAuthConstants.java | 12 +- .../AuthenticationDataAssertionBuilder.java | 1 + .../moa/id/auth/builder/BPKBuilder.java | 32 +- .../builder/GetVerifyAuthBlockFormBuilder.java | 86 +++ .../builder/InfoboxValidatorParamsBuilder.java | 10 +- .../moa/id/auth/data/AuthenticationSession.java | 199 +++++- .../moa/id/auth/data/InfoboxValidatorParams.java | 8 + .../id/auth/data/InfoboxValidatorParamsImpl.java | 21 + .../auth/servlet/ProcessValidatorInputServlet.java | 175 +++++ .../moa/id/auth/servlet/SelectBKUServlet.java | 10 +- .../auth/servlet/StartAuthenticationServlet.java | 10 +- .../servlet/VerifyAuthenticationBlockServlet.java | 26 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 25 +- .../CreateXMLSignatureResponseValidator.java | 2 +- .../moa/id/auth/validator/InfoboxValidator.java | 52 +- .../auth/validator/parep/ParepInputProcessor.java | 68 ++ .../validator/parep/ParepInputProcessorImpl.java | 298 +++++++++ .../moa/id/auth/validator/parep/ParepUtils.java | 708 +++++++++++++++++++++ .../id/auth/validator/parep/ParepValidator.java | 576 +++++++++++++++++ .../auth/validator/parep/PartyRepresentative.java | 159 +++++ .../parep/client/szrgw/CreateMandateRequest.java | 235 +++++++ .../parep/client/szrgw/CreateMandateResponse.java | 130 ++++ .../parep/client/szrgw/SOAPConstants.java | 23 + .../validator/parep/client/szrgw/SZRGWClient.java | 144 +++++ .../parep/client/szrgw/SZRGWClientException.java | 37 ++ .../parep/client/szrgw/SZRGWConstants.java | 51 ++ .../client/szrgw/SZRGWSecureSocketFactory.java | 94 +++ .../validator/parep/config/ParepConfiguration.java | 411 ++++++++++++ .../moa/id/config/ConfigurationBuilder.java | 8 +- .../moa/id/config/auth/OAAuthParameter.java | 24 + .../gv/egovernment/moa/id/util/ServletUtils.java | 63 ++ 32 files changed, 3972 insertions(+), 161 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5f4ec2d29..75197943f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; import iaik.x509.X509Certificate; +import java.io.File; +import java.io.FileOutputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Calendar; @@ -55,6 +57,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -312,7 +317,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); - session.setTemplateURL(templateURL); + session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); } // BKU URL has not been set yet, even if session already exists @@ -320,6 +325,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { bkuURL = DEFAULT_BKU; } session.setBkuURL(bkuURL); + session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), oaParam.getBusinessService(), @@ -350,6 +356,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { pushInfobox = verifyInfoboxParameters.getPushInfobox(); + session.setPushInfobox(pushInfobox); } String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12()); String certInfoDataURL = @@ -448,6 +455,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); + + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + } + + public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + throws + ConfigurationException, + BuildException, + ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) return "Redirect to Input Processor"; + + if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); + if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). + getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); // session.setAuthBlock(authBlock); @@ -456,7 +480,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((transformsInfos == null) || (transformsInfos.length == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); - } + } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), @@ -464,6 +488,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaParam.getSlVersion12()); return createXMLSignatureRequest; } + /** * Builds an authentication block <saml:Assertion> from given session data. * @param session authentication session @@ -534,8 +559,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { - Vector authAttributes = new Vector(); - Vector oaAttributes = new Vector(); + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes + session.setExtendedSAMLAttributesOA(new Vector()); infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); // get the list of infobox identifiers List identifiers = verifyInfoboxParameters.getIdentifiers(); @@ -563,10 +588,46 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new ValidateException("validator.41", new Object[] {identifier}); } else { String friendlyName = verifyInfoboxParameter.getFriendlyName(); + boolean isParepRequest = false; + + // parse the infobox read reponse + List infoboxTokenList = null; + try { + infoboxTokenList = + ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); + } catch (ParseException e) { + Logger.error("InfoboxReadResponse for \"" + identifier + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ValidateException("validator.43", new Object[] {friendlyName}); + } + // check for party representation in mandates infobox + if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ + session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); + Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); + //ParepUtils.serializeElement(mandate, System.out); + String mandateID = ParepUtils.extractRepresentativeID(mandate); + if (!isEmpty(mandateID) && + ("*".equals(mandateID) || mandateID.startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { + isParepRequest = true; + } + if (!isParepRequest) { + //if mandates validator is disabled we must throw an error in this case + if (!ParepUtils.isValidatorEnabled(verifyInfoboxParameter.getApplicationSpecificParams())) { + throw new ValidateException("validator.60", new Object[] {friendlyName}); + } + } + } + // get the class for validating the infobox InfoboxValidator infoboxValidator = null; try { - Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + Class validatorClass = null; + if (isParepRequest) { + // Mandates infobox in party representation mode + validatorClass = Class.forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); + } else { + validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + } infoboxValidator = (InfoboxValidator) validatorClass.newInstance(); } catch (Exception e) { Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() + @@ -575,20 +636,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() + "\" for \"" + identifier + "\"-infobox."); - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = - ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); - } catch (ParseException e) { - Logger.error("InfoboxReadResponse for \"" + identifier + - "\"-infobox could not be parsed successfully: " + e.getMessage()); - throw new ValidateException("validator.43", new Object[] {friendlyName}); - } // build the parameters for validating the infobox InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( - session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); + session, verifyInfoboxParameter, infoboxTokenList, oaParam); + // now validate the infobox InfoboxValidationResult infoboxValidationResult = null; try { @@ -605,88 +657,137 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.info(identifier + " infobox successfully validated."); + // store the validator for post processing + session.addInfoboxValidator(identifier, friendlyName, infoboxValidator); // get the SAML attributes to be appended to the AUTHBlock or to the final // SAML Assertion - ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes(); - if (extendedSAMLAttributes != null) { - int length = extendedSAMLAttributes.length; - for (int i=0; i<CreateXMLSignatureResponse> sent by the * security layer implementation.
@@ -728,7 +829,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); try { String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); session.setAuthBlock(serializedAssertion); @@ -768,11 +869,103 @@ public class AuthenticationServer implements MOAIDAuthConstants { vsresp, session.getIdentityLink()); + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp.getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + // Exchange person data information by a mandate if needed + List oaAttributes = session.getExtendedSAMLAttributesOA(); + IdentityLink replacementIdentityLink = null; + if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { + // look if we have a mandate + boolean foundMandate = false; + Iterator it = oaAttributes.iterator(); + while (!foundMandate && it.hasNext()) { + ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); + if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { + Object value = samlAttribute.getValue(); + if (value instanceof Element) { + Element mandate = (Element) value; + replacementIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); + ParepUtils.HideStammZahlen(prPerson, true, null, null, true); + } + + } + replacementIdentityLink.setDateOfBirth(dateOfBirth); + replacementIdentityLink.setFamilyName(familyName); + replacementIdentityLink.setGivenName(givenName); + replacementIdentityLink.setIdentificationType(identificationType); + replacementIdentityLink.setIdentificationValue(identificationValue); + replacementIdentityLink.setPrPerson(prPerson); + try { + replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + } else { + Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); + throw new ValidateException("validator.64", null); + } + } + } + } + // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); + AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); storeAuthenticationData(samlArtifact, authData); + // invalidates the authentication session sessionStore.remove(sessionID); Logger.info( @@ -790,10 +983,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) + VerifyXMLSignatureResponse verifyXMLSigResp, + IdentityLink replacementIdentityLink) throws ConfigurationException, BuildException { - IdentityLink identityLink = session.getIdentityLink(); + IdentityLink identityLink; + if (replacementIdentityLink == null) { + identityLink = session.getIdentityLink(); + } else { + // We have got data form a mandate we need now to use to stay compatible with applications + identityLink = replacementIdentityLink; + } + AuthenticationData authData = new AuthenticationData(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( @@ -804,7 +1005,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - authData.setIdentificationType(identityLink.getIdentificationType()); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -817,7 +1017,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (provideStammzahl) { authData.setIdentificationValue(identityLink.getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); try { String signerCertificateBase64 = ""; if (oaParam.getProvideCertifcate()) { @@ -832,12 +1032,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (businessService) { authData.setWBPK(identityLink.getIdentificationValue()); } else { - // only compute bPK if online applcation is a public service - String bpkBase64 = - new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), - session.getTarget()); - authData.setBPK(bpkBase64); + authData.setBPK(identityLink.getIdentificationValue()); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online applcation is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + authData.setBPK(bpkBase64); + } } String ilAssertion = oaParam.getProvideIdentityLink() @@ -858,6 +1060,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { businessService, session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); + + + //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml")); + return authData; } catch (Throwable ex) { throw new BuildException( @@ -1015,5 +1221,42 @@ public class AuthenticationServer implements MOAIDAuthConstants { return param == null || param.length() == 0; } - + /** + * Checks the correctness of SAML attributes and returns its value. + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) + throws ValidateException{ + String name = samlAttribute.getName(); + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is empty."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"}); + } + return value; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 43e88e7b5..4f9235949 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -19,6 +19,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_BKU = "bkuURI"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; /** servlet parameter "returnURI" */ @@ -35,6 +37,8 @@ public interface MOAIDAuthConstants { public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ + public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; /** Logging hierarchy used for controlling debug output of XML structures to files */ @@ -62,14 +66,16 @@ public interface MOAIDAuthConstants { public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; - /** - * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" - */ + /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; /** * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 */ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + /** the number of the certifcate extension for party representatives */ + public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; + /** the number of the certifcate extension for party organ representatives */ + public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 53520c846..11628517e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -126,6 +126,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB pkValue = authData.getWBPK(); } else { + // always has the bPK as type/value pkType = URN_PREFIX_BPK; pkValue = authData.getBPK(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 6cc8c1be8..cc228298b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -42,7 +42,37 @@ public class BPKBuilder { String hashBase64 = Base64Utils.encode(hash); return hashBase64; } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex); + throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex); + } + } + + /** + * Builds the wbPK from the given parameters. + * @param identificationValue Base64 encoded "Stammzahl" + * @param registerAndOrdNr type of register + "+" + number in register. + * @return wbPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildWBPK(String identificationValue, String registerAndOrdNr) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + registerAndOrdNr == null || + registerAndOrdNr.length() == 0)) + { + throw new BuildException("builder.00", + new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java new file mode 100644 index 000000000..c053ee896 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -0,0 +1,86 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; + +import at.gv.egovernment.moa.id.BuildException; + +/** + * Builder for HTML form requesting a security layer request + * + * @author Peter Danner + * @version $Id: GetIdentityLinkFormBuilder.java 769 2007-01-10 15:37:52Z peter.danner $ + */ +public class GetVerifyAuthBlockFormBuilder extends Builder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** special tag in the HTML template to be substituted for the BKU URL */ + private static final String BKU_TAG = ""; + /** special tag in the HTML template to be substituted for the XML request */ + private static final String XMLREQUEST_TAG = ""; + /** special tag in the HTML template to be substituted for the data URL */ + private static final String DATAURL_TAG = ""; + /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */ + private static final String PUSHINFOBOX_TAG = ""; + /** private static int all contains the representation to replace all tags*/ + private static final int ALL = -1; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE = + "" + nl + + " " + nl + + " " + nl + + " Signatur der Anmeldedaten" + nl + + " " + nl + + " " + nl + + " " + nl + + "

" + nl + + " " + nl + + " " + nl + + " " + nl + + " " + nl + + "
" + nl + + " " + nl + + ""; + + /** + * Constructor for GetVerifyAuthBlockFormBuilder. + */ + public GetVerifyAuthBlockFormBuilder() { + super(); + } + /** + * Builds the HTML form, including XML Request and data URL as parameters. + * + * @param htmlTemplate template to be used for the HTML form; + * may be null, in this case a default layout will be produced + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String build( + String htmlTemplate, + String bkuURL, + String xmlRequest, + String dataURL, + String pushInfobox) + throws BuildException + { + String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, GetIdentityLinkFormBuilder.encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + if (null==pushInfobox) pushInfobox=""; + htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL); + return htmlForm; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index 038e549be..e70b64a6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -9,6 +9,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.util.XPathUtils; @@ -30,9 +31,7 @@ public class InfoboxValidatorParamsBuilder { * @param session The actual Authentication session. * @param verifyInfoboxParameter The configuration parameters for the infobox. * @param infoboxTokenList Contains the infobox token to be validated. - * @param hideStammzahl Indicates whether source pins (Stammzahlen) - * should be hidden in any SAML attributes returned by - * an infobox validator. + * @param oaParam The configuration parameters of the online application * * @return Parameters for validating an infobox token. */ @@ -40,7 +39,7 @@ public class InfoboxValidatorParamsBuilder { AuthenticationSession session, VerifyInfoboxParameter verifyInfoboxParameter, List infoboxTokenList, - boolean hideStammzahl) + OAAuthParameter oaParam) { InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); IdentityLink identityLink = session.getIdentityLink(); @@ -54,6 +53,7 @@ public class InfoboxValidatorParamsBuilder { // authentication session parameters infoboxValidatorParams.setBkuURL(session.getBkuURL()); infoboxValidatorParams.setTarget(session.getTarget()); + infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); // parameters from the identity link infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); @@ -75,7 +75,7 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - infoboxValidatorParams.setHideStammzahl(hideStammzahl); + infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); return infoboxValidatorParams; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 90d79a46d..946f0a9c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1,8 +1,13 @@ package at.gv.egovernment.moa.id.auth.data; +import java.util.ArrayList; import java.util.Date; +import java.util.Iterator; import java.util.List; +import java.util.Vector; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -15,6 +20,7 @@ import at.gv.egovernment.moa.util.Constants; public class AuthenticationSession { private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** * session ID @@ -37,14 +43,14 @@ public class AuthenticationSession { * URL of MOA ID authentication component */ private String authURL; - /** - * HTML template URL - */ - private String templateURL; - /** - * URL of the BKU - */ - private String bkuURL; + /** + * HTML template URL + */ + private String templateURL; + /** + * URL of the BKU + */ + private String bkuURL; /** * identity link read from smartcard */ @@ -61,11 +67,11 @@ public class AuthenticationSession { * timestamp logging when identity link has been received */ private Date timestampIdentityLink; - /** - * Indicates whether the corresponding online application is a business - * service or not - */ - private boolean businessService; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; /** * SAML attributes from an extended infobox validation to be appended @@ -90,6 +96,33 @@ public class AuthenticationSession { */ private String issueInstant; + /** + * If infobox validators are needed after signing, they can be stored in + * this list. + */ + private List infoboxValidators; + + /** + * The register and number in the register parameter in case of a business + * service application. + */ + private String domainIdentifier; + + /** + * This string contains all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + */ + private String pushInfobox; + + /** + * AppSpecificConfiguration entry of then mandates infobox-validator. Tells + * whether person data from the representative have to be exchanged by data + * from the mandate + */ + private boolean mandateCompatibilityMode = false; + + + /** * Constructor for AuthenticationSession. * @@ -98,6 +131,7 @@ public class AuthenticationSession { public AuthenticationSession(String id) { sessionID = id; setTimestampStart(); + infoboxValidators = new ArrayList(); } /** @@ -380,4 +414,143 @@ public class AuthenticationSession { this.issueInstant = issueInstant; } + /** + * Returns the iterator to the stored infobox validators. + * @return Iterator + */ + public Iterator getInfoboxValidatorIterator() { + if (infoboxValidators==null) return null; + return infoboxValidators.iterator(); + } + + /** + * Adds an infobox validator class to the stored infobox validators. + * @param infoboxIdentifier the identifier of the infobox the validator belongs to + * @param infoboxFriendlyName the friendly name of the infobox + * @param infoboxValidator the infobox validator to add + */ + public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) { + if (infoboxValidators==null) infoboxValidators = new ArrayList(); + Vector v = new Vector(3); + v.add(infoboxIdentifier); + v.add(infoboxFriendlyName); + v.add(infoboxValidator); + infoboxValidators.add(v); + return infoboxValidators.iterator(); + } + + /** + * Tests for pending input events of the infobox validators. + * @return true if a validator has a form to show + */ + public boolean isValidatorInputPending() { + boolean result = false; + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (!result && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true; + } + } + return result; + } + + /** + * Returns the first pending infobox validator. + * @return the infobox validator class + */ + public InfoboxValidator getFirstPendingValidator() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return infoboxvalidator; + } + } + return null; + } + + /** + * Returns the input form of the first pending infobox validator input processor. + * @return the form to show + */ + public String getFirstValidatorInputForm() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return form; + } + } + return null; + } + + /** + * @return the mandateCompatibilityMode + */ + public boolean isMandateCompatibilityMode() { + return mandateCompatibilityMode; + } + + /** + * @param mandateCompatibilityMode the mandateCompatibilityMode to set + */ + public void setMandateCompatibilityMode(boolean mandateCompatibilityMode) { + this.mandateCompatibilityMode = mandateCompatibilityMode; + } + + /** + * Returns domain identifier (the register and number in the register parameter). + * null in the case of not a business service. + * + * @return the domainIdentifier + */ + public String getDomainIdentifier() { + return domainIdentifier; + } + + /** + * Sets the register and number in the register parameter if the application + * is a business service. + * If the domain identifier includes the registerAndOrdNr prefix, the prefix + * will be stripped off. + * + * @param domainIdentifier the domain identifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) + { + // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix + this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); + } + else + { + this.domainIdentifier = domainIdentifier; + } + } + + /** + * Gets all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + * + * @return the string containing infobox identifiers + */ + public String getPushInfobox() { + if (pushInfobox==null) return ""; + return pushInfobox; + } + + /** + * @param pushInfobox the infobox identifiers to set (comma separated) + */ + public void setPushInfobox(String pushInfobox) { + this.pushInfobox = pushInfobox; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index c7a557290..01b9d9359 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -62,6 +62,14 @@ public interface InfoboxValidatorParams { */ public String getTarget(); + /** + * Returns the register and number in the register parameter. + * null in the case of not a business service. + * + * @return The register and number in the register parameter. + */ + public String getDomainIdentifier(); + /** * Returns true if the application is a business * service, otherwise false. This may be useful diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 80ba5995f..3747fa93b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -48,6 +48,11 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { */ protected String target_; + /** + * The domain identifier (register and number in the register parameter). + */ + protected String domainIdentifier_; + /** * The family name from the identity link. */ @@ -134,6 +139,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { return target_; } + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDomainIdentifier() + */ + public String getDomainIdentifier() { + return domainIdentifier_; + } + /** * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication() */ @@ -324,6 +336,15 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { public void setTarget(String target) { target_ = target; } + + /** + * Sets the domain identifier (register and number in the register parameter) + * + * @param domainIdentifier the domainIdentifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + this.domainIdentifier_ = domainIdentifier; + } /** * Sets the ID of the trust profile used for validating certificates. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java new file mode 100644 index 000000000..df480b624 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -0,0 +1,175 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileUploadException; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; + +/** + * Servlet requested for processing user input forms of infobox validators + * + * Utilizes the {@link AuthenticationServer}. + * + * @author Peter Danner + * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $ + */ +public class ProcessValidatorInputServlet extends AuthServlet { + + public static final long serialVersionUID = 1; + + /** + * Constructor for VerifyIdentityLinkServlet. + */ + public ProcessValidatorInputServlet() { + super(); + } + + /** + * Shows the user input forms of infobox validators + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET ProcessInput"); + Map parameters; + try { + parameters = getParameters(req); + } catch (FileUploadException e) { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + InfoboxValidator infoboxvalidator = session.getFirstPendingValidator(); + String outputStream; + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + if (infoboxvalidator!=null) { + outputStream = infoboxvalidator.getForm(); + // replace strings the validators can not know + outputStream = ParepUtils.replaceAll(outputStream, "", session.getAuthURL()); + outputStream = ParepUtils.replaceAll(outputStream, "", sessionID); + outputStream = ParepUtils.replaceAll(outputStream, "", session.getBkuURL()); + outputStream = ParepUtils.replaceAll(outputStream, "", dataURL); + outputStream = ParepUtils.replaceAll(outputStream, "", session.getPushInfobox()); + } else { + throw new ValidateException("validator.65", null); + } + //resp.setStatus(200); + resp.setContentType("text/html;charset=UTF-8"); + OutputStream out = resp.getOutputStream(); + out.write(outputStream.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished GET ProcessInput"); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + + /** + * Verifies the user input forms of infobox validators + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST ProcessInput"); + Map parameters; + try { + parameters = getParameters(req); + } catch (FileUploadException e) { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + AuthenticationServer.processInput(session, parameters); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); + if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { + // Now sign the AUTH Block + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + + // Test if we have a user input form sign template + String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); + String inputProcessorSignTemplate = null; + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); + // override template url by url from configuration file + if (oaParam.getInputProcessorSignTemplateURL() != null) { + inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); + } + if (inputProcessorSignTemplateURL != null) { + try { + inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { inputProcessorSignTemplateURL, ex.toString()}, + ex); + } + } + + + + String htmlForm = new GetVerifyAuthBlockFormBuilder().build( + inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); + + resp.setContentType("text/html;charset=UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(htmlForm.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST ProcessInput"); + } else { + String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 4dc69c70b..6e2a932d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -54,11 +54,11 @@ public class SelectBKUServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET SelectBKU"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 6098f5138..9f0cf6606 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -41,11 +41,11 @@ public class StartAuthenticationServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET StartAuthentication"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 6ec4a247d..b81107ff2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,8 +1,9 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Iterator; import java.util.Map; +import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -12,8 +13,13 @@ import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for verifying the signed authentication block @@ -80,17 +86,21 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - + String redirectURL = null; try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - String redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 2134c1444..b9d8f8c75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,22 +1,18 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.OutputStream; -import java.util.Enumeration; import java.util.Map; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -79,25 +75,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); - try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - String createXMLSignatureRequest = - AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); - resp.setStatus(307); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - resp.addHeader("Location", dataURL); - - //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); - - OutputStream out = resp.getOutputStream(); - out.write(createXMLSignatureRequest.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST VerifyIdentityLink"); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e6c9f4bee..e0fd67d64 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -66,7 +66,7 @@ public class CreateXMLSignatureResponseValidator { IdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); - String issuer = samlAssertion.getAttribute("Issuer"); + String issuer = samlAssertion.getAttribute("Issuer"); if (issuer == null) { // should not happen, because parser would dedect this throw new ValidateException("validator.32", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index 95cd65608..74e61e076 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,5 +1,9 @@ package at.gv.egovernment.moa.id.auth.validator; +import java.util.Map; + +import org.w3c.dom.Element; + import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -18,7 +22,7 @@ public interface InfoboxValidator { * application. * * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams - * Parameters} needed by the validator. + * Parameters} needed by the validator. * * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} * @@ -28,4 +32,50 @@ public interface InfoboxValidator { public InfoboxValidationResult validate (InfoboxValidatorParams params) throws ValidateException; + /** + * This method is used to do intermediate processing before signing the auth block. + * If a infobox validator threw a form to gather user input, this method is used + * to validate this input. In no further input is needed the form must be empty to + * proceed, and also a valid InfoboxValidationResult is necessary. + * If more input is needed, the validator can build a new form and it is then shown + * to the citizen. + * The implementation of InfoboxValidator must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param parameters the parameters got returned by the input fields + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Map parameters) + throws ValidateException; + + /** + * This method is used to do post processing after signing the auth block. + * The method validates the content of the infoboxReadResponsesamlAssertion if needed. + * The implementation of InfoboxValidator must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param samlAssertion the SAML assertion needed by the validator + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Element samlAssertion) + throws ValidateException; + + /** + * form for user interaction for intermediate processing of infobox validation + * + * @return answer form of the servlet request. + */ + public String getForm(); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java new file mode 100644 index 000000000..58c28161f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.util.Map; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; + +/** + * Input processor for infobox validators. + */ +public interface ParepInputProcessor { + + /** + * Initialize user input processing. This function must initialize the + * processor to remember its state. Fixed values for the current authentication + * session are set here. + * + * @param representationID The id of the provided standardized mandate + * @param parepConfiguration The configuration of the party representation validator + * @param rpFamilyName The family name of the representative + * @param rpGivenName + * @param rpDateOfBirth + * @param request CreateMandateRequest containing the representative and the mandator + */ + + public void initialize( + String representationID, ParepConfiguration parepConfiguration, + String rpFamilyName, String rpGivenName, String rpDateOfBirth, + CreateMandateRequest request); + + /** + * Starting point of user input processing. This function must initialize the + * processor and remember its state. + * + * @param physical Is person a physical person selected + * @param familyName The family name of the mandator + * @param givenName + * @param dateOfBirth + * @param streetName The address of the physical person + * @param buildingNumber + * @param unit + * @param postalCode + * @param municipality + * @param cbFullName + * @param cbIdentificationType + * @param cbIdentificationValue + * @return The initial user input form + */ + public String start( + boolean physical, String familyName, String givenName, String dateOfBirth, + String streetName, String buildingNumber, String unit, String postalCode, String municipality, + String cbFullName, String cbIdentificationType, String cbIdentificationValue); + + /** + * Validation after the user submitted form + * + * @param parameters Returned input field values + * @param extErrortext Error text from SZR-gateway to throw error page or form to correct user input data + * @return User input form if needed, or empty form if everything is ok with the user input. Returns null on error. + */ + public String validate(Map parameters, String extErrortext); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java new file mode 100644 index 000000000..aff5d8a7a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -0,0 +1,298 @@ +/** + * + */ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Map; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Implements the standard party representation infobox validator input processor + * + * @author Peter Danner + * + */ +public class ParepInputProcessorImpl implements ParepInputProcessor{ + + /** the requested representation ID (currently * or OID) */ + private String representationID; + + /** contains the configuration of the owning validator */ + private ParepConfiguration parepConfiguration; + + /** Family name of the representative */ + private String rpFamilyName; + + /** Given name of the representative */ + private String rpGivenName; + + /** The representatives date of birth */ + private String rpDateOfBirth; + + /** The current CreateMandateRequest to the SZR-gateway */ + private CreateMandateRequest request; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#initialize(String, ParepConfiguration, String, String, String, CreateMandateRequest) + */ + public void initialize( + String representationID, ParepConfiguration parepConfiguration, + String rpFamilyName, String rpGivenName, String rpDateOfBirth, + CreateMandateRequest request) + { + // Initialization + this.representationID = representationID; + this.parepConfiguration = parepConfiguration; + this.rpFamilyName = rpFamilyName; + this.rpGivenName = rpGivenName; + this.rpDateOfBirth = rpDateOfBirth; + this.request = request; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String) + */ + public String start( + boolean physical, String familyName, String givenName, String dateOfBirth, + String streetName, String buildingNumber, String unit, String postalCode, String municipality, + String cbFullName, String cbIdentificationType, String cbIdentificationValue) + { + // Load the form + String form = loadForm( + physical, familyName, givenName, dateOfBirth, + streetName, buildingNumber, unit, postalCode, municipality, + cbFullName, cbIdentificationType, cbIdentificationValue, ""); + try { + request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, + cbIdentificationType, cbIdentificationValue); + } catch (SZRGWClientException e) { + //e.printStackTrace(); + Logger.info(e); + return null; + } + return form; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String) + */ + public String validate(Map parameters, String extErrortext) + { + + // Process the gotten parameters + String form = null; + boolean formNecessary = false; + if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true; + String locErrortext = "Folgende Parameter fehlen: "; + + String familyName = (String) parameters.get("familyname"); + if (null == familyName) familyName =""; + String givenName = (String) parameters.get("givenname"); + if (null == givenName) givenName =""; + boolean physical = "true".equals(parameters.get("physical")); + String dobday = (String) parameters.get("dobday"); + if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday=""; + String dobmonth = (String) parameters.get("dobmonth"); + if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth=""; + String dobyear = (String) parameters.get("dobyear"); + if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear=""; + String dateOfBirth = ""; + dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear); + dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth); + dobday = (" ".substring(0, 2-dobday.length()) + dobday); + dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday; + String cbFullName = (String) parameters.get("fullname"); + if (null == cbFullName) cbFullName =""; + String cbIdentificationType = (String) parameters.get("cbidentificationtype"); + if (null == cbIdentificationType) cbIdentificationType =""; + String cbIdentificationValue = (String) parameters.get("cbidentificationvalue"); + if (null == cbIdentificationValue) cbIdentificationValue =""; + String postalCode = (String) parameters.get("postalcode"); + if (null == postalCode) postalCode =""; + String municipality = (String) parameters.get("municipality"); + if (null == municipality) municipality =""; + String streetName = (String) parameters.get("streetname"); + if (null == streetName) streetName =""; + String buildingNumber = (String) parameters.get("buildingnumber"); + if (null == buildingNumber) buildingNumber =""; + String unit = (String) parameters.get("unit"); + if (null == unit) unit =""; + + if (physical) { + if (ParepUtils.isEmpty(familyName)) { + formNecessary = true; + locErrortext = locErrortext + "Familienname"; + } + if (ParepUtils.isEmpty(givenName)) { + formNecessary = true; + if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "Vorname"; + } + // Auf existierendes Datum prüfen + SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd"); + format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen + try { + format.parse(dateOfBirth); + } + catch(ParseException pe) + { + formNecessary = true; + if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "korrektes Geburtsdatum"; + } + } else { + if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { + formNecessary = true; + if (ParepUtils.isEmpty(cbFullName)) { + locErrortext = locErrortext + "Name der Organisation"; + } + if (ParepUtils.isEmpty(cbIdentificationType)) { + if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "Auswahl des Registers"; + } + if (ParepUtils.isEmpty(cbIdentificationValue)) { + if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register"; + } + } + } + try { + request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, + cbIdentificationType, cbIdentificationValue); + if (formNecessary) { + // Daten noch nicht vollständig oder anderer Fehler + if (locErrortext.endsWith("fehlen: ")) locErrortext =""; + String error = ""; + if (!ParepUtils.isEmpty(extErrortext)) { + error = extErrortext; + if (!ParepUtils.isEmpty(locErrortext)) error = error + "; "; + } + if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext; + if (!ParepUtils.isEmpty(error)) { + error = "
\"  " + error + "
"; + } + form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error); + if (form == null) { + return null; + } + } else { + return ""; // everything is ok + } + } catch (Exception e) { + //e.printStackTrace(); + Logger.info(e); + return null; + } + return form; + } + + /** + * Loads the empty user input form and replaces tag occurences with given variables + * + * @param physical + * @param familyName + * @param givenName + * @param dateOfBirth + * @param streetName + * @param buildingNumber + * @param unit + * @param postalCode + * @param municipality + * @param cbFullName + * @param cbIdentificationType + * @param cbIdentificationValue + * @param errorText + * @return + */ + private String loadForm( + boolean physical, String familyName, String givenName, String dateOfBirth, + String streetName, String buildingNumber, String unit, String postalCode, String municipality, + String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText) + { + String form = ""; + try { + String fileName = parepConfiguration.getInputProcessorTemplate(representationID); + InputStream instream = null; + File file = new File(fileName); + if (file.exists()) { + //if this resolves to a file, load it + instream = new FileInputStream(fileName); + } else { + fileName = parepConfiguration.getFullDirectoryName(fileName); + file = new File(fileName); + if (file.exists()) { + //if this resolves to a file, load it + instream = new FileInputStream(fileName); + } else { + //else load a named resource in our classloader. + instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID)); + if (instream == null) { + Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt"); + return null; + } + } + } + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.dumpInputOutputStream(instream, bos); + form = bos.toString("UTF-8"); + } catch(Exception e) { + Logger.error("Fehler beim Einlesen des Input-Templates.", e); + } + + if (!ParepUtils.isEmpty(form)) { + boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID); + boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID); + boolean reducedSelection = (!physEnabled || !cbEnabled); + if (reducedSelection) { + physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar + } + if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT"; + form = ParepUtils.replaceAll(form, "", rpGivenName); + form = ParepUtils.replaceAll(form, "", rpFamilyName); + form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(0,4)); + form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(5,7)); + form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(8,10)); + //darf zw. phys. und jur. Person gewählt werden: + //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : ""); + form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\""); + form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : ""); + form = ParepUtils.replaceAll(form, "", givenName); + form = ParepUtils.replaceAll(form, "", familyName); + form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(0,4).trim()); + form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(5,7).trim()); + form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(8,10).trim()); + form = ParepUtils.replaceAll(form, "", streetName); + form = ParepUtils.replaceAll(form, "", buildingNumber); + form = ParepUtils.replaceAll(form, "", unit); + form = ParepUtils.replaceAll(form, "", postalCode); + form = ParepUtils.replaceAll(form, "", municipality); + form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\""); + form = ParepUtils.replaceAll(form, "", cbFullName); + form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\""); + form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\""); + form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : ""); + form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : ""); + form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : ""); + form = ParepUtils.replaceAll(form, "", cbIdentificationValue); + form = ParepUtils.replaceAll(form, "", errorText); + } + return form; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java new file mode 100644 index 000000000..aed635502 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -0,0 +1,708 @@ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.OutputStreamWriter; + +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.xml.serialize.OutputFormat; +import org.apache.xml.serialize.XMLSerializer; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class implements a set of utility methods. + * + * @author Peter Danner + */ +public class ParepUtils { + + /** + * Determines whether a string is null or empty + * + * @param str the string to check. + * @return true if the string is null or empty, + * false otherwise. + */ + public static boolean isEmpty(String str) { + return str == null || "".equals(str); + } + + /** + * Reads a XML document from an input stream (namespace-aware). + * + * @param is + * the input stream to read from. + * @return the read XML document. + * @throws SZRGWClientException + * if an error occurs reading the document from the input stream. + */ + public static Document readDocFromIs(InputStream is) throws SZRGWClientException { + try { + DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); + f.setNamespaceAware(true); + return f.newDocumentBuilder().parse(is); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /* + * + */ + public static String extractRepresentativeID(Element mandate) throws ValidateException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode); + if (resultNode != null) { + return resultNode.getTextContent(); + } + return null; + } catch (Exception e) { + throw new ValidateException("validator.62", null); + } + } + + // TODO: remove unreferenced + + /** + * Dumps all bytes from an input stream to the given output stream. + * + * @param is + * the input stream to dump from. + * @param os + * the output stream to dump to. + * @throws IOException + * if an error occurs while dumping. + */ + public static void dumpInputOutputStream(InputStream is, OutputStream os) throws IOException { + if (is == null) { + return; + } + int ch; + while ((ch = is.read()) != -1) { + os.write(ch); + } + } + + /** + * Gets a string that represents the date a mandate was issued. + * + * @param mandate + * the mandate to extract the issuing date from. + * @return the issuing date of the given mandate. + * @throws SZRGWClientException + * if an exception occurs extracting the issuing date of the + * mandate. + */ + public static String getMandateIssuedDate(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + + Node dateNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Date/text()", nameSpaceNode); + + if (dateNode == null) { + throw new Exception("Date in Mandate-Issued not found."); + } + return dateNode.getNodeValue(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Gets a string that represents the place a mandate was issued. + * + * @param mandate + * the mandate to extract the issuing place from. + * @return the issuing place of the given mandate. + * @throws SZRGWClientException + * if an exception occurs extracting the issuing place of the + * mandate. + */ + public static String getMandateIssuedPlace(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + + Node placeNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Place/text()", nameSpaceNode); + + if (placeNode == null) { + throw new Exception("Place in Mandate-Issued not found."); + } + return placeNode.getNodeValue(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Extracts the textual description of the mandate. + * + * @param mandate + * the mandate to extract the textual description from. + * @return the textual description of the mandate. + * @throws SZRGWClientException + * if an exception occurs extracting the textual description. + */ + public static String getMandateContent(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + + Node contentNode = XPathAPI.selectSingleNode(mandate, "//md:SimpleMandateContent/md:TextualDescription/text()", nameSpaceNode); + + if (contentNode == null) { + throw new Exception("Content in Mandate not found."); + } + return contentNode.getNodeValue(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Extracts the md:Mandator element from a XML mandate element. + * + * @param mandate + * the md:Mandate element to extract the md:Mandator from. + * @return the md:Mandator element. + * @throws SZRGWClientException + * if an error occurs extracting the md:Mandator element. + */ + public static Element extractMandator(Element mandate) throws ParseException { + try { + + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR, nameSpaceNode); + if (mandator == null) { + // if we got the Mandator itself + if (mandate.getLocalName().equals(SZRGWConstants.MANDATOR)) return mandate; + } + if (mandator == null) + return null; + String nsPrefix = mandator.getPrefix(); + String nsUri = mandator.getNamespaceURI(); + Element mandatorClone = (Element) mandator.cloneNode(true); + mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri); + return mandatorClone; + } catch (Exception e) { + throw new ParseException(e.toString(), null); + } + } + + /** + * Tells wether a mandator is a physical person or not. + * + * @param mandator + * the XML md:Mandator element to extract from. + * @return true if the mandator is a physical person, false otherwise. + */ + public static boolean isPhysicalPerson(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + // check if physical person + Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator, + // "descendant-or-self::pr:CorporateBody", nameSpaceNode); + return physicalPerson != null; + } catch (Exception e) { + e.printStackTrace(); + return false; + } + } + + /** + * Extracts the pr:PhysicalPerson or pr:CorporateBody + * element from a XML mandate element. + * + * @param mandate + * the md:Mandate element to extract the person from. + * @return the pr:PhysicalPerson or pr:CorporateBody element. + * @throws ParseException + * if an error occurs extracting the element. + */ + public static Element extractPersonOfMandate(Element mandate) throws ParseException { + try { + + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:PhysicalPerson", nameSpaceNode); + if (person == null) { + person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:CorporateBody", nameSpaceNode); + } + if (person == null) return null; + String nsPrefix = person.getPrefix(); + String nsUri = person.getNamespaceURI(); + Element personClone = (Element) person.cloneNode(true); + personClone.setAttribute("xmlns:" + nsPrefix, nsUri); + return personClone; + } catch (Exception e) { + //e.printStackTrace(); + throw new ParseException(e.toString(), null); + } + } + + /** + * Benerates the pr:Person element form a + * pr:PhysicalPerson or pr:CorporateBody + * element of a XML mandate element. + * + * @param mandate + * the md:Mandate element to extract the person from. + * @return the pr:Person element. + * @throws ParseException + * if an error occurs extracting the element. + */ + public static Element extractPrPersonOfMandate(Element mandate) throws ParseException { + + try { + Document document = ParepUtils.createEmptyDocument(); + Element root = document.createElement(SZRGWConstants.PD_PREFIX + SZRGWConstants.PERSON); + root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + root.setAttribute("xmlns:" + Constants.XSI_PREFIX, Constants.XSI_NS_URI); + + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON, nameSpaceNode); + if (person == null) { + person = (Element) XPathAPI.selectSingleNode(mandate, "//" + + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY, nameSpaceNode); + } + if (person != null) { + root.setAttribute(Constants.XSI_PREFIX + ":type", SZRGWConstants.PD_PREFIX + person.getLocalName()); + if (person != null) { + NodeList nl = person.getChildNodes(); + for (int i = 0; i < nl.getLength(); i++) { + Node testNode = nl.item(i); + if (Node.ELEMENT_NODE == testNode.getNodeType()) { + root.appendChild(document.importNode(testNode, true)); + } + } + } + } + + return root; + } catch (Exception e) { + //e.printStackTrace(); + throw new ParseException(e.toString(), null); + } + } + + /** + * Extracts the name of the mandator as a string representation. + * + * @param mandator + * the XML md:Mandator element to extract from. + * @return the mandator name as a string. + */ + public static String extractMandatorName(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + // first check if physical person + Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode); + if (name != null) { + String givenName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()", nameSpaceNode).getNodeValue(); + String familyName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()", nameSpaceNode).getNodeValue(); + + return givenName + " " + familyName; + } + + // check if corporate body + Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:FullName/text()", nameSpaceNode); + if (fullName != null) { + return fullName.getNodeValue(); + } + return ""; + } catch (Exception e) { + //e.printStackTrace(); + return ""; + } + } + + /** + * Extracts specific text of an element of a given md:Mandator element. + * + * @param mandator + * the XML md:Mandator to extract from. + * @return the resulting text of the mandator element. + */ + public static String extractText(Element mandator, String xpath) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node textNode = XPathAPI.selectSingleNode(mandator, xpath, nameSpaceNode); + if (textNode == null) + return null; + return textNode.getNodeValue(); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + /** + * Extracts the date of birth of the mandator of a given md:Mandator element. + * + * @param mandator + * the XML md:Mandator to extract from. + * @return the dob of the mandator. + */ + public static String extractMandatorDateOfBirth(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node dobName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:DateOfBirth/text()", nameSpaceNode); + if (dobName == null) + return null; + return dobName.getNodeValue(); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + /** + * Extracts the full name of the mandators corporate body of a given + * md:Mandator element. + * + * @param mandator + * the XML md:Mandator to extract from. + * @return the full name of the mandator. + */ + public static String extractMandatorFullName(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:CorporateBody/pr:FullName/text()", nameSpaceNode); + if (fullName == null) + return null; + return fullName.getNodeValue(); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + /** + * Extracts the identification value of the mandator of a given mandate. + * + * @param mandator + * the XML md:Mandator element. + * @return the identification value. + */ + public static String extractMandatorWbpk(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node idValue = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode); + if (idValue != null) { + return idValue.getNodeValue(); + } + return ""; + } catch (Exception e) { + e.printStackTrace(); + return ""; + } + } + + /** + * Extracts the identification type of the mandator of a given mandate. + * + * @param mandator + * the XML md:Mandator element. + * @return the identification type. + */ + public static String extractMandatorIdentificationType(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node idType = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode); + if (idType != null) { + return idType.getNodeValue(); + } + return ""; + } catch (Exception e) { + e.printStackTrace(); + return ""; + } + } + + /* + * + */ + public static String getIdentification(Element personElement, String element) throws ParseException { + try { + + Element nameSpaceNode = personElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + return XPathAPI.selectSingleNode(personElement, "descendant-or-self::pr:Identification/pr:" + element + "/text()", nameSpaceNode) + .getNodeValue(); + } catch (Exception e) { + throw new ParseException(e.toString(), null); + } + } + + /* + * + */ + private static Element extractRepresentative(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode); + String nsPrefix = mandator.getPrefix(); + String nsUri = mandator.getNamespaceURI(); + + Element mandatorClone = (Element) mandator.cloneNode(true); + mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri); + + return mandatorClone; + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Serializes a XML element to a given output stream. + * + * @param element + * the XML element to serialize. + * @param out + * the output streamt o serialize to. + * @throws IOException + * if an I/O error occurs during serialization. + */ + public static void serializeElement(Element element, OutputStream out) throws IOException { + OutputFormat format = new OutputFormat(); + format.setOmitXMLDeclaration(true); + format.setEncoding("UTF-8"); + format.setPreserveSpace(true); + XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format); + serializer.serialize(element); + } + + public static void serializeElementAsDocument(Element element, OutputStream out) throws IOException { + OutputFormat format = new OutputFormat(); + format.setOmitXMLDeclaration(false); + format.setEncoding("UTF-8"); + format.setPreserveSpace(true); + XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format); + serializer.serialize(element); + } + + public static void serializeElementWithoutEncoding(Element element, OutputStream out) throws IOException { + OutputFormat format = new OutputFormat(); + format.setOmitXMLDeclaration(true); + format.setEncoding("UTF-8"); + format.setPreserveSpace(true); + XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out), format); + serializer.serialize(element); + } + + public static void saveStringToFile(String str, File file) throws IOException { + FileOutputStream fos = new FileOutputStream(file); + fos.write(str.getBytes()); + fos.flush(); + fos.close(); + } + + public static void saveBytesToFile(byte[] str, File file) throws IOException { + FileOutputStream fos = new FileOutputStream(file); + fos.write(str); + fos.flush(); + fos.close(); + } + + public static void saveElementToFile(Element elem, File file) throws IOException { + FileOutputStream fos = new FileOutputStream(file); + serializeElementWithoutEncoding(elem, fos); + fos.flush(); + fos.close(); + } + + /** + * Creates an empty XML document. + * + * @return a newly created empty XML document. + * @throws SZRGWClientException + * if an error occurs creating the empty document. + */ + public static Document createEmptyDocument() throws SZRGWClientException { + try { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + return factory.newDocumentBuilder().newDocument(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + + /** + * Tells if the Validator of an Infobox is enabled. If the corresponding application + * specific configuration element EnableInfoboxValidator is missing, a default value true is assumed + * + * @param applicationSpecificParams + * the XML element of the infobox configuration. + * @return the boolean value of the determination. + * @throws ConfigurationException + * if an error occurs reading the configuration. + */ + public static boolean isValidatorEnabled(Element applicationSpecificParams) throws ConfigurationException { + try { + Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + + //ParepUtils.serializeElement(applicationSpecificParams, System.out); + Node validatorEnabledNode = XPathAPI.selectSingleNode(applicationSpecificParams, Constants.MOA_ID_CONFIG_PREFIX + + ":EnableInfoboxValidator/text()", nameSpaceNode); + if (validatorEnabledNode != null) { + return BoolUtils.valueOf(validatorEnabledNode.getNodeValue()); + } + return true; + } catch (Exception e) { + // e.printStackTrace(); + throw new ConfigurationException("config.02", null); + } + } + + /** + * Delivers a String with the description of the register which is described + * through the identification Type of a corporate body of the persondata schema + * + * @param identificationType + * the identification type. + * @return the register description. + */ + public static String getRegisterString(String identificationType) { + String corporateBase = Constants.URN_PREFIX_BASEID + "+"; + if (ParepUtils.isEmpty(identificationType) || !identificationType.startsWith(corporateBase)) return null; + String register = identificationType.substring(corporateBase.length()); + if (ParepUtils.isEmpty(register)) return null; + if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer"; + if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister"; + if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene"; + return null; + } + + /** + * Hides Stammzahlen in the given element + * + * @param hideElement The element where Stammzahlen should be replaced. + * @param businessApplication For decision whether to calc a bPK or wbPK. + * @param target Target for calculating a bPK. + * @param registerID Necessary string for calculating a wbPK (example FN+4096i). + * @param blank Switch for behaviour. + * true if Stammzahlen are blinded. All occurences will be replaced by empty strings. + * false calculates (w)bPKs and changes also the pr:Identifivation/pr:Type elements. + * @return The element where Stammzahlen are hidden. + */ + public static Element HideStammZahlen(Element hideElement, boolean businessApplication, String target, String registerID, boolean blank) + throws BuildException { + try { + if (hideElement != null) { + Element nameSpaceNode = hideElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + NodeList identifications = XPathAPI.selectNodeList(hideElement, "descendant-or-self::pr:Identification", nameSpaceNode); + for (int i = 0; i < identifications.getLength(); i++) { + Element identificationElement = (Element) identifications.item(i); + Node idTypeNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode); + if (idTypeNode != null && Constants.URN_PREFIX_BASEID.equals(idTypeNode.getNodeValue())) { + Node idValueNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode); + if (idValueNode == null || ParepUtils.isEmpty(idValueNode.getNodeValue())) { + Logger.error("HideStammZahlen: Problem beim Parsen des erhaltenen Elements - Value Element(-Inhalt) von pr:Identification nicht vorhanden."); + throw new BuildException("builder.02", null); + } + if (blank) { + idValueNode.setNodeValue(""); + } else { + String idValue = idValueNode.getNodeValue(); + if (businessApplication) { + // wbPK berechnen + idTypeNode.setNodeValue(Constants.URN_PREFIX_WBPK + "+" + registerID); + String bpkBase64 = new BPKBuilder().buildWBPK(idValueNode.getNodeValue(), registerID); + idValueNode.setNodeValue(bpkBase64); + + } else { + // bPK berechnen + idTypeNode.setNodeValue(Constants.URN_PREFIX_BPK); + String bpkBase64 = new BPKBuilder().buildBPK(idValueNode.getNodeValue(), target); + idValueNode.setNodeValue(bpkBase64); + } + } + } + } + } + } catch (Exception e) { + throw new BuildException("builder.02", null); + } + return hideElement; + } + + /** + * Replaces each substring of string s that matches the given + * search string by the given replace string. + * + * @param s The string where the replacement should take place. + * @param search The pattern that should be replaced. + * @param replace The string that should replace all each search + * string within s. + * @return A string where all occurrence of search are + * replaced with replace. + */ + public static String replaceAll (String s, String search, String replace) { + if (replace==null) replace = ""; + return StringUtils.replaceAll(s, search, replace); + } + + +// public static void main(String[] args) throws Exception { +// Document mandate = readDocFromIs(new FileInputStream("c:/Doku/work/Organwalter/schemas/Vertretung_OW_Max_Mustermann.xml")); +// Document mandate = readDocFromIs(new FileInputStream("c:/mandator.xml")); +// Document mandate = readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1.xml")); +// Element mandatorElement = extractMandator(mandate.getDocumentElement()); +// System.out.println(extractMandatorName(mandatorElement)); +// System.out.println(extractMandatorDateOfBirth(mandatorElement)); +// System.out.println(extractMandatorWbpk(mandatorElement)); +// //serializeElement(mandatorElement, System.out); +// serializeElement((extractPrPersonOfMandate(mandate.getDocumentElement())), System.out); +// } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java new file mode 100644 index 000000000..acd193a68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -0,0 +1,576 @@ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.io.File; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Vector; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; +import at.gv.egovernment.moa.id.auth.data.InfoboxToken; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * This class implements a MOA-ID Infobox Validator for validating + * a standardized XML mandate using the SZR-gateway. + * + * @author Peter Danner + */ +public class ParepValidator implements InfoboxValidator { + + /** activates debug settings */ + private boolean PAREP_DEBUG = false; + + /** contains the parameters the validator initially was called with */ + private InfoboxValidatorParams params = null; + + /** contains the configuration of the validator */ + private ParepConfiguration parepConfiguration = null; + + /** the requested representation ID (currently * or OID) */ + private String representationID = null; + + /** holds the information of the SZR-request */ + private CreateMandateRequest request = null; + + /** List of extended SAML attributes. */ + private Vector extendedSamlAttributes = new Vector(); + + /** the class which processes the user input */ + private ParepInputProcessor inputProcessor = null; + + /** The form if user input is necessary */ + private String form = null; + + /** unspecified error of parep-validator (must not know more about)*/ + private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufliche Parteienvetretung aufgetreten"; + + /** Default class to gather remaining mandator data. */ + public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; + + /** Default template to gather remaining mandator data. */ + public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; + + /** kind of representation text in AUTH block*/ + public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter"; + + /** Names of the produced SAML-attributes. */ + public final static String EXT_SAML_MANDATE_RAW = "Vollmacht"; + public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName"; + public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum"; + public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt"; + + /** register and register number for non physical persons - the domain identifier for business applications*/ + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer"; + + /** + * Parses the XML configuration element and creates the validators configuration + * Use this function if you want to preconfigure the validator. + * + * @param configElem + * the XML configuration element to parse. + * @throws ConfigurationException + * if an error occurs during the configuration process + */ + public void Configure(Element configElem) throws ConfigurationException { + if (this.parepConfiguration == null) { + Logger.debug("Lade Konfiguration."); + parepConfiguration = new ParepConfiguration(configElem); + Logger.debug("Konfiguration erfolgreich geladen."); + } + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams) + */ + public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException { + + InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); + + try { + Logger.debug("Starte Organwalter-/berufliche Parteienvertreterprüfung."); + this.params = params; + + Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); + // ParepUtils.serializeElement(mandate, System.out); + this.representationID = ParepUtils.extractRepresentativeID(mandate); + if (ParepUtils.isEmpty(representationID)) { + validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht"); + return validationResult; + } + + // Überprüfen der Identifikation (Type/Value). + String identificationType = this.params.getIdentificationType(); + String identificationValue = this.params.getIdentificationValue(); + if (this.params.getBusinessApplication()) { + if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { + validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen."); + return validationResult; + + } else { + Logger.debug("Parteienvertreter wird mit wbPK identifiziert"); + } + } else { + if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { + //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt + if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { + Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein."); + validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); + return validationResult; + } else { + Logger.debug("Organwalter wird mit Stammzahl identifiziert"); + } + } else { + if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { + // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist + identificationType = Constants.URN_PREFIX_CDID; + String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget()); + identificationValue = bpkBase64; + Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); + } else { + Logger.debug("Parteienvertreter wird mit bPK identifiziert"); + } + } + } + + Configure(this.params.getApplicationSpecificParams()); + // check if we have a configured party representative for that + if (!parepConfiguration.isPartyRepresentative(representationID)) { + Logger.info("Kein beruflicher Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); + validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); + return validationResult; + } + + // Vertreter + this.request = new CreateMandateRequest(); + request.setRepresentative(this.params, identificationType, identificationValue); + // ParepUtils.serializeElement(request.getRepresentative(), System.out); + //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml")); + + Logger.debug("Prüfe vorausgefüllte Daten..."); + boolean physical = true; + String familyName = ""; + String givenName = ""; + String dateOfBirth = ""; + String cbFullName = ""; + String cbIdentificationType = ""; + String cbIdentificationValue = ""; + String postalCode = ""; + String municipality = ""; + String streetName = ""; + String buildingNumber = ""; + String unit = ""; + + boolean formNecessary = false; + // Vertretener (erstes Vorkommen) + Element mandator = ParepUtils.extractMandator(mandate); + if (mandator != null) { + // ParepUtils.serializeElement(mandator, System.out); + // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml")); + if (ParepUtils.isPhysicalPerson(mandator)) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + physical = false; + cbFullName = ParepUtils.extractMandatorFullName(mandator); + cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); + cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); + } + postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); + municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); + streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); + buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); + unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); + + } + if (physical) { + if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) { + validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); + return validationResult; + } + if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) { + formNecessary = true; + } + } else { + if (!parepConfiguration.isRepresentingCorporateParty(representationID)) { + validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); + return validationResult; + } + if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { + formNecessary = true; + } + } + + //Zeigen wir, dass die Daten übernommen wurden: + if (parepConfiguration.isAlwaysShowForm()) formNecessary=true; + + // Input processor + this.form = ""; + if (formNecessary) { + ParepInputProcessor inputProcessor= getInputProcessor(); + this.form = inputProcessor.start( + physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, + cbFullName, cbIdentificationType, cbIdentificationValue); + if (this.form == null) { + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + } else { + // Request vorbereiten mit vorgegebenen Daten + request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, + cbIdentificationType, cbIdentificationValue); + } + + + // ParepUtils.serializeElement(request.getMandator(), System.out); + // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml")); + + addAuthBlockExtendedSamlAttributes(); + validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); + Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet"); + validationResult.setValid(true); + return validationResult; + } catch (Exception e) { + e.printStackTrace(); + Logger.info(e); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map) + */ + public InfoboxValidationResult validate(Map parameters) throws ValidateException { + + InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); + Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + Logger.debug("Prüfe im Formular ausgefüllte Daten..."); + if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); + + // Input processor + ParepInputProcessor inputProcessor= getInputProcessor(); + this.form = inputProcessor.validate(parameters, null); + if (this.form == null) { + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + extendedSamlAttributes.clear(); + addAuthBlockExtendedSamlAttributes(); + validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); + validationResult.setValid(true); + Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + return validationResult; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element) + */ + public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { + + InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); + Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + this.form = ""; + try { + + // TODO: Frage ob OID im Zertifikat zu prüfen ist (macht derzeit das SZR-gateway). Dies würde aber zu eine Performanceeinbuße führen. + + request.setSignature(samlAssertion); + +//DPO debug +// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement(); +// String id = representationID; +// CreateMandateResponse response; +// if (true) { +// if (this.params.getHideStammzahl()) { +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml")); +// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können. +// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen. +// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK +// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); +// } +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml")); + + //ParepUtils.serializeElement(request.toElement(), System.out); + if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml")); + + // configure szrgw client + Logger.debug("Lade SZR-GW Client."); + SZRGWClient client = new SZRGWClient(); + // System.out.println("Parameters: " + cfg.getConnectionParameters()); + Logger.debug("Initialisiere Verbindung..."); + ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID); + // Logger.debug("Connection Parameters: " + connectionParameters); + Logger.debug("SZR-GW URL: " + connectionParameters.getUrl()); + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } + + Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway..."); + CreateMandateResponse response; + Element requ = request.toElement(); + try { + response = client.createMandateResponse(requ); + } catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + Logger.debug("2. Versuch - Kommunikation mit dem Stammzahlenregister Gateway..."); + client = new SZRGWClient(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + response = client.createMandateResponse(requ); + } + if (response.getResultCode()==2000) { + if(response.getMandate()==null) { + Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + + + //DPO debug output (2lines) + String id = representationID; + if (id.equals("*")) id="standardisiert"; + + Element mandate = response.getMandate(); + // Replace Stammzahlen + if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml")); + if (this.params.getHideStammzahl()) { + ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); + if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml")); + } + + extendedSamlAttributes.clear(); + // Vollmacht + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); + validationResult.setValid(true); + Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + } else { + String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; + String responseInfo = response.getInfo(); + if (response.getResultCode()>4000 && response.getResultCode()<4999) { + if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; + validationResult.setErrorMessage(errorMsg); + } else if (response.getResultCode()>=3000 && response.getResultCode()<=3000) { + // Person not found + ParepInputProcessor inputProcessor= getInputProcessor(); + if (response.getResultCode()==3000) { //TODO: verify code + errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Bitte ergänzen/ändern Sie ihre Angaben."; + } else { + if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; + } + + this.form = inputProcessor.validate(generateParameters(), errorMsg); + if (this.form == null) { + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + validationResult.setValid(true); + } else { + // Do not inform the user too much + Logger.error(errorMsg); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + } + + } + return validationResult; + } catch (Exception e) { + e.printStackTrace(); + Logger.info(e); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + } + + /** + * provides the primary infobox token of the given list. + * + * @param infoBoxTokens + * the list of infobox tokens. + * @return + * the XML element of the primary token. + * @throws ValidateException + * if an error occurs or list is not suitable. + */ + public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException { + if (infoBoxTokens == null || infoBoxTokens.size() == 0) { + throw new ValidateException("validator.62", null); + } + for (int i = 0; i < infoBoxTokens.size(); i++) { + InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i); + if (token.isPrimary()) { + return token.getXMLToken(); + } + } + throw new ValidateException("validator.62", null); + } + + /* + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes() + */ + public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length); + return ret; + } + + + /** + * @return The next pending user input form, which is "" if no form is to be shown, and null on errors. + */ + public String getForm() { + return this.form; + } + + /** + * Gets the user form input processor (class) assigned to the current party representative + * If the method is called for the first time it initializes the input processor. + * + * @return The user form input processor + */ + private ParepInputProcessor getInputProcessor() { + + if (this.inputProcessor!=null) return inputProcessor; + String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID); + ParepInputProcessor inputProcessor = null; + try { + Class inputProcessorClass = Class.forName(inputProcessorName); + inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance(); + inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request); + } catch (Exception e) { + Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage()); + } + this.inputProcessor = inputProcessor; + return inputProcessor; + } + + /** + * Generates the parameter list, which is needed to simulate a return from + * an user form. + * + * @return the form parameters + */ + private Map generateParameters() { + Map parameters = new HashMap(); + boolean physical = true; + String familyName = ""; + String givenName = ""; + String dateOfBirth = ""; + String cbFullName = ""; + String cbIdentificationType = ""; + String cbIdentificationValue = ""; + String postalCode = ""; + String municipality = ""; + String streetName = ""; + String buildingNumber = ""; + String unit = ""; + + try { + // Vertretener (erstes Vorkommen) + Element mandator = request.getMandator(); + ParepUtils.saveElementToFile(mandator, new File("c:/mandator_test.xml")); + if (mandator != null) { + if (ParepUtils.isPhysicalPerson(mandator)) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + physical = false; + cbFullName = ParepUtils.extractMandatorFullName(mandator); + cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); + cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); + } + postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); + municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); + streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); + buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); + unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); + } + } catch (Exception e) { + Logger.error("Could not extract Mandator form SZR-gateway request"); + } + parameters.put("familyname", familyName); + parameters.put("givenname", givenName); + parameters.put("dateofbirth", dateOfBirth); + parameters.put("dobyear", dateOfBirth.substring(0,4)); + parameters.put("dobmonth", dateOfBirth.substring(5,7)); + parameters.put("dobday", dateOfBirth.substring(8,10)); + parameters.put("physical", physical ? "true" : "false"); + parameters.put("fullname", cbFullName); + parameters.put("cbidentificationtype", cbIdentificationType); + parameters.put("cbidentificationvalue", cbIdentificationValue); + parameters.put("postalcode", postalCode); + parameters.put("municipality", municipality); + parameters.put("streetname", streetName); + parameters.put("buildingnumber", buildingNumber); + parameters.put("unit", unit); + return parameters; + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + */ + private void addAuthBlockExtendedSamlAttributes() { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + Element mandator = request.getMandator(); + extendedSamlAttributes.clear(); + // Name + String name = ParepUtils.extractMandatorName(mandator); + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + // Geburtsdatum + String dob = ParepUtils.extractMandatorDateOfBirth(mandator); + if (dob != null && !"".equals(dob)) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + // (w)bpk + String wbpk = ParepUtils.extractMandatorWbpk(mandator); + if (!ParepUtils.isEmpty(wbpk)) { + if (!ParepUtils.isPhysicalPerson(mandator)){ + String idType = ParepUtils.extractMandatorIdentificationType(mandator); + if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } else if (this.params.getBusinessApplication()) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } + } + +// public static void main(String[] args) throws Exception { +// } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java new file mode 100644 index 000000000..d6b71ad83 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -0,0 +1,159 @@ +/** + * + */ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import at.gv.egovernment.moa.id.config.ConnectionParameter; + +/** + * @author Peter Danner + * + */ +public class PartyRepresentative { + + /** Object Identifier **/ + private String oid; + + private boolean representPhysicalParty; + + private boolean representCorporateParty; + + /** + * Text for representation description in SAML Assertion (Auth-Block) + * */ + private String representationText; + + /** + * SZR-GW connection parameters. + */ + private ConnectionParameter connectionParameters = null; + + private String inputProcessorClass = null; + private String inputProcessorTemplate = null; + + /** + * Constructor + */ +public PartyRepresentative() { + this.oid = null; + this.representPhysicalParty = false; + this.representCorporateParty = false; + this.connectionParameters = null; + this.representationText = null; +} + +/** + * Constructor + */ + public PartyRepresentative(boolean representPhysicalParty, boolean representCorporateParty) { + this.oid = null; + this.representPhysicalParty = representPhysicalParty; + this.representCorporateParty = representCorporateParty; + this.connectionParameters = null; + this.representationText = null; + this.inputProcessorClass = null; + this.inputProcessorTemplate = null; + } + + /** + * @return the oid + */ + public String getOid() { + return oid; + } + + /** + * @param oid the oid to set + */ + public void setOid(String oid) { + this.oid = oid; + } + + /** + * @return the representPhysicalParty + */ + public boolean isRepresentingPhysicalParty() { + return representPhysicalParty; + } + + /** + * @param representPhysicalParty the representPhysicalParty to set + */ + public void setRepresentingPhysicalParty(boolean representPhysicalParty) { + this.representPhysicalParty = representPhysicalParty; + } + + /** + * @return the representCorporateParty + */ + public boolean isRepresentingCorporateParty() { + return representCorporateParty; + } + + /** + * @param representCorporateParty the representCorporateParty to set + */ + public void setRepresentingCorporateParty(boolean representCorporateParty) { + this.representCorporateParty = representCorporateParty; + } + + /** + * @return the connectionParameters + */ + public ConnectionParameter getConnectionParameters() { + return connectionParameters; + } + + /** + * @param connectionParameters the connectionParameters to set + */ + public void setConnectionParameters(ConnectionParameter connectionParameters) { + this.connectionParameters = connectionParameters; + } + + + /** + * @return the representationText + */ + public String getRepresentationText() { + return representationText; + } + + + /** + * @param representationText the representationText to set + */ + public void setRepresentationText(String representationText) { + this.representationText = representationText; + } + + /** + * @return the inputProcessorClass + */ + public String getInputProcessorClass() { + return inputProcessorClass; + } + + /** + * @param inputProcessorClass the inputProcessorClass to set + */ + public void setInputProcessorClass(String inputProcessorClass) { + this.inputProcessorClass = inputProcessorClass; + } + + /** + * @return the inputProcessorTemplate + */ + public String getInputProcessorTemplate() { + return inputProcessorTemplate; + } + + /** + * @param inputProcessorTemplate the inputProcessorTemplate to set + */ + public void setInputProcessorTemplate(String inputProcessorTemplate) { + this.inputProcessorTemplate = inputProcessorTemplate; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java new file mode 100644 index 000000000..fe8e263ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -0,0 +1,235 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.util.Constants; + +/** + * This class implements a detailed CreateMandateRequest that + * will be sent to SZR-gateway. + * + * @author Peter Danner + */ +public class CreateMandateRequest { + + /** + * The Request. + */ + private Document document; + + /** + * List of mandate representatives as XML element. + */ + private List representatives; + + /** + * The mandator. + */ + private Element mandator; + + /** + * The representative. + */ + private Element representative; + + /** + * The signature to verify by the SZR-gateway + */ + private Element signature; + + + + /** + * Creates the CreateMandateRequest element that will + * be sent to SZR-gateway + * + * @return the CreateMandateRequest element. + */ + public Element toElement() throws SZRGWClientException{ + + this.document = ParepUtils.createEmptyDocument(); + Element root = this.document.createElement(SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_REQUEST); + root.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + if (this.representative!=null) root.appendChild(this.document.importNode(this.representative, true)); + if (this.mandator!=null) root.appendChild(this.document.importNode(this.mandator, true)); + if (this.signature!=null) root.appendChild(this.document.importNode(this.signature, true)); + + return root; + } + + /** + * Adds a representative. + * + * @param representative an XML representative to add. + */ + public void addRepresentative(Element representative) { + if (representatives == null) { + representatives = new ArrayList(); + } + representatives.add(representative); + } + + /** + * Gets the representative. + * + * @return the representative. + */ + public Element getRepresentative() { + return representative; + } + + /** + * Gets the mandator. + * + * @return the mandator. + */ + public Element getMandator() { + return mandator; + } + + /** + * Sets the mandator. + * + * @param mandator the mandator. + */ + public void setMandator(Element mandator) { + this.mandator = mandator; + } + + /** + * Sets the Mandator. + * + * @param familyName the family name of the mandator. + */ + public void setMandator(String familyName, String givenName, String dateOfBirth, + String postalCode, String municipality, String streetName, String buildingNumber, String unit, + boolean physical, String cbFullName, String cbIdentificationType, String cbIdentificationValue) throws SZRGWClientException { + + Document mandatorDocument = ParepUtils.createEmptyDocument(); + + Element mandatorElem = mandatorDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.MANDATOR); +// mandatorElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); +/// mandatorElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + + if (physical) { + Element physicalPersonElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON); + physicalPersonElem.appendChild(createNameElem(mandatorDocument, givenName, familyName)); + physicalPersonElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.DATEOFBIRTH, dateOfBirth)); + mandatorElem.appendChild(physicalPersonElem); + Element postalAddressElement = createPostalAddressElem(mandatorDocument, postalCode, municipality, streetName, buildingNumber, unit); + if (null!=postalAddressElement) mandatorElem.appendChild(postalAddressElement); + } else { + Element corporateBodyElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY); + corporateBodyElem.appendChild(createIdentificationElem(mandatorDocument, cbIdentificationType, cbIdentificationValue)); + corporateBodyElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.FULLNAME, cbFullName)); + mandatorElem.appendChild(corporateBodyElem); + } + + + this.mandator = mandatorElem; + } + + private Element createPersonDataElem(Document document, String elementName, String elementValue) { + Element elem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + elementName); + Node value = document.createTextNode(elementValue); + elem.appendChild(value); + return elem; + } + + private Element createIdentificationElem(Document document, String identificationType, String identificationValue) { + Element identificationElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.IDENTIFICATION); + identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.VALUE, identificationValue)); + identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.TYPE, identificationType)); + return identificationElem; + } + private Element createNameElem(Document document, String givenName, String familyName) { + Element nameElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.NAME); + nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.GIVENNAME, givenName)); + nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.FAMILYNAME, familyName)); + return nameElem; + } + private Element createPostalAddressElem(Document document, String postalCode, String municipality, String streetName, String buildingNumber, String unit) { + + if (ParepUtils.isEmpty(postalCode) && ParepUtils.isEmpty(municipality) && ParepUtils.isEmpty(streetName) + && ParepUtils.isEmpty(buildingNumber) && ParepUtils.isEmpty(unit)) return null; + Element postalAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.POSTALADDRESS); + + if (!ParepUtils.isEmpty(postalCode)) { + postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.POSTALCODE, postalCode)); + } + if (!ParepUtils.isEmpty(municipality)) { + postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.MUNICIPALITY, municipality)); + } + if (!ParepUtils.isEmpty(streetName) || !ParepUtils.isEmpty(buildingNumber) || !ParepUtils.isEmpty(unit)) { + Element deliveryAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.DELIVERYADDRESS); + + if (!ParepUtils.isEmpty(streetName)) { + deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.STREETNAME, streetName)); + } + if (!ParepUtils.isEmpty(buildingNumber)) { + deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.BUILDINGNUMBER, buildingNumber)); + } + if (!ParepUtils.isEmpty(unit)) { + deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.UNIT, unit)); + } + postalAddressElem.appendChild(deliveryAddressElem); + } + return postalAddressElem; + } + + + + /** + * Sets the Representative. + * + * @param params InfoboxValidatorParams contain the data of the representative. + * @param identificationType the type of the identification of the representative (has to be urn:publicid:gv.at:cdid). + * @param identificationValue the identification value (bPK). + */ + public void setRepresentative(InfoboxValidatorParams params, String identificationType, String identificationValue) throws SZRGWClientException { + + Document representativeDocument = ParepUtils.createEmptyDocument(); + + Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE); +// representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); +// representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + + representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue)); + representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName())); + representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth())); + + this.representative = representativeElem; + } + + /** + * @return the signature + */ + public Element getSignature() { + return signature; + } + + /** + * @param signature the signature to set + */ + public void setSignature(Element signature) throws SZRGWClientException{ + Document signatureDocument = ParepUtils.createEmptyDocument(); + Element signatureElem = signatureDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + "Signature"); + //SZR-gateway takes the first Signature + //signatureElem.setAttribute("SignatureLocation", "//saml:Assertion/dsig:Signature"); + signatureElem.appendChild(signatureDocument.importNode(signature, true)); + this.signature = signatureElem; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java new file mode 100644 index 000000000..0f6ed8abf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -0,0 +1,130 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.io.FileInputStream; +import java.util.Hashtable; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + + +/** + * This class implements a SZR-gateway CreateMandate Response. + * + * @author Peter Danner + */ +public class CreateMandateResponse { + + /** + * Result code of the request. + */ + private int resultCode; + + /** + * Description of the result. + */ + private String resultInfo; + + /** + * The returned mandate. + */ + private Element mandate; + + /** + * @return the resultCode + */ + public int getResultCode() { + return resultCode; + } + + /** + * @param resultCode the resultCode to set + */ + public void setResultCode(String resultCode) { + if (resultCode!=null) { + this.resultCode = Integer.parseInt(resultCode); + } else { + this.resultCode = 0; + } + } + + /** + * @return the resultInfo + */ + public String getInfo() { + return resultInfo; + } + + /** + * @param resultInfo the resultInfo to set + */ + public void setInfo(String resultInfo) { + this.resultInfo = resultInfo; + } + + /** + * @return the mandate + */ + public Element getMandate() { + return mandate; + } + + /** + * @param mandate the mandate to set + */ + public void setMandate(Element mandate) { + this.mandate = mandate; + } + + + /** + * Parses the SZR-gateway response. + * + * @param response the SZR-gateway response. + * @throws SZRGWClientException if an error occurs. + */ + public void parse(Element response) throws SZRGWClientException { + try { + + // first check if response is a soap error + NodeList list = response.getElementsByTagName("faultstring"); + if (list.getLength() > 0) { + throw new SZRGWClientException("Fehler bei SZR-Gateway: "+list.item(0).getChildNodes().item(0).getNodeValue()); + } + + this.mandate = null; + this.resultCode = 2000; + this.resultInfo = null; + // parse single SZR-gateway results + Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + + Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode); + if (mandateNode!=null) { + this.mandate = (Element) mandateNode; + } else { + String errorResponse = "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.ERROR_RESPONSE + "/"; + Node errorCode = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "ErrorCode/text()", nameSpaceNode); + if (errorCode!=null) setResultCode(errorCode.getNodeValue()); + Node errorInfo = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "Info/text()", nameSpaceNode); + this.setInfo(errorInfo.getNodeValue()); + } + } catch(Exception e) { + e.printStackTrace(); + throw new SZRGWClientException(e); + } + } + + public static void main(String[] args) throws Exception { +// CreateMandateResponse resp = new CreateMandateResponse(); +// Document doc = ParepUtils.readDocFromIs(new FileInputStream("c:/response2.xml")); +// Element response = doc.getDocumentElement(); +// resp.parse(response); +// System.out.println(resp.getResultCode()); +// System.out.println(resp.getInfo()); +// if (resp.getMandate()!=null) ParepUtils.serializeElement(resp.getMandate(), System.out); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java new file mode 100644 index 000000000..d9d248c81 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -0,0 +1,23 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +/** + * SOAP Envelope Constants. + * + * @author Arne Tauber + * @version $ $ + **/ +public interface SOAPConstants { + + /* + * Namespaces and namespace prefixes for SOAP message handling + */ + String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/"; + String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/"; + String SOAP_ENV_PREFIX = "soapenv:"; + String SOAP_ENV_POSTFIX = ":soapenv"; + + String ENVELOPE = "Envelope"; + String BODY = "Body"; + String ENCODING_STYLE = "encodingStyle"; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java new file mode 100644 index 000000000..1e6dc1039 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -0,0 +1,144 @@ + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.security.Security; + +import javax.net.ssl.SSLSocketFactory; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.PostMethod; +import org.apache.commons.httpclient.protocol.Protocol; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; + + +/** + * This class implements a client for communication with the SZR-gateway + *

+ * Two types of requests are supported + *

    + *
  1. Basic Request
  2. + *
  3. Detailed Request
  4. + *
+ * + * @author Peter Danner + */ +public class SZRGWClient { + /** + * The URL of the SZR-gateway webservice. + */ + private String address; + + /** + * The SSL socket factory when using a secure connection. + */ + private SSLSocketFactory sSLSocketFactory; + + /** + * Constructor + */ + public SZRGWClient() { + } + + /** + * Constructor + * + * @param address the URL of the SZR-gateway webservice. + */ + public SZRGWClient(String address) { + this.address = address; + } + /** + * Sets the SSL socket factory. + * + * @param factory the SSL socket factory. + */ + public void setSSLSocketFactory(SSLSocketFactory factory) { + this.sSLSocketFactory = factory; + } + + /** + * Sets the SZR webservice URL + * + * @param address the URL of the SZR-gateway webservice. + */ + public void setAddress(String address) { + this.address = address; + } + + /** + * Creates a mandate. + * + * @param reqElem the request. + * @return a SZR-gateway response containing the result + * @throws SZRGWException when an error occurs creating the mandate. + */ + public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException { + Logger.info("Connecting to SZR-gateway."); + try { + if (address == null) { + throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null."); + } + HttpClient client = new HttpClient(); + PostMethod method = new PostMethod(address); + method.setRequestHeader("SOAPAction", ""); + + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + // create soap body + Element soapBody = getSOAPBody(); + Document doc = soapBody.getOwnerDocument(); + soapBody.appendChild(doc.importNode(reqElem, true)); + Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.serializeElementAsDocument(requestElement, bos); + + method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); + + client.executeMethod(method); + CreateMandateResponse response = new CreateMandateResponse(); + + bos = new ByteArrayOutputStream(); + doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + + response.parse(doc.getDocumentElement()); + + + return response; + } catch(Exception e) { + //e.printStackTrace(); + throw new SZRGWClientException(e); + } + } + + /* + * builds an XML soap envelope + */ + private Element getSOAPBody() throws SZRGWClientException { + Document doc_ = ParepUtils.createEmptyDocument(); + Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE); + doc_.appendChild(root); + + root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS); + //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE); + root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema"); + root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance"); + + Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY); + root.appendChild(body); + + return body; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java new file mode 100644 index 000000000..11aaf289b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +/** + * This class implements the basic exception type for the SZR-gateway client + * + * @author Peter Danner + */ +public class SZRGWClientException extends Exception { + + /* + * see super constructor. + */ + public SZRGWClientException() { + super(); + } + + /* + * see super constructor. + */ + public SZRGWClientException(String arg0) { + super(arg0); + } + + /* + * see super construction. + */ + public SZRGWClientException(Throwable arg0) { + super(arg0); + } + + /* + * see super constructor + */ + public SZRGWClientException(String arg0, Throwable arg1) { + super(arg0, arg1); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java new file mode 100644 index 000000000..4f815f1e7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +/** + * This interface specifies all the constants needed for the communication with the SZR-gateway. + * + * @author Peter Danner + */ +public interface SZRGWConstants { + + //PersonData + String PD_PREFIX = "pr:"; + String PD_POSTFIX = ":pr"; + String PERSON = "Person"; + String PHYSICALPERSON = "PhysicalPerson"; + String CORPORATEBODY = "CorporateBody"; + String IDENTIFICATION = "Identification"; + String VALUE = "Value"; + String TYPE = "Type"; + String NAME = "Name"; + String GIVENNAME = "GivenName"; + String FAMILYNAME = "FamilyName"; + String DATEOFBIRTH = "DateOfBirth"; + String FULLNAME = "FullName"; + String ORGANIZATION = "Organization"; + + String POSTALADDRESS = "PostalAddress"; + String DELIVERYADDRESS = "DeliveryAddress"; + String MUNICIPALITY = "Municipality"; + String POSTALCODE = "PostalCode"; + String STREETNAME = "StreetName"; + String BUILDINGNUMBER = "BuildingNumber"; + String UNIT = "Unit"; + //String ADDRESS = "Address"; + //String COUNTRYCODE = "CountryCode"; + //String DOORNUMBER = "DoorNumber"; + + // SZR-gateway constants + String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + String SZRGW_PREFIX = "sgw:"; + String SZRGW_POSTFIX = ":sgw"; + String CREATE_MANDATE_REQUEST = "CreateMandateRequest"; + String CREATE_MANDATE_RESPONSE = "CreateMandateResponse"; + String ERROR_RESPONSE = "ErrorResponse"; + String MANDATOR = "Mandator"; + String REPRESENTATIVE = "Representative"; + String MANDATE = "Mandate"; + String MANDATE_PREFIX = "md:"; + String MANDATE_POSTFIX = ":md"; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java new file mode 100644 index 000000000..41a07d146 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -0,0 +1,94 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import javax.net.ssl.SSLSocketFactory; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; + + +/** + * This class implements a secure protocol socket factory + * for the Apache HTTP client. + * + * @author Peter Danner + */ +public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { + + /** + * The SSL socket factory. + */ + private SSLSocketFactory factory; + + /** + * Creates a new Secure socket factory for the + * Apache HTTP client. + * + * @param factory the SSL socket factory to use. + */ + public SZRGWSecureSocketFactory(SSLSocketFactory factory) { + this.factory = factory; + } + + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort) + throws IOException, UnknownHostException { + + return this.factory.createSocket( + host, + port, + clientHost, + clientPort + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) + */ + public Socket createSocket(String host, int port) + throws IOException, UnknownHostException { + return this.factory.createSocket( + host, + port + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) + */ + public Socket createSocket( + Socket socket, + String host, + int port, + boolean autoClose) + throws IOException, UnknownHostException { + return this.factory.createSocket( + socket, + host, + port, + autoClose + ); + } + + /** + * @see java.lang.Object#equals(java.lang.Object) + */ + public boolean equals(Object obj) { + return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class)); + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return SZRGWSecureSocketFactory.class.hashCode(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java new file mode 100644 index 000000000..c56555b2e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -0,0 +1,411 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.config; + +import java.io.File; +import java.io.FileInputStream; +import java.util.HashMap; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; + +/** + * This class implements the Configuration. + * + * @author Peter Danner + */ +public class ParepConfiguration { + + /** + * System property for config file. + */ + public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config"; + + /** + * SZR-GW connection parameters. + */ + private ConnectionParameter standardConnectionParameters; + + /** + * Input field processor. + */ + private String standardInputProcessorClass; + + /** + * Input field processor template. + */ + private String standardInputProcessorTemplate; + + /** + * Configured party representatives. + */ + private HashMap partyRepresentatives; + + /** + * The configuration element. + */ + private Element configElement = null; + + /** + * Defines whether the user input form must be shown on each + * request or not (also predefined mandates) + */ + private boolean alwaysShowForm = false; + + /** + * The configuration base directory. + */ + private String baseDir_; + + /** + * Gets the SZR-GW connection parameters. + * + * @return the connection parameters. + */ + public ConnectionParameter getConnectionParameters(String representationID) { + if (partyRepresentatives == null || "*".equals(representationID)) + return standardConnectionParameters; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + ConnectionParameter connectionParameters = pr.getConnectionParameters(); + if (connectionParameters==null) connectionParameters = standardConnectionParameters; + return connectionParameters; + } + + /** + * Sets the SZR-GW connection parameters for standard connection. + * + * @param connectionParameters + * the connection parameters. + */ + public void setStandardConnectionParameters(ConnectionParameter connectionParameters) { + this.standardConnectionParameters = connectionParameters; + } + + /* + * + */ + public String getFullDirectoryName(String fileString) { + return makeAbsoluteURL(fileString, baseDir_); + } + + /* + * + */ + private static String makeAbsoluteURL(String url, String root) { + // if url is relative to rootConfigFileDirName make it absolute + + File keyFile; + String newURL = url; + + if (null == url) + return null; + + if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) { + return url; + } else { + // check if absolute - if not make it absolute + keyFile = new File(url); + if (!keyFile.isAbsolute()) { + keyFile = new File(root, url); + newURL = keyFile.getPath(); + } + return newURL; + } + } + + /** + * Initializes the configuration with a given XML configuration element found + * in the MOA-ID configuration. + * + * @param configElem + * the configuration element. + * @throws ConfigurationException + * if an error occurs initializing the configuration. + */ + public ParepConfiguration(Element configElem) throws ConfigurationException { + + partyRepresentatives = new HashMap(); + partyRepresentatives.put("*", new PartyRepresentative(true, true)); + + String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + + try { + + baseDir_ = (new File(fileName)).getParentFile().toURL().toString(); + Logger.trace("Config base directory: " + baseDir_); + // check for configuration in system properties + if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) { + Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG))); + this.configElement = doc.getDocumentElement(); + } else { + this.configElement = configElem; + } + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e); + } + load(); + } + + /* + * + */ + private void load() throws ConfigurationException { + Logger.debug("Parse ParepValidator Konfiguration"); + try { + Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + // nameSpaceNode.setAttribute("xmlns:sgw", + // SZRGWConstants.SZRGW_PROFILE_NS); + + Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); + if (inputProcessorNode != null) { + this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template"); + Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode); + if (inputProcessorClassNode != null) { + this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue(); + } + } + Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode); + if (alwaysShowFormNode != null) { + this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue()); + } + + // load connection parameters + Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter"); + Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode); + if (connectionParamElement != null) { + // parse connection parameters + // ParepUtils.serializeElement(connectionParamElement, System.out); + this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode); + } + + Logger.debug("Lade Konfiguration der Parteienvertreter"); + NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode); + for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) { + + PartyRepresentative partyRepresentative = new PartyRepresentative(); + + Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i); + boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false; + boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false; + partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid")); + partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty); + partyRepresentative.setRepresentingCorporateParty(representCorporateParty); + partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText")); + + Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); + if (inputProcessorSubNode != null) { + partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template")); + Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + + ":InputProcessor/text()", nameSpaceNode); + if (inputProcessorClassSubNode != null) { + partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue()); + } + } + + Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + + ":ConnectionParameter", nameSpaceNode); + if (connectionParamSubElement == null) { + if (this.standardConnectionParameters == null) { + throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter " + + partyRepresentative.getOid() + " fehlen.", null, null); + } + } else { + // parse connection parameters + // ParepUtils.serializeElement(connectionParamSubElement, System.out); + partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode)); + } + partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative); + Logger.info("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" + + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() + + ", representationText=" + partyRepresentative.getRepresentationText() + + ")"); + } + + Logger.debug("ParepValidator Konfiguration erfolgreich geparst."); + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e); + } + } + + /* + * + */ + private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException { + try { + ConnectionParameter connectionParameter = new ConnectionParameter(); + + // parse connection url + String URL = connParamElement.getAttribute("URL"); + connectionParameter.setUrl(URL); + + // accepted server certificates + Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()", + nameSpaceNode); + if (accServerCertsNode != null) { + + String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue()); + Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir); + connectionParameter.setAcceptedServerCertificates(serverCertsDir); + } + + // client key store + Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode); + if (clientKeyStoreNode != null) { + String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue()); + connectionParameter.setClientKeyStore(clientKeystore); + } + + // client key store password + Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password", + nameSpaceNode); + if (clientKeyStorePasswordNode != null) { + connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue()); + } + + return connectionParameter; + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); + } + } + + public boolean isPartyRepresentative(String representationID) { + if (partyRepresentatives == null) + return false; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + return pr != null; + } + + public boolean isRepresentingCorporateParty(String representationID) { + if (partyRepresentatives == null) return false; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr == null) return false; + return pr.isRepresentingCorporateParty(); + } + + public boolean isRepresentingPhysicalParty(String representationID) { + if (partyRepresentatives == null) return false; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr == null) return false; + return pr.isRepresentingPhysicalParty(); + } + + public String getRepresentationText(String representationID) { + String result = ParepValidator.STANDARD_REPRESENTATION_TEXT; + if (partyRepresentatives != null) { + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr != null) { + if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText(); + } + } + return result; + } + + /** + * @return the input processor classname corresponding to representationID + * @param representationID + * the representation ID. + */ + public String getInputProcessorClass(String representationID) { + String inputProcessorClass = standardInputProcessorClass; + if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR; + if (!(partyRepresentatives == null || "*".equals(representationID))) { + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr!=null) { + String prInputProcessorClass = pr.getInputProcessorClass(); + if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass; + } + } + return inputProcessorClass; + } + + /** + * @param standardInputProcessorClass the standardInputProcessorClass to set + */ + public void setStandardInputProcessorClass(String standardInputProcessorClass) { + this.standardInputProcessorClass = standardInputProcessorClass; + } + + /** + * @return the InputProcessorTemplate + */ + public String getInputProcessorTemplate(String representationID) { + String inputProcessorTemplate = standardInputProcessorTemplate; + if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE; + if (!(partyRepresentatives == null || "*".equals(representationID))) { + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr!=null) { + String prInputProcessorTemplate = pr.getInputProcessorTemplate(); + if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate; + } + } + return inputProcessorTemplate; + } + + /** + * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set + */ + public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) { + this.standardInputProcessorTemplate = standardInputProcessorTemplate; + } + + /** + * @return the alwaysShowForm + */ + public boolean isAlwaysShowForm() { + return alwaysShowForm; + } + + /** + * @param alwaysShowForm the alwaysShowForm to set + */ + public void setAlwaysShowForm(String alwaysShowForm) { + if (ParepUtils.isEmpty(alwaysShowForm)) { + this.alwaysShowForm = false; + } else { + this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true"); + } + } + + public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException { + try { + Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode); + if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) { + return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true"); + } + return false; + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); + } + + } + + +// public static void main(String[] args) throws Exception { +// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml"); +// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml"); +// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties"); +// Configuration cfg = new Configuration(null); +// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110")); +//} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 90b780526..27955602f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -79,6 +79,9 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; /** an XPATH-Expression */ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; @@ -392,6 +395,8 @@ public class ConfigurationBuilder { XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); String templateURL = XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + String inputProcessorSignTemplateURL = + XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); @@ -457,6 +462,7 @@ public class ConfigurationBuilder { oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); try { @@ -669,7 +675,7 @@ public class ConfigurationBuilder { String identifier = number.getAttribute("Identifier"); // remove all blanks identificationNumber = StringUtils.removeBlanks(identificationNumber); - if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) { + if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn") || identifier.equalsIgnoreCase("xfn")) { // delete zeros from the beginning of the number identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); // remove hyphens diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index ba3b61f9d..132bebce3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -64,6 +64,10 @@ public class OAAuthParameter extends OAParameter { * template for web page "Anmeldung mit Bürgerkarte" */ private String templateURL; + /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; /** * Parameters for verifying infoboxes. */ @@ -163,6 +167,15 @@ public class OAAuthParameter extends OAParameter { return templateURL; } + /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or null if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + /** * Returns the parameters for verifying additional infoboxes. * @@ -257,6 +270,16 @@ public class OAAuthParameter extends OAParameter { this.templateURL = templateURL; } + /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + /** * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. * @@ -265,4 +288,5 @@ public class OAAuthParameter extends OAParameter { public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { this.verifyInfoboxParameters = verifyInfoboxParameters; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java new file mode 100644 index 000000000..a4a89e183 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -0,0 +1,63 @@ +/** + * + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import java.io.OutputStream; + +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author Peter Danner + * + */ +public class ServletUtils { + + /** + * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing + * depending on the requests starting text. + * + * @param resp The httpServletResponse + * @param session The current AuthenticationSession + * @param createXMLSignatureRequestOrRedirect The request + * @param servletGoal The servlet to which the redirect should happen + * @param servletName The servlet name for debug purposes + * @throws MOAIDException + * @throws IOException + */ + public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName) + throws MOAIDException, + IOException + { + if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { + resp.setStatus(307); + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, session.getSessionID()); + resp.addHeader("Location", dataURL); + + //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) + resp.setContentType("text/xml;charset=UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST " + servletName); + } else { + String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID()); + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + } + +} -- cgit v1.2.3 From d19cd318b86feacd77dde2ff344b68f4439461a9 Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 18 Oct 2007 15:35:37 +0000 Subject: Show also SZR-gateway communication error 4000 on parep validation git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1022 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/validator/parep/ParepValidator.java | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index acd193a68..1ed9d89ea 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -349,6 +349,7 @@ public class ParepValidator implements InfoboxValidator { if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); response = client.createMandateResponse(requ); } + Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()); if (response.getResultCode()==2000) { if(response.getMandate()==null) { Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); @@ -379,18 +380,22 @@ public class ParepValidator implements InfoboxValidator { } else { String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; String responseInfo = response.getInfo(); - if (response.getResultCode()>4000 && response.getResultCode()<4999) { + if (response.getResultCode()>=4000 && response.getResultCode()<4999) { if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; validationResult.setErrorMessage(errorMsg); - } else if (response.getResultCode()>=3000 && response.getResultCode()<=3000) { + } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) { // Person not found ParepInputProcessor inputProcessor= getInputProcessor(); - if (response.getResultCode()==3000) { //TODO: verify code - errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Bitte ergänzen/ändern Sie ihre Angaben."; - } else { - if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; - } - + switch (response.getResultCode()) { + case 5230: + errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben."; + break; + case 5231: + errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben."; + break; + default: + if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; + } this.form = inputProcessor.validate(generateParameters(), errorMsg); if (this.form == null) { validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); -- cgit v1.2.3 From 2c8075dab2371856fd9f0a3695376932c07189b0 Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 18 Oct 2007 22:39:24 +0000 Subject: Removed debug output git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1023 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java | 1 - 1 file changed, 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 1ed9d89ea..79eaf782a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -505,7 +505,6 @@ public class ParepValidator implements InfoboxValidator { try { // Vertretener (erstes Vorkommen) Element mandator = request.getMandator(); - ParepUtils.saveElementToFile(mandator, new File("c:/mandator_test.xml")); if (mandator != null) { if (ParepUtils.isPhysicalPerson(mandator)) { familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); -- cgit v1.2.3 From 114acd7687c92e9f2202536c6172b10266d7e949 Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 07:06:49 +0000 Subject: Enabled more debug information git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1024 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 17 ++++++++--- .../auth/servlet/ProcessValidatorInputServlet.java | 2 ++ .../validator/parep/ParepInputProcessorImpl.java | 28 +++++++++--------- .../id/auth/validator/parep/ParepValidator.java | 33 +++++++++++----------- 4 files changed, 45 insertions(+), 35 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 75197943f..e23e2bb78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1061,9 +1061,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); - - //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml")); - + String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WritAssertionToFile"); + if (!ParepUtils.isEmpty(assertionFile)) ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile)); //Ex: "c:/saml_assertion.xml" + return authData; } catch (Throwable ex) { throw new BuildException( @@ -1093,7 +1093,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } - authenticationDataStore.remove(assertionHandle); + boolean keepAssertion = false; + try { + String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.KeepAssertion"); + if ((null!=boolStr && boolStr.equalsIgnoreCase("true"))) keepAssertion = true;//Only allowed for debug purposes!!! + } catch (ConfigurationException ex) { + throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); + } + if (!keepAssertion) { + authenticationDataStore.remove(assertionHandle); + } } long now = new Date().getTime(); if (now - authData.getTimestamp().getTime() > authDataTimeOut) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index df480b624..c41e39466 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -62,6 +62,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); @@ -112,6 +113,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index aff5d8a7a..80ef7c304 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -101,37 +101,37 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true; String locErrortext = "Folgende Parameter fehlen: "; - String familyName = (String) parameters.get("familyname"); + String familyName = (String) parameters.get("familyname_"); if (null == familyName) familyName =""; - String givenName = (String) parameters.get("givenname"); + String givenName = (String) parameters.get("givenname_"); if (null == givenName) givenName =""; - boolean physical = "true".equals(parameters.get("physical")); - String dobday = (String) parameters.get("dobday"); + boolean physical = "true".equals(parameters.get("physical_")); + String dobday = (String) parameters.get("dobday_"); if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday=""; - String dobmonth = (String) parameters.get("dobmonth"); + String dobmonth = (String) parameters.get("dobmonth_"); if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth=""; - String dobyear = (String) parameters.get("dobyear"); + String dobyear = (String) parameters.get("dobyear_"); if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear=""; String dateOfBirth = ""; dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear); dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth); dobday = (" ".substring(0, 2-dobday.length()) + dobday); dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday; - String cbFullName = (String) parameters.get("fullname"); + String cbFullName = (String) parameters.get("fullname_"); if (null == cbFullName) cbFullName =""; - String cbIdentificationType = (String) parameters.get("cbidentificationtype"); + String cbIdentificationType = (String) parameters.get("cbidentificationtype_"); if (null == cbIdentificationType) cbIdentificationType =""; - String cbIdentificationValue = (String) parameters.get("cbidentificationvalue"); + String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_"); if (null == cbIdentificationValue) cbIdentificationValue =""; - String postalCode = (String) parameters.get("postalcode"); + String postalCode = (String) parameters.get("postalcode_"); if (null == postalCode) postalCode =""; - String municipality = (String) parameters.get("municipality"); + String municipality = (String) parameters.get("municipality_"); if (null == municipality) municipality =""; - String streetName = (String) parameters.get("streetname"); + String streetName = (String) parameters.get("streetname_"); if (null == streetName) streetName =""; - String buildingNumber = (String) parameters.get("buildingnumber"); + String buildingNumber = (String) parameters.get("buildingnumber_"); if (null == buildingNumber) buildingNumber =""; - String unit = (String) parameters.get("unit"); + String unit = (String) parameters.get("unit_"); if (null == unit) unit =""; if (physical) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 79eaf782a..cfe84dbc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -344,12 +344,11 @@ public class ParepValidator implements InfoboxValidator { response = client.createMandateResponse(requ); } catch (SZRGWClientException e) { // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - Logger.debug("2. Versuch - Kommunikation mit dem Stammzahlenregister Gateway..."); client = new SZRGWClient(connectionParameters.getUrl()); if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); response = client.createMandateResponse(requ); } - Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()); + Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():""); if (response.getResultCode()==2000) { if(response.getMandate()==null) { Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); @@ -525,21 +524,21 @@ public class ParepValidator implements InfoboxValidator { } catch (Exception e) { Logger.error("Could not extract Mandator form SZR-gateway request"); } - parameters.put("familyname", familyName); - parameters.put("givenname", givenName); - parameters.put("dateofbirth", dateOfBirth); - parameters.put("dobyear", dateOfBirth.substring(0,4)); - parameters.put("dobmonth", dateOfBirth.substring(5,7)); - parameters.put("dobday", dateOfBirth.substring(8,10)); - parameters.put("physical", physical ? "true" : "false"); - parameters.put("fullname", cbFullName); - parameters.put("cbidentificationtype", cbIdentificationType); - parameters.put("cbidentificationvalue", cbIdentificationValue); - parameters.put("postalcode", postalCode); - parameters.put("municipality", municipality); - parameters.put("streetname", streetName); - parameters.put("buildingnumber", buildingNumber); - parameters.put("unit", unit); + parameters.put("familyname_", familyName); + parameters.put("givenname_", givenName); + parameters.put("dateofbirth_", dateOfBirth); + parameters.put("dobyear_", dateOfBirth.substring(0,4)); + parameters.put("dobmonth_", dateOfBirth.substring(5,7)); + parameters.put("dobday_", dateOfBirth.substring(8,10)); + parameters.put("physical_", physical ? "true" : "false"); + parameters.put("fullname_", cbFullName); + parameters.put("cbidentificationtype_", cbIdentificationType); + parameters.put("cbidentificationvalue_", cbIdentificationValue); + parameters.put("postalcode_", postalCode); + parameters.put("municipality_", municipality); + parameters.put("streetname_", streetName); + parameters.put("buildingnumber_", buildingNumber); + parameters.put("unit_", unit); return parameters; } -- cgit v1.2.3 From 04c84754f2898848a0ac61f4bf2d4412b6600d19 Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 07:18:14 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1025 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e23e2bb78..bf5bd70bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1061,7 +1061,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); - String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WritAssertionToFile"); + String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile"); if (!ParepUtils.isEmpty(assertionFile)) ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile)); //Ex: "c:/saml_assertion.xml" return authData; -- cgit v1.2.3 From 6f2ee1010dac8d42aba52d33a716a91a50f1f136 Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 10:04:39 +0000 Subject: Changed language of mandate SAML-attributes git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1026 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 2 +- .../validator/parep/ParepInputProcessorImpl.java | 2 +- .../id/auth/validator/parep/ParepValidator.java | 32 +++++++++++----------- 3 files changed, 18 insertions(+), 18 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index bf5bd70bd..bac66eeab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1096,7 +1096,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { boolean keepAssertion = false; try { String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.KeepAssertion"); - if ((null!=boolStr && boolStr.equalsIgnoreCase("true"))) keepAssertion = true;//Only allowed for debug purposes!!! + if (null!=boolStr && boolStr.equalsIgnoreCase("true")) keepAssertion = true;//Only allowed for debug purposes!!! } catch (ConfigurationException ex) { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 80ef7c304..bfbbaede6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -185,7 +185,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ } if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext; if (!ParepUtils.isEmpty(error)) { - error = "
\"  " + error + "
"; + error = "
\"Rufezeichen\"  " + error + "
"; } form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error); if (form == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index cfe84dbc2..30a8da50c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -64,7 +64,7 @@ public class ParepValidator implements InfoboxValidator { private String form = null; /** unspecified error of parep-validator (must not know more about)*/ - private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufliche Parteienvetretung aufgetreten"; + private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten"; /** Default class to gather remaining mandator data. */ public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; @@ -73,17 +73,17 @@ public class ParepValidator implements InfoboxValidator { public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; /** kind of representation text in AUTH block*/ - public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter"; + public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)"; /** Names of the produced SAML-attributes. */ - public final static String EXT_SAML_MANDATE_RAW = "Vollmacht"; - public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName"; - public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum"; - public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk"; - public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt"; + public final static String EXT_SAML_MANDATE_RAW = "Mandate"; + public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; + public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; + public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; /** register and register number for non physical persons - the domain identifier for business applications*/ - public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer"; + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; /** * Parses the XML configuration element and creates the validators configuration @@ -112,7 +112,7 @@ public class ParepValidator implements InfoboxValidator { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); try { - Logger.debug("Starte Organwalter-/berufliche Parteienvertreterprüfung."); + Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung."); this.params = params; Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); @@ -160,7 +160,7 @@ public class ParepValidator implements InfoboxValidator { Configure(this.params.getApplicationSpecificParams()); // check if we have a configured party representative for that if (!parepConfiguration.isPartyRepresentative(representationID)) { - Logger.info("Kein beruflicher Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); + Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); return validationResult; } @@ -271,7 +271,7 @@ public class ParepValidator implements InfoboxValidator { public InfoboxValidationResult validate(Map parameters) throws ValidateException { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); Logger.debug("Prüfe im Formular ausgefüllte Daten..."); if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); @@ -282,11 +282,11 @@ public class ParepValidator implements InfoboxValidator { validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); return validationResult; } - extendedSamlAttributes.clear(); + addAuthBlockExtendedSamlAttributes(); validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); validationResult.setValid(true); - Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); return validationResult; } @@ -298,7 +298,7 @@ public class ParepValidator implements InfoboxValidator { public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); this.form = ""; try { @@ -375,7 +375,7 @@ public class ParepValidator implements InfoboxValidator { validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); validationResult.setValid(true); - Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); } else { String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; String responseInfo = response.getInfo(); @@ -548,9 +548,9 @@ public class ParepValidator implements InfoboxValidator { * name of the mandator has to be set */ private void addAuthBlockExtendedSamlAttributes() { + extendedSamlAttributes.clear(); extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); Element mandator = request.getMandator(); - extendedSamlAttributes.clear(); // Name String name = ParepUtils.extractMandatorName(mandator); extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); -- cgit v1.2.3 From e517ea48f034566c0da28c76fcf9d8b33988b69e Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 11:55:03 +0000 Subject: Changed party representation process from form based path to security layer path git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1027 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java | 2 +- .../moa/id/auth/validator/parep/ParepInputProcessorImpl.java | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index c41e39466..89834307d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -69,7 +69,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { InfoboxValidator infoboxvalidator = session.getFirstPendingValidator(); String outputStream; String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, sessionID); if (infoboxvalidator!=null) { outputStream = infoboxvalidator.getForm(); // replace strings the validators can not know diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index bfbbaede6..1501dad57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -235,6 +235,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ instream = new FileInputStream(fileName); } else { fileName = parepConfiguration.getFullDirectoryName(fileName); + if (fileName.startsWith("file:\\")) fileName = fileName.substring(6); file = new File(fileName); if (file.exists()) { //if this resolves to a file, load it -- cgit v1.2.3 From 028be490569e4080947f7708f08782f4306503ae Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 13:12:22 +0000 Subject: Fixed path choice on parep validation git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1028 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../auth/servlet/ProcessValidatorInputServlet.java | 71 +++++++++++++--------- 1 file changed, 42 insertions(+), 29 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 89834307d..e2eda5755 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -124,37 +124,50 @@ public class ProcessValidatorInputServlet extends AuthServlet { String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - // Test if we have a user input form sign template - String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); - String inputProcessorSignTemplate = null; - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); - // override template url by url from configuration file - if (oaParam.getInputProcessorSignTemplateURL() != null) { - inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); - } - if (inputProcessorSignTemplateURL != null) { - try { - inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); - } catch (IOException ex) { - throw new AuthenticationException( - "auth.03", - new Object[] { inputProcessorSignTemplateURL, ex.toString()}, - ex); + String htmlForm = null; + + boolean doInputProcessorSign = false; + String inputProcessorSignForm = req.getParameter("Sign_Form"); + if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); + if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); + if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); + if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true"); + if (doInputProcessorSign) { + // Test if we have a user input form sign template + String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); + String inputProcessorSignTemplate = null; + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); + // override template url by url from configuration file + if (oaParam.getInputProcessorSignTemplateURL() != null) { + inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); + } + if (inputProcessorSignTemplateURL != null) { + try { + inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { inputProcessorSignTemplateURL, ex.toString()}, + ex); + } } + + htmlForm = new GetVerifyAuthBlockFormBuilder().build( + inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); + resp.setContentType("text/html;charset=UTF-8"); + } else { + htmlForm = createXMLSignatureRequestOrRedirect; + resp.setStatus(307); + resp.addHeader("Location", dataURL); + //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) + resp.setContentType("text/xml;charset=UTF-8"); } - - - - String htmlForm = new GetVerifyAuthBlockFormBuilder().build( - inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); - htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); - htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); - - resp.setContentType("text/html;charset=UTF-8"); OutputStream out = resp.getOutputStream(); out.write(htmlForm.getBytes("UTF-8")); -- cgit v1.2.3 From e04b9bd9fc5fce5534d3bdd5f6d9b7fb2d1c1b9b Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 19 Oct 2007 13:26:00 +0000 Subject: Added remark for path choice on parep validation git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1029 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index e2eda5755..e156ae982 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -126,7 +126,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { String htmlForm = null; - boolean doInputProcessorSign = false; + boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed String inputProcessorSignForm = req.getParameter("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); -- cgit v1.2.3 From eaeae88fff31b34a75fff38fb7f08c6c6415aa3d Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 7 Nov 2007 09:55:40 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1035 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index aed635502..e2a28163f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -76,7 +76,12 @@ public class ParepUtils { nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode); if (resultNode != null) { - return resultNode.getTextContent(); + // because following line is not ready for JDK 1.4.x we need to get the childnode; + // return resultNode.getTextContent(); + Node textNode = resultNode.getFirstChild(); + if (textNode != null) { + return textNode.getNodeValue(); + } } return null; } catch (Exception e) { -- cgit v1.2.3 From de1331212b42603ed762ec69c234b32a71fa764d Mon Sep 17 00:00:00 2001 From: pdanner Date: Fri, 16 Nov 2007 15:18:03 +0000 Subject: Refined Eclipse WTP settings; changed standard configuration git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1041 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 16 ++++++++++--- .../moa/id/auth/MOAIDAuthConstants.java | 2 ++ .../auth/builder/GetIdentityLinkFormBuilder.java | 1 - .../auth/servlet/StartAuthenticationServlet.java | 2 +- .../moa/id/config/ConfigurationBuilder.java | 2 ++ .../moa/id/config/auth/VerifyInfoboxParameter.java | 27 ++++++++++++++++++++++ 6 files changed, 45 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index bac66eeab..caeff905b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -265,7 +265,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be null; in this case, the default location will be used - * @param templateURL URL providing an HTML template for the HTML form generated + * @param templateURL URL providing an HTML template for the HTML form generated + * @param scheme determines the protocol used * @return HTML form * @throws AuthenticationException * @see GetIdentityLinkFormBuilder @@ -277,7 +278,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { String oaURL, String templateURL, String bkuURL, - String sessionID) + String sessionID, + String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { if (isEmpty(sessionID)) { @@ -322,7 +324,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { } // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { - bkuURL = DEFAULT_BKU; + if (scheme!=null && scheme.equalsIgnoreCase("https")) { + bkuURL = DEFAULT_BKU_HTTPS; + } else { + bkuURL = DEFAULT_BKU; + } } session.setBkuURL(bkuURL); session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); @@ -602,6 +608,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { } // check for party representation in mandates infobox if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ + //We need app specific parameters + if (null==verifyInfoboxParameter.getApplicationSpecificParams()) { + throw new ValidateException("validator.66", new Object[] {friendlyName}); + } session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); //ParepUtils.serializeElement(mandate, System.out); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 4f9235949..72f29ed40 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -23,6 +23,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; + /** default BKU URL for https connections*/ + public static final String DEFAULT_BKU_HTTPS = "https://127.0.0.1:3496/https-security-layer-request"; /** servlet parameter "returnURI" */ public static final String PARAM_RETURN = "returnURI"; /** servlet parameter "Template" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index 0d0595b69..9a6c4801f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -95,7 +95,6 @@ public class GetIdentityLinkFormBuilder extends Builder { throws BuildException { String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; -// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL; htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 9f0cf6606..912b20a0f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -57,7 +57,7 @@ public class StartAuthenticationServlet extends AuthServlet { resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); try { String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID); + AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 27955602f..d4398102c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -821,6 +821,8 @@ public class ConfigurationBuilder { verifyInfoboxParameter.setSchemaLocations(schemaLocations); } else if (paramName.equals("ApplicationSpecificParameters")) { verifyInfoboxParameter.setApplicationSpecificParams(paramElem); + } else if (paramName.equals("ParepSpecificParameters")) { + verifyInfoboxParameter.appendParepSpecificParams(paramElem); } } // use default values for those parameters not yet set by local configuration diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java index fbd42f975..b64303ce5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java @@ -6,9 +6,13 @@ import java.util.List; import javax.xml.transform.TransformerException; +import org.apache.xpath.XPathAPI; import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; @@ -121,6 +125,29 @@ public class VerifyInfoboxParameter { applicationSpecificParams_ = applicationSpecificParams; } + /** + * Appends special application specific parameters for party representation. + * + * @param applicationSpecificParams The application specific parameters for party representation to set. + */ + public void appendParepSpecificParams(Element applicationSpecificParams) { + try { + if (applicationSpecificParams_==null) { + applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters"); + } + Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode); + if (null!=nodeList) { + for (int i=0; i Date: Wed, 21 Nov 2007 12:16:06 +0000 Subject: Extended to can be used with apache commons httpclient 3.1 git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1048 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../client/szrgw/SZRGWSecureSocketFactory.java | 30 ++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java index 41a07d146..de839feba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -4,7 +4,10 @@ import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; + import javax.net.ssl.SSLSocketFactory; + +import org.apache.commons.httpclient.params.HttpConnectionParams; import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; @@ -77,6 +80,32 @@ public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { autoClose ); } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort, + HttpConnectionParams params) + throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException { + + Socket socket = createSocket(host, port, clientHost, clientPort); + if (socket != null) { + // socket.setKeepAlive(false); + if (params.getReceiveBufferSize() >= 0) + socket.setReceiveBufferSize(params.getReceiveBufferSize()); + if (params.getSendBufferSize() >= 0) + socket.setSendBufferSize(params.getSendBufferSize()); + socket.setReuseAddress(true); + if (params.getSoTimeout() >= 0) + socket.setSoTimeout(params.getSoTimeout()); + } + return socket; + + } /** * @see java.lang.Object#equals(java.lang.Object) @@ -91,4 +120,5 @@ public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { public int hashCode() { return SZRGWSecureSocketFactory.class.hashCode(); } + } -- cgit v1.2.3 From 4d92d1f3c7a94df1078583b728fbba20c42fdef6 Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 6 Dec 2007 16:34:41 +0000 Subject: Fixed location of CompatibilityMode configuration option for mandates git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1051 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/validator/parep/config/ParepConfiguration.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index c56555b2e..16daa5452 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -394,7 +394,7 @@ public class ParepConfiguration { } return false; } catch (Exception e) { - throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); + throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e); } } -- cgit v1.2.3 From 029b777dfc1bf108ffd8d20b7cbec9988ad4c73a Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 6 Dec 2007 16:47:48 +0000 Subject: Added SessionCleaner which removes sessions began and not picked up SAML-assertions git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1052 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 11 +++++------ .../at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 2 ++ 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index caeff905b..3457051c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1044,7 +1044,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } else { authData.setBPK(identityLink.getIdentificationValue()); if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online applcation is a public service and we have the Stammzahl + // only compute bPK if online application is a public service and we have the Stammzahl String bpkBase64 = new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), session.getTarget()); @@ -1202,15 +1202,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { synchronized (authenticationDataStore) { Set keys = new HashSet(authenticationDataStore.keySet()); for (Iterator iter = keys.iterator(); iter.hasNext();) { - String samlArtifact = (String) iter.next(); - AuthenticationData authData = - (AuthenticationData) authenticationDataStore.get(samlArtifact); + String samlAssertionHandle = (String) iter.next(); + AuthenticationData authData = (AuthenticationData) authenticationDataStore.get(samlAssertionHandle); if (now - authData.getTimestamp().getTime() > authDataTimeOut) { Logger.info( MOAIDMessageProvider.getInstance().getMessage( "cleaner.03", - new Object[] { samlArtifact })); - authenticationDataStore.remove(samlArtifact); + new Object[] { authData.getAssertionID() })); + authenticationDataStore.remove(samlAssertionHandle); } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 7964e2fb6..dadfc16d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -158,6 +158,8 @@ public class MOAIDAuthInitializer { .setSecondsAuthDataTimeOut(authDataTimeOut); } + // Starts the session cleaner thread to remove unpicked authentication data + AuthenticationSessionCleaner.start(); } } \ No newline at end of file -- cgit v1.2.3 From 8f74ab07dabef102128bd1244b73c0f4805ed10b Mon Sep 17 00:00:00 2001 From: pdanner Date: Tue, 15 Jan 2008 17:22:41 +0000 Subject: Changed scope of mandate compatibility mode to be used with all infoboxes git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1054 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 3457051c4..5cd03cb18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -606,13 +606,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { "\"-infobox could not be parsed successfully: " + e.getMessage()); throw new ValidateException("validator.43", new Object[] {friendlyName}); } + // set compatibility mode for mandates infobox and all infoboxes (it is possible to be a parep infobox) + session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); // check for party representation in mandates infobox if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ //We need app specific parameters if (null==verifyInfoboxParameter.getApplicationSpecificParams()) { throw new ValidateException("validator.66", new Object[] {friendlyName}); } - session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); //ParepUtils.serializeElement(mandate, System.out); String mandateID = ParepUtils.extractRepresentativeID(mandate); -- cgit v1.2.3 From 923c7b6da9eb81500c29e2a68ffc0f4a863d90d7 Mon Sep 17 00:00:00 2001 From: pdanner Date: Tue, 15 Jan 2008 17:26:00 +0000 Subject: Minor enhancements git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1056 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../parep/client/szrgw/CreateMandateResponse.java | 11 +++- .../parep/client/szrgw/SOAPConstants.java | 19 ++++--- .../validator/parep/client/szrgw/SZRGWClient.java | 7 ++- .../parep/client/szrgw/SZRGWConstants.java | 66 +++++++++++----------- .../validator/parep/config/ParepConfiguration.java | 5 +- 5 files changed, 61 insertions(+), 47 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java index 0f6ed8abf..f69a5a739 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -90,7 +90,15 @@ public class CreateMandateResponse { // first check if response is a soap error NodeList list = response.getElementsByTagName("faultstring"); if (list.getLength() > 0) { - throw new SZRGWClientException("Fehler bei SZR-Gateway: "+list.item(0).getChildNodes().item(0).getNodeValue()); + String faultCode = ""; + String faultString = ""; + Element snameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode"); + snameSpaceNode.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS); + Node faultCodeNode = XPathAPI.selectSingleNode(response, SOAPConstants.XPATH_SOAP_FAULTCODE, snameSpaceNode); + Node faultStringNode = XPathAPI.selectSingleNode(response, SOAPConstants.XPATH_SOAP_FAULTSTRING, snameSpaceNode); + if (faultCodeNode!=null) faultCode = faultCodeNode.getNodeValue(); + if (faultStringNode!=null) faultString = faultStringNode.getNodeValue(); + throw new SZRGWClientException("Fehler bei SZR-Gateway (SOAP-Error " + faultCodeNode + "): " + faultString); } this.mandate = null; @@ -100,7 +108,6 @@ public class CreateMandateResponse { Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode"); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); - Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode); if (mandateNode!=null) { this.mandate = (Element) mandateNode; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java index d9d248c81..ca914bbab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -11,13 +11,18 @@ public interface SOAPConstants { /* * Namespaces and namespace prefixes for SOAP message handling */ - String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/"; - String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/"; - String SOAP_ENV_PREFIX = "soapenv:"; - String SOAP_ENV_POSTFIX = ":soapenv"; + public static final String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/"; + public static final String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/"; + public static final String SOAP_ENV_PREFIX = "soapenv:"; + public static final String SOAP_ENV_POSTFIX = ":soapenv"; - String ENVELOPE = "Envelope"; - String BODY = "Body"; - String ENCODING_STYLE = "encodingStyle"; + public static final String ENVELOPE = "Envelope"; + public static final String BODY = "Body"; + public static final String FAULT = "Fault"; + public static final String ENCODING_STYLE = "encodingStyle"; + + public static final String XPATH_SOAP_FAULT = "/" + SOAP_ENV_PREFIX + ENVELOPE + "/" + SOAP_ENV_PREFIX + BODY + "/" + SOAP_ENV_PREFIX + FAULT; + public static final String XPATH_SOAP_FAULTCODE = XPATH_SOAP_FAULT + "/faultcode/text()"; + public static final String XPATH_SOAP_FAULTSTRING = XPATH_SOAP_FAULT + "/faultstring/text()"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index 1e6dc1039..22f3cfffd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -3,9 +3,10 @@ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; -import java.security.Security; +import java.io.File; import javax.net.ssl.SSLSocketFactory; + import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.httpclient.protocol.Protocol; @@ -13,7 +14,6 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; @@ -101,17 +101,18 @@ public class SZRGWClient { soapBody.appendChild(doc.importNode(reqElem, true)); Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); + //ParepUtils.saveElementToFile(requestElement, new File("c:/szrRequest.xml")); ByteArrayOutputStream bos = new ByteArrayOutputStream(); ParepUtils.serializeElementAsDocument(requestElement, bos); method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); - client.executeMethod(method); CreateMandateResponse response = new CreateMandateResponse(); bos = new ByteArrayOutputStream(); doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/szrResponse.xml")); response.parse(doc.getDocumentElement()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java index 4f815f1e7..006b2b9f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -8,44 +8,44 @@ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; public interface SZRGWConstants { //PersonData - String PD_PREFIX = "pr:"; - String PD_POSTFIX = ":pr"; - String PERSON = "Person"; - String PHYSICALPERSON = "PhysicalPerson"; - String CORPORATEBODY = "CorporateBody"; - String IDENTIFICATION = "Identification"; - String VALUE = "Value"; - String TYPE = "Type"; - String NAME = "Name"; - String GIVENNAME = "GivenName"; - String FAMILYNAME = "FamilyName"; - String DATEOFBIRTH = "DateOfBirth"; - String FULLNAME = "FullName"; - String ORGANIZATION = "Organization"; + public static final String PD_PREFIX = "pr:"; + public static final String PD_POSTFIX = ":pr"; + public static final String PERSON = "Person"; + public static final String PHYSICALPERSON = "PhysicalPerson"; + public static final String CORPORATEBODY = "CorporateBody"; + public static final String IDENTIFICATION = "Identification"; + public static final String VALUE = "Value"; + public static final String TYPE = "Type"; + public static final String NAME = "Name"; + public static final String GIVENNAME = "GivenName"; + public static final String FAMILYNAME = "FamilyName"; + public static final String DATEOFBIRTH = "DateOfBirth"; + public static final String FULLNAME = "FullName"; + public static final String ORGANIZATION = "Organization"; - String POSTALADDRESS = "PostalAddress"; - String DELIVERYADDRESS = "DeliveryAddress"; - String MUNICIPALITY = "Municipality"; - String POSTALCODE = "PostalCode"; - String STREETNAME = "StreetName"; - String BUILDINGNUMBER = "BuildingNumber"; - String UNIT = "Unit"; + public static final String POSTALADDRESS = "PostalAddress"; + public static final String DELIVERYADDRESS = "DeliveryAddress"; + public static final String MUNICIPALITY = "Municipality"; + public static final String POSTALCODE = "PostalCode"; + public static final String STREETNAME = "StreetName"; + public static final String BUILDINGNUMBER = "BuildingNumber"; + public static final String UNIT = "Unit"; //String ADDRESS = "Address"; //String COUNTRYCODE = "CountryCode"; //String DOORNUMBER = "DoorNumber"; // SZR-gateway constants - String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; - String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; - String SZRGW_PREFIX = "sgw:"; - String SZRGW_POSTFIX = ":sgw"; - String CREATE_MANDATE_REQUEST = "CreateMandateRequest"; - String CREATE_MANDATE_RESPONSE = "CreateMandateResponse"; - String ERROR_RESPONSE = "ErrorResponse"; - String MANDATOR = "Mandator"; - String REPRESENTATIVE = "Representative"; - String MANDATE = "Mandate"; - String MANDATE_PREFIX = "md:"; - String MANDATE_POSTFIX = ":md"; + public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + public static final String SZRGW_PREFIX = "sgw:"; + public static final String SZRGW_POSTFIX = ":sgw"; + public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest"; + public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse"; + public static final String ERROR_RESPONSE = "ErrorResponse"; + public static final String MANDATOR = "Mandator"; + public static final String REPRESENTATIVE = "Representative"; + public static final String MANDATE = "Mandate"; + public static final String MANDATE_PREFIX = "md:"; + public static final String MANDATE_POSTFIX = ":md"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index 16daa5452..e3a09b7dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -195,7 +195,7 @@ public class ParepConfiguration { this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode); } - Logger.debug("Lade Konfiguration der Parteienvertreter"); + Logger.trace("Lade Konfiguration der Parteienvertreter"); NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode); for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) { @@ -233,7 +233,7 @@ public class ParepConfiguration { partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode)); } partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative); - Logger.info("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" + Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() + ", representationText=" + partyRepresentative.getRepresentationText() + ")"); @@ -386,6 +386,7 @@ public class ParepConfiguration { public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException { try { + if (configElement==null) return false; Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode); -- cgit v1.2.3 From 95ea616c2d342cd29daaeb4f098e89204f8fc6d9 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 16 Jan 2008 10:45:11 +0000 Subject: Changed error message on general soap errors git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1057 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/validator/parep/client/szrgw/CreateMandateResponse.java | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java index f69a5a739..e64a857d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -1,9 +1,6 @@ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; -import java.io.FileInputStream; -import java.util.Hashtable; import org.apache.xpath.XPathAPI; -import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; @@ -98,7 +95,7 @@ public class CreateMandateResponse { Node faultStringNode = XPathAPI.selectSingleNode(response, SOAPConstants.XPATH_SOAP_FAULTSTRING, snameSpaceNode); if (faultCodeNode!=null) faultCode = faultCodeNode.getNodeValue(); if (faultStringNode!=null) faultString = faultStringNode.getNodeValue(); - throw new SZRGWClientException("Fehler bei SZR-Gateway (SOAP-Error " + faultCodeNode + "): " + faultString); + throw new SZRGWClientException("Fehler bei SZR-Gateway (SOAP-Error " + faultCode + "): " + faultString); } this.mandate = null; -- cgit v1.2.3 From b1c951bd4c125f52123d4a6947f459b505f8beb1 Mon Sep 17 00:00:00 2001 From: pdanner Date: Thu, 27 Mar 2008 07:36:10 +0000 Subject: Added trace logs, resolved link issues in documentation git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1062 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/AuthenticationServer.java | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5cd03cb18..c49cc41c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -19,6 +19,7 @@ import java.util.Vector; import javax.xml.transform.TransformerException; +import org.apache.axis.AxisFault; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; @@ -72,7 +73,9 @@ import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; @@ -863,6 +866,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { // parses the VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); + + if (Logger.isTraceEnabled()) { + if (domVsresp!=null) { + try { + String xmlVerifyXMLSignatureResponse = DOMUtils.serializeNode(domVsresp, true); + Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse)); + Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse)); + } catch (Throwable t) { + t.printStackTrace(); + Logger.info(new LogMsg(t.getStackTrace())); + } + } + } + // validates the VerifyXMLSignatureResponseValidator.getInstance().validate( vsresp, -- cgit v1.2.3 From 3bbc64da1cd1a70fd255442574b354dad49bf3ed Mon Sep 17 00:00:00 2001 From: pdanner Date: Tue, 3 Jun 2008 12:37:28 +0000 Subject: Changes for load balancing and szr-gateway communication git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1082 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/builder/SAMLArtifactBuilder.java | 55 ++++++++++++++-------- .../parep/client/szrgw/CreateMandateRequest.java | 29 ++++++++++-- .../parep/client/szrgw/SZRGWConstants.java | 2 + 3 files changed, 63 insertions(+), 23 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index 27e19e830..b5d18b451 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -4,6 +4,9 @@ import java.io.ByteArrayOutputStream; import java.security.MessageDigest; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; /** @@ -15,6 +18,11 @@ import at.gv.egovernment.moa.util.Base64Utils; */ public class SAMLArtifactBuilder { + /** + * The generic configuration parameter for an alternative SourceID. + */ + private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID"; + /** * Constructor for SAMLArtifactBuilder. */ @@ -36,25 +44,34 @@ public class SAMLArtifactBuilder { * @return the 42-byte SAML artifact, encoded BASE64 */ public String build(String authURL, String sessionID) throws BuildException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-1"); - byte[] sourceID = md.digest(authURL.getBytes()); - byte[] assertionHandle = md.digest(sessionID.getBytes()); - ByteArrayOutputStream out = new ByteArrayOutputStream(42); - out.write(0); - out.write(1); - out.write(sourceID, 0, 20); - out.write(assertionHandle, 0, 20); - byte[] samlArtifact = out.toByteArray(); - String samlArtifactBase64 = Base64Utils.encode(samlArtifact); - return samlArtifactBase64; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, - ex); - } + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] sourceID; + // alternative sourceId + String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + if (!ParepUtils.isEmpty(alternativeSourceID)) { + // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL; + sourceID = md.digest(alternativeSourceID.getBytes()); + Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\"."); + } else { + sourceID = md.digest(authURL.getBytes()); + } + byte[] assertionHandle = md.digest(sessionID.getBytes()); + ByteArrayOutputStream out = new ByteArrayOutputStream(42); + out.write(0); + out.write(1); + out.write(sourceID, 0, 20); + out.write(assertionHandle, 0, 20); + byte[] samlArtifact = out.toByteArray(); + String samlArtifactBase64 = Base64Utils.encode(samlArtifact); + return samlArtifactBase64; + } + catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, + ex); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java index fe8e263ff..3077ba185 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -6,6 +6,7 @@ import java.util.List; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -204,11 +205,31 @@ public class CreateMandateRequest { Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE); // representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); // representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + + //Old Version 0.0.1 of SZR-Gateway +// representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue)); +// representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName())); +// representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth())); - representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue)); - representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName())); - representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth())); - + //New since version 0.0.2 of SZR-Gateway: + // we need to send an identity link and must replace its identification value + representativeElem.appendChild(representativeElem.getOwnerDocument().importNode(params.getIdentityLink(), true)); + try { + Element nameSpaceNode = representativeElem.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SAML_POSTFIX, Constants.SAML_NS_URI); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + Element identificationValueElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value", nameSpaceNode); + if (identificationValueElement != null) { + identificationValueElement.setTextContent(identificationValue); + } + Element identificationTypeElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type", nameSpaceNode); + if (identificationTypeElement != null) { + identificationTypeElement.setTextContent(identificationType); + } + } catch (Exception e) { + throw new SZRGWClientException("validator.63", null); + } this.representative = representativeElem; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java index 006b2b9f2..cc0cc4862 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -10,6 +10,8 @@ public interface SZRGWConstants { //PersonData public static final String PD_PREFIX = "pr:"; public static final String PD_POSTFIX = ":pr"; + public static final String SAML_PREFIX = "saml:"; + public static final String SAML_POSTFIX = ":saml"; public static final String PERSON = "Person"; public static final String PHYSICALPERSON = "PhysicalPerson"; public static final String CORPORATEBODY = "CorporateBody"; -- cgit v1.2.3 From 65791156815dd5cee7b7c55fb12e7926ff519edc Mon Sep 17 00:00:00 2001 From: pdanner Date: Tue, 3 Jun 2008 14:03:49 +0000 Subject: Changes for load balancing and szr-gateway communication git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1083 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../parep/client/szrgw/CreateMandateRequest.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java index 3077ba185..789cb7dd3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -219,13 +219,17 @@ public class CreateMandateRequest { nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SAML_POSTFIX, Constants.SAML_NS_URI); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); - Element identificationValueElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value", nameSpaceNode); - if (identificationValueElement != null) { - identificationValueElement.setTextContent(identificationValue); + Node identificationValueNode = XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value/text()", nameSpaceNode); + if (identificationValueNode != null) { + identificationValueNode.setNodeValue(identificationValue); + } else { + throw new SZRGWClientException("validator.63", null); } - Element identificationTypeElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type", nameSpaceNode); - if (identificationTypeElement != null) { - identificationTypeElement.setTextContent(identificationType); + Node identificationTypeNode = XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type/text()", nameSpaceNode); + if (identificationTypeNode != null) { + identificationTypeNode.setNodeValue(identificationType); + } else { + throw new SZRGWClientException("validator.63", null); } } catch (Exception e) { throw new SZRGWClientException("validator.63", null); -- cgit v1.2.3 From c6060a2fb6adae58ff8e865448d07bcc2b702ebb Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 27 Aug 2008 17:15:09 +0000 Subject: Removed invalid source file headers. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1086 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/config/proxy/ProxyConfigurationBuilder.java | 27 ---------------------- 1 file changed, 27 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index f578ea634..8c5119013 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -1,30 +1,3 @@ -// Copyright (C) 2002 IAIK -// http://jce.iaik.tugraz.at -// -// Copyright (C) 2007 Stiftung Secure Information and -// Communication Technologies SIC -// http://www.sic.st -// -// All rights reserved. -// -// This source is provided for inspection purposes and recompilation only, -// unless specified differently in a contract with IAIK. This source has to -// be kept in strict confidence and must not be disclosed to any third party -// under any circumstances. Redistribution in source and binary forms, with -// or without modification, are permitted in any case! -// -// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -// SUCH DAMAGE. - package at.gv.egovernment.moa.id.config.proxy; import java.io.ByteArrayInputStream; -- cgit v1.2.3 From afcd856e186b9fd5d8dfcb0f3e6f3599ca920b51 Mon Sep 17 00:00:00 2001 From: mcentner Date: Thu, 28 Aug 2008 07:55:59 +0000 Subject: Added copyright and license header to all java source files. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1087 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/AuthenticationException.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/BuildException.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/ECDSAConverterException.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/MOAIDException.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/ParseException.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/ServiceException.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/auth/AuthenticationServer.java | 15 +++++++++++++++ .../moa/id/auth/AuthenticationSessionCleaner.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 15 +++++++++++++++ .../egovernment/moa/id/auth/WrongParametersException.java | 15 +++++++++++++++ .../id/auth/builder/AuthenticationAssertionBuilder.java | 15 +++++++++++++++ .../auth/builder/AuthenticationBlockAssertionBuilder.java | 15 +++++++++++++++ .../auth/builder/AuthenticationDataAssertionBuilder.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/builder/Builder.java | 15 +++++++++++++++ .../builder/CertInfoVerifyXMLSignatureRequestBuilder.java | 15 +++++++++++++++ .../id/auth/builder/CreateXMLSignatureRequestBuilder.java | 15 +++++++++++++++ .../egovernment/moa/id/auth/builder/DataURLBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/GetIdentityLinkFormBuilder.java | 15 +++++++++++++++ .../id/auth/builder/GetVerifyAuthBlockFormBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/InfoboxReadRequestBuilder.java | 15 +++++++++++++++ .../id/auth/builder/InfoboxValidatorParamsBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/PersonDataBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/SAMLArtifactBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/SAMLResponseBuilder.java | 15 +++++++++++++++ .../moa/id/auth/builder/SelectBKUFormBuilder.java | 15 +++++++++++++++ .../id/auth/builder/VerifyXMLSignatureRequestBuilder.java | 15 +++++++++++++++ .../moa/id/auth/data/AuthenticationSession.java | 15 +++++++++++++++ .../moa/id/auth/data/CreateXMLSignatureResponse.java | 15 +++++++++++++++ .../moa/id/auth/data/ExtendedSAMLAttribute.java | 15 +++++++++++++++ .../moa/id/auth/data/ExtendedSAMLAttributeImpl.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/data/IdentityLink.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/data/InfoboxToken.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java | 15 +++++++++++++++ .../moa/id/auth/data/InfoboxValidationResult.java | 15 +++++++++++++++ .../moa/id/auth/data/InfoboxValidationResultImpl.java | 15 +++++++++++++++ .../moa/id/auth/data/InfoboxValidatorParams.java | 15 +++++++++++++++ .../moa/id/auth/data/InfoboxValidatorParamsImpl.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/auth/data/Schema.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/auth/data/SchemaImpl.java | 15 +++++++++++++++ .../moa/id/auth/data/VerifyXMLSignatureResponse.java | 15 +++++++++++++++ .../moa/id/auth/invoke/SignatureVerificationInvoker.java | 15 +++++++++++++++ .../id/auth/parser/CreateXMLSignatureResponseParser.java | 15 +++++++++++++++ .../moa/id/auth/parser/ErrorResponseParser.java | 15 +++++++++++++++ .../id/auth/parser/ExtendedInfoboxReadResponseParser.java | 15 +++++++++++++++ .../moa/id/auth/parser/IdentityLinkAssertionParser.java | 15 +++++++++++++++ .../moa/id/auth/parser/InfoboxReadResponseParser.java | 15 +++++++++++++++ .../moa/id/auth/parser/SAMLArtifactParser.java | 15 +++++++++++++++ .../id/auth/parser/VerifyXMLSignatureResponseParser.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/auth/servlet/AuthServlet.java | 15 +++++++++++++++ .../moa/id/auth/servlet/ConfigurationServlet.java | 15 +++++++++++++++ .../moa/id/auth/servlet/GetAuthenticationDataService.java | 15 +++++++++++++++ .../moa/id/auth/servlet/ProcessValidatorInputServlet.java | 15 +++++++++++++++ .../egovernment/moa/id/auth/servlet/SelectBKUServlet.java | 15 +++++++++++++++ .../moa/id/auth/servlet/StartAuthenticationServlet.java | 15 +++++++++++++++ .../id/auth/servlet/VerifyAuthenticationBlockServlet.java | 15 +++++++++++++++ .../moa/id/auth/servlet/VerifyIdentityLinkServlet.java | 15 +++++++++++++++ .../validator/CreateXMLSignatureResponseValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/IdentityLinkValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/InfoboxValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/ValidateException.java | 15 +++++++++++++++ .../validator/VerifyXMLSignatureResponseValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/parep/ParepInputProcessor.java | 15 +++++++++++++++ .../id/auth/validator/parep/ParepInputProcessorImpl.java | 15 +++++++++++++++ .../moa/id/auth/validator/parep/ParepUtils.java | 15 +++++++++++++++ .../moa/id/auth/validator/parep/ParepValidator.java | 15 +++++++++++++++ .../moa/id/auth/validator/parep/PartyRepresentative.java | 15 +++++++++++++++ .../parep/client/szrgw/CreateMandateRequest.java | 15 +++++++++++++++ .../parep/client/szrgw/CreateMandateResponse.java | 15 +++++++++++++++ .../auth/validator/parep/client/szrgw/SOAPConstants.java | 15 +++++++++++++++ .../id/auth/validator/parep/client/szrgw/SZRGWClient.java | 15 +++++++++++++++ .../parep/client/szrgw/SZRGWClientException.java | 15 +++++++++++++++ .../auth/validator/parep/client/szrgw/SZRGWConstants.java | 15 +++++++++++++++ .../parep/client/szrgw/SZRGWSecureSocketFactory.java | 15 +++++++++++++++ .../auth/validator/parep/config/ParepConfiguration.java | 15 +++++++++++++++ .../egovernment/moa/id/config/ConfigurationBuilder.java | 15 +++++++++++++++ .../egovernment/moa/id/config/ConfigurationException.java | 15 +++++++++++++++ .../egovernment/moa/id/config/ConfigurationProvider.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/config/ConnectionParameter.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/config/OAParameter.java | 15 +++++++++++++++ .../moa/id/config/auth/AuthConfigurationProvider.java | 15 +++++++++++++++ .../egovernment/moa/id/config/auth/OAAuthParameter.java | 15 +++++++++++++++ .../moa/id/config/auth/VerifyInfoboxParameter.java | 15 +++++++++++++++ .../moa/id/config/auth/VerifyInfoboxParameters.java | 15 +++++++++++++++ .../egovernment/moa/id/config/proxy/OAConfiguration.java | 15 +++++++++++++++ .../egovernment/moa/id/config/proxy/OAProxyParameter.java | 15 +++++++++++++++ .../moa/id/config/proxy/ProxyConfigurationBuilder.java | 15 +++++++++++++++ .../moa/id/config/proxy/ProxyConfigurationProvider.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/data/AuthenticationData.java | 15 +++++++++++++++ .../main/java/at/gv/egovernment/moa/id/data/Cookie.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/data/CookieManager.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/data/IssuerAndSerial.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/data/SAMLStatus.java | 15 +++++++++++++++ .../moa/id/iaik/config/CertStoreConfigurationImpl.java | 15 +++++++++++++++ .../egovernment/moa/id/iaik/config/LoggerConfigImpl.java | 15 +++++++++++++++ .../moa/id/iaik/config/PKIConfigurationImpl.java | 15 +++++++++++++++ .../moa/id/iaik/config/RevocationConfigurationImpl.java | 15 +++++++++++++++ .../moa/id/iaik/config/ValidationConfigurationImpl.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java | 15 +++++++++++++++ .../moa/id/iaik/pki/jsse/MOAIDTrustManager.java | 15 +++++++++++++++ .../moa/id/iaik/servertools/observer/ObservableImpl.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java | 15 +++++++++++++++ .../moa/id/proxy/ConnectionBuilderFactory.java | 15 +++++++++++++++ .../moa/id/proxy/DefaultConnectionBuilder.java | 15 +++++++++++++++ .../moa/id/proxy/DefaultLoginParameterResolver.java | 15 +++++++++++++++ .../egovernment/moa/id/proxy/ElakConnectionBuilder.java | 15 +++++++++++++++ .../moa/id/proxy/EnhancedConnectionBuilder.java | 15 +++++++++++++++ .../egovernment/moa/id/proxy/LoginParameterResolver.java | 15 +++++++++++++++ .../moa/id/proxy/LoginParameterResolverException.java | 15 +++++++++++++++ .../moa/id/proxy/LoginParameterResolverFactory.java | 15 +++++++++++++++ .../egovernment/moa/id/proxy/MOAIDProxyInitializer.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/proxy/NotAllowedException.java | 15 +++++++++++++++ .../id/proxy/XMLLoginParameterResolverEncryptedData.java | 15 +++++++++++++++ .../moa/id/proxy/XMLLoginParameterResolverPlainData.java | 15 +++++++++++++++ .../moa/id/proxy/builder/SAMLRequestBuilder.java | 15 +++++++++++++++ .../moa/id/proxy/invoke/GetAuthenticationDataInvoker.java | 15 +++++++++++++++ .../proxy/parser/AuthenticationDataAssertionParser.java | 15 +++++++++++++++ .../moa/id/proxy/parser/SAMLResponseParser.java | 15 +++++++++++++++ .../moa/id/proxy/servlet/ConfigurationServlet.java | 15 +++++++++++++++ .../egovernment/moa/id/proxy/servlet/ProxyException.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 15 +++++++++++++++ .../egovernment/moa/id/util/AxisSecureSocketFactory.java | 15 +++++++++++++++ .../at/gv/egovernment/moa/id/util/ECDSAConstants.java | 15 +++++++++++++++ .../egovernment/moa/id/util/ECDSAKeyValueConverter.java | 15 +++++++++++++++ .../egovernment/moa/id/util/HTTPRequestJSPForwarder.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/util/HTTPUtils.java | 15 +++++++++++++++ .../moa/id/util/InOrderServletRequestWrapper.java | 15 +++++++++++++++ .../gv/egovernment/moa/id/util/MOAIDMessageProvider.java | 15 +++++++++++++++ .../egovernment/moa/id/util/ParameterInOrderFilter.java | 15 +++++++++++++++ .../main/java/at/gv/egovernment/moa/id/util/Random.java | 15 +++++++++++++++ .../main/java/at/gv/egovernment/moa/id/util/SSLUtils.java | 15 +++++++++++++++ .../java/at/gv/egovernment/moa/id/util/ServletUtils.java | 15 +++++++++++++++ 134 files changed, 2010 insertions(+) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java index 96a5e0673..86ecc96d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java index 785dce7a3..fc14afec5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java index 682395a83..6b78fb214 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java index bce2c4778..40a52c8d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; import java.io.PrintStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java index a5e0088d9..29d0bbfa5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java index 9e6ab2361..57e0a7807 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index c49cc41c6..971fbcef2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index 7e5ed6ec7..8c06f7961 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 72f29ed40..5aa1bf45e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index dadfc16d6..6ececb8f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java index 3ce2798ea..398a6731d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 241cf0afc..b99ee2472 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 60cd11ed6..f9d8e7091 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 11628517e..2e1c608a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index cc228298b..c2c43b7bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.security.MessageDigest; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java index 3a2ee07de..2cd1370c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.BuildException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index 06c81f49e..f4481453b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index e9a9f308d..290dc429a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 30cc1df5a..4048f3c0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index 9a6c4801f..2e1132d32 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java index c053ee896..a94c705a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java index c2bafe43b..030c68d48 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index e70b64a6a..18744e5f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.util.List; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index 819ed79bb..ee578fe43 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index b5d18b451..f0e9c7484 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.io.ByteArrayOutputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java index 64cb16181..2978b54a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java index 312179e73..a291d24df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.BuildException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 758f28150..ffe4ad9b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.builder; import javax.xml.parsers.DocumentBuilder; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 946f0a9c4..969e628f4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import java.util.ArrayList; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java index d121f2c55..81dc2f736 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java index 795079227..aa3c937b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index e7e490924..2646377e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 844451035..0c8dbc455 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java index 6b1f24aba..88fb201ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java index f1ff30a8a..0f9e85eeb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java index b8dd7f18e..4591d8bf8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java index 97f52fb55..d2e7a2847 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index 01b9d9359..a52e57b13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import java.security.PublicKey; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 3747fa93b..e2acab73c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import java.security.PublicKey; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java index 76ba6366d..d0c2de8f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java index c113f16b8..9caed16b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java index 964725416..9cd2de975 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index de636b6cf..881dbdf94 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index a18cf7322..7042c7721 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.invoke; import java.util.Vector; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index a8b870f04..74bad617c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java index e3c54095d..b2082786c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.util.List; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java index e493f07fb..574dd811e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.util.Iterator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index d8a57fd2f..f9c268715 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index e59c88ddc..954488173 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java index 7c4c01abe..c4a02676c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 995c9aba5..5e085b751 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.parser; import iaik.utils.Base64InputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 96e8e6dd6..76b131258 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.ByteArrayOutputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java index f33377547..be8b5e272 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java index 0ea858a71..0e3aae185 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.util.Calendar; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index e156ae982..894b05428 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 6e2a932d8..78c028767 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 912b20a0f..961511ee7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index b81107ff2..43947f6f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index b9d8f8c75..329749e96 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e0fd67d64..99c49ca09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import java.util.Iterator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java index 444f706e4..1c9b66124 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index 74e61e076..e6b05d852 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import java.util.Map; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java index a6685fca8..abb430450 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index d5650b897..bc7db72f4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator; import iaik.asn1.structures.Name; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java index 58c28161f..5fb30d1ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep; import java.util.Map; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 1501dad57..6d46a9a1a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index e2a28163f..a8e22562a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 30a8da50c..2a0126b82 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java index d6b71ad83..641bfaad4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /** * */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java index 789cb7dd3..25c3d7199 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import java.util.ArrayList; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java index e64a857d1..f19c21513 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import org.apache.xpath.XPathAPI; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java index ca914bbab..eaf07da13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java index 22f3cfffd..6c367594b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java index 11aaf289b..25390dc0b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java index cc0cc4862..476573ec0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java index de839feba..af66ca331 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index e3a09b7dd..de3496374 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.auth.validator.parep.config; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index d4398102c..d22fef5e7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; import iaik.pki.pathvalidation.ChainingModes; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java index 2ebec0398..e5e6c1f55 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index e65c47bad..3c1612ef6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; import java.math.BigInteger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index 30b09cfe0..9193a591e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 19a27b463..b55164eed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index b4af6592c..fc988f161 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.auth; import java.io.BufferedInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 132bebce3..c095d9fc1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.auth; import at.gv.egovernment.moa.id.config.OAParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java index b64303ce5..114b5b0fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.auth; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java index 15c0c328c..fae42f100 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.auth; import java.util.Hashtable; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java index d25cb3b2b..b7ed82977 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.proxy; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java index 83ab73dcd..2f8691f70 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.proxy; import at.gv.egovernment.moa.id.config.ConnectionParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index 8c5119013..f67349a18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.proxy; import java.io.ByteArrayInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index 572ce5708..fbd6474bb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.config.proxy; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 4fc35c1e6..ad1944211 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; import java.util.Date; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java index 6ed133c5a..81eb59652 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; import java.util.HashMap; import java.util.Iterator; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java index 1762a52b7..9c67b4ca0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java index a47dd8b29..fa718341c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; import java.math.BigInteger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java index ed61827b6..43c0c4405 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.data; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index c338e96fc..56c567890 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java index 3cd02a2b5..311a18feb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import iaik.logging.LogConfigurationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java index b41de3c44..327503355 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import at.gv.egovernment.moa.id.config.ConfigurationException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java index fff75775d..6f4de4ce1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import iaik.pki.revocation.RevocationConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java index c500e2e8e..9bb1f8ed7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.config; import iaik.pki.pathvalidation.ValidationConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java index 3c37706e1..16101571e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.pki; import java.security.cert.X509Certificate; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java index 9da006d35..15634ef84 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.pki.jsse; import java.io.File; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java index 8f36ac5c0..2165816f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.iaik.servertools.observer; import iaik.pki.store.observer.NotificationData; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java index 731212ef8..8a8a55442 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java index ff7787839..5ea2c1f86 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.util.HashMap; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 151b1cec3..34a1f389b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 3df76656b..d13a6829c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index 909e2d51e..bc39044ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index f934ab80b..49affe745 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index b47389950..2b087ff1f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.util.Map; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java index 3aa2368bf..7f42a64fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java index 8edd23438..ff7451143 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import java.lang.reflect.InvocationTargetException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java index 3f615b01c..f34da55b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import iaik.pki.PKIException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java index 849160a7b..aff4e3a78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 9bfd9de9b..b16bd417f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import iaik.security.provider.IAIK; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index aedafdf85..2183278c3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java index e0e1fde4a..28bf04e6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.builder; import java.text.MessageFormat; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index f7e5299ab..3b6ea273f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.invoke; import java.lang.reflect.InvocationTargetException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index 6bf5da02b..b051fe182 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.parser; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java index 9f77578fd..9c50990cd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.parser; import org.w3c.dom.Element; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java index 4ab2e2cf7..38db17f10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java index 0080c010e..993f4b935 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.servlet; import at.gv.egovernment.moa.id.MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 6d215c35e..543b33879 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.BufferedInputStream; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java index 954a87e62..201f6df19 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import java.io.BufferedWriter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java index c5dad8bc4..565442335 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /* * Created on 20.01.2005 * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java index 6fb78edb7..d1beaab98 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import iaik.security.ecc.ecdsa.ECDSAParameter; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java index 7c4731555..076df34ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /* * Created on 17.02.2004 * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index 035c47eb9..0e9208362 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java index 4330133f0..20f811e39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /* * Created on 01.10.2004 * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java index d31aa6ec1..0503e6bc9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import java.util.Locale; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java index 3f5fddba2..1e31397ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import java.io.IOException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index da75b4213..225a5e246 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import java.util.Date; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 9fa0803c4..5f8e95925 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ package at.gv.egovernment.moa.id.util; import iaik.pki.PKIConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index a4a89e183..7fa3fe8f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -1,3 +1,18 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ /** * */ -- cgit v1.2.3 From 527f2ec316c6d67498ed6dfe37a95218a2ab6f54 Mon Sep 17 00:00:00 2001 From: spuchmann Date: Mon, 15 Sep 2008 07:33:53 +0000 Subject: raised version to 1.4.4 moved licenses to root folder fixed Bug 332 and 333 slVersion changed from 1.1 to 1.2 (MOA-ID-Configuration-1.4.4.xsd) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1091 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 290dc429a..fe73ce16b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -46,7 +46,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { " <{3}:SignatureEnvironment>" + nl + " <{4}:XMLContent>{0}" + nl + " " + nl + - " <{3}:SignatureLocation Index=''2''>/saml:Assertion" + nl + + " <{3}:SignatureLocation xmlns:saml=''" + SAML_NS_URI + "'' Index=''2''>/saml:Assertion" + nl + " " + nl + ""; -- cgit v1.2.3 From eb00b32adb0b6eecd08137164c26cb56e4da0849 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 15 Apr 2009 13:55:28 +0000 Subject: Removed duplicated setting of Content-Type during stream copying process git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1097 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 543b33879..8e1767916 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -107,7 +107,7 @@ public class ProxyServlet extends HttpServlet { /** Name of the Attribute for user binding */ private static final String ATT_OA_USER_BINDING = "UserBinding"; /** For extended internal debug messages */ - private static final boolean INTERNAL_DEBUG = false; + private static final boolean INTERNAL_DEBUG = false; /** Message to be given if browser login failed */ private static final String RET_401_MSG = "Ein Fehler ist aufgetreten

Fehler bei der Anmeldung

Bei der Anmeldung ist ein Fehler aufgetreten.

Fehler bei der Anmeldung.
Prüfen Sie bitte ihre Berechtigung.
Abbruch durch den Benutzer.

"; @@ -610,7 +610,8 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map resp.setStatus(conn.getResponseCode()); - resp.setContentType(conn.getContentType()); + //Issue by Gregor Karlinger - content type was annotated twice + //resp.setContentType(conn.getContentType()); if (loginHeaders != null && (conn.getResponseCode()==HttpURLConnection.HTTP_OK || conn.getResponseCode()==HttpURLConnection.HTTP_MOVED_TEMP) && req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) { req.getSession().setAttribute(ATT_OA_AUTHORIZATION_HEADER, authorizationvalue); -- cgit v1.2.3 From aebb5cd04d43b25b8d65237ba49fddf5f5dd1a8c Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 7 Jul 2009 14:27:40 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1114 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../iaik/config/RevocationConfigurationImpl.java | 4 +++ .../moa/id/proxy/DefaultConnectionBuilder.java | 23 ++++++++++------- .../moa/id/proxy/ElakConnectionBuilder.java | 29 ++++++++++++---------- .../moa/id/proxy/EnhancedConnectionBuilder.java | 16 ++++++------ .../at/gv/egovernment/moa/id/util/SSLUtils.java | 5 ++-- 5 files changed, 46 insertions(+), 31 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java index 6f4de4ce1..cedaf2ccc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java @@ -48,4 +48,8 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc return false; } + public Integer getCrlRetentionInterval(String arg0) { + return null; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 34a1f389b..a742a0aae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -32,8 +32,8 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; +//import com.sun.net.ssl.HostnameVerifier; +//import com.sun.net.ssl.HttpsURLConnection; /** * Defaultimplementierung von ConnectionBuilder. @@ -96,12 +96,14 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { //conn.setUseCaches(false); //conn.setAllowUserInteraction(true); conn.setInstanceFollowRedirects(false); - if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + + // JSSE-Abhängigkeit + /*if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); if (cbDisableHostnameVerification) httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - } + }*/ return conn; } @@ -151,14 +153,17 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - private class HostnameNonVerifier implements HostnameVerifier { + + // JSSE Abhängigkeit + //private class HostnameNonVerifier implements HostnameVerifier { /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ - public boolean verify(String arg0, String arg1) { - return true; - } - } +//JSSE Abhängigkeit +// public boolean verify(String arg0, String arg1) { +// return true; +// } +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index bc39044ac..c8c1e85d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -38,8 +38,8 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; +//import com.sun.net.ssl.HostnameVerifier; +//import com.sun.net.ssl.HttpsURLConnection; /** * Defaultimplementierung von ConnectionBuilder. @@ -198,12 +198,13 @@ public class ElakConnectionBuilder implements ConnectionBuilder { //conn.setUseCaches(false); webDavConn.setAllowUserInteraction(true); webDavConn.setInstanceFollowRedirects(false); - if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { - HttpsURLConnection httpsConn = (HttpsURLConnection) conn; - httpsConn.setSSLSocketFactory(sslSocketFactory); - if (cbDisableHostnameVerification) - httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - } + // JSSE Abhängigkeit +// if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { +// HttpsURLConnection httpsConn = (HttpsURLConnection) conn; +// httpsConn.setSSLSocketFactory(sslSocketFactory); +// if (cbDisableHostnameVerification) +// httpsConn.setHostnameVerifier(new HostnameNonVerifier()); +// } return conn; } @@ -251,14 +252,16 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - private class HostnameNonVerifier implements HostnameVerifier { +//JSSE Abhängigkeit +// private class HostnameNonVerifier implements HostnameVerifier { /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ - public boolean verify(String arg0, String arg1) { - return true; - } - } +//JSSE Abhängigkeit +// public boolean verify(String arg0, String arg1) { +// return true; +// } +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index 49affe745..9ce1e3c8e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -31,7 +31,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; -import com.sun.net.ssl.HostnameVerifier; +//import com.sun.net.ssl.HostnameVerifier; import HTTPClient.HttpURLConnection; import HTTPClient.HTTPConnection; @@ -160,16 +160,18 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - private class HostnameNonVerifier implements HostnameVerifier { + // JSSE Abhängigkeit + //private class HostnameNonVerifier implements HostnameVerifier { /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ - public boolean verify(String arg0, String arg1) { - return true; - } - } - + // JSSE Abhängigkeit +// public boolean verify(String arg0, String arg1) { +// return true; +// } +// } +// /** * Removes parameters from the query-URL recursively * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 5f8e95925..bf38c40d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -68,8 +68,9 @@ public class SSLUtils { */ public static void initialize() { sslSocketFactories = new HashMap(); - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + // JSSE Abhängigkeit +// Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); +// System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); } /** -- cgit v1.2.3 From 4c7661af6d16a8b598a11548a1df61d526b86b4d Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 9 Jul 2009 12:52:53 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1115 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java | 5 +++++ .../java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 76b131258..ddd1df628 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -75,11 +75,16 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { req.setAttribute("ErrorMessage", errorMessage ); } + if (null != exceptionThrown) { if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); Logger.error(errorMessage, exceptionThrown); req.setAttribute("ExceptionThrown", exceptionThrown); } + + if (Logger.isDebugEnabled()) { + req.setAttribute("LogLevel", "debug"); + } //forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 8e1767916..b986d7c2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -842,7 +842,11 @@ protected void handleError( Logger.error(errorMessage, exceptionThrown); //req.setAttribute("ExceptionThrown", exceptionThrown); } - + + if (Logger.isDebugEnabled()) { + req.setAttribute("LogLevel", "debug"); + } + //forward this to errorpage-proxy.jsp where the HTML error page is generated ServletContext context = getServletContext(); RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp"); -- cgit v1.2.3 From 27be7994027944015c290e41e688e8723965bd48 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 26 Aug 2009 11:00:54 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1139 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../egovernment/moa/id/auth/servlet/AuthServlet.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index ddd1df628..0656d37d3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -161,10 +161,26 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { if (item.isFormField()) { // Process only form fields - no file upload items + String logString = item.getString("UTF-8"); + + // TODO use RegExp + String startS = ""; + String endS = "urn:publicid:gv.at:baseid"; + String logWithMaskedBaseid = logString; + int start = logString.indexOf(startS); + if (start > -1) { + int end = logString.indexOf(endS); + if (end > -1) { + logWithMaskedBaseid = logString.substring(0, start); + logWithMaskedBaseid += startS; + logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; + logWithMaskedBaseid += logString.substring(end, logString.length()); + } + } parameters.put(item.getFieldName(), item.getString("UTF-8")); Logger.debug("Processed multipart/form-data request parameter: \nName: " + item.getFieldName() + "\nValue: " + - item.getString("UTF-8")); + logWithMaskedBaseid); } } } -- cgit v1.2.3 From afa2a5ca9f92e81b594e8f29d9588d5e8690fba8 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 17 Sep 2009 09:45:46 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1145 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/proxy/DefaultConnectionBuilder.java | 34 ++++++++++-------- .../moa/id/proxy/ElakConnectionBuilder.java | 40 ++++++++++++---------- .../moa/id/proxy/EnhancedConnectionBuilder.java | 25 ++++++++------ .../at/gv/egovernment/moa/id/util/SSLUtils.java | 8 +++-- 4 files changed, 62 insertions(+), 45 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index a742a0aae..7f0dfe509 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -19,21 +19,22 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; import java.net.URL; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; import java.util.Iterator; import java.util.Vector; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.URLEncoder; + -//import com.sun.net.ssl.HostnameVerifier; -//import com.sun.net.ssl.HttpsURLConnection; /** * Defaultimplementierung von ConnectionBuilder. @@ -97,13 +98,14 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { //conn.setAllowUserInteraction(true); conn.setInstanceFollowRedirects(false); - // JSSE-Abhängigkeit - /*if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + // JSSE Abhängigkeit + if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); if (cbDisableHostnameVerification) httpsConn.setHostnameVerifier(new HostnameNonVerifier()); - }*/ + } + return conn; } @@ -155,15 +157,19 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { */ // JSSE Abhängigkeit - //private class HostnameNonVerifier implements HostnameVerifier { - + private class HostnameNonVerifier implements HostnameVerifier { + + public boolean verify(String hostname, SSLSession session) { + return true; + } + + /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ -//JSSE Abhängigkeit -// public boolean verify(String arg0, String arg1) { -// return true; -// } -// } + /*public boolean verify(String arg0, String arg1) { + return true; + }*/ + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index c8c1e85d9..6810c9223 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -18,17 +18,15 @@ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; - -import com.ibm.webdav.HTTPHeaders; -import com.ibm.webdav.protocol.URLStreamHandlerFactory; -import com.ibm.webdav.protocol.http.WebDAVURLConnection; -import java.util.StringTokenizer; import java.net.URL; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; import java.net.URLStreamHandler; import java.util.Iterator; +import java.util.StringTokenizer; import java.util.Vector; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; @@ -37,9 +35,10 @@ import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.URLEncoder; + +import com.ibm.webdav.protocol.http.WebDAVURLConnection; -//import com.sun.net.ssl.HostnameVerifier; -//import com.sun.net.ssl.HttpsURLConnection; /** * Defaultimplementierung von ConnectionBuilder. @@ -199,12 +198,12 @@ public class ElakConnectionBuilder implements ConnectionBuilder { webDavConn.setAllowUserInteraction(true); webDavConn.setInstanceFollowRedirects(false); // JSSE Abhängigkeit -// if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { -// HttpsURLConnection httpsConn = (HttpsURLConnection) conn; -// httpsConn.setSSLSocketFactory(sslSocketFactory); -// if (cbDisableHostnameVerification) -// httpsConn.setHostnameVerifier(new HostnameNonVerifier()); -// } + if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { + HttpsURLConnection httpsConn = (HttpsURLConnection) conn; + httpsConn.setSSLSocketFactory(sslSocketFactory); + if (cbDisableHostnameVerification) + httpsConn.setHostnameVerifier(new HostnameNonVerifier()); + } return conn; } @@ -253,15 +252,20 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * Hostname Verification Check */ //JSSE Abhängigkeit -// private class HostnameNonVerifier implements HostnameVerifier { + private class HostnameNonVerifier implements HostnameVerifier { - /** + public boolean verify(String hostname, SSLSession session) { + // TODO Auto-generated method stub + return true; + } + /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ -//JSSE Abhängigkeit // public boolean verify(String arg0, String arg1) { // return true; // } -// } + + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index 9ce1e3c8e..4af2561b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -21,20 +21,19 @@ import java.net.URLStreamHandler; import java.util.Iterator; import java.util.Vector; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; +import HTTPClient.HTTPConnection; +import HTTPClient.HttpURLConnection; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; -//import com.sun.net.ssl.HostnameVerifier; -import HTTPClient.HttpURLConnection; -import HTTPClient.HTTPConnection; - /** * Outlook Web Access (OWA) Implementierung von ConnectionBuilder. @@ -161,17 +160,21 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * Hostname Verification Check */ // JSSE Abhängigkeit - //private class HostnameNonVerifier implements HostnameVerifier { + private class HostnameNonVerifier implements HostnameVerifier { - /** + /** * @see com.sun.net.ssl.HostnameVerifier#verify(String, String) */ - // JSSE Abhängigkeit -// public boolean verify(String arg0, String arg1) { + public boolean verify(String hostname, SSLSession session) { + return true; + } + +// public boolean verify(String arg0, String arg1) { // return true; // } -// } -// + + } + /** * Removes parameters from the query-URL recursively * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index bf38c40d9..e287e7118 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -20,6 +20,7 @@ import iaik.pki.PKIException; import iaik.pki.PKIFactory; import iaik.pki.PKIProfile; import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; import java.io.BufferedInputStream; import java.io.BufferedReader; @@ -69,8 +70,11 @@ public class SSLUtils { public static void initialize() { sslSocketFactories = new HashMap(); // JSSE Abhängigkeit -// Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); -// System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + Security.addProvider(new IAIK()); + //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + + } /** -- cgit v1.2.3 From 68af85701b6f797b0d662b89b95e043ee949defd Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 2 Jul 2010 07:14:41 +0000 Subject: Merged branch 1.4.7_MOASP_TSL back into trunk. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1165 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 417 +++++++++++++++++++-- .../moa/id/auth/MOAIDAuthConstants.java | 4 + .../moa/id/auth/WrongParametersException.java | 8 +- .../AuthenticationBlockAssertionBuilder.java | 81 +++- .../CreateXMLSignatureRequestBuilderForeign.java | 126 +++++++ .../InfoboxReadRequestBuilderCertificate.java | 94 +++++ .../builder/VerifyXMLSignatureRequestBuilder.java | 62 +++ .../moa/id/auth/data/AuthenticationSession.java | 16 +- .../id/auth/data/CreateXMLSignatureResponse.java | 32 +- .../parser/CreateXMLSignatureResponseParser.java | 26 ++ .../id/auth/parser/InfoboxReadResponseParser.java | 51 +++ .../moa/id/auth/servlet/AuthServlet.java | 1 + .../moa/id/auth/servlet/GetForeignIDServlet.java | 287 ++++++++++++++ .../auth/servlet/ProcessValidatorInputServlet.java | 9 +- .../moa/id/auth/servlet/SelectBKUServlet.java | 12 + .../auth/servlet/StartAuthenticationServlet.java | 25 +- .../servlet/VerifyAuthenticationBlockServlet.java | 13 +- .../id/auth/servlet/VerifyCertificateServlet.java | 286 ++++++++++++++ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 57 ++- .../CreateXMLSignatureResponseValidator.java | 116 +++--- .../client/szrgw/CreateIdentityLinkResponse.java | 27 ++ .../validator/parep/client/szrgw/SZRGWClient.java | 133 ++++++- .../moa/id/config/ConfigurationBuilder.java | 50 ++- .../moa/id/config/ConnectionParameter.java | 9 + .../gv/egovernment/moa/id/config/OAParameter.java | 24 ++ .../moa/id/config/TargetToSectorNameMapper.java | 67 ++++ .../moa/id/config/TargetsAndSectorNames.java | 194 ++++++++++ .../id/config/auth/AuthConfigurationProvider.java | 19 + .../moa/id/config/auth/OAAuthParameter.java | 86 +++-- .../moa/id/proxy/DefaultConnectionBuilder.java | 3 +- .../id/proxy/DefaultLoginParameterResolver.java | 5 +- .../moa/id/proxy/ElakConnectionBuilder.java | 4 +- .../moa/id/proxy/EnhancedConnectionBuilder.java | 7 +- .../moa/id/proxy/servlet/ProxyServlet.java | 6 +- .../moa/id/util/ParamValidatorUtils.java | 158 ++++++++ .../at/gv/egovernment/moa/id/util/SSLUtils.java | 8 +- .../gv/egovernment/moa/id/util/ServletUtils.java | 29 ++ 37 files changed, 2351 insertions(+), 201 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 971fbcef2..fcaa4f053 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -19,7 +19,6 @@ import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.File; -import java.io.FileOutputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Calendar; @@ -34,7 +33,6 @@ import java.util.Vector; import javax.xml.transform.TransformerException; -import org.apache.axis.AxisFault; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; @@ -90,7 +88,6 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; @@ -176,9 +173,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL"); + throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5"); if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5"); ConnectionParameter bkuConnParam = AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); @@ -193,7 +190,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (!oaParam.getBusinessService()) { if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5"); } else { if (!isEmpty(target)) { Logger.info("Ignoring target parameter thus application type is \"businessService\""); @@ -220,7 +217,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // bkuSelectionType==HTMLSelect String bkuSelectTag; try { - bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); + bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); } catch (Throwable ex) { throw new AuthenticationException( "auth.11", @@ -273,9 +270,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Creates an HTML form for querying the identity link from the * security layer implementation. *
    Form parameters include - *
      + *
        *
      • the <InfoboxReadRequest>
      • - *
      • the data URL where the security layer implementation sends it response to
      • + *
      • the data URL where the security layer implementation sends it response to
      • *
      *
    * @param authURL URL of the servlet to be used as data URL @@ -302,7 +299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (isEmpty(sessionID)) { if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL"); + throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5"); //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) String boolStr = @@ -311,7 +308,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5"); } AuthenticationSession session; OAAuthParameter oaParam; @@ -327,7 +324,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.00", new Object[] { oaURL }); if (!oaParam.getBusinessService()) { if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5"); } else { target = null; } @@ -411,8 +408,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Verifies all additional infoboxes returned from the BKU
  • *
  • Creates an authentication block to be signed by the user
  • *
  • Creates and returns a <CreateXMLSignatureRequest> - * containg the authentication block, meant to be returned to the - * security layer implementation
  • + * containg the authentication block, meant to be returned to the + * security layer implementation * * * @param sessionID ID of associated authentication session data @@ -441,6 +438,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.01", new Object[] { sessionID }); session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + // check if an identity link was found + // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform (SL1.2)) + CharSequence se = "ErrorCode>2911".substring(0); + boolean b = xmlInfoboxReadResponse.contains(se); + if (b) { // no identity link found + Logger.info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausländische eID."); + return null; + } + // spezifikationsgemäßer (SL1.2) Errorcode + se = "ErrorCode>4002"; + b = xmlInfoboxReadResponse.contains(se); + if (b) { // Unbekannter Infoboxbezeichner + Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID."); + return null; + } + // parses the IdentityLink identityLink = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); @@ -495,6 +509,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + //BZ.., calculate bPK for signing to be already present in AuthBlock + IdentityLink identityLink = session.getIdentityLink(); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + identityLink.setIdentificationValue(bpkBase64); + } + //..BZ + // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); @@ -513,6 +539,186 @@ public class AuthenticationServer implements MOAIDAuthConstants { return createXMLSignatureRequest; } + /** + * Returns a CreateXMLSignatureRequest for the foreign ID.
    + * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from + * the BKU + * @param cert The certificate of the foreign ID + * @return String representation of the <CreateXMLSignatureRequest> + */ + public String getCreateXMLSignatureRequestForeignID(String sessionID, Map infoboxReadResponseParameters, X509Certificate cert) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); + + + AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + + return getCreateXMLSignatureRequestForeignID(session, authConf, oaParam); + } + + public String getCreateXMLSignatureRequestForeignID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + throws + ConfigurationException, + BuildException, + ValidateException { + + + if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); + if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). + getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + //BZ.., calculate bPK for signing to be already present in AuthBlock +// IdentityLink identityLink = session.getIdentityLink(); +// if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { +// // only compute bPK if online application is a public service and we have the Stammzahl +// String bpkBase64 = new BPKBuilder().buildBPK( +// identityLink.getIdentificationValue(), +// session.getTarget()); +// identityLink.setIdentificationValue(bpkBase64); +// } + //..BZ + + + // builds the AUTH-block + String authBlock = buildAuthenticationBlock(session); +// session.setAuthBlock(authBlock); + // builds the + String[] transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.length == 0)) { + // no OA specific transforms specified, use default ones + transformsInfos = authConf.getTransformsInfos(); + } + String createXMLSignatureRequest = + new CreateXMLSignatureRequestBuilder().build(authBlock, + oaParam.getKeyBoxIdentifier(), + transformsInfos, + oaParam.getSlVersion12()); + return createXMLSignatureRequest; +} + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
    + *
      + *
    • Validates given <CreateXMLSignatureResponse>
    • + *
    • Parses response enclosed in <CreateXMLSignatureResponse>
    • + *
    • Verifies signature by calling the MOA SP component
    • + *
    • Returns the signer certificate
    • + *
    + * + * @param sessionID ID of associated authentication session data + * @param createXMLSignatureResponseParameters The parameters from the response returned from + * the BKU including the <CreateXMLSignatureResponse> + */ + public X509Certificate verifyXMLSignature(String sessionID, Map createXMLSignatureResponseParameters) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); + + + String xmlCreateXMLSignatureResponse = (String)createXMLSignatureResponseParameters.get(PARAM_XMLRESPONSE); + + System.out.println(xmlCreateXMLSignatureResponse); + + if (isEmpty(xmlCreateXMLSignatureResponse)) + throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); + + AuthenticationSession session = getSession(sessionID); + /*if (session.getTimestampIdentityLink() != null) + throw new AuthenticationException("auth.01", new Object[] { sessionID });*/ + //session.setTimestampIdentityLink(); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + + // parses the + CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); + CreateXMLSignatureResponse createXMLSignatureResponse = p.parseResponseDsig(); + + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = + new VerifyXMLSignatureRequestBuilder().buildDsig( + createXMLSignatureResponse, authConf.getMoaSpAuthBlockTrustProfileID()); + + // invokes the call + Element domVerifyXMLSignatureResponse = + new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the + VerifyXMLSignatureResponse verifyXMLSignatureResponse = + new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + + + //int code = verifyXMLSignatureResponse.getSignatureCheckCode(); + + return verifyXMLSignatureResponse.getX509certificate(); + + } + + /** + * Processes an <CreateXMLSignatureResponse> sent by the + * security layer implementation.
    + *
      + *
    • Validates given <CreateXMLSignatureResponse>
    • + *
    • Parses response enclosed in <CreateXMLSignatureResponse>
    • + *
    • Verifies signature by calling the MOA SP component
    • + *
    • Returns the signer certificate
    • + *
    + * + * @param sessionID ID of associated authentication session data + * @param readInfoboxResponseParameters The parameters from the response returned from + * the BKU including the <ReadInfoboxResponse> + */ + public X509Certificate getCertificate(String sessionID, Map readInfoboxResponseParameters) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); + + + String xmlReadInfoboxResponse = (String)readInfoboxResponseParameters.get(PARAM_XMLRESPONSE); + + if (isEmpty(xmlReadInfoboxResponse)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE}); + + // parses the + InfoboxReadResponseParser p = new InfoboxReadResponseParser(xmlReadInfoboxResponse); + X509Certificate cert = p.parseCertificate(); + + return cert; + + } + /** * Builds an authentication block <saml:Assertion> from given session data. * @param session authentication session @@ -523,16 +729,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { * to be appended to the AUTH-Block. */ private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); - String gebDat = identityLink.getDateOfBirth(); - String identificationValue = identityLink.getIdentificationValue(); - String identificationType = identityLink.getIdentificationType(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + IdentityLink identityLink = session.getIdentityLink(); + String issuer = identityLink.getName(); + String gebDat = identityLink.getDateOfBirth(); + String identificationValue = identityLink.getIdentificationValue(); + String identificationType = identityLink.getIdentificationType(); + + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); - String oaURL = session.getPublicOAURLPrefix(); + //Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) + //String oaURL = session.getPublicOAURLPrefix(); + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock( issuer, @@ -824,19 +1033,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { *
  • Validates given <CreateXMLSignatureResponse>
  • *
  • Parses <CreateXMLSignatureResponse> for error codes
  • *
  • Parses authentication block enclosed in - * <CreateXMLSignatureResponse>
  • + * <CreateXMLSignatureResponse> *
  • Verifies authentication block by calling the MOA SP component
  • *
  • Creates authentication data
  • *
  • Creates a corresponding SAML artifact
  • *
  • Stores authentication data in the authentication data store - * indexed by the SAML artifact
  • + * indexed by the SAML artifact *
  • Deletes authentication session
  • *
  • Returns the SAML artifact, encoded BASE64
  • * * * @param sessionID session ID of the running authentication session * @param xmlCreateXMLSignatureReadResponse String representation of the - * <CreateXMLSignatureResponse> + * <CreateXMLSignatureResponse> * @return SAML artifact needed for retrieving authentication data, encoded BASE64 */ public String verifyAuthenticationBlock( @@ -851,9 +1060,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { ValidateException { if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); AuthenticationSession session = getSession(sessionID); AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses @@ -874,11 +1083,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output - + // invokes the call Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); // debug output - + // parses the VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); @@ -1015,6 +1224,150 @@ public class AuthenticationServer implements MOAIDAuthConstants { "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; } + + /** + * Gets the foreign authentication data.
    + *
      + *
    • Creates authentication data
    • + *
    • Creates a corresponding SAML artifact
    • + *
    • Stores authentication data in the authentication data store + * indexed by the SAML artifact
    • + *
    • Deletes authentication session
    • + *
    • Returns the SAML artifact, encoded BASE64
    • + *
    + * + * @param sessionID session ID of the running authentication session + * @return SAML artifact needed for retrieving authentication data, encoded BASE64 + */ + public String getForeignAuthenticationData( + String sessionID) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ServiceException, + ValidateException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); + + AuthenticationSession session = getSession(sessionID); + //AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + try { + String serializedAssertion = DOMUtils.serializeNode(session.getIdentityLink().getSamlAssertion()); + session.setAuthBlock(serializedAssertion); + } catch (TransformerException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } catch (IOException e) { + throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + } + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(session.getIdentityLink().getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + // Exchange person data information by a mandate if needed + List oaAttributes = session.getExtendedSAMLAttributesOA(); + IdentityLink replacementIdentityLink = null; + if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { + // look if we have a mandate + boolean foundMandate = false; + Iterator it = oaAttributes.iterator(); + while (!foundMandate && it.hasNext()) { + ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); + if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { + Object value = samlAttribute.getValue(); + if (value instanceof Element) { + Element mandate = (Element) value; + replacementIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); + ParepUtils.HideStammZahlen(prPerson, true, null, null, true); + } + + } + replacementIdentityLink.setDateOfBirth(dateOfBirth); + replacementIdentityLink.setFamilyName(familyName); + replacementIdentityLink.setGivenName(givenName); + replacementIdentityLink.setIdentificationType(identificationType); + replacementIdentityLink.setIdentificationValue(identificationValue); + replacementIdentityLink.setPrPerson(prPerson); + try { + replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + } else { + Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); + throw new ValidateException("validator.64", null); + } + } + } + } + + VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); + X509Certificate cert = session.getForeignSignerCertificate(); + vsresp.setX509certificate(cert); + AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); + String samlArtifact = + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + storeAuthenticationData(samlArtifact, authData); + + // invalidates the authentication session + sessionStore.remove(sessionID); + Logger.info( + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; + } + /** * Builds the AuthenticationData object together with the * corresponding <saml:Assertion> @@ -1076,13 +1429,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setWBPK(identityLink.getIdentificationValue()); } else { authData.setBPK(identityLink.getIdentificationValue()); + + //BZ.., calculation of bPK already before sending AUTHBlock + /* if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we have the Stammzahl String bpkBase64 = new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), session.getTarget()); authData.setBPK(bpkBase64); - } + }*/ + } String ilAssertion = oaParam.getProvideIdentityLink() @@ -1186,7 +1543,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param id Session ID * @return AuthenticationSession created * @exception AuthenticationException - * thrown when an AuthenticationSession is running + * thrown when an AuthenticationSession is running * already for the given session ID */ private static AuthenticationSession newSession() throws AuthenticationException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 5aa1bf45e..88859dc3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -54,6 +54,10 @@ public interface MOAIDAuthConstants { public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet} is mapped to */ + public static final String REQ_GET_FOREIGN_ID = "GetForeignID"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */ + public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java index 398a6731d..f4827c189 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -29,8 +29,10 @@ public class WrongParametersException extends MOAIDException { /** * Constructor */ - public WrongParametersException(String call, String parameter) { - super("auth.05", new Object[] {call, parameter}); + public WrongParametersException(String call, String parameter, String errorID) { + super(errorID, new Object[] {call, parameter}); + //super("auth.5", new Object[] {call, parameter}); + //super("auth.12", new Object[] {call, parameter}); } - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index f9d8e7091..d684c16c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -18,11 +18,21 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; import java.util.List; +import org.w3c.dom.Element; + import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the authentication block <saml:Assertion> @@ -66,6 +76,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " " + NL + " " + NL; + + private static String PR_IDENTIFICATION_ATTRIBUTE = + " " + NL + + " {0}" + NL + + " {1}" + NL + + " " + NL; + /** * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). */ @@ -123,20 +140,72 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion session.setSAMLAttributeGebeORwbpk(true); String gebeORwbpk = ""; String wbpkNSDeclaration = ""; + + //BZ.., reading OA parameters + OAAuthParameter oaParam; + try { + oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + } catch (ConfigurationException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + //..BZ + + if (target == null) { // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { - // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator - gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); - wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator + gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + + //BZ.., adding type of wbPK domain identifier + ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); + //..BZ + } else { - // We do not have a wbPK, therefore no SAML-Attribute is provided - session.setSAMLAttributeGebeORwbpk(false); + // We do not have a wbPK, therefore no SAML-Attribute is provided + session.setSAMLAttributeGebeORwbpk(false); } } else { - gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + // OA is a govermental application + //BZ.. + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); + gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); + //..BZ + + //BZ.., no business service, adding bPK + + Element bpkSamlValueElement; + try { + bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement(); + } catch (Exception e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + ExtendedSAMLAttribute bpkAttribute = + new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(bpkAttribute); + //gebeORwbpk = gebeORwbpk + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType }); + wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\""; + //..BZ } + //BZ.., adding friendly name of OA + String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + + ExtendedSAMLAttribute oaFriendlyNameAttribute = + new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(oaFriendlyNameAttribute); + //..BZ + String assertion; try { assertion = MessageFormat.format( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java new file mode 100644 index 000000000..9227d5303 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java @@ -0,0 +1,126 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; + +import at.gv.egovernment.moa.id.BuildException; + + +/** + * Builder for CreateXMLSignatureRequest to sign data from a foreign + * eID card. + * + */ + +public class CreateXMLSignatureRequestBuilderForeign extends Builder { + + /** special tag in the XML template to be substituted for the KeyboxIdentifier */ + private static final String KEYBOXID_TAG = ""; + /** special tag in the XML template to be substituted for the content */ + private static final String XMLCONTENT_TAG = ""; + /** private static int all contains the representation to replace all tags*/ + private static final int ALL = -1; + + /** default HTML template */ + private static final String DEFAULT_XML_TEMPLATE = + "" + + "" + + "" + KEYBOXID_TAG + "" + + "" + + "" + + "" + XMLCONTENT_TAG + "" + + "" + + "" + + "" + + "text/plain" + + "" + + "" + + "" + + ""; + + /** default HTML template */ + private static final String DEFAULT_XHTML_TEMPLATE = + "" + + "" + + "" + KEYBOXID_TAG + "" + + "" + + "" + + "" + XMLCONTENT_TAG + "" + + "" + + "" + + "" + + "application/xhtml+xml" + + "" + + "" + + "" + + ""; + + /** + * Constructor for CreateXMLSignatureRequestBuilderForeign. + */ + public CreateXMLSignatureRequestBuilderForeign() { + super(); + } + /** + * Builds the XML request. + * + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String build( + String keyboxIdentifier, + String xmlContent) + throws BuildException + { + String xmlRequest = DEFAULT_XHTML_TEMPLATE; + xmlRequest = replaceTag(xmlRequest, KEYBOXID_TAG, keyboxIdentifier, true, ALL); + //htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + xmlRequest = replaceTag(xmlRequest, XMLCONTENT_TAG, xmlContent, true, ALL); + return xmlRequest; + } + /** + * Encodes a string for inclusion as a parameter in the form. + * Double quotes are substituted by "&quot;". + * @param s the string to be encoded + * @return the string encoded + * @throws BuildException on any exception encountered + */ + public static String encodeParameter(String s) throws BuildException { + StringReader in = new StringReader(s); + StringWriter out = new StringWriter(); + try { + for (int ch = in.read(); ch >= 0; ch = in.read()) { + if (ch == '"') + out.write("""); + else if (ch == '<') + out.write("<"); + else if (ch == '>') + out.write(">"); + else if (ch == 'ä') + out.write("ä"); + else if (ch == 'ö') + out.write("ö"); + else if (ch == 'ü') + out.write("ü"); + else if (ch == 'Ä') + out.write("Ä"); + else if (ch == 'Ö') + out.write("Ö"); + else if (ch == 'Ü') + out.write("Ü"); + else if (ch == 'ß') + out.write("ß"); + else + out.write(ch); + } + } + catch (IOException ex) { + throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()}); + } + return out.toString(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java new file mode 100644 index 000000000..60feb7d2f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java @@ -0,0 +1,94 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <InfoboxReadRequest> structure + * used for requesting the identity link from the security layer implementation. + * + * @author Paul Ivancsics + * @version $Id: InfoboxReadRequestBuilder.java 1087 2008-08-28 07:55:59Z mcentner $ + */ +public class InfoboxReadRequestBuilderCertificate implements Constants { + + + /** + * Constructor for InfoboxReadRequestBuilder. + */ + public InfoboxReadRequestBuilderCertificate() { + } + + + /** + * Builds an <InfoboxReadRequest>. + * + * @param slVersion12 specifies whether the Security Layer version is + * version 1.2 or not + * @param businessService specifies whether the online application is a + * business service or not + * @param identityLinkDomainIdentifier the identification number of the business + * company; maybe null if the OA + * is a public service; must not be null + * if the OA is a business service + * + * @return <InfoboxReadRequest> as String + */ + public String build(boolean slVersion12) { + + String slPrefix; + String slNsDeclaration; + + if (slVersion12) { + slPrefix = SL12_PREFIX; + slNsDeclaration = SL12_NS_URI; + } else { + slPrefix = SL10_PREFIX; + slNsDeclaration = SL10_NS_URI; + } + + StringBuffer sb = new StringBuffer(""); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxReadRequest xmlns:"); + sb.append(slPrefix); + sb.append("=\""); + sb.append(slNsDeclaration); + sb.append("\">"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":InfoboxIdentifier>Certificates"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":AssocArrayParameters>"); + sb.append("<"); + sb.append(slPrefix); + sb.append(":ReadValue Key=\"SecureSignatureKeypair\"/>"); + sb.append(""); + sb.append(""); + + return sb.toString(); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index ffe4ad9b6..a14d0325f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -217,5 +217,67 @@ public class VerifyXMLSignatureRequestBuilder { return requestElem_; } + + /** + * Builds a <VerifyXMLSignatureRequest> + * from the signed data with a known trustProfileID which + * has to exist in MOA-SP + * @param csr - signed AUTH-Block + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element buildDsig( + CreateXMLSignatureResponse csr, + String trustProfileID) + throws BuildException { //samlAssertionObject + + try { + // build the request +// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" +// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); + + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + + Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); + verifySignatureEnvironmentElem.appendChild(xmlContentElem); + xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); + + // insert the dsig:Signature + xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true)); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); + // add the transform profile IDs + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + + } catch (Throwable t) { + throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); + } + + return requestElem_; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 969e628f4..eca02a77b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -15,6 +15,8 @@ */ package at.gv.egovernment.moa.id.auth.data; +import iaik.x509.X509Certificate; + import java.util.ArrayList; import java.util.Date; import java.util.Iterator; @@ -87,7 +89,11 @@ public class AuthenticationSession { * service or not */ private boolean businessService; - + + /** + * Signer certificate of the foreign citizen + */ + private X509Certificate signerCertificate; /** * SAML attributes from an extended infobox validation to be appended * to the SAML assertion delivered to the final online application. @@ -149,6 +155,14 @@ public class AuthenticationSession { infoboxValidators = new ArrayList(); } + public X509Certificate getForeignSignerCertificate() { + return signerCertificate; + } + + public void setForeignSignerCertificate(X509Certificate signerCertificate) { + this.signerCertificate = signerCertificate; + } + /** * Returns the identityLink. * @return IdentityLink diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java index 81dc2f736..fc3831161 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java @@ -1,18 +1,3 @@ -/* -* Copyright 2003 Federal Chancellery Austria -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ package at.gv.egovernment.moa.id.auth.data; import org.w3c.dom.Element; @@ -35,6 +20,11 @@ private SAMLAttribute[] samlAttributes; * the original saml:Assertion-Element */ private Element samlAssertion; + + /** + * the original dsig:Signature-Element + */ + private Element dsigSignature; /** * Returns the samlAssertion. * @return Element @@ -43,6 +33,14 @@ public Element getSamlAssertion() { return samlAssertion; } +/** + * Returns the dsig:Signature + * @return Element + */ +public Element getDsigSignature() { + return dsigSignature; +} + /** * Returns the samlAttribute. * @return SAMLAttribute[] @@ -67,6 +65,10 @@ public void setSamlAssertion(Element samlAssertion) { this.samlAssertion = samlAssertion; } +public void setDsigSignature(Element dsigSignature) { + this.dsigSignature = dsigSignature; +} + /** * Sets the samlAttribute. * @param samlAttributes The samlAttributes to set diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index 74bad617c..d5b6f9aa9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -21,6 +21,7 @@ import java.util.ArrayList; import java.util.List; import org.w3c.dom.Element; +import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.AuthenticationException; @@ -129,6 +130,31 @@ public class CreateXMLSignatureResponseParser { throw new ParseException("parser.01", new Object[] { t.toString()}, t); } } + + /** + * Unmarshalls the <@link sigResponse> to an + * <CreateXMLSignatureResponse> object. + * + * @return a <CreateXMLSignatureResponse> object + * @throws ParseException + */ + + public CreateXMLSignatureResponse parseResponseDsig() throws ParseException { + CreateXMLSignatureResponse cResp; + try { + cResp = new CreateXMLSignatureResponse(); + + NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); + Element dsigSignatureNode = (Element) list.item(0); + + Element dsigSignatureElement = (Element) dsigSignatureNode; + cResp.setDsigSignature(dsigSignatureElement); + } + catch (Throwable t) { + throw new ParseException("parser.01", new Object[] { t.toString()}, t); + } + return cResp; + } /** * Unmarshalls the <@link sigResponse> to an diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 954488173..b53a1a2dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -15,17 +15,31 @@ */ package at.gv.egovernment.moa.id.auth.parser; +import iaik.x509.X509Certificate; + import java.io.ByteArrayInputStream; import java.io.InputStream; +import java.security.cert.CertificateException; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.axis.encoding.Base64; +import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; +import com.sun.org.apache.xpath.internal.XPathAPI; + /** * Parses an <InfoboxReadResponse>. * @@ -175,6 +189,43 @@ public class InfoboxReadResponseParser { IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); return ilParser.parseIdentityLink(); } + + /** + * Returns the certificate given in the InfoboxReadResponse + * @return + * @throws ParseException + */ + public X509Certificate parseCertificate() throws ParseException { + try { + DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + Document doc = builder.newDocument(); + + Element nameSpaceNode = doc.createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.PD_PREFIX, Constants.PD_NS_URI); + nameSpaceNode.setAttribute("xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + nameSpaceNode.setAttribute("xmlns:" + Constants.SL12_PREFIX, Constants.SL12_NS_URI); + + Element base64ContentElement = (Element)XPathAPI.selectSingleNode(infoBoxElem_.getParentNode(), "//sl:Base64Content[1]", nameSpaceNode); + + if (base64ContentElement == null) { + throw new ParseException("parser.01", new Object[] { "Could not find Base64Content for X509Certificate."}); + } + + String base64Content = DOMUtils.getText(base64ContentElement); + + // Decode Base64 value to X509Certificate + byte[] content = Base64.decode(base64Content); + return new X509Certificate(content); + + } catch (ParserConfigurationException e) { + throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } catch (TransformerException e) { + throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } catch (CertificateException e) { + throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 0656d37d3..bff0a3fca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -123,6 +123,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { * Logs all servlet parameters for debugging purposes. */ protected void logParameters(HttpServletRequest req) { + //@TODO Parameter? for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) { String parname = (String)params.nextElement(); Logger.debug("Parameter " + parname + req.getParameter(parname)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java new file mode 100644 index 000000000..0599c79bd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -0,0 +1,287 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.cert.CertificateEncodingException; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.axis.encoding.Base64; +import org.apache.commons.fileupload.FileUploadException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Text; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +/** + * Servlet requested for getting the foreign eID + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + */ +public class GetForeignIDServlet extends AuthServlet { + + /** + * Constructor for GetForeignIDServlet. + */ + public GetForeignIDServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET GetForeignIDServlet"); + + + } + + /** + * Verifies the identity link and responds with a new + * CreateXMLSignatureRequest. + *
    + * Request parameters: + *
      + *
    • MOASessionID: ID of associated authentication session
    • + *
    • XMLResponse: <InfoboxReadResponse>
    • + *
    + * Response: + *
      + *
    • Content type: "text/xml"
    • + *
    • Content: see return value of {@link AuthenticationServer#verifyIdentityLink}
    • + *
    • Error status: 500 + *
    + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST GetForeignIDServlet"); + + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + String redirectURL = null; + X509Certificate cert = null; + AuthenticationSession session = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12"); + + session = AuthenticationServer.getSession(sessionID); + + cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters); + +// Element signature = AuthenticationServer.getInstance().getDsigElement +// (sessionID, parameters); + +// if (signature == null) { + if (cert == null) { + handleError("Error retrieving signature from foreign eID card.", null, req, resp); + } + else { + + // make SZR request + //Element samlAssertion = getIdentityLink(signature); + Element samlAssertion = getIdentityLink(cert); + + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLink identitylink = ilParser.parseIdentityLink(); + session.setIdentityLink(identitylink); + + String samlArtifactBase64 = + AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + + } + catch (ParseException ex) { + handleError(null, ex, req, resp); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + catch (SZRGWClientException ex) { + handleError(null, ex, req, resp); + } + } + + /** + * Adds a parameter to a URL. + * @param url the URL + * @param paramname parameter name + * @param paramvalue parameter value + * @return the URL with parameter added + */ + private static String addURLParameter(String url, String paramname, String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + + /** + * Does the request to the SZR-GW + * @param givenname + * @param familyname + * @param dateofbirth + * @return Identity link assertion + * @throws SZRGWClientException + */ + /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ + private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { + + SZRGWClient client = new SZRGWClient(); + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); + //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; + Logger.debug("Connection Parameters: " + connectionParameters); + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + try { + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (GeneralSecurityException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (PKIException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + + + } + catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + + } + // create request + Document doc = buildGetIdentityLinkRequest(cert); + Element request = doc.getDocumentElement(); + CreateIdentityLinkResponse response = null; + + //try { + response = client.createIdentityLinkResponse(request); + //} catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + // client = new SZRGWClient(url); + // response = client.createIdentityLinkResponse(request); + // } + + + return response.getAssertion(); + + } + + /** + * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW + * @param givenname + * @param familyname + * @param birthday + * @return + */ + private static Document buildGetIdentityLinkRequest(X509Certificate cert) { + + try { + byte[] certbyte = cert.getEncoded(); + String certstring = Base64.encode(certbyte); + + DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document doc = builder.newDocument(); + + Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); + getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); + doc.appendChild(getIdentityLink); + + Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); + getIdentityLink.appendChild(x509certificate); + Text certbase64 = doc.createTextNode(certstring); + x509certificate.appendChild(certbase64); + + return doc; + } catch (ParserConfigurationException e) { + e.printStackTrace(); + } catch (CertificateEncodingException e) { + e.printStackTrace(); + } + return null; + + } + + /** + * Checks a parameter. + * @param param parameter + * @return true if the parameter is null or empty + */ + private boolean isEmpty(String param) { + return param == null || param.length() == 0; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 894b05428..317af3e06 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -73,7 +73,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { } catch (FileUploadException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); - } + } String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); @@ -124,7 +124,8 @@ public class ProcessValidatorInputServlet extends AuthServlet { } catch (FileUploadException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); - } + } + //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); @@ -142,13 +143,15 @@ public class ProcessValidatorInputServlet extends AuthServlet { String htmlForm = null; boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed + //@TODO Parameter String inputProcessorSignForm = req.getParameter("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true"); if (doInputProcessorSign) { - // Test if we have a user input form sign template + // Test if we have a user input form sign template + //@TODO Parameter String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); String inputProcessorSignTemplate = null; OAAuthParameter oaParam = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 78c028767..09b3ae15f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -74,6 +75,7 @@ public class SelectBKUServlet extends AuthServlet { authURL = authURL.concat(":" + req.getServerPort()); } authURL = authURL.concat(req.getContextPath() + "/"); + String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); @@ -84,6 +86,16 @@ public class SelectBKUServlet extends AuthServlet { resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); try { + + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + + String returnValue = AuthenticationServer.getInstance().selectBKU( authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 961511ee7..8165f90f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -61,18 +62,36 @@ public class StartAuthenticationServlet extends AuthServlet { authURL = authURL.concat(":" + req.getServerPort()); } authURL = authURL.concat(req.getContextPath() + "/"); - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); + + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); String sessionID = req.getParameter(PARAM_SESSIONID); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - try { + + + try { + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 43947f6f0..824df9ca8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -16,9 +16,7 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.util.Iterator; import java.util.Map; -import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -28,11 +26,10 @@ import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; -import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; -import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; @@ -99,10 +96,16 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } + //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); String redirectURL = null; try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); + + AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java new file mode 100644 index 000000000..c9c1e794d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -0,0 +1,286 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.cert.CertificateEncodingException; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.axis.encoding.Base64; +import org.apache.commons.fileupload.FileUploadException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Text; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for getting the foreign eID + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + */ +public class VerifyCertificateServlet extends AuthServlet { + + /** + * Constructor for VerifyCertificateServlet. + */ + public VerifyCertificateServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET VerifyCertificateServlet"); + + + } + + /** + * Gets the signer certificate from the InfoboxReadRequest and + * responds with a new + * CreateXMLSignatureRequest. + *
    + * Request parameters: + *
      + *
    • MOASessionID: ID of associated authentication session
    • + *
    • XMLResponse: <InfoboxReadResponse>
    • + *
    + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST VerifyCertificateServlet"); + + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + //@TODO Parameter + String sessionID = req.getParameter(PARAM_SESSIONID); + AuthenticationSession session = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); + + session = AuthenticationServer.getSession(sessionID); + + X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); + + System.out.println(cert); + + String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert); + + System.out.println(createXMLSignatureRequest); + + // build dataurl (to the GetForeignIDSerlvet) + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_GET_FOREIGN_ID, + session.getSessionID()); + + ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + + +// Logger.debug("Send CreateXMLSignatureRequest to BKU"); +// String keyboxIdentifier = "SecureSignatureKeypair"; +// //String keyboxIdentifier = "CertifiedKeypair"; +// String xmlContent = " " + +// "CreateXMLSignatureRequest" + +// ""; + request += ""; + request += ""; + request += "

    Authentication Data:

    "; + request += "

    Personal Data

    "; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "
    Name:"; + request += subject; + request += "
    "; + request += "

    Application Data

    "; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "
    Name:"; + // friendlyname from OA + request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + request += "
    Country:Austria
    "; + request += "

    Technical Parameters

    "; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + boolean business = oaParam.getBusinessService(); + if (business) { + // OA is businessservice + String identifierType = oaParam.getIdentityLinkDomainIdentifierType(); + String identifier = oaParam.getIdentityLinkDomainIdentifier(); + request += ""; + request += ""; + request += ""; + request += ""; + } + else { + // OA is publicservice + request += ""; + request += ""; + request += ""; + request += ""; + + } + + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += ""; + request += "
    URL:"; + //public URL prefix from OA + request += oaParam.getPublicURLPrefix(); + request += "
    "; + request += identifierType + ":"; + request += ""; + request += identifier; + request += "
    "; + request += "Sector:"; + request += target + " (" + sectorName + ")"; + request += "
    Date:"; + request += date; + request += "
    Time:"; + request += time; + request += "
    "; + + request += "

    I hereby request to access this e-government application by using my " + + "domestic electronic identity.
    " + + "I further affirm that I am not yet registered with the Austrian Central " + + "Residents Registry and that I am not obliged to register with the Austrian " + + "Central Residents Registry according to Austrian law.
    " + + "In the event I am not yet registered with the Supplementary Register, I " + + "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + + "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).

    "; + + request += ""; + request += ""; + + request += ""; + request += ""; + request += ""; + request += ""; + request += "application/xhtml+xml"; + request += ""; + request += ""; + request += ""; + request += ""; + + return request; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 0599c79bd..c2de2e3e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -1,38 +1,31 @@ package at.gv.egovernment.moa.id.auth.servlet; import iaik.pki.PKIException; -import iaik.x509.X509Certificate; import java.io.IOException; import java.security.GeneralSecurityException; -import java.security.cert.CertificateEncodingException; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import org.apache.axis.encoding.Base64; import org.apache.commons.fileupload.FileUploadException; import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Text; import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -103,7 +96,6 @@ public class GetForeignIDServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String redirectURL = null; - X509Certificate cert = null; AuthenticationSession session = null; try { // check parameter @@ -112,46 +104,46 @@ public class GetForeignIDServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); - cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters); - -// Element signature = AuthenticationServer.getInstance().getDsigElement -// (sessionID, parameters); + String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + + Logger.debug(xmlCreateXMLSignatureResponse); + + CreateXMLSignatureResponse csresp = + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig(); -// if (signature == null) { - if (cert == null) { - handleError("Error retrieving signature from foreign eID card.", null, req, resp); + Element signature = csresp.getDsigSignature(); + + // make SZR request to the identity link + CreateIdentityLinkResponse response = getIdentityLink(signature); + + if (response.isError()) { + throw new SZRGWClientException(response.getError()); } else { - - // make SZR request - //Element samlAssertion = getIdentityLink(signature); - Element samlAssertion = getIdentityLink(cert); - - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); - IdentityLink identitylink = ilParser.parseIdentityLink(); - session.setIdentityLink(identitylink); - - String samlArtifactBase64 = - AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - resp.setContentType("text/html"); - resp.setStatus(302); - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - } - - } - catch (ParseException ex) { - handleError(null, ex, req, resp); + Element samlAssertion = response.getAssertion(); + + IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); + IdentityLink identitylink = ilParser.parseIdentityLink(); + session.setIdentityLink(identitylink); + + String samlArtifactBase64 = + AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + } catch (MOAIDException ex) { handleError(null, ex, req, resp); @@ -178,63 +170,59 @@ public class GetForeignIDServlet extends AuthServlet { /** * Does the request to the SZR-GW - * @param givenname - * @param familyname - * @param dateofbirth + * @param signature XMLDSIG signature * @return Identity link assertion * @throws SZRGWClientException */ - /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ - private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { + private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException { - SZRGWClient client = new SZRGWClient(); - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; - Logger.debug("Connection Parameters: " + connectionParameters); - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - try { - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (PKIException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + SZRGWClient client = new SZRGWClient(); + + try { + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - } - // create request - Document doc = buildGetIdentityLinkRequest(cert); - Element request = doc.getDocumentElement(); - CreateIdentityLinkResponse response = null; - - //try { - response = client.createIdentityLinkResponse(request); - //} catch (SZRGWClientException e) { - // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - // client = new SZRGWClient(url); - // response = client.createIdentityLinkResponse(request); - // } - + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + try { + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } catch (IOException e) { + throw new SZRGWClientException(e); + } catch (GeneralSecurityException e) { + throw new SZRGWClientException(e); + } catch (PKIException e) { + throw new SZRGWClientException(e); + } + } + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); + } + catch (ConfigurationException e) { + Logger.warn(e); + Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); + } + + // create request + CreateIdentityLinkResponse response = null; + Element request = null; + try { + Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature); + request = doc.getDocumentElement(); + + // send request + response = client.createIdentityLinkResponse(request); + } catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + try { + response = client.createIdentityLinkResponse(request); + } + catch (SZRGWClientException e1) { + throw new SZRGWClientException(e1); + } + } - return response.getAssertion(); + + return response; } @@ -245,43 +233,43 @@ public class GetForeignIDServlet extends AuthServlet { * @param birthday * @return */ - private static Document buildGetIdentityLinkRequest(X509Certificate cert) { - - try { - byte[] certbyte = cert.getEncoded(); - String certstring = Base64.encode(certbyte); - - DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - Document doc = builder.newDocument(); - - Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); - getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); - doc.appendChild(getIdentityLink); - - Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); - getIdentityLink.appendChild(x509certificate); - Text certbase64 = doc.createTextNode(certstring); - x509certificate.appendChild(certbase64); - - return doc; - } catch (ParserConfigurationException e) { - e.printStackTrace(); - } catch (CertificateEncodingException e) { - e.printStackTrace(); - } - return null; - - } - - /** - * Checks a parameter. - * @param param parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } +// private static Document buildGetIdentityLinkRequest(X509Certificate cert) { +// +// try { +// byte[] certbyte = cert.getEncoded(); +// String certstring = Base64.encode(certbyte); +// +// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance(); +// factory.setNamespaceAware(true); +// DocumentBuilder builder = factory.newDocumentBuilder(); +// Document doc = builder.newDocument(); +// +// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest"); +// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS); +// doc.appendChild(getIdentityLink); +// +// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate"); +// getIdentityLink.appendChild(x509certificate); +// Text certbase64 = doc.createTextNode(certstring); +// x509certificate.appendChild(certbase64); +// +// return doc; +// } catch (ParserConfigurationException e) { +// e.printStackTrace(); +// } catch (CertificateEncodingException e) { +// e.printStackTrace(); +// } +// return null; +// +// } +// +// /** +// * Checks a parameter. +// * @param param parameter +// * @return true if the parameter is null or empty +// */ +// private boolean isEmpty(String param) { +// return param == null || param.length() == 0; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 8165f90f8..2430095b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -63,7 +63,7 @@ public class StartAuthenticationServlet extends AuthServlet { } authURL = authURL.concat(req.getContextPath() + "/"); - String target = req.getParameter(PARAM_TARGET); + String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); @@ -91,7 +91,7 @@ public class StartAuthenticationServlet extends AuthServlet { String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); - + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 824df9ca8..8ae951dda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -96,7 +96,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); String redirectURL = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index c9c1e794d..1b96ce8a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -93,7 +93,6 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter String sessionID = req.getParameter(PARAM_SESSIONID); AuthenticationSession session = null; try { @@ -104,55 +103,19 @@ public class VerifyCertificateServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); - - System.out.println(cert); - - String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert); - - System.out.println(createXMLSignatureRequest); - + + String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); // build dataurl (to the GetForeignIDSerlvet) - String dataurl = + String dataurl = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_GET_FOREIGN_ID, session.getSessionID()); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - + ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); -// Logger.debug("Send CreateXMLSignatureRequest to BKU"); -// String keyboxIdentifier = "SecureSignatureKeypair"; -// //String keyboxIdentifier = "CertifiedKeypair"; -// String xmlContent = " " + -// "CreateXMLSignatureRequest" + -// ""; + +// request += ""; request += ""; request += ""; request += "

    Authentication Data:

    "; @@ -151,7 +157,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; request += ""; - request += ""; request += ""; @@ -160,21 +166,21 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "
    Name:"; + request += ""; request += subject; request += "
    "; request += ""; request += ""; - request += ""; request += ""; request += ""; request += ""; - request += ""; + request += ""; request += ""; request += "
    Name:"; + request += ""; // friendlyname from OA request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); request += "
    Country:AustriaAustria
    "; request += "

    Technical Parameters

    "; request += ""; request += ""; request += ""; - request += ""; @@ -188,7 +194,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; - request += ""; request += ""; @@ -198,7 +204,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; - request += ""; request += ""; @@ -207,19 +213,19 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; - request += ""; request += ""; request += ""; request += ""; - request += ""; request += ""; request += "
    URL:"; + request += ""; //public URL prefix from OA request += oaParam.getPublicURLPrefix(); request += ""; request += identifierType + ":"; request += ""; + request += ""; request += identifier; request += "
    "; request += "Sector:"; + request += ""; request += target + " (" + sectorName + ")"; request += "
    Date:"; + request += ""; request += date; request += "
    Time:"; + request += ""; request += time; request += "
    "; - request += "

    I hereby request to access this e-government application by using my " + + request += "

    I hereby request to access this e-government application by using my " + "domestic electronic identity.
    " + "I further affirm that I am not yet registered with the Austrian Central " + "Residents Registry and that I am not obliged to register with the Austrian " + -- cgit v1.2.3 From 7848a953758fe645da5abc16eb8abff1fdc11da8 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Tue, 27 Jul 2010 20:15:31 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1177 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 34 ++++++++++++++++++++-- .../moa/id/auth/MOAIDAuthConstants.java | 5 +++- .../builder/VerifyXMLSignatureRequestBuilder.java | 1 + .../id/auth/servlet/VerifyIdentityLinkServlet.java | 2 ++ .../id/auth/validator/IdentityLinkValidator.java | 3 ++ .../VerifyXMLSignatureResponseValidator.java | 1 + 6 files changed, 43 insertions(+), 3 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 01c6a512f..103274c29 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -15,10 +15,14 @@ */ package at.gv.egovernment.moa.id.auth; +import iaik.ixsil.exceptions.UtilsException; +import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -32,10 +36,13 @@ import java.util.Map; import java.util.Set; import java.util.Vector; +import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.w3c.dom.Element; +import org.xml.sax.SAXException; +import HTTPClient.Util; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; @@ -431,6 +438,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE); + if (isEmpty(xmlInfoboxReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); @@ -455,8 +463,30 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID."); return null; } - - // parses the + + // for testing new identity link certificate +// xmlInfoboxReadResponse = null; +// try { +// File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml"); +// FileInputStream fis; +// +// fis = new FileInputStream(file); +// byte[] array = Utils.readFromInputStream(fis); +// +// xmlInfoboxReadResponse = new String(array); +// System.out.println(xmlInfoboxReadResponse); +// +// } catch (FileNotFoundException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (UtilsException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } + + + + // parses the IdentityLink identityLink = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); // validates the identity link diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 88859dc3f..84f8f6985 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -86,7 +86,10 @@ public interface MOAIDAuthConstants { */ public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", - "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; + "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission", + "EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"}; + //"E=dsk@dsk.gv.at,SERIALNUMBER=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"}; + /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index a14d0325f..2c97f01ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -131,6 +131,7 @@ public class VerifyXMLSignatureRequestBuilder { Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); signatureManifestCheckParamsElem.appendChild(referenceInfoElem); Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); + for (int i = 0; i < dsigTransforms.length; i++) { Element verifyTransformsInfoProfileElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 1fc5013f3..ba3e2141b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -106,6 +106,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + + Logger.debug(createXMLSignatureRequestOrRedirect); if (createXMLSignatureRequestOrRedirect == null) { // no identity link found diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java index 1c9b66124..baaa21db2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -155,6 +155,9 @@ public class IdentityLinkValidator implements Constants { if (attributeValue==null) attributeValue = (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); + if (attributeValue==null) + attributeValue = + (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue"); if (attributeValue == null) throw new ValidateException("validator.02", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index bc7db72f4..affa95c2b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -124,6 +124,7 @@ public class VerifyXMLSignatureResponseValidator { catch (RFC2253NameParserException e) { throw new ValidateException("validator.17", null); } + System.out.println("subjectDN: " + subjectDN); // check the authorisation to sign the identity link if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { // subject DN check failed, try OID check: -- cgit v1.2.3 From 2055901cfa1622e18249528878b760d492522a50 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 28 Jul 2010 18:19:42 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1180 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 5 +++-- .../main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java | 4 +--- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 103274c29..6b6f48646 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -465,6 +465,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } // for testing new identity link certificate + // https://localhost:8443/moa-id-auth/StartAuthentication?Target=AR&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample // xmlInfoboxReadResponse = null; // try { // File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml"); @@ -474,7 +475,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // byte[] array = Utils.readFromInputStream(fis); // // xmlInfoboxReadResponse = new String(array); -// System.out.println(xmlInfoboxReadResponse); +// //System.out.println(xmlInfoboxReadResponse); // // } catch (FileNotFoundException e) { // // TODO Auto-generated catch block @@ -483,7 +484,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // // TODO Auto-generated catch block // e.printStackTrace(); // } - +// // parses the diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 84f8f6985..0e361ee57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -86,9 +86,7 @@ public interface MOAIDAuthConstants { */ public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", - "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission", - "EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"}; - //"E=dsk@dsk.gv.at,SERIALNUMBER=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"}; + "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; -- cgit v1.2.3 From 63994a018a74808e6124e45e32a970c9a24410ee Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 26 Aug 2010 13:49:48 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1186 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 12 ++++++------ .../gv/egovernment/moa/id/auth/WrongParametersException.java | 2 +- .../main/java/at/gv/egovernment/moa/id/util/SSLUtils.java | 7 ++++--- 3 files changed, 11 insertions(+), 10 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 6b6f48646..8de82a8d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -181,9 +181,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5"); + throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.05"); if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.05"); ConnectionParameter bkuConnParam = AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); @@ -198,7 +198,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (!oaParam.getBusinessService()) { if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5"); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); } else { if (!isEmpty(target)) { Logger.info("Ignoring target parameter thus application type is \"businessService\""); @@ -307,7 +307,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (isEmpty(sessionID)) { if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5"); + throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.05"); //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) String boolStr = @@ -316,7 +316,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.05"); } AuthenticationSession session; OAAuthParameter oaParam; @@ -332,7 +332,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.00", new Object[] { oaURL }); if (!oaParam.getBusinessService()) { if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5"); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); } else { target = null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java index f4827c189..720bb9bb0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java @@ -31,7 +31,7 @@ public class WrongParametersException extends MOAIDException { */ public WrongParametersException(String call, String parameter, String errorID) { super(errorID, new Object[] {call, parameter}); - //super("auth.5", new Object[] {call, parameter}); + //super("auth.05", new Object[] {call, parameter}); //super("auth.12", new Object[] {call, parameter}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index a50a366a5..c40c07b38 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -20,6 +20,7 @@ import iaik.pki.PKIException; import iaik.pki.PKIFactory; import iaik.pki.PKIProfile; import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; import java.io.BufferedInputStream; import java.io.BufferedReader; @@ -70,9 +71,9 @@ public class SSLUtils { public static void initialize() { sslSocketFactories = new HashMap(); // JSSE Abhängigkeit - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - //Security.addProvider(new IAIK()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + Security.addProvider(new IAIK()); + //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); } -- cgit v1.2.3 From 9419526705fcc60555a686c3c91bc45d06efe739 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Mon, 24 Jan 2011 13:51:25 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1194 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/util/InOrderServletRequestWrapper.java | 36 +++++++++++++++------- 1 file changed, 25 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java index 20f811e39..958ae646e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java @@ -106,9 +106,9 @@ public class InOrderServletRequestWrapper extends HttpServletRequestWrapper { bodyParameters = new Hashtable(); //Insert code for Query string parsing - String rawQuery = req.getQueryString(); + String rawQuery = req.getQueryString(); queryParameters = tokenize(queryParameters, queryParamOrder, rawQuery, DEFAULT_CHARACTER_ENCODING, true); - + //analyze HTTP Post body parameters if (req.getMethod().equalsIgnoreCase("POST")) { @@ -118,6 +118,7 @@ public class InOrderServletRequestWrapper extends HttpServletRequestWrapper { if (req.getContentType().equals("application/x-www-form-urlencoded")) { + try { bodyParameters = parsePostData(bodyParameters, req.getContentLength(), req.getInputStream(), enc); @@ -217,25 +218,38 @@ public class InOrderServletRequestWrapper extends HttpServletRequestWrapper { { String pair = (String) st.nextToken(); int pos = pair.indexOf('='); - if (pos == -1) - { - throw new IllegalArgumentException(); - } +// if (pos == -1) +// { +// throw new IllegalArgumentException(); +// } try { if (decode) { - key = URLDecoder.decode(pair.substring(0, pos), encoding); - val = URLDecoder.decode(pair.substring(pos + 1, pair.length()), encoding); + if (pos == -1) { // query is not a key=value pair, it is just a key + key = URLDecoder.decode(pair, encoding); + val = ""; // value is empty string + } + else { + key = URLDecoder.decode(pair.substring(0, pos), encoding); + val = URLDecoder.decode(pair.substring(pos + 1, pair.length()), encoding); + } } else { - key = pair.substring(0, pos); - val = pair.substring(pos + 1, pair.length()); + if (pos == -1) { // query is not a key=value pair, it is just a key + key = pair; + val = ""; // value is empty string + } + else { + key = pair.substring(0, pos); + val = pair.substring(pos + 1, pair.length()); + } } //Logger.debug("(" + Integer.toString(key.length()) + "=" + Integer.toString(pair.substring(0, pos).length()) + ")"+key+"|--|"+pair.substring(0, pos)); //Logger.debug("(" + Integer.toString(val.length()) + "=" + Integer.toString(pair.substring(pos + 1, pair.length()).length()) + ")"+val+"|--|"+pair.substring(pos + 1, pair.length())); } catch (Exception e) { - throw new IllegalArgumentException(); + Logger.error("Error encoding query", e); + throw new IllegalArgumentException(); } if (ht.containsKey(key)) { -- cgit v1.2.3 From 2a31c88fda199a37fb7136d86100a9c330e5de34 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Mon, 28 Mar 2011 17:22:32 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1197 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 0cd0a0b7a..ce15b75bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -659,18 +659,14 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } else { Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue); } - if (isTransferEncodingChunkedHeader(headerKey, headerValue)) { - chunked = true; - transferEncodingKey = headerKey; + if (isTransferEncodingChunkedHeader(headerKey, headerValue) || "content-length".equalsIgnoreCase(headerKey)) { + respHeaders.remove(respHeader); + Logger.debug("Resp header " + headerKey + " REMOVED"); } - if ("content-length".equalsIgnoreCase(headerKey)) - contentLengthKey = headerKey; + i++; } - if (chunked && contentLengthKey != null) { - respHeaders.remove(transferEncodingKey); - Logger.debug("Resp header " + transferEncodingKey + " REMOVED"); - } + String headerValue; String respHeader[] = new String[2]; -- cgit v1.2.3 From ab7c7b6a64edca60b78a89b18a1972ad5e38586e Mon Sep 17 00:00:00 2001 From: kstranacher Date: Fri, 1 Apr 2011 08:03:14 +0000 Subject: =?UTF-8?q?-=20Update=20Parameter=C3=BCberpr=C3=BCfung=20-=20Updat?= =?UTF-8?q?e=20MOA-Template=20zur=20B=C3=BCrgerkartenauswahl=20-=20=C3=84n?= =?UTF-8?q?derung=20der=20Konfiguration=20f=C3=BCr:=20=09-=20Angabe=20eine?= =?UTF-8?q?r=20Liste=20von=20vertrauensw=C3=BCrdigen=20BKUs=20(aufgrund=20?= =?UTF-8?q?Parameterpr=C3=BCfung)=20-=20Fixed=20Bug=20#552=20(http://egovl?= =?UTF-8?q?abs.gv.at/tracker/index.php=3Ffunc=3Ddetail&aid=3D552&group=5Fi?= =?UTF-8?q?d=3D6&atid=3D105)=20-=20Fixed=20Bug=20#551=20(http://egovlabs.g?= =?UTF-8?q?v.at/tracker/index.php=3Ffunc=3Ddetail&aid=3D551&group=5Fid=3D6?= =?UTF-8?q?&atid=3D105)=20-=20Fixed=20Bug=20#550=20(http://egovlabs.gv.at/?= =?UTF-8?q?tracker/index.php=3Ffunc=3Ddetail&aid=3D550&group=5Fid=3D6&atid?= =?UTF-8?q?=3D105)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1198 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 8 +- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../moa/id/auth/servlet/AuthServlet.java | 16 +- .../moa/id/auth/servlet/ConfigurationServlet.java | 7 + .../moa/id/auth/servlet/GetForeignIDServlet.java | 24 +- .../auth/servlet/ProcessValidatorInputServlet.java | 63 ++- .../moa/id/auth/servlet/SelectBKUServlet.java | 27 +- .../auth/servlet/StartAuthenticationServlet.java | 24 +- .../servlet/VerifyAuthenticationBlockServlet.java | 20 + .../id/auth/servlet/VerifyCertificateServlet.java | 16 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 18 +- .../moa/id/config/ConfigurationBuilder.java | 20 + .../id/config/auth/AuthConfigurationProvider.java | 17 +- .../moa/id/util/ParamValidatorUtils.java | 465 +++++++++++++++++---- .../java/at/gv/egovernment/moa/id/util/Random.java | 15 +- 15 files changed, 635 insertions(+), 107 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 8de82a8d6..64eaf30cd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -800,9 +800,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes + session.setExtendedSAMLAttributesOA(new Vector()); + if (verifyInfoboxParameters != null) { - session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes - session.setExtendedSAMLAttributesOA(new Vector()); + infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); // get the list of infobox identifiers List identifiers = verifyInfoboxParameters.getIdentifiers(); @@ -1556,7 +1558,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * already for the given session ID */ private static AuthenticationSession newSession() throws AuthenticationException { - String sessionID = Random.nextRandom(); + String sessionID = Random.nextRandom(); AuthenticationSession newSession = new AuthenticationSession(sessionID); synchronized (sessionStore) { AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 0e361ee57..259b21db7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -28,6 +28,8 @@ public interface MOAIDAuthConstants { /** servlet parameter "Target" */ public static final String PARAM_TARGET = "Target"; + /** servlet parameter "useMandate" */ + public static final String PARAM_USEMANDATE = "useMandate"; /** servlet parameter "OA" */ public static final String PARAM_OA = "OA"; /** servlet parameter "bkuURI" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index bff0a3fca..109d17d11 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -53,7 +53,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { /** - * Handles an error.
    + * Handles an error.
    > *

      *
    • Logs the error
    • *
    • Places error message and exception thrown into the request @@ -89,7 +89,13 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { //forward this to errorpage-auth.jsp where the HTML error page is generated ServletContext context = getServletContext(); RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); - try { + try { + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + dispatcher.forward(req, resp); } catch (ServletException e) { Logger.error(e); @@ -111,6 +117,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { ServletContext context = getServletContext(); RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); try { + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + dispatcher.forward(req, resp); } catch (ServletException e) { Logger.error(e); @@ -123,7 +134,6 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { * Logs all servlet parameters for debugging purposes. */ protected void logParameters(HttpServletRequest req) { - //@TODO Parameter? for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) { String parname = (String)params.nextElement(); Logger.debug("Parameter " + parname + req.getParameter(parname)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java index be8b5e272..a9082dd8e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -26,6 +26,7 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -48,6 +49,12 @@ public class ConfigurationServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 23d4eab20..c83650587 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -12,11 +12,13 @@ import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -61,7 +63,12 @@ public class GetForeignIDServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET GetForeignIDServlet"); - + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } @@ -87,6 +94,11 @@ public class GetForeignIDServlet extends AuthServlet { Logger.debug("POST GetForeignIDServlet"); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { @@ -97,16 +109,24 @@ public class GetForeignIDServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + String redirectURL = null; AuthenticationSession session = null; try { + String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12"); + if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) + throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); session = AuthenticationServer.getSession(sessionID); - String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + Logger.debug(xmlCreateXMLSignatureResponse); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 317af3e06..54d08c59e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -24,10 +24,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -36,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; @@ -66,7 +70,12 @@ public class ProcessValidatorInputServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("GET ProcessInput"); + Logger.debug("GET ProcessInput"); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { parameters = getParameters(req); @@ -78,8 +87,15 @@ public class ProcessValidatorInputServlet extends AuthServlet { if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); - try { + try { + + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); + AuthenticationSession session = AuthenticationServer.getSession(sessionID); InfoboxValidator infoboxvalidator = session.getFirstPendingValidator(); String outputStream; @@ -103,7 +119,10 @@ public class ProcessValidatorInputServlet extends AuthServlet { out.flush(); out.close(); Logger.debug("Finished GET ProcessInput"); - } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } catch (MOAIDException ex) { handleError(null, ex, req, resp); } @@ -117,7 +136,13 @@ public class ProcessValidatorInputServlet extends AuthServlet { protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("POST ProcessInput"); + Logger.debug("POST ProcessInput"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { parameters = getParameters(req); @@ -125,13 +150,20 @@ public class ProcessValidatorInputServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - //@TODO Parameter + String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); - try { + try { + + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); + AuthenticationSession session = AuthenticationServer.getSession(sessionID); AuthenticationServer.processInput(session, parameters); String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); @@ -143,16 +175,22 @@ public class ProcessValidatorInputServlet extends AuthServlet { String htmlForm = null; boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed - //@TODO Parameter + String inputProcessorSignForm = req.getParameter("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); - if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); + if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); + // escape parameter strings + inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm); if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true"); if (doInputProcessorSign) { // Test if we have a user input form sign template - //@TODO Parameter - String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); + + String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); + + if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) + throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); + String inputProcessorSignTemplate = null; OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); @@ -199,7 +237,10 @@ public class ProcessValidatorInputServlet extends AuthServlet { resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); } - } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } catch (MOAIDException ex) { handleError(null, ex, req, resp); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 09b3ae15f..6e285a2c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -24,7 +24,10 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -70,6 +73,12 @@ public class SelectBKUServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET SelectBKU"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + String authURL = req.getScheme() + "://" + req.getServerName(); if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { authURL = authURL.concat(":" + req.getServerPort()); @@ -80,6 +89,14 @@ public class SelectBKUServlet extends AuthServlet { String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); String templateURL = req.getParameter(PARAM_TEMPLATE); + + // escape parameter strings + target = StringEscapeUtils.escapeHtml(target); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); + + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); @@ -89,11 +106,13 @@ public class SelectBKUServlet extends AuthServlet { // check parameter if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) + throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); String returnValue = AuthenticationServer.getInstance().selectBKU( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 2430095b2..10b4041df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -17,12 +17,16 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.io.PrintWriter; +import java.io.Reader; +import java.io.StringReader; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; @@ -64,16 +68,27 @@ public class StartAuthenticationServlet extends AuthServlet { authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); + String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); String sessionID = req.getParameter(PARAM_SESSIONID); + String useMandate = req.getParameter(PARAM_USEMANDATE); + + // escape parameter strings + target = StringEscapeUtils.escapeHtml(target); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + bkuURL = StringEscapeUtils.escapeHtml(bkuURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + sessionID = StringEscapeUtils.escapeHtml(sessionID); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); + //System.out.println("useMandate: " + useMandate); try { // check parameter @@ -83,10 +98,14 @@ public class StartAuthenticationServlet extends AuthServlet { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(templateURL)) + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + + String getIdentityLinkForm = @@ -97,6 +116,7 @@ public class StartAuthenticationServlet extends AuthServlet { out.print(getIdentityLinkForm); out.flush(); Logger.debug("Finished GET StartAuthentication"); + } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 8ae951dda..ad01de6c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -23,9 +23,11 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -60,6 +62,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET VerifyAuthenticationBlock"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } /** @@ -87,6 +95,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("POST VerifyAuthenticationBlock"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { @@ -98,11 +112,17 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + String redirectURL = null; try { // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); + if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) + throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); AuthenticationSession session = AuthenticationServer.getSession(sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 1b96ce8a4..76c5476ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -17,12 +17,14 @@ import javax.xml.parsers.ParserConfigurationException; import org.apache.axis.encoding.Base64; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Text; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -64,7 +66,10 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.debug("GET VerifyCertificateServlet"); - + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); } /** @@ -84,6 +89,11 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.debug("POST VerifyCertificateServlet"); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; try { @@ -94,6 +104,10 @@ public class VerifyCertificateServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + AuthenticationSession session = null; try { // check parameter diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index ba3e2141b..dff366829 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -23,10 +23,12 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; @@ -61,6 +63,11 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET VerifyIdentityLink"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); } /** @@ -85,6 +92,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("POST VerifyIdentityLink"); + Map parameters; try { @@ -95,10 +103,16 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); - - + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + try { // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 7cc33ca52..dbfbda535 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -161,6 +161,10 @@ public class ConfigurationBuilder { protected static final String GENERIC_CONFIGURATION_XPATH = ROOT + CONF + "GenericConfiguration"; + /** an XPATH-Expression */ + protected static final String TRUSTED_BKUS = + ROOT + CONF + "TrustedBKUs/" + CONF + "BKUURL"; + /** an XPATH-Expression */ protected static final String CHAINING_MODES_XPATH = ROOT + CONF + "ChainingModes"; @@ -372,6 +376,22 @@ public class ConfigurationBuilder { return result; } + public List getTrustedBKUs() { + + List trustedBKUs = new ArrayList(); + + NodeIterator bkuIter = XPathUtils.selectNodeIterator(configElem_, TRUSTED_BKUS); + + Element vtElem; + + while ((vtElem = (Element) bkuIter.nextNode()) != null) { + String bkuURL = DOMUtils.getText(vtElem); + trustedBKUs.add(bkuURL); + } + + return trustedBKUs; + + } /** * Returns a list containing all X509 Subject Names diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index a25bc1af5..6e296b4f4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -164,6 +164,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ private ConnectionParameter foreignIDConnectionParameter; + /** + * Parameter for trusted BKUs + */ + private List trustedBKUs; + /** * Return the single instance of configuration data. * @@ -271,7 +276,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider { defaultChainingMode = builder.getDefaultChainingMode(); chainingModes = builder.buildChainingModes(); trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + trustedBKUs = builder.getTrustedBKUs(); } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); @@ -411,6 +417,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider { public List getIdentityLinkX509SubjectNames() { return identityLinkX509SubjectNames; } + + /** + * Returns the trustBKUs. + * @return List + */ + public List getTrustedBKUs() { + return this.trustedBKUs; + } + /** * Returns the bKUConnectionParameter. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 684291c59..79db9907b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -1,14 +1,25 @@ package at.gv.egovernment.moa.id.util; -import java.io.BufferedReader; import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; +import java.io.StringReader; import java.net.MalformedURLException; import java.net.URL; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; +import javax.servlet.http.HttpServletRequest; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; + public class ParamValidatorUtils { @@ -19,52 +30,266 @@ public class ParamValidatorUtils { */ public static boolean isValidTarget(String target) { + Logger.debug("Überprüfe Parameter Target"); + // if non parameter is given return true - if (target == null) - return true; + if (target == null) { + Logger.debug("Parameter Target ist null"); + return true; + } + Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}"); Matcher matcher = pattern.matcher(target); - return matcher.matches(); + boolean b = matcher.matches(); + if (b) { + Logger.debug("Parameter Target erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); + return false; + } + } /** - * Checks if the given bkuURI is valid + * Checks if the given useMandate is valid * @param target HTTP parameter from request * @return */ - public static boolean isValidBKUURI(String bkuURI) { + public static boolean isValidUseMandate(String usemandate) { + Logger.debug("Überprüfe Parameter useMandate"); + // if non parameter is given return true - if (bkuURI == null) - return true; + if (usemandate== null) { + Logger.debug("Parameter useMandate ist null"); + return true; + } + - // check if bkuURI is a valid URL - try { - new URL(bkuURI); - return true; - } catch (MalformedURLException e) { - return false; + if (usemandate.compareToIgnoreCase("true") == 0 || usemandate.compareToIgnoreCase("false") == 0) { + Logger.debug("Parameter useMandate erfolgreich überprüft"); + return true; } + else { + Logger.error("Fehler Überprüfung Parameter useMandate. useMandate ist weder 'true' noch 'false')"); + return false; + } + + + + + } /** - * Checks if the given template is valid + * Checks if the given bkuURI is valid * @param target HTTP parameter from request * @return */ - public static boolean isValidTemplate(String template) { + public static boolean isValidBKUURI(String bkuURI) { + Logger.debug("Überprüfe Parameter bkuURI"); + // if non parameter is given return true + if (bkuURI == null) { + Logger.debug("Parameter bkuURI ist null"); + return true; + } + + // check if template is a valid URL + try { + // check if bku url starts with http or https + if (bkuURI.startsWith("http") || bkuURI.startsWith("https")) { + URL url =new URL(bkuURI); + + // check if bkuURI is a local BKU + if (bkuURI.compareToIgnoreCase("https://localhost:3496/https-security-layer-request") == 0 || + bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0) { + Logger.debug("Parameter bkuURI erfolgreich überprüft"); + return true; + } + else { + Logger.debug("Parameter bkuURI ist keine lokale BKU. Überprüfe Liste der vertrauenswürdigen BKUs."); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + List trustedBKUs = authConf.getTrustedBKUs(); + boolean b = trustedBKUs.contains(bkuURI); + if (b) { + Logger.debug("Parameter bkuURI erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist nicht auf Liste der vertrauenswürdigen BKUs (Konfigurationselement: MOA-IDConfiguration/TrustedBKUs)"); + return false; + } + } + + + } + else { + Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI beginnt nicht mit http or https"); + return false; + } + + + } catch (MalformedURLException e) { + Logger.error("Fehler Überprüfung Parameter bkuURI", e); + return false; + } catch (ConfigurationException e) { + Logger.error("Fehler Überprüfung Parameter bkuURI", e); + return false; + } + } + +// private static boolean testBKUConnection(URL url) { +// +// // make NullOperationRequest +// //String request = ""; +// String request = ""; +// +// HttpURLConnection connection; +// if (url != null) { +// try { +// if (url.toExternalForm().startsWith("https")) { +// connection = (HttpsURLConnection)url.openConnection(); +// } +// else { +// connection = (HttpURLConnection)url.openConnection(); +// } +// +// connection.setRequestMethod("POST"); +// connection.setDoOutput(true); +// +// connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); +// +// String toSend = URLEncoder.encode(request, "UTF-8"); +// toSend = "XMLRequest=" + toSend; +// connection.setRequestProperty("Content-Length", String.valueOf(toSend.getBytes().length)); +// +// Logger.debug("Send NullOperationRequest to BKU."); +// +// OutputStream out = connection.getOutputStream(); +// out.write(toSend.getBytes()); +// +// // get response +// connection.connect(); +// int responseCode = connection.getResponseCode(); +// +// if (responseCode != 200) { +// InputStream is = connection.getErrorStream(); +// int ch; +// String ret = ""; +// while ((ch = is.read()) != -1) +// ret += (char)ch; +// +// is.close(); +// +// System.out.println("ret: " + ret); +// +// Logger.error("Fehler Überprüfung Parameter bkuURI. Antwortcode von BKU ist nicht 200."); +// return false; +// } +// +// DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); +// factory.setNamespaceAware(true); +// DocumentBuilder builder = factory.newDocumentBuilder(); +// +// //Document doc = builder.parse(connection.getInputStream()); +// +// System.out.println(convertStreamToString(connection.getInputStream())); +// +//// NodeList l = doc.getElementsByTagNameNS(Constants.SL12_NS_URI, "ErrorResponse"); +//// if (l.getLength() != 0) { +//// Logger.error("Fehler Überprüfung Parameter bkuURI. ErrorResponse von BKU empfangen."); +//// return false; +//// } +// +// Logger.debug("Parameter Template bkuURI erfolgreich überprüft"); +// return true; +// +//// } catch (SAXException e) { +//// Logger.error("Fehler Überprüfung Parameter bkuURI.", e); +//// return false; +// } catch (IOException e) { +// Logger.error("Fehler Überprüfung Parameter bkuURI.", e); +// return false; +// } catch (ParserConfigurationException e) { +// Logger.error("Fehler Überprüfung Parameter bkuURI.", e); +// return false; +// } +// } +// else { +// Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist null."); +// return false; +// } +// +// +// } + +// public static String convertStreamToString(InputStream is) { +// if (is != null) { +// Writer writer = new StringWriter(); +// +// char[] buffer = new char[1024]; +// try { +// Reader reader = new BufferedReader(new InputStreamReader(is, "UTF-8")); +// int n; +// while ((n = reader.read(buffer)) != -1) { +// writer.write(buffer, 0, n); +// } +// } catch (IOException e) { +// e.printStackTrace(); +// } +// +// return writer.toString(); +// } +// else { +// return ""; +// } +// } + + /** + * Checks if the given template is valid + * @param req + * @param template + * @return + */ + public static boolean isValidTemplate(HttpServletRequest req, String template) { + Logger.debug("Überprüfe Parameter Template bzw. bkuSelectionTemplateURL"); + // if non parameter is given return true - if (template == null) - return true; + if (template == null) { + Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL ist null"); + return true; + } // check if template is a valid URL try { - new URL(template); - return true; + + // check if template url starts with http or https + if (template.startsWith("http") || template.startsWith("https")) { + + // check if template url is from same server + if (template.contains(req.getServerName())) { + new URL(template); + Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ")"); + return false; + } + + } + else { + Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https."); + return false; + } + + } catch (MalformedURLException e) { - e.printStackTrace(); + Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL.", e); return false; } } @@ -75,16 +300,31 @@ public class ParamValidatorUtils { * @return */ public static boolean isValidSessionID(String sessionID) { - + Logger.debug("Überprüfe Parameter MOASessionId"); + // if non parameter is given return true - if (sessionID == null) - return true; + if (sessionID == null) { + Logger.debug("Parameter MOASessionId ist null"); + return true; + } + Pattern pattern = Pattern.compile("[0-9-]*"); Matcher matcher = pattern.matcher(sessionID); - return matcher.matches(); - + boolean b = matcher.matches(); + if (b) { + Logger.debug("Parameter MOASessionId erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)"); + return false; + } + + + + } /** @@ -93,18 +333,68 @@ public class ParamValidatorUtils { * @return */ public static boolean isValidOA(String oa) { + Logger.debug("Überprüfe Parameter oa"); + // if non parameter is given return true + if (oa == null) { + Logger.debug("Parameter oa ist null"); + return true; + } + + // check if template is a valid URL + try { + + // check if template url starts with http or https + if (oa.startsWith("http") || oa.startsWith("https")) { + new URL(oa); + Logger.debug("Parameter oa erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter oa. oa beginnt nicht mit http or https"); + return false; + } + + } catch (MalformedURLException e) { + Logger.error("Fehler Überprüfung Parameter oa", e); + return false; + } + + } - // if non parameter is given return true - if (oa == null) - return true; - - // check if oa is a valid URL - try { - new URL(oa); - return true; - } catch (MalformedURLException e) { - return false; - } + /** + * Checks if the given signurl is valid + * @param target HTTP parameter from request + * @return + */ + public static boolean isValidSignUrl(String signurl) { + + Logger.debug("Überprüfe Parameter signurl"); + + // if non parameter is given return true + if (signurl == null) { + Logger.debug("Parameter signurl ist null"); + return true; + } + + // check if template is a valid URL + try { + + // check if signurl starts with http or https + if (signurl.startsWith("http") || signurl.startsWith("https")) { + new URL(signurl); + Logger.debug("Parameter signurl erfolgreich überprüft"); + return true; + } + else { + Logger.error("Fehler Überprüfung Parameter signurl. signurl beginnt nicht mit http or https"); + return false; + } + + } catch (MalformedURLException e) { + Logger.error("Fehler Überprüfung Parameter signurl", e); + return false; + } + } /** @@ -115,44 +405,69 @@ public class ParamValidatorUtils { * @param data * @return */ - private static boolean checkPlaceHolders(String data) { - - boolean bku = data.contains(""); - boolean xmlrequest = data.contains(""); - boolean dataurl = data.contains(""); - boolean certinfoxmlrequest = data.contains(""); - boolean certinfodataurl = data.contains(""); - - System.out.println("Check Data: "); - System.out.println("bku: " + bku); - System.out.println("xmlrequest: " + xmlrequest); - System.out.println("dataurl: " + dataurl); - System.out.println("certinfoxmlrequest: " + certinfoxmlrequest); - System.out.println("certinfodataurl: " + certinfodataurl); - - - //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl; - return true; - - } +// private static boolean checkPlaceHolders(String data) { +// +// boolean bku = data.contains(""); +// boolean xmlrequest = data.contains(""); +// boolean dataurl = data.contains(""); +// boolean certinfoxmlrequest = data.contains(""); +// boolean certinfodataurl = data.contains(""); +// +// System.out.println("Check Data: "); +// System.out.println("bku: " + bku); +// System.out.println("xmlrequest: " + xmlrequest); +// System.out.println("dataurl: " + dataurl); +// System.out.println("certinfoxmlrequest: " + certinfoxmlrequest); +// System.out.println("certinfodataurl: " + certinfodataurl); +// +// +// //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl; +// return true; +// +// } - /** - * Converts an input stream to a string - * @param is - * @return - * @throws Exception - */ - private static String convertStreamToString(InputStream is) throws Exception { - BufferedReader reader = new BufferedReader(new InputStreamReader(is)); - StringBuilder sb = new StringBuilder(); - String line = null; - while ((line = reader.readLine()) != null) { - sb.append(line); - } - is.close(); - return sb.toString(); - } +// /** +// * Converts an input stream to a string +// * @param is +// * @return +// * @throws Exception +// */ +// private static String convertStreamToString(InputStream is) throws Exception { +// BufferedReader reader = new BufferedReader(new InputStreamReader(is)); +// StringBuilder sb = new StringBuilder(); +// String line = null; +// while ((line = reader.readLine()) != null) { +// sb.append(line); +// } +// is.close(); +// return sb.toString(); +// } + + public static boolean isValidXMLDocument(String document) { + + Logger.debug("Überprüfe Parameter XMLDocument"); + try { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + DocumentBuilder builder = factory.newDocumentBuilder(); + InputSource is = new InputSource(new StringReader(document)); + builder.parse(is); + + Logger.debug("Parameter XMLDocument erfolgreich überprüft"); + return true; + + } catch (ParserConfigurationException e) { + Logger.error("Fehler Überprüfung Parameter XMLDocument", e); + return false; + } catch (SAXException e) { + Logger.error("Fehler Überprüfung Parameter XMLDocument", e); + return false; + } catch (IOException e) { + Logger.error("Fehler Überprüfung Parameter XMLDocument", e); + return false; + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index 225a5e246..450c002f9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -15,7 +15,8 @@ */ package at.gv.egovernment.moa.id.util; -import java.util.Date; +import java.nio.ByteBuffer; +import java.security.SecureRandom; /** * Random number generator used to generate ID's @@ -25,13 +26,21 @@ import java.util.Date; public class Random { /** random number generator used */ - private static java.util.Random random = new java.util.Random(new Date().getTime()); + private static SecureRandom random = new SecureRandom(); /** * Creates a new random number, to be used as an ID. * * @return random long as a String */ public static String nextRandom() { - return "" + random.nextLong(); + + byte[] b = new byte[16]; // 16 bytes = 128 bits + random.nextBytes(b); + + + ByteBuffer bb = ByteBuffer.wrap(b); + long l = bb.getLong(); + + return "" + l; } } -- cgit v1.2.3 From ac9a6c52e96f4c737de3392a7ba16b8fa8958b85 Mon Sep 17 00:00:00 2001 From: kstranacher Date: Wed, 6 Apr 2011 15:29:11 +0000 Subject: =?UTF-8?q?-=20IAIK=20Libraries=20(repository)=20aktualisiert:=20?= =?UTF-8?q?=09iaik-moa:=20=20=20=20=20=20=20=20=20=20=20Version=201.29=20?= =?UTF-8?q?=09iaik=5Fjce=5Ffull:=09=09Version=204.0=5FMOA=20=09iaik=5Fcms:?= =?UTF-8?q?=09=09=09Version=204.1=5FMOA=20-=20Einbindung=20von=20Online-Vo?= =?UTF-8?q?llmachten=20-=20Update=20MOA-Template=20zur=20B=C3=BCrgerkarten?= =?UTF-8?q?auswahl=20-=20Update=20Doku=20-=20Update=20Transformationen=20(?= =?UTF-8?q?f=C3=BCr=20Online-Vollmachten)=20-=20=C3=84nderung=20der=20Konf?= =?UTF-8?q?iguration=20f=C3=BCr:=20=09-=20Online-Vollmachten?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1199 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/AuthenticationServer.java | 240 ++++++++++++++++++- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../auth/builder/GetIdentityLinkFormBuilder.java | 67 ++++++ .../builder/VerifyXMLSignatureRequestBuilder.java | 79 +++++++ .../moa/id/auth/data/AuthenticationSession.java | 45 ++++ .../moa/id/auth/servlet/GetForeignIDServlet.java | 9 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 174 ++++++++++++++ .../auth/servlet/ProcessValidatorInputServlet.java | 4 +- .../auth/servlet/StartAuthenticationServlet.java | 18 +- .../servlet/VerifyAuthenticationBlockServlet.java | 2 + .../id/auth/servlet/VerifyCertificateServlet.java | 214 +++++++++++------ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 37 ++- .../moa/id/auth/validator/parep/ParepUtils.java | 9 +- .../id/auth/validator/parep/ParepValidator.java | 6 +- .../moa/id/config/ConfigurationBuilder.java | 32 ++- .../id/config/auth/AuthConfigurationProvider.java | 15 ++ .../moa/id/config/auth/OAAuthParameter.java | 21 ++ .../moa/id/proxy/servlet/ProxyServlet.java | 12 +- .../moa/id/util/ParamValidatorUtils.java | 3 + .../gv/egovernment/moa/id/util/ServletUtils.java | 3 +- .../moa/id/util/client/mis/simple/MISMandate.java | 48 ++++ .../id/util/client/mis/simple/MISSessionId.java | 22 ++ .../id/util/client/mis/simple/MISSimpleClient.java | 261 +++++++++++++++++++++ .../mis/simple/MISSimpleClientException.java | 22 ++ 24 files changed, 1246 insertions(+), 99 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 64eaf30cd..a772e0457 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -15,14 +15,11 @@ */ package at.gv.egovernment.moa.id.auth; -import iaik.ixsil.exceptions.UtilsException; -import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; +import java.io.ByteArrayInputStream; import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -39,10 +36,11 @@ import java.util.Vector; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; import org.w3c.dom.Element; import org.xml.sax.SAXException; -import HTTPClient.Util; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; @@ -63,6 +61,7 @@ import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -81,6 +80,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -94,6 +94,7 @@ import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -288,6 +289,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be null; in this case, the default location will be used + * @param useMandate Indicates if mandate is used or not * @param templateURL URL providing an HTML template for the HTML form generated * @param scheme determines the protocol used * @return HTML form @@ -301,6 +303,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String oaURL, String templateURL, String bkuURL, + String useMandate, String sessionID, String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { @@ -343,7 +346,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); + session.setBusinessService(oaParam.getBusinessService()); } // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -357,8 +360,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), - oaParam.getBusinessService(), + oaParam.getBusinessService(), oaParam.getIdentityLinkDomainIdentifier()); + + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + session.setUseMandate(useMandate); + } + else { + session.setUseMandate("false"); + } String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), @@ -529,6 +539,78 @@ public class AuthenticationServer implements MOAIDAuthConstants { return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); } + + /** + * Processes an Mandate sent by the + * MIS.
      + *
        + *
      • Validates given Mandate
      • + *
      • Verifies Mandate by calling the MOA SP component
      • + *
      • Creates an authentication block to be signed by the user
      • + *
      • Creates and returns a <CreateXMLSignatureRequest> + * containg the authentication block, meant to be returned to the + * security layer implementation
      • + *
      + * + * @param sessionID ID of associated authentication session data + * @param infoboxReadResponseParameters The parameters from the response returned from + * the BKU including the <InfoboxReadResponse> + * @return String representation of the <CreateXMLSignatureRequest> + */ + public String verifyMandate(String sessionID, MISMandate mandate) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + + if (isEmpty(sessionID)) + throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID}); + + String sMandate = new String(mandate.getMandate()); + if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + Logger.error("Mandate is empty."); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + + AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + + try { + // set extended SAML attributes + setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + } catch (SAXException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e); + } + + + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + } + + /** + * + * @param session + * @param authConf + * @param oaParam + * @return + * @throws ConfigurationException + * @throws BuildException + * @throws ValidateException + */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) throws ConfigurationException, @@ -571,6 +653,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { return createXMLSignatureRequest; } + + /** * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
      *
        @@ -926,6 +1010,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } + /** + * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by + * calling appropriate validator classes. + * + * @param session The actual authentication session. + * @param mandate The Mandate from the MIS + * + * @throws AuthenticationException + * @throws ConfigurationException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SAXException + */ + private void setExtendedSAMLAttributeForMandates( + AuthenticationSession session, MISMandate mandate, boolean business) + throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException + { + + ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(mandate, business); + + + AddAdditionalSAMLAttributes(session, extendedSamlAttributes, "MISService", "MISService"); + + } + /** * Intermediate processing of the infoboxes. The first pending infobox * validator may validate the provided input @@ -985,7 +1095,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { int length = extendedSAMLAttributes.length; for (int i=0; i" + nl + "" + nl + ""; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES = + "" + nl + + "" + nl + + "" + nl + + "Vollmachten-Anmeldung" + nl + + "" + nl + + "" + nl + + "" + nl + + "
        " + nl + + " " + nl + + " " + nl + + " " + nl + + " " + nl + + "
        " + nl + + "
        " + nl + + " " + nl + + " " + nl + +// " " + nl + + " " + nl + + "
        " + nl + + "" + nl + + ""; /** * Constructor for GetIdentityLinkFormBuilder. @@ -119,6 +163,29 @@ public class GetIdentityLinkFormBuilder extends Builder { htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL); return htmlForm; } + + /** + * Builds the HTML form, including XML Request and data URL as parameters. + * + * @param htmlTemplate template to be used for the HTML form; + * may be null, in this case a default layout will be produced + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String buildCreateSignature( + String bkuURL, + String xmlRequest, + String dataURL) + throws BuildException + { + String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + return htmlForm; + } /** * Encodes a string for inclusion as a parameter in the form. * Double quotes are substituted by "&quot;". diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 2c97f01ae..a6b61e747 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -152,6 +152,85 @@ public class VerifyXMLSignatureRequestBuilder { return requestElem_; } + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param identityLink - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * + * @return Element - The complete request as Dom-Element + * + * @throws ParseException + */ + public Element build(byte[]mandate, String trustProfileID) + throws ParseException + { + try { + // build the request +// Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); +// requestElem_.appendChild(dateTimeElem); +// Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); +// dateTimeElem.appendChild(dateTime); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + // insert the base64 encoded identity link SAML assertion + //String serializedAssertion = identityLink.getSerializedSamlAssertion(); + //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8")); + String base64EncodedAssertion = Base64Utils.encode(mandate); + //replace all '\r' characters by no char. + StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i ++) { + char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } + } + base64EncodedAssertion = replaced.toString(); + Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); +// // add the transforms +// Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); +// signatureManifestCheckParamsElem.appendChild(referenceInfoElem); +// Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); +// +// for (int i = 0; i < dsigTransforms.length; i++) { +// Element verifyTransformsInfoProfileElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); +// verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); +// } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + } catch (Throwable t) { + throw new ParseException("builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } + + return requestElem_; + } + /** * Builds a <VerifyXMLSignatureRequest> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index eca02a77b..554b5012e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -68,6 +68,16 @@ public class AuthenticationSession { * URL of the BKU */ private String bkuURL; + + /** + * Use mandate + */ + private boolean useMandate; + + /** + * SessionID for MIS + */ + private String misSessionID; /** * identity link read from smartcard */ @@ -582,4 +592,39 @@ public class AuthenticationSession { this.pushInfobox = pushInfobox; } + /** + * + * @param useMandate indicates if mandate is used or not + */ + public void setUseMandate(String useMandate) { + if (useMandate.compareToIgnoreCase("true") == 0) + this.useMandate = true; + else + this.useMandate = false; + + } + + /** + * Returns if mandate is used or not + * @return + */ + public boolean getUseMandate() { + return this.useMandate; + } + + /** + * + * @param misSessionID indicates the MIS session ID + */ + public void setMISSessionID(String misSessionID) { + this.misSessionID = misSessionID; + } + + /** + * Returns the MIS session ID + * @return + */ + public String getMISSessionID() { + return this.misSessionID; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index c83650587..9a6670617 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -219,11 +219,14 @@ public class GetForeignIDServlet extends AuthServlet { try { client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); } catch (IOException e) { - throw new SZRGWClientException(e); + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); } catch (GeneralSecurityException e) { - throw new SZRGWClientException(e); + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); } catch (PKIException e) { - throw new SZRGWClientException(e); + Logger.error("Could not initialize SSL Factory", e); + throw new SZRGWClientException("Could not initialize SSL Factory"); } } Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java new file mode 100644 index 000000000..4c0abdb0f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -0,0 +1,174 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.pki.PKIException; + +import java.io.IOException; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; +import java.util.List; +import java.util.Map; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for getting the foreign eID + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + */ +public class GetMISSessionIDServlet extends AuthServlet { + + /** + * Constructor for GetMISSessionIDServlet. + */ + public GetMISSessionIDServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doPost(req, resp); + +// Logger.debug("GET GetMISSessionIDServlet"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } + + /** + * Gets the signer certificate from the InfoboxReadRequest and + * responds with a new + * CreateXMLSignatureRequest. + *
        + * Request parameters: + *
          + *
        • MOASessionID: ID of associated authentication session
        • + *
        • XMLResponse: <InfoboxReadResponse>
        • + *
        + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST GetMISSessionIDServlet"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + +// Map parameters; +// try +// { +// parameters = getParameters(req); +// } catch (FileUploadException e) +// { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new IOException(e.getMessage()); +// } + + String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + AuthenticationSession session = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); + + session = AuthenticationServer.getSession(sessionID); + + String misSessionID = session.getMISSessionID(); + + //System.out.println("MIS Session ID (GetMISServlet): " + misSessionID); + + AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); + + List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory); + + if (list == null) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + if (list.size() == 0) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + + // for now: list contains only one element + MISMandate mandate = (MISMandate)list.get(0); + + // verify mandate signature + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate); + + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_AUTH_BLOCK, + session.getSessionID()); + + Logger.debug(createXMLSignatureRequestOrRedirect); + + String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(request); + out.flush(); + + + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); + } + } + + private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException { + return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL); + + } + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 54d08c59e..b50a1edde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -68,8 +68,8 @@ public class ProcessValidatorInputServlet extends AuthServlet { * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) */ protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - + throws ServletException, IOException { + Logger.debug("GET ProcessInput"); resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 10b4041df..2e7d59fde 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -15,11 +15,14 @@ */ package at.gv.egovernment.moa.id.auth.servlet; +import iaik.pki.PKIException; + import java.io.IOException; import java.io.PrintWriter; -import java.io.Reader; -import java.io.StringReader; +import java.security.GeneralSecurityException; +import java.util.List; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -31,8 +34,14 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; /** @@ -88,8 +97,7 @@ public class StartAuthenticationServlet extends AuthServlet { resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - //System.out.println("useMandate: " + useMandate); - + try { // check parameter if (!ParamValidatorUtils.isValidTarget(target)) @@ -109,7 +117,7 @@ public class StartAuthenticationServlet extends AuthServlet { String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme()); + AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index ad01de6c8..f1fb15be0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -61,6 +61,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + //doPost(req, resp); + Logger.debug("GET VerifyAuthenticationBlock"); resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 76c5476ae..d101df1fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -8,12 +8,14 @@ import java.security.GeneralSecurityException; import java.security.cert.CertificateEncodingException; import java.util.Map; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; import org.apache.axis.encoding.Base64; import org.apache.commons.fileupload.FileUploadException; @@ -22,24 +24,25 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Text; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; /** * Servlet requested for getting the foreign eID @@ -116,25 +119,96 @@ public class VerifyCertificateServlet extends AuthServlet { session = AuthenticationServer.getSession(sessionID); - X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); - - String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); - // build dataurl (to the GetForeignIDSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_GET_FOREIGN_ID, - session.getSessionID()); - - ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); + X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters); + if (cert == null) { + Logger.error("Certificate could not be read."); + throw new AuthenticationException("auth.14", null); + } + + boolean useMandate = session.getUseMandate(); + if (useMandate) { + // Mandate Modus + // make request to MIS + + AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); + ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); + + // get identitity link as byte[] + Element elem = session.getIdentityLink().getSamlAssertion(); + String s = DOMUtils.serializeNode(elem); +// byte[] idl = DOMUtils.nodeToByteArray(elem); +// String s = new String(idl); + byte[] idl = s.getBytes(); + + // redirect url + // build redirect(to the GetMISSessionIdSerlvet) + String redirectURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + GET_MIS_SESSIONID, + session.getSessionID()); + + String oaURL = session.getOAURLRequested(); + OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); + String profiles = oaParam.getMandateProfiles(); + + if (profiles == null) { + Logger.error("No Mandate/Profile for OA configured."); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + } + + String profilesArray[] = profiles.split(","); + for(int i = 0; i < profilesArray.length; i++) { + profilesArray[i] = profilesArray[i].trim(); + } + + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), redirectURL, profilesArray, sslFactory); + String redirectMISGUI = misSessionID.getRedirectURL(); + + if (misSessionID == null) { + Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); + throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); + } + + session.setMISSessionID(misSessionID.getSessiondId()); + + resp.setStatus(302); + resp.addHeader("Location", redirectMISGUI); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + else { + // Foreign Identities Modus + + String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert); + // build dataurl (to the GetForeignIDSerlvet) + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_GET_FOREIGN_ID, + session.getSessionID()); + + ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); + + + Logger.debug("Send CreateXMLSignatureRequest to BKU"); + } - Logger.debug("Send CreateXMLSignatureRequest to BKU"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); - } + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); + } catch (TransformerException e) { + handleError(null, e, req, resp); + } } /** @@ -161,58 +235,58 @@ public class VerifyCertificateServlet extends AuthServlet { * @throws SZRGWClientException */ /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/ - private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { - - SZRGWClient client = new SZRGWClient(); - - try { - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); - //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; - Logger.debug("Connection Parameters: " + connectionParameters); - client.setAddress(connectionParameters.getUrl()); - if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { - Logger.debug("Initialisiere SSL Verbindung"); - try { - client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (PKIException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); - - - } - catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); - - } - // create request - Document doc = buildGetIdentityLinkRequest(cert); - Element request = doc.getDocumentElement(); - CreateIdentityLinkResponse response = null; - - //try { - response = client.createIdentityLinkResponse(request); - //} catch (SZRGWClientException e) { - // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. - // client = new SZRGWClient(url); - // response = client.createIdentityLinkResponse(request); - // } - - - return response.getAssertion(); - - } +// private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException { +// +// SZRGWClient client = new SZRGWClient(); +// +// try { +// AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); +// ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter(); +// //url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation"; +// Logger.debug("Connection Parameters: " + connectionParameters); +// client.setAddress(connectionParameters.getUrl()); +// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { +// Logger.debug("Initialisiere SSL Verbindung"); +// try { +// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); +// } catch (IOException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (GeneralSecurityException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (PKIException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } +// } +// +// Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); +// +// +// } +// catch (ConfigurationException e) { +// Logger.warn(e); +// Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null )); +// +// } +// // create request +// Document doc = buildGetIdentityLinkRequest(cert); +// Element request = doc.getDocumentElement(); +// CreateIdentityLinkResponse response = null; +// +// //try { +// response = client.createIdentityLinkResponse(request); +// //} catch (SZRGWClientException e) { +// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. +// // client = new SZRGWClient(url); +// // response = client.createIdentityLinkResponse(request); +// // } +// +// +// return response.getAssertion(); +// +// } /** * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index dff366829..23861d290 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -18,6 +18,7 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.util.Map; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -25,6 +26,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -33,7 +35,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -126,11 +131,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet { if (createXMLSignatureRequestOrRedirect == null) { // no identity link found + boolean useMandate = session.getUseMandate(); + if (useMandate) { + Logger.error("Online-Mandate Mode for foreign citizencs not supported."); + throw new AuthenticationException("auth.13", null); + } + try { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - // create the InfoboxReadRequest to get the certificate + // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); // build dataurl (to the GetForeignIDSerlvet) @@ -142,6 +153,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + } catch(Exception e) { @@ -150,7 +162,28 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } else { - ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); + boolean useMandate = session.getUseMandate(); + if (useMandate) { // Mandate modus + // read certificate and set dataurl to VerifyCertificateForMandatesServlet + + Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + + String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + + // build dataurl (to the GetForeignIDSerlvet) + String dataurl = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_CERTIFICATE, + session.getSessionID()); + + + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + + } + else { + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index a8e22562a..51551834e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** @@ -245,9 +246,13 @@ public class ParepUtils { try { Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); - + + String s = DOMUtils.serializeNode(mandator); + // check if physical person - Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + + // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator, // "descendant-or-self::pr:CorporateBody", nameSpaceNode); return physicalPerson != null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 2a0126b82..9d5c0f7cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -95,7 +95,11 @@ public class ParepValidator implements InfoboxValidator { public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; - public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; + + /** */ + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; /** register and register number for non physical persons - the domain identifier for business applications*/ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index dbfbda535..b5275cdd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -125,6 +125,10 @@ public class ConfigurationBuilder { public static final String AUTH_FOREIGN_IDENTITIES_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities"; + /** an XPATH-Expression */ + public static final String AUTH_ONLINEMANDATES_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "OnlineMandates"; + /** an XPATH-Expression */ @@ -146,6 +150,8 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; /** an XPATH-Expression */ + protected static final String OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH = CONF + "Mandates" + "/" + CONF + "Profiles"; + /** an XPATH-Expression */ protected static final String CONNECTION_PARAMETER_URL_XPATH = CONF + "ConnectionParameter/@URL"; /** an XPATH-Expression */ @@ -242,6 +248,18 @@ public class ConfigurationBuilder { return buildConnectionParameter(foreignid); } + + /** + * Build a ConnectionParameter containing all information + * of the OnlineMandates element in the authentication component + * @return ConnectionParameter of the authentication component OnlineMandates element + */ + public ConnectionParameter buildOnlineMandatesConnectionParameter() { + Element onlinemandates = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_ONLINEMANDATES_XPATH); + if (onlinemandates==null) return null; + return buildConnectionParameter(onlinemandates); + + } /** * Method buildAuthBKUSelectionType. @@ -529,7 +547,19 @@ public class ConfigurationBuilder { } Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH); oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters( - verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); + verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); + + Node mandateProfilesNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH); + if (mandateProfilesNode != null) { + if ("businessService".equalsIgnoreCase(oaType)) { + Logger.error("No Online Mandate Modus for OA of type \"businessService\" allowed."); + throw new ConfigurationException("config.02", null); + } + else { + String profiles = DOMUtils.getText(mandateProfilesNode); + oap.setMandateProfiles(profiles); + } + } } OA_set.add(oap); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 6e296b4f4..ceb047280 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -164,6 +164,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { */ private ConnectionParameter foreignIDConnectionParameter; + /** + * parameter for connection to OnlineMandates Service + */ + private ConnectionParameter onlineMandatesConnectionParameter; + /** * Parameter for trusted BKUs */ @@ -271,6 +276,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); + onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); defaultChainingMode = builder.getDefaultChainingMode(); @@ -393,6 +399,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider { public ConnectionParameter getForeignIDConnectionParameter() { return foreignIDConnectionParameter; } + + /** + * Return a ConnectionParameter bean containing all information + * of the authentication component OnlineMandates element + * @return ConnectionParameter of the authentication component OnlineMandates element + */ + public ConnectionParameter getOnlineMandatesConnectionParameter() { + return onlineMandatesConnectionParameter; + } /** * Return a string with a url-reference to the VerifyIdentityLink trust diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index c352fae6c..aa5aa21a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -88,6 +88,11 @@ public class OAAuthParameter extends OAParameter { */ private VerifyInfoboxParameters verifyInfoboxParameters; + /** + * Parameter for Mandate profiles + */ + private String mandateProfiles; + /** * BZ * Type for authentication number (e.g. Firmenbuchnummer) @@ -325,5 +330,21 @@ public class OAAuthParameter extends OAParameter { public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; } + + /** + * Sets the Mandate/Profiles + * @param profiles + */ + public void setMandateProfiles(String profiles) { + this.mandateProfiles = profiles; + } + + /** + * Returns the Mandates/Profiles + * @return + */ + public String getMandateProfiles() { + return this.mandateProfiles; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index ce15b75bd..6802005f1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -41,6 +41,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.MOAIDException; @@ -117,12 +119,15 @@ public class ProxyServlet extends HttpServlet { protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("getRequestURL:" + req.getRequestURL().toString()); - //@TODO Parameter + + String artifact = req.getParameter(PARAM_SAMLARTIFACT); + artifact = StringEscapeUtils.escapeHtml(artifact); + try { - if (req.getParameter(PARAM_SAMLARTIFACT) != null) { + if (artifact != null) { // check if SAML Artifact was already used in this session (in case of page reload) HttpSession session = req.getSession(); - if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { + if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) { if (session.getAttribute(ATT_BROWSERREQU)==null) { tunnelRequest(req, resp); }else{ @@ -498,7 +503,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map Vector parameters = new Vector(); -//@TODO Parameter for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) { String paramName = (String) enu.nextElement(); if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 79db9907b..d35fc875d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -446,6 +446,9 @@ public class ParamValidatorUtils { public static boolean isValidXMLDocument(String document) { + if (document == null) + return false; + Logger.debug("Überprüfe Parameter XMLDocument"); try { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index 1915ce40a..24e5ff3d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -64,7 +64,8 @@ public class ServletUtils { out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); out.flush(); out.close(); - Logger.debug("Finished POST " + servletName); + Logger.debug("Finished POST " + servletName); + } else { String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID()); resp.setContentType("text/html"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java new file mode 100644 index 000000000..59ca0d5ca --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple; + +public class MISMandate { + + final static private String OID_NOTAR = "1.2.40.0.10.3.1"; + final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"; + + final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2"; + final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"; + + final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3"; + final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft"; + + final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4"; + final static private String TEXT_ORGANWALTER = "Organwalter"; + + + private String oid = null; + private byte[] mandate = null; + + public String getProfRep() { + return oid; + } + public void setProfRep(String oid) { + this.oid = oid; + } + public byte[] getMandate() { + return mandate; + } + public void setMandate(byte[] mandate) { + this.mandate = mandate; + } + + public String getTextualDescriptionOfOID() { + if (this.oid.equalsIgnoreCase(OID_NOTAR)) + return TEXT_NOTAR; + if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT)) + return TEXT_RECHTSANWALT; + if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER)) + return TEXT_ZIVILTECHNIKER; + if (this.oid.equalsIgnoreCase(OID_ORGANWALTER)) + return TEXT_ORGANWALTER; + + return "Keine textuelle Beschreibung für OID " + oid; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java new file mode 100644 index 000000000..d8bec4900 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple; + +public class MISSessionId { + + private String sessiondId = null; + private String redirectURL = null; + + public String getSessiondId() { + return sessiondId; + } + public void setSessiondId(String sessiondId) { + this.sessiondId = sessiondId; + } + public String getRedirectURL() { + return redirectURL; + } + public void setRedirectURL(String redirectURL) { + this.redirectURL = redirectURL; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java new file mode 100644 index 000000000..25c341584 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -0,0 +1,261 @@ +package at.gv.egovernment.moa.id.util.client.mis.simple; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.util.ArrayList; +import java.util.List; + +import javax.net.ssl.SSLSocketFactory; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.PostMethod; +import org.apache.commons.httpclient.methods.StringRequestEntity; +import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.xerces.parsers.DOMParser; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.DOMException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; +import org.xml.sax.SAXNotRecognizedException; +import org.xml.sax.SAXNotSupportedException; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; + + +public class MISSimpleClient { + + + private final static String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/"; + private final static String MIS_NS = "http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd"; + + private static Element NS_NODE = null; + + + static { + try { + NS_NODE = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument().createElement("test"); + NS_NODE.setAttribute("xmlns:soap", SOAP_NS); + NS_NODE.setAttribute("xmlns:mis", MIS_NS); + } catch (Exception e) { + Logger.warn("Error initializing namespace node.", e); + } + } + + public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { + if (webServiceURL == null) { + throw new NullPointerException("Argument webServiceURL must not be null."); + } + if (sessionId == null) { + throw new NullPointerException("Argument sessionId must not be null."); + } + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + + try { + Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest"); + Element sessionIdElement = doc.createElementNS(MIS_NS, "SessionID"); + sessionIdElement.appendChild(doc.createTextNode(sessionId)); + mirElement.appendChild(sessionIdElement); + + // send soap request + Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement); + + // check for error + checkForError(mandateIssueResponseElement); + + // check for session id + NodeList mandateElements = XPathAPI.selectNodeList(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Mandates/mis:Mandate", NS_NODE); + + if (mandateElements == null || mandateElements.getLength() == 0) { + throw new MISSimpleClientException("No mandates found in response."); + } + + ArrayList foundMandates = new ArrayList(); + for (int i=0; i 0) { + Element certElement = doc.createElementNS(MIS_NS, "X509SignatureCertificate"); + certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert)))); + //certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert))); + // certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert)))); + mirElement.appendChild(certElement); + } + Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL"); + redirectElement.appendChild(doc.createTextNode(redirectURL)); + mirElement.appendChild(redirectElement); + if (mandateIdentifier != null && mandateIdentifier.length > 0) { + Element filtersElement = doc.createElementNS(MIS_NS, "Filters"); + Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers"); + for (int i=0; i Date: Thu, 7 Apr 2011 19:22:50 +0000 Subject: =?UTF-8?q?*=20Update=20Parameter=C3=BCberpr=C3=BCfung=20Templates?= =?UTF-8?q?=20*=20Update=20Beispiel-Konfigurationen=20*=20Update=20Content?= =?UTF-8?q?Type=20f=C3=BCr=20InfoBoxReadRequest=20(Zertifikat)=20bei=20Onl?= =?UTF-8?q?ine-Mandates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1202 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/servlet/VerifyCertificateServlet.java | 2 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 6 ++- .../moa/id/util/ParamValidatorUtils.java | 8 +++- .../gv/egovernment/moa/id/util/ServletUtils.java | 54 +++++++++++++++++----- 4 files changed, 55 insertions(+), 15 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index d101df1fa..0014d2647 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -110,7 +110,7 @@ public class VerifyCertificateServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); - + AuthenticationSession session = null; try { // check parameter diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 23861d290..740c85942 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -108,6 +108,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); + // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); @@ -178,7 +179,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { session.getSessionID()); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); + //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index d35fc875d..a1e039661 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -270,8 +270,12 @@ public class ParamValidatorUtils { // check if template url starts with http or https if (template.startsWith("http") || template.startsWith("https")) { - // check if template url is from same server - if (template.contains(req.getServerName())) { + // check if template url is from same server + String name = req.getServerName(); + String httpName = "http://" + name; + String httpsName = "https://" + name; + + if (template.startsWith(httpName) || template.startsWith(httpsName)) { new URL(template); Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft"); return true; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index 24e5ff3d0..c3d548d54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -18,16 +18,17 @@ */ package at.gv.egovernment.moa.id.util; -import java.io.IOException; -import java.io.OutputStream; - -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.logging.Logger; +import java.io.IOException; +import java.io.OutputStream; +import java.net.URLEncoder; + +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; /** * @author Peter Danner @@ -96,7 +97,7 @@ public class ServletUtils { //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) resp.setContentType("text/xml;charset=UTF-8"); - + OutputStream out = resp.getOutputStream(); out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); out.flush(); @@ -104,5 +105,36 @@ public class ServletUtils { Logger.debug("Finished POST " + servletName); } + + /** + * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing + * depending on the requests starting text. + * + * @param resp The httpServletResponse + * @param session The current AuthenticationSession + * @param createXMLSignatureRequestOrRedirect The request + * @param servletGoal The servlet to which the redirect should happen + * @param servletName The servlet name for debug purposes + * @throws MOAIDException + * @throws IOException + */ + public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) + throws MOAIDException, + IOException { + resp.setStatus(200); + Logger.debug("ContentType set to: application/x-www-form-urlencoded"); + + resp.setContentType("application/x-www-form-urlencoded"); + + String content = "XMLRequest=" + URLEncoder.encode(createXMLSignatureRequestOrRedirect, "UTF-8") + "&" + + "DataURL=" + URLEncoder.encode(dataURL, "UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(content.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST " + servletName); + + } } -- cgit v1.2.3