From 83f01ddf24d98dbb5df41fb627a14edee2d57df7 Mon Sep 17 00:00:00 2001 From: pdanner Date: Wed, 17 Oct 2007 16:18:44 +0000 Subject: Implemented and integrated party representation and integrated mandates as per default available Now Eclipse projects are available. The Web Tools Platform can be used to run the web applications git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1014 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../idserverlib/src/main/java/META-INF/MANIFEST.MF | 3 + .../moa/id/auth/AuthenticationServer.java | 435 ++++++++++--- .../moa/id/auth/MOAIDAuthConstants.java | 12 +- .../AuthenticationDataAssertionBuilder.java | 1 + .../moa/id/auth/builder/BPKBuilder.java | 32 +- .../builder/GetVerifyAuthBlockFormBuilder.java | 86 +++ .../builder/InfoboxValidatorParamsBuilder.java | 10 +- .../moa/id/auth/data/AuthenticationSession.java | 199 +++++- .../moa/id/auth/data/InfoboxValidatorParams.java | 8 + .../id/auth/data/InfoboxValidatorParamsImpl.java | 21 + .../auth/servlet/ProcessValidatorInputServlet.java | 175 +++++ .../moa/id/auth/servlet/SelectBKUServlet.java | 10 +- .../auth/servlet/StartAuthenticationServlet.java | 10 +- .../servlet/VerifyAuthenticationBlockServlet.java | 26 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 25 +- .../CreateXMLSignatureResponseValidator.java | 2 +- .../moa/id/auth/validator/InfoboxValidator.java | 52 +- .../auth/validator/parep/ParepInputProcessor.java | 68 ++ .../validator/parep/ParepInputProcessorImpl.java | 298 +++++++++ .../moa/id/auth/validator/parep/ParepUtils.java | 708 +++++++++++++++++++++ .../id/auth/validator/parep/ParepValidator.java | 576 +++++++++++++++++ .../auth/validator/parep/PartyRepresentative.java | 159 +++++ .../parep/client/szrgw/CreateMandateRequest.java | 235 +++++++ .../parep/client/szrgw/CreateMandateResponse.java | 130 ++++ .../parep/client/szrgw/SOAPConstants.java | 23 + .../validator/parep/client/szrgw/SZRGWClient.java | 144 +++++ .../parep/client/szrgw/SZRGWClientException.java | 37 ++ .../parep/client/szrgw/SZRGWConstants.java | 51 ++ .../client/szrgw/SZRGWSecureSocketFactory.java | 94 +++ .../validator/parep/config/ParepConfiguration.java | 411 ++++++++++++ .../moa/id/config/ConfigurationBuilder.java | 8 +- .../moa/id/config/auth/OAAuthParameter.java | 24 + .../gv/egovernment/moa/id/util/ServletUtils.java | 63 ++ .../resources/properties/id_messages_de.properties | 7 + .../resources/templates/ParepMinTemplate.html | 134 ++++ .../resources/templates/ParepTemplate.html | 171 +++++ 36 files changed, 4287 insertions(+), 161 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java create mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html create mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF new file mode 100644 index 000000000..5e9495128 --- /dev/null +++ b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Class-Path: + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5f4ec2d29..75197943f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; import iaik.x509.X509Certificate; +import java.io.File; +import java.io.FileOutputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Calendar; @@ -55,6 +57,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -312,7 +317,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); - session.setTemplateURL(templateURL); + session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); } // BKU URL has not been set yet, even if session already exists @@ -320,6 +325,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { bkuURL = DEFAULT_BKU; } session.setBkuURL(bkuURL); + session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), oaParam.getBusinessService(), @@ -350,6 +356,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { pushInfobox = verifyInfoboxParameters.getPushInfobox(); + session.setPushInfobox(pushInfobox); } String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12()); String certInfoDataURL = @@ -448,6 +455,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); + + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + } + + public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + throws + ConfigurationException, + BuildException, + ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) return "Redirect to Input Processor"; + + if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); + if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). + getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); // session.setAuthBlock(authBlock); @@ -456,7 +480,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((transformsInfos == null) || (transformsInfos.length == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); - } + } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), @@ -464,6 +488,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaParam.getSlVersion12()); return createXMLSignatureRequest; } + /** * Builds an authentication block <saml:Assertion> from given session data. * @param session authentication session @@ -534,8 +559,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { - Vector authAttributes = new Vector(); - Vector oaAttributes = new Vector(); + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes + session.setExtendedSAMLAttributesOA(new Vector()); infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); // get the list of infobox identifiers List identifiers = verifyInfoboxParameters.getIdentifiers(); @@ -563,10 +588,46 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new ValidateException("validator.41", new Object[] {identifier}); } else { String friendlyName = verifyInfoboxParameter.getFriendlyName(); + boolean isParepRequest = false; + + // parse the infobox read reponse + List infoboxTokenList = null; + try { + infoboxTokenList = + ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); + } catch (ParseException e) { + Logger.error("InfoboxReadResponse for \"" + identifier + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ValidateException("validator.43", new Object[] {friendlyName}); + } + // check for party representation in mandates infobox + if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ + session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); + Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); + //ParepUtils.serializeElement(mandate, System.out); + String mandateID = ParepUtils.extractRepresentativeID(mandate); + if (!isEmpty(mandateID) && + ("*".equals(mandateID) || mandateID.startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { + isParepRequest = true; + } + if (!isParepRequest) { + //if mandates validator is disabled we must throw an error in this case + if (!ParepUtils.isValidatorEnabled(verifyInfoboxParameter.getApplicationSpecificParams())) { + throw new ValidateException("validator.60", new Object[] {friendlyName}); + } + } + } + // get the class for validating the infobox InfoboxValidator infoboxValidator = null; try { - Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + Class validatorClass = null; + if (isParepRequest) { + // Mandates infobox in party representation mode + validatorClass = Class.forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); + } else { + validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + } infoboxValidator = (InfoboxValidator) validatorClass.newInstance(); } catch (Exception e) { Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() + @@ -575,20 +636,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() + "\" for \"" + identifier + "\"-infobox."); - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = - ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); - } catch (ParseException e) { - Logger.error("InfoboxReadResponse for \"" + identifier + - "\"-infobox could not be parsed successfully: " + e.getMessage()); - throw new ValidateException("validator.43", new Object[] {friendlyName}); - } // build the parameters for validating the infobox InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( - session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); + session, verifyInfoboxParameter, infoboxTokenList, oaParam); + // now validate the infobox InfoboxValidationResult infoboxValidationResult = null; try { @@ -605,88 +657,137 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.info(identifier + " infobox successfully validated."); + // store the validator for post processing + session.addInfoboxValidator(identifier, friendlyName, infoboxValidator); // get the SAML attributes to be appended to the AUTHBlock or to the final // SAML Assertion - ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes(); - if (extendedSAMLAttributes != null) { - int length = extendedSAMLAttributes.length; - for (int i=0; i<CreateXMLSignatureResponse> sent by the * security layer implementation.
@@ -728,7 +829,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); try { String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); session.setAuthBlock(serializedAssertion); @@ -768,11 +869,103 @@ public class AuthenticationServer implements MOAIDAuthConstants { vsresp, session.getIdentityLink()); + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp.getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + // Exchange person data information by a mandate if needed + List oaAttributes = session.getExtendedSAMLAttributesOA(); + IdentityLink replacementIdentityLink = null; + if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { + // look if we have a mandate + boolean foundMandate = false; + Iterator it = oaAttributes.iterator(); + while (!foundMandate && it.hasNext()) { + ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); + if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { + Object value = samlAttribute.getValue(); + if (value instanceof Element) { + Element mandate = (Element) value; + replacementIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); + ParepUtils.HideStammZahlen(prPerson, true, null, null, true); + } + + } + replacementIdentityLink.setDateOfBirth(dateOfBirth); + replacementIdentityLink.setFamilyName(familyName); + replacementIdentityLink.setGivenName(givenName); + replacementIdentityLink.setIdentificationType(identificationType); + replacementIdentityLink.setIdentificationValue(identificationValue); + replacementIdentityLink.setPrPerson(prPerson); + try { + replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + } else { + Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); + throw new ValidateException("validator.64", null); + } + } + } + } + // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); + AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); storeAuthenticationData(samlArtifact, authData); + // invalidates the authentication session sessionStore.remove(sessionID); Logger.info( @@ -790,10 +983,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) + VerifyXMLSignatureResponse verifyXMLSigResp, + IdentityLink replacementIdentityLink) throws ConfigurationException, BuildException { - IdentityLink identityLink = session.getIdentityLink(); + IdentityLink identityLink; + if (replacementIdentityLink == null) { + identityLink = session.getIdentityLink(); + } else { + // We have got data form a mandate we need now to use to stay compatible with applications + identityLink = replacementIdentityLink; + } + AuthenticationData authData = new AuthenticationData(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( @@ -804,7 +1005,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - authData.setIdentificationType(identityLink.getIdentificationType()); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -817,7 +1017,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (provideStammzahl) { authData.setIdentificationValue(identityLink.getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); try { String signerCertificateBase64 = ""; if (oaParam.getProvideCertifcate()) { @@ -832,12 +1032,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (businessService) { authData.setWBPK(identityLink.getIdentificationValue()); } else { - // only compute bPK if online applcation is a public service - String bpkBase64 = - new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), - session.getTarget()); - authData.setBPK(bpkBase64); + authData.setBPK(identityLink.getIdentificationValue()); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online applcation is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + authData.setBPK(bpkBase64); + } } String ilAssertion = oaParam.getProvideIdentityLink() @@ -858,6 +1060,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { businessService, session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); + + + //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml")); + return authData; } catch (Throwable ex) { throw new BuildException( @@ -1015,5 +1221,42 @@ public class AuthenticationServer implements MOAIDAuthConstants { return param == null || param.length() == 0; } - + /** + * Checks the correctness of SAML attributes and returns its value. + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) + throws ValidateException{ + String name = samlAttribute.getName(); + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is empty."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"}); + } + return value; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 43e88e7b5..4f9235949 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -19,6 +19,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_BKU = "bkuURI"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; /** servlet parameter "returnURI" */ @@ -35,6 +37,8 @@ public interface MOAIDAuthConstants { public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ + public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; /** Logging hierarchy used for controlling debug output of XML structures to files */ @@ -62,14 +66,16 @@ public interface MOAIDAuthConstants { public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; - /** - * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" - */ + /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; /** * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 */ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + /** the number of the certifcate extension for party representatives */ + public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; + /** the number of the certifcate extension for party organ representatives */ + public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 53520c846..11628517e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -126,6 +126,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB pkValue = authData.getWBPK(); } else { + // always has the bPK as type/value pkType = URN_PREFIX_BPK; pkValue = authData.getBPK(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 6cc8c1be8..cc228298b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -42,7 +42,37 @@ public class BPKBuilder { String hashBase64 = Base64Utils.encode(hash); return hashBase64; } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex); + throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex); + } + } + + /** + * Builds the wbPK from the given parameters. + * @param identificationValue Base64 encoded "Stammzahl" + * @param registerAndOrdNr type of register + "+" + number in register. + * @return wbPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildWBPK(String identificationValue, String registerAndOrdNr) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + registerAndOrdNr == null || + registerAndOrdNr.length() == 0)) + { + throw new BuildException("builder.00", + new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java new file mode 100644 index 000000000..c053ee896 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -0,0 +1,86 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; + +import at.gv.egovernment.moa.id.BuildException; + +/** + * Builder for HTML form requesting a security layer request + * + * @author Peter Danner + * @version $Id: GetIdentityLinkFormBuilder.java 769 2007-01-10 15:37:52Z peter.danner $ + */ +public class GetVerifyAuthBlockFormBuilder extends Builder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + /** special tag in the HTML template to be substituted for the BKU URL */ + private static final String BKU_TAG = ""; + /** special tag in the HTML template to be substituted for the XML request */ + private static final String XMLREQUEST_TAG = ""; + /** special tag in the HTML template to be substituted for the data URL */ + private static final String DATAURL_TAG = ""; + /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */ + private static final String PUSHINFOBOX_TAG = ""; + /** private static int all contains the representation to replace all tags*/ + private static final int ALL = -1; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE = + "" + nl + + " " + nl + + " " + nl + + " Signatur der Anmeldedaten" + nl + + " " + nl + + " " + nl + + " " + nl + + "
" + nl + + " " + nl + + " " + nl + + " " + nl + + " " + nl + + "
" + nl + + " " + nl + + ""; + + /** + * Constructor for GetVerifyAuthBlockFormBuilder. + */ + public GetVerifyAuthBlockFormBuilder() { + super(); + } + /** + * Builds the HTML form, including XML Request and data URL as parameters. + * + * @param htmlTemplate template to be used for the HTML form; + * may be null, in this case a default layout will be produced + * @param xmlRequest XML Request to be sent as a parameter in the form + * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to; + * may be null, in this case the default URL will be used + * @param dataURL DataURL to be sent as a parameter in the form + */ + public String build( + String htmlTemplate, + String bkuURL, + String xmlRequest, + String dataURL, + String pushInfobox) + throws BuildException + { + String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; + htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL); + htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, GetIdentityLinkFormBuilder.encodeParameter(xmlRequest), true, ALL); + htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); + if (null==pushInfobox) pushInfobox=""; + htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL); + return htmlForm; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index 038e549be..e70b64a6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -9,6 +9,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.util.XPathUtils; @@ -30,9 +31,7 @@ public class InfoboxValidatorParamsBuilder { * @param session The actual Authentication session. * @param verifyInfoboxParameter The configuration parameters for the infobox. * @param infoboxTokenList Contains the infobox token to be validated. - * @param hideStammzahl Indicates whether source pins (Stammzahlen) - * should be hidden in any SAML attributes returned by - * an infobox validator. + * @param oaParam The configuration parameters of the online application * * @return Parameters for validating an infobox token. */ @@ -40,7 +39,7 @@ public class InfoboxValidatorParamsBuilder { AuthenticationSession session, VerifyInfoboxParameter verifyInfoboxParameter, List infoboxTokenList, - boolean hideStammzahl) + OAAuthParameter oaParam) { InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); IdentityLink identityLink = session.getIdentityLink(); @@ -54,6 +53,7 @@ public class InfoboxValidatorParamsBuilder { // authentication session parameters infoboxValidatorParams.setBkuURL(session.getBkuURL()); infoboxValidatorParams.setTarget(session.getTarget()); + infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); // parameters from the identity link infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); @@ -75,7 +75,7 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - infoboxValidatorParams.setHideStammzahl(hideStammzahl); + infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); return infoboxValidatorParams; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 90d79a46d..946f0a9c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1,8 +1,13 @@ package at.gv.egovernment.moa.id.auth.data; +import java.util.ArrayList; import java.util.Date; +import java.util.Iterator; import java.util.List; +import java.util.Vector; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -15,6 +20,7 @@ import at.gv.egovernment.moa.util.Constants; public class AuthenticationSession { private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** * session ID @@ -37,14 +43,14 @@ public class AuthenticationSession { * URL of MOA ID authentication component */ private String authURL; - /** - * HTML template URL - */ - private String templateURL; - /** - * URL of the BKU - */ - private String bkuURL; + /** + * HTML template URL + */ + private String templateURL; + /** + * URL of the BKU + */ + private String bkuURL; /** * identity link read from smartcard */ @@ -61,11 +67,11 @@ public class AuthenticationSession { * timestamp logging when identity link has been received */ private Date timestampIdentityLink; - /** - * Indicates whether the corresponding online application is a business - * service or not - */ - private boolean businessService; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; /** * SAML attributes from an extended infobox validation to be appended @@ -90,6 +96,33 @@ public class AuthenticationSession { */ private String issueInstant; + /** + * If infobox validators are needed after signing, they can be stored in + * this list. + */ + private List infoboxValidators; + + /** + * The register and number in the register parameter in case of a business + * service application. + */ + private String domainIdentifier; + + /** + * This string contains all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + */ + private String pushInfobox; + + /** + * AppSpecificConfiguration entry of then mandates infobox-validator. Tells + * whether person data from the representative have to be exchanged by data + * from the mandate + */ + private boolean mandateCompatibilityMode = false; + + + /** * Constructor for AuthenticationSession. * @@ -98,6 +131,7 @@ public class AuthenticationSession { public AuthenticationSession(String id) { sessionID = id; setTimestampStart(); + infoboxValidators = new ArrayList(); } /** @@ -380,4 +414,143 @@ public class AuthenticationSession { this.issueInstant = issueInstant; } + /** + * Returns the iterator to the stored infobox validators. + * @return Iterator + */ + public Iterator getInfoboxValidatorIterator() { + if (infoboxValidators==null) return null; + return infoboxValidators.iterator(); + } + + /** + * Adds an infobox validator class to the stored infobox validators. + * @param infoboxIdentifier the identifier of the infobox the validator belongs to + * @param infoboxFriendlyName the friendly name of the infobox + * @param infoboxValidator the infobox validator to add + */ + public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) { + if (infoboxValidators==null) infoboxValidators = new ArrayList(); + Vector v = new Vector(3); + v.add(infoboxIdentifier); + v.add(infoboxFriendlyName); + v.add(infoboxValidator); + infoboxValidators.add(v); + return infoboxValidators.iterator(); + } + + /** + * Tests for pending input events of the infobox validators. + * @return true if a validator has a form to show + */ + public boolean isValidatorInputPending() { + boolean result = false; + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (!result && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true; + } + } + return result; + } + + /** + * Returns the first pending infobox validator. + * @return the infobox validator class + */ + public InfoboxValidator getFirstPendingValidator() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return infoboxvalidator; + } + } + return null; + } + + /** + * Returns the input form of the first pending infobox validator input processor. + * @return the form to show + */ + public String getFirstValidatorInputForm() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return form; + } + } + return null; + } + + /** + * @return the mandateCompatibilityMode + */ + public boolean isMandateCompatibilityMode() { + return mandateCompatibilityMode; + } + + /** + * @param mandateCompatibilityMode the mandateCompatibilityMode to set + */ + public void setMandateCompatibilityMode(boolean mandateCompatibilityMode) { + this.mandateCompatibilityMode = mandateCompatibilityMode; + } + + /** + * Returns domain identifier (the register and number in the register parameter). + * null in the case of not a business service. + * + * @return the domainIdentifier + */ + public String getDomainIdentifier() { + return domainIdentifier; + } + + /** + * Sets the register and number in the register parameter if the application + * is a business service. + * If the domain identifier includes the registerAndOrdNr prefix, the prefix + * will be stripped off. + * + * @param domainIdentifier the domain identifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) + { + // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix + this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); + } + else + { + this.domainIdentifier = domainIdentifier; + } + } + + /** + * Gets all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + * + * @return the string containing infobox identifiers + */ + public String getPushInfobox() { + if (pushInfobox==null) return ""; + return pushInfobox; + } + + /** + * @param pushInfobox the infobox identifiers to set (comma separated) + */ + public void setPushInfobox(String pushInfobox) { + this.pushInfobox = pushInfobox; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index c7a557290..01b9d9359 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -62,6 +62,14 @@ public interface InfoboxValidatorParams { */ public String getTarget(); + /** + * Returns the register and number in the register parameter. + * null in the case of not a business service. + * + * @return The register and number in the register parameter. + */ + public String getDomainIdentifier(); + /** * Returns true if the application is a business * service, otherwise false. This may be useful diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 80ba5995f..3747fa93b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -48,6 +48,11 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { */ protected String target_; + /** + * The domain identifier (register and number in the register parameter). + */ + protected String domainIdentifier_; + /** * The family name from the identity link. */ @@ -134,6 +139,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { return target_; } + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDomainIdentifier() + */ + public String getDomainIdentifier() { + return domainIdentifier_; + } + /** * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication() */ @@ -324,6 +336,15 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { public void setTarget(String target) { target_ = target; } + + /** + * Sets the domain identifier (register and number in the register parameter) + * + * @param domainIdentifier the domainIdentifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + this.domainIdentifier_ = domainIdentifier; + } /** * Sets the ID of the trust profile used for validating certificates. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java new file mode 100644 index 000000000..df480b624 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -0,0 +1,175 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.fileupload.FileUploadException; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; + +/** + * Servlet requested for processing user input forms of infobox validators + * + * Utilizes the {@link AuthenticationServer}. + * + * @author Peter Danner + * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $ + */ +public class ProcessValidatorInputServlet extends AuthServlet { + + public static final long serialVersionUID = 1; + + /** + * Constructor for VerifyIdentityLinkServlet. + */ + public ProcessValidatorInputServlet() { + super(); + } + + /** + * Shows the user input forms of infobox validators + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET ProcessInput"); + Map parameters; + try { + parameters = getParameters(req); + } catch (FileUploadException e) { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + InfoboxValidator infoboxvalidator = session.getFirstPendingValidator(); + String outputStream; + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + if (infoboxvalidator!=null) { + outputStream = infoboxvalidator.getForm(); + // replace strings the validators can not know + outputStream = ParepUtils.replaceAll(outputStream, "", session.getAuthURL()); + outputStream = ParepUtils.replaceAll(outputStream, "", sessionID); + outputStream = ParepUtils.replaceAll(outputStream, "", session.getBkuURL()); + outputStream = ParepUtils.replaceAll(outputStream, "", dataURL); + outputStream = ParepUtils.replaceAll(outputStream, "", session.getPushInfobox()); + } else { + throw new ValidateException("validator.65", null); + } + //resp.setStatus(200); + resp.setContentType("text/html;charset=UTF-8"); + OutputStream out = resp.getOutputStream(); + out.write(outputStream.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished GET ProcessInput"); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + + /** + * Verifies the user input forms of infobox validators + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST ProcessInput"); + Map parameters; + try { + parameters = getParameters(req); + } catch (FileUploadException e) { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } + String sessionID = req.getParameter(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); + if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); + + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + AuthenticationServer.processInput(session, parameters); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); + if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { + // Now sign the AUTH Block + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + + // Test if we have a user input form sign template + String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); + String inputProcessorSignTemplate = null; + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); + // override template url by url from configuration file + if (oaParam.getInputProcessorSignTemplateURL() != null) { + inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); + } + if (inputProcessorSignTemplateURL != null) { + try { + inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { inputProcessorSignTemplateURL, ex.toString()}, + ex); + } + } + + + + String htmlForm = new GetVerifyAuthBlockFormBuilder().build( + inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); + htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); + htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); + + resp.setContentType("text/html;charset=UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(htmlForm.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST ProcessInput"); + } else { + String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 4dc69c70b..6e2a932d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -54,11 +54,11 @@ public class SelectBKUServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET SelectBKU"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 6098f5138..9f0cf6606 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -41,11 +41,11 @@ public class StartAuthenticationServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET StartAuthentication"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 6ec4a247d..b81107ff2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,8 +1,9 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Iterator; import java.util.Map; +import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -12,8 +13,13 @@ import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for verifying the signed authentication block @@ -80,17 +86,21 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - + String redirectURL = null; try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - String redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 2134c1444..b9d8f8c75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,22 +1,18 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.OutputStream; -import java.util.Enumeration; import java.util.Map; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -79,25 +75,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); - try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - String createXMLSignatureRequest = - AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); - resp.setStatus(307); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - resp.addHeader("Location", dataURL); - - //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); - - OutputStream out = resp.getOutputStream(); - out.write(createXMLSignatureRequest.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST VerifyIdentityLink"); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e6c9f4bee..e0fd67d64 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -66,7 +66,7 @@ public class CreateXMLSignatureResponseValidator { IdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); - String issuer = samlAssertion.getAttribute("Issuer"); + String issuer = samlAssertion.getAttribute("Issuer"); if (issuer == null) { // should not happen, because parser would dedect this throw new ValidateException("validator.32", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index 95cd65608..74e61e076 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,5 +1,9 @@ package at.gv.egovernment.moa.id.auth.validator; +import java.util.Map; + +import org.w3c.dom.Element; + import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -18,7 +22,7 @@ public interface InfoboxValidator { * application. * * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams - * Parameters} needed by the validator. + * Parameters} needed by the validator. * * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} * @@ -28,4 +32,50 @@ public interface InfoboxValidator { public InfoboxValidationResult validate (InfoboxValidatorParams params) throws ValidateException; + /** + * This method is used to do intermediate processing before signing the auth block. + * If a infobox validator threw a form to gather user input, this method is used + * to validate this input. In no further input is needed the form must be empty to + * proceed, and also a valid InfoboxValidationResult is necessary. + * If more input is needed, the validator can build a new form and it is then shown + * to the citizen. + * The implementation of InfoboxValidator must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param parameters the parameters got returned by the input fields + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Map parameters) + throws ValidateException; + + /** + * This method is used to do post processing after signing the auth block. + * The method validates the content of the infoboxReadResponsesamlAssertion if needed. + * The implementation of InfoboxValidator must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param samlAssertion the SAML assertion needed by the validator + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Element samlAssertion) + throws ValidateException; + + /** + * form for user interaction for intermediate processing of infobox validation + * + * @return answer form of the servlet request. + */ + public String getForm(); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java new file mode 100644 index 000000000..58c28161f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.util.Map; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; + +/** + * Input processor for infobox validators. + */ +public interface ParepInputProcessor { + + /** + * Initialize user input processing. This function must initialize the + * processor to remember its state. Fixed values for the current authentication + * session are set here. + * + * @param representationID The id of the provided standardized mandate + * @param parepConfiguration The configuration of the party representation validator + * @param rpFamilyName The family name of the representative + * @param rpGivenName + * @param rpDateOfBirth + * @param request CreateMandateRequest containing the representative and the mandator + */ + + public void initialize( + String representationID, ParepConfiguration parepConfiguration, + String rpFamilyName, String rpGivenName, String rpDateOfBirth, + CreateMandateRequest request); + + /** + * Starting point of user input processing. This function must initialize the + * processor and remember its state. + * + * @param physical Is person a physical person selected + * @param familyName The family name of the mandator + * @param givenName + * @param dateOfBirth + * @param streetName The address of the physical person + * @param buildingNumber + * @param unit + * @param postalCode + * @param municipality + * @param cbFullName + * @param cbIdentificationType + * @param cbIdentificationValue + * @return The initial user input form + */ + public String start( + boolean physical, String familyName, String givenName, String dateOfBirth, + String streetName, String buildingNumber, String unit, String postalCode, String municipality, + String cbFullName, String cbIdentificationType, String cbIdentificationValue); + + /** + * Validation after the user submitted form + * + * @param parameters Returned input field values + * @param extErrortext Error text from SZR-gateway to throw error page or form to correct user input data + * @return User input form if needed, or empty form if everything is ok with the user input. Returns null on error. + */ + public String validate(Map parameters, String extErrortext); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java new file mode 100644 index 000000000..aff5d8a7a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -0,0 +1,298 @@ +/** + * + */ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Map; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Implements the standard party representation infobox validator input processor + * + * @author Peter Danner + * + */ +public class ParepInputProcessorImpl implements ParepInputProcessor{ + + /** the requested representation ID (currently * or OID) */ + private String representationID; + + /** contains the configuration of the owning validator */ + private ParepConfiguration parepConfiguration; + + /** Family name of the representative */ + private String rpFamilyName; + + /** Given name of the representative */ + private String rpGivenName; + + /** The representatives date of birth */ + private String rpDateOfBirth; + + /** The current CreateMandateRequest to the SZR-gateway */ + private CreateMandateRequest request; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#initialize(String, ParepConfiguration, String, String, String, CreateMandateRequest) + */ + public void initialize( + String representationID, ParepConfiguration parepConfiguration, + String rpFamilyName, String rpGivenName, String rpDateOfBirth, + CreateMandateRequest request) + { + // Initialization + this.representationID = representationID; + this.parepConfiguration = parepConfiguration; + this.rpFamilyName = rpFamilyName; + this.rpGivenName = rpGivenName; + this.rpDateOfBirth = rpDateOfBirth; + this.request = request; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String) + */ + public String start( + boolean physical, String familyName, String givenName, String dateOfBirth, + String streetName, String buildingNumber, String unit, String postalCode, String municipality, + String cbFullName, String cbIdentificationType, String cbIdentificationValue) + { + // Load the form + String form = loadForm( + physical, familyName, givenName, dateOfBirth, + streetName, buildingNumber, unit, postalCode, municipality, + cbFullName, cbIdentificationType, cbIdentificationValue, ""); + try { + request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, + cbIdentificationType, cbIdentificationValue); + } catch (SZRGWClientException e) { + //e.printStackTrace(); + Logger.info(e); + return null; + } + return form; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String) + */ + public String validate(Map parameters, String extErrortext) + { + + // Process the gotten parameters + String form = null; + boolean formNecessary = false; + if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true; + String locErrortext = "Folgende Parameter fehlen: "; + + String familyName = (String) parameters.get("familyname"); + if (null == familyName) familyName =""; + String givenName = (String) parameters.get("givenname"); + if (null == givenName) givenName =""; + boolean physical = "true".equals(parameters.get("physical")); + String dobday = (String) parameters.get("dobday"); + if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday=""; + String dobmonth = (String) parameters.get("dobmonth"); + if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth=""; + String dobyear = (String) parameters.get("dobyear"); + if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear=""; + String dateOfBirth = ""; + dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear); + dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth); + dobday = (" ".substring(0, 2-dobday.length()) + dobday); + dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday; + String cbFullName = (String) parameters.get("fullname"); + if (null == cbFullName) cbFullName =""; + String cbIdentificationType = (String) parameters.get("cbidentificationtype"); + if (null == cbIdentificationType) cbIdentificationType =""; + String cbIdentificationValue = (String) parameters.get("cbidentificationvalue"); + if (null == cbIdentificationValue) cbIdentificationValue =""; + String postalCode = (String) parameters.get("postalcode"); + if (null == postalCode) postalCode =""; + String municipality = (String) parameters.get("municipality"); + if (null == municipality) municipality =""; + String streetName = (String) parameters.get("streetname"); + if (null == streetName) streetName =""; + String buildingNumber = (String) parameters.get("buildingnumber"); + if (null == buildingNumber) buildingNumber =""; + String unit = (String) parameters.get("unit"); + if (null == unit) unit =""; + + if (physical) { + if (ParepUtils.isEmpty(familyName)) { + formNecessary = true; + locErrortext = locErrortext + "Familienname"; + } + if (ParepUtils.isEmpty(givenName)) { + formNecessary = true; + if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "Vorname"; + } + // Auf existierendes Datum prüfen + SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd"); + format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen + try { + format.parse(dateOfBirth); + } + catch(ParseException pe) + { + formNecessary = true; + if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "korrektes Geburtsdatum"; + } + } else { + if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { + formNecessary = true; + if (ParepUtils.isEmpty(cbFullName)) { + locErrortext = locErrortext + "Name der Organisation"; + } + if (ParepUtils.isEmpty(cbIdentificationType)) { + if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "Auswahl des Registers"; + } + if (ParepUtils.isEmpty(cbIdentificationValue)) { + if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; + locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register"; + } + } + } + try { + request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, + cbIdentificationType, cbIdentificationValue); + if (formNecessary) { + // Daten noch nicht vollständig oder anderer Fehler + if (locErrortext.endsWith("fehlen: ")) locErrortext =""; + String error = ""; + if (!ParepUtils.isEmpty(extErrortext)) { + error = extErrortext; + if (!ParepUtils.isEmpty(locErrortext)) error = error + "; "; + } + if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext; + if (!ParepUtils.isEmpty(error)) { + error = "
\"  " + error + "
"; + } + form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error); + if (form == null) { + return null; + } + } else { + return ""; // everything is ok + } + } catch (Exception e) { + //e.printStackTrace(); + Logger.info(e); + return null; + } + return form; + } + + /** + * Loads the empty user input form and replaces tag occurences with given variables + * + * @param physical + * @param familyName + * @param givenName + * @param dateOfBirth + * @param streetName + * @param buildingNumber + * @param unit + * @param postalCode + * @param municipality + * @param cbFullName + * @param cbIdentificationType + * @param cbIdentificationValue + * @param errorText + * @return + */ + private String loadForm( + boolean physical, String familyName, String givenName, String dateOfBirth, + String streetName, String buildingNumber, String unit, String postalCode, String municipality, + String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText) + { + String form = ""; + try { + String fileName = parepConfiguration.getInputProcessorTemplate(representationID); + InputStream instream = null; + File file = new File(fileName); + if (file.exists()) { + //if this resolves to a file, load it + instream = new FileInputStream(fileName); + } else { + fileName = parepConfiguration.getFullDirectoryName(fileName); + file = new File(fileName); + if (file.exists()) { + //if this resolves to a file, load it + instream = new FileInputStream(fileName); + } else { + //else load a named resource in our classloader. + instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID)); + if (instream == null) { + Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt"); + return null; + } + } + } + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.dumpInputOutputStream(instream, bos); + form = bos.toString("UTF-8"); + } catch(Exception e) { + Logger.error("Fehler beim Einlesen des Input-Templates.", e); + } + + if (!ParepUtils.isEmpty(form)) { + boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID); + boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID); + boolean reducedSelection = (!physEnabled || !cbEnabled); + if (reducedSelection) { + physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar + } + if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT"; + form = ParepUtils.replaceAll(form, "", rpGivenName); + form = ParepUtils.replaceAll(form, "", rpFamilyName); + form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(0,4)); + form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(5,7)); + form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(8,10)); + //darf zw. phys. und jur. Person gewählt werden: + //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : ""); + form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\""); + form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : ""); + form = ParepUtils.replaceAll(form, "", givenName); + form = ParepUtils.replaceAll(form, "", familyName); + form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(0,4).trim()); + form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(5,7).trim()); + form = ParepUtils.replaceAll(form, "", dateOfBirth.substring(8,10).trim()); + form = ParepUtils.replaceAll(form, "", streetName); + form = ParepUtils.replaceAll(form, "", buildingNumber); + form = ParepUtils.replaceAll(form, "", unit); + form = ParepUtils.replaceAll(form, "", postalCode); + form = ParepUtils.replaceAll(form, "", municipality); + form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\""); + form = ParepUtils.replaceAll(form, "", cbFullName); + form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\""); + form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\""); + form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : ""); + form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : ""); + form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : ""); + form = ParepUtils.replaceAll(form, "", cbIdentificationValue); + form = ParepUtils.replaceAll(form, "", errorText); + } + return form; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java new file mode 100644 index 000000000..aed635502 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -0,0 +1,708 @@ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.OutputStreamWriter; + +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.xml.serialize.OutputFormat; +import org.apache.xml.serialize.XMLSerializer; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class implements a set of utility methods. + * + * @author Peter Danner + */ +public class ParepUtils { + + /** + * Determines whether a string is null or empty + * + * @param str the string to check. + * @return true if the string is null or empty, + * false otherwise. + */ + public static boolean isEmpty(String str) { + return str == null || "".equals(str); + } + + /** + * Reads a XML document from an input stream (namespace-aware). + * + * @param is + * the input stream to read from. + * @return the read XML document. + * @throws SZRGWClientException + * if an error occurs reading the document from the input stream. + */ + public static Document readDocFromIs(InputStream is) throws SZRGWClientException { + try { + DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); + f.setNamespaceAware(true); + return f.newDocumentBuilder().parse(is); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /* + * + */ + public static String extractRepresentativeID(Element mandate) throws ValidateException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode); + if (resultNode != null) { + return resultNode.getTextContent(); + } + return null; + } catch (Exception e) { + throw new ValidateException("validator.62", null); + } + } + + // TODO: remove unreferenced + + /** + * Dumps all bytes from an input stream to the given output stream. + * + * @param is + * the input stream to dump from. + * @param os + * the output stream to dump to. + * @throws IOException + * if an error occurs while dumping. + */ + public static void dumpInputOutputStream(InputStream is, OutputStream os) throws IOException { + if (is == null) { + return; + } + int ch; + while ((ch = is.read()) != -1) { + os.write(ch); + } + } + + /** + * Gets a string that represents the date a mandate was issued. + * + * @param mandate + * the mandate to extract the issuing date from. + * @return the issuing date of the given mandate. + * @throws SZRGWClientException + * if an exception occurs extracting the issuing date of the + * mandate. + */ + public static String getMandateIssuedDate(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + + Node dateNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Date/text()", nameSpaceNode); + + if (dateNode == null) { + throw new Exception("Date in Mandate-Issued not found."); + } + return dateNode.getNodeValue(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Gets a string that represents the place a mandate was issued. + * + * @param mandate + * the mandate to extract the issuing place from. + * @return the issuing place of the given mandate. + * @throws SZRGWClientException + * if an exception occurs extracting the issuing place of the + * mandate. + */ + public static String getMandateIssuedPlace(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + + Node placeNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Place/text()", nameSpaceNode); + + if (placeNode == null) { + throw new Exception("Place in Mandate-Issued not found."); + } + return placeNode.getNodeValue(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Extracts the textual description of the mandate. + * + * @param mandate + * the mandate to extract the textual description from. + * @return the textual description of the mandate. + * @throws SZRGWClientException + * if an exception occurs extracting the textual description. + */ + public static String getMandateContent(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + + Node contentNode = XPathAPI.selectSingleNode(mandate, "//md:SimpleMandateContent/md:TextualDescription/text()", nameSpaceNode); + + if (contentNode == null) { + throw new Exception("Content in Mandate not found."); + } + return contentNode.getNodeValue(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Extracts the md:Mandator element from a XML mandate element. + * + * @param mandate + * the md:Mandate element to extract the md:Mandator from. + * @return the md:Mandator element. + * @throws SZRGWClientException + * if an error occurs extracting the md:Mandator element. + */ + public static Element extractMandator(Element mandate) throws ParseException { + try { + + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR, nameSpaceNode); + if (mandator == null) { + // if we got the Mandator itself + if (mandate.getLocalName().equals(SZRGWConstants.MANDATOR)) return mandate; + } + if (mandator == null) + return null; + String nsPrefix = mandator.getPrefix(); + String nsUri = mandator.getNamespaceURI(); + Element mandatorClone = (Element) mandator.cloneNode(true); + mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri); + return mandatorClone; + } catch (Exception e) { + throw new ParseException(e.toString(), null); + } + } + + /** + * Tells wether a mandator is a physical person or not. + * + * @param mandator + * the XML md:Mandator element to extract from. + * @return true if the mandator is a physical person, false otherwise. + */ + public static boolean isPhysicalPerson(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + // check if physical person + Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode); + // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator, + // "descendant-or-self::pr:CorporateBody", nameSpaceNode); + return physicalPerson != null; + } catch (Exception e) { + e.printStackTrace(); + return false; + } + } + + /** + * Extracts the pr:PhysicalPerson or pr:CorporateBody + * element from a XML mandate element. + * + * @param mandate + * the md:Mandate element to extract the person from. + * @return the pr:PhysicalPerson or pr:CorporateBody element. + * @throws ParseException + * if an error occurs extracting the element. + */ + public static Element extractPersonOfMandate(Element mandate) throws ParseException { + try { + + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:PhysicalPerson", nameSpaceNode); + if (person == null) { + person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:CorporateBody", nameSpaceNode); + } + if (person == null) return null; + String nsPrefix = person.getPrefix(); + String nsUri = person.getNamespaceURI(); + Element personClone = (Element) person.cloneNode(true); + personClone.setAttribute("xmlns:" + nsPrefix, nsUri); + return personClone; + } catch (Exception e) { + //e.printStackTrace(); + throw new ParseException(e.toString(), null); + } + } + + /** + * Benerates the pr:Person element form a + * pr:PhysicalPerson or pr:CorporateBody + * element of a XML mandate element. + * + * @param mandate + * the md:Mandate element to extract the person from. + * @return the pr:Person element. + * @throws ParseException + * if an error occurs extracting the element. + */ + public static Element extractPrPersonOfMandate(Element mandate) throws ParseException { + + try { + Document document = ParepUtils.createEmptyDocument(); + Element root = document.createElement(SZRGWConstants.PD_PREFIX + SZRGWConstants.PERSON); + root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + root.setAttribute("xmlns:" + Constants.XSI_PREFIX, Constants.XSI_NS_URI); + + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON, nameSpaceNode); + if (person == null) { + person = (Element) XPathAPI.selectSingleNode(mandate, "//" + + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY, nameSpaceNode); + } + if (person != null) { + root.setAttribute(Constants.XSI_PREFIX + ":type", SZRGWConstants.PD_PREFIX + person.getLocalName()); + if (person != null) { + NodeList nl = person.getChildNodes(); + for (int i = 0; i < nl.getLength(); i++) { + Node testNode = nl.item(i); + if (Node.ELEMENT_NODE == testNode.getNodeType()) { + root.appendChild(document.importNode(testNode, true)); + } + } + } + } + + return root; + } catch (Exception e) { + //e.printStackTrace(); + throw new ParseException(e.toString(), null); + } + } + + /** + * Extracts the name of the mandator as a string representation. + * + * @param mandator + * the XML md:Mandator element to extract from. + * @return the mandator name as a string. + */ + public static String extractMandatorName(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + // first check if physical person + Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode); + if (name != null) { + String givenName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()", nameSpaceNode).getNodeValue(); + String familyName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()", nameSpaceNode).getNodeValue(); + + return givenName + " " + familyName; + } + + // check if corporate body + Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:FullName/text()", nameSpaceNode); + if (fullName != null) { + return fullName.getNodeValue(); + } + return ""; + } catch (Exception e) { + //e.printStackTrace(); + return ""; + } + } + + /** + * Extracts specific text of an element of a given md:Mandator element. + * + * @param mandator + * the XML md:Mandator to extract from. + * @return the resulting text of the mandator element. + */ + public static String extractText(Element mandator, String xpath) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node textNode = XPathAPI.selectSingleNode(mandator, xpath, nameSpaceNode); + if (textNode == null) + return null; + return textNode.getNodeValue(); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + /** + * Extracts the date of birth of the mandator of a given md:Mandator element. + * + * @param mandator + * the XML md:Mandator to extract from. + * @return the dob of the mandator. + */ + public static String extractMandatorDateOfBirth(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node dobName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:DateOfBirth/text()", nameSpaceNode); + if (dobName == null) + return null; + return dobName.getNodeValue(); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + /** + * Extracts the full name of the mandators corporate body of a given + * md:Mandator element. + * + * @param mandator + * the XML md:Mandator to extract from. + * @return the full name of the mandator. + */ + public static String extractMandatorFullName(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:CorporateBody/pr:FullName/text()", nameSpaceNode); + if (fullName == null) + return null; + return fullName.getNodeValue(); + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + /** + * Extracts the identification value of the mandator of a given mandate. + * + * @param mandator + * the XML md:Mandator element. + * @return the identification value. + */ + public static String extractMandatorWbpk(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node idValue = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode); + if (idValue != null) { + return idValue.getNodeValue(); + } + return ""; + } catch (Exception e) { + e.printStackTrace(); + return ""; + } + } + + /** + * Extracts the identification type of the mandator of a given mandate. + * + * @param mandator + * the XML md:Mandator element. + * @return the identification type. + */ + public static String extractMandatorIdentificationType(Element mandator) { + try { + Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + Node idType = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode); + if (idType != null) { + return idType.getNodeValue(); + } + return ""; + } catch (Exception e) { + e.printStackTrace(); + return ""; + } + } + + /* + * + */ + public static String getIdentification(Element personElement, String element) throws ParseException { + try { + + Element nameSpaceNode = personElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + + return XPathAPI.selectSingleNode(personElement, "descendant-or-self::pr:Identification/pr:" + element + "/text()", nameSpaceNode) + .getNodeValue(); + } catch (Exception e) { + throw new ParseException(e.toString(), null); + } + } + + /* + * + */ + private static Element extractRepresentative(Element mandate) throws SZRGWClientException { + try { + Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS); + Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode); + String nsPrefix = mandator.getPrefix(); + String nsUri = mandator.getNamespaceURI(); + + Element mandatorClone = (Element) mandator.cloneNode(true); + mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri); + + return mandatorClone; + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + /** + * Serializes a XML element to a given output stream. + * + * @param element + * the XML element to serialize. + * @param out + * the output streamt o serialize to. + * @throws IOException + * if an I/O error occurs during serialization. + */ + public static void serializeElement(Element element, OutputStream out) throws IOException { + OutputFormat format = new OutputFormat(); + format.setOmitXMLDeclaration(true); + format.setEncoding("UTF-8"); + format.setPreserveSpace(true); + XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format); + serializer.serialize(element); + } + + public static void serializeElementAsDocument(Element element, OutputStream out) throws IOException { + OutputFormat format = new OutputFormat(); + format.setOmitXMLDeclaration(false); + format.setEncoding("UTF-8"); + format.setPreserveSpace(true); + XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format); + serializer.serialize(element); + } + + public static void serializeElementWithoutEncoding(Element element, OutputStream out) throws IOException { + OutputFormat format = new OutputFormat(); + format.setOmitXMLDeclaration(true); + format.setEncoding("UTF-8"); + format.setPreserveSpace(true); + XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out), format); + serializer.serialize(element); + } + + public static void saveStringToFile(String str, File file) throws IOException { + FileOutputStream fos = new FileOutputStream(file); + fos.write(str.getBytes()); + fos.flush(); + fos.close(); + } + + public static void saveBytesToFile(byte[] str, File file) throws IOException { + FileOutputStream fos = new FileOutputStream(file); + fos.write(str); + fos.flush(); + fos.close(); + } + + public static void saveElementToFile(Element elem, File file) throws IOException { + FileOutputStream fos = new FileOutputStream(file); + serializeElementWithoutEncoding(elem, fos); + fos.flush(); + fos.close(); + } + + /** + * Creates an empty XML document. + * + * @return a newly created empty XML document. + * @throws SZRGWClientException + * if an error occurs creating the empty document. + */ + public static Document createEmptyDocument() throws SZRGWClientException { + try { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + return factory.newDocumentBuilder().newDocument(); + } catch (Exception e) { + throw new SZRGWClientException(e); + } + } + + + /** + * Tells if the Validator of an Infobox is enabled. If the corresponding application + * specific configuration element EnableInfoboxValidator is missing, a default value true is assumed + * + * @param applicationSpecificParams + * the XML element of the infobox configuration. + * @return the boolean value of the determination. + * @throws ConfigurationException + * if an error occurs reading the configuration. + */ + public static boolean isValidatorEnabled(Element applicationSpecificParams) throws ConfigurationException { + try { + Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + + //ParepUtils.serializeElement(applicationSpecificParams, System.out); + Node validatorEnabledNode = XPathAPI.selectSingleNode(applicationSpecificParams, Constants.MOA_ID_CONFIG_PREFIX + + ":EnableInfoboxValidator/text()", nameSpaceNode); + if (validatorEnabledNode != null) { + return BoolUtils.valueOf(validatorEnabledNode.getNodeValue()); + } + return true; + } catch (Exception e) { + // e.printStackTrace(); + throw new ConfigurationException("config.02", null); + } + } + + /** + * Delivers a String with the description of the register which is described + * through the identification Type of a corporate body of the persondata schema + * + * @param identificationType + * the identification type. + * @return the register description. + */ + public static String getRegisterString(String identificationType) { + String corporateBase = Constants.URN_PREFIX_BASEID + "+"; + if (ParepUtils.isEmpty(identificationType) || !identificationType.startsWith(corporateBase)) return null; + String register = identificationType.substring(corporateBase.length()); + if (ParepUtils.isEmpty(register)) return null; + if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer"; + if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister"; + if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene"; + return null; + } + + /** + * Hides Stammzahlen in the given element + * + * @param hideElement The element where Stammzahlen should be replaced. + * @param businessApplication For decision whether to calc a bPK or wbPK. + * @param target Target for calculating a bPK. + * @param registerID Necessary string for calculating a wbPK (example FN+4096i). + * @param blank Switch for behaviour. + * true if Stammzahlen are blinded. All occurences will be replaced by empty strings. + * false calculates (w)bPKs and changes also the pr:Identifivation/pr:Type elements. + * @return The element where Stammzahlen are hidden. + */ + public static Element HideStammZahlen(Element hideElement, boolean businessApplication, String target, String registerID, boolean blank) + throws BuildException { + try { + if (hideElement != null) { + Element nameSpaceNode = hideElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + NodeList identifications = XPathAPI.selectNodeList(hideElement, "descendant-or-self::pr:Identification", nameSpaceNode); + for (int i = 0; i < identifications.getLength(); i++) { + Element identificationElement = (Element) identifications.item(i); + Node idTypeNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode); + if (idTypeNode != null && Constants.URN_PREFIX_BASEID.equals(idTypeNode.getNodeValue())) { + Node idValueNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode); + if (idValueNode == null || ParepUtils.isEmpty(idValueNode.getNodeValue())) { + Logger.error("HideStammZahlen: Problem beim Parsen des erhaltenen Elements - Value Element(-Inhalt) von pr:Identification nicht vorhanden."); + throw new BuildException("builder.02", null); + } + if (blank) { + idValueNode.setNodeValue(""); + } else { + String idValue = idValueNode.getNodeValue(); + if (businessApplication) { + // wbPK berechnen + idTypeNode.setNodeValue(Constants.URN_PREFIX_WBPK + "+" + registerID); + String bpkBase64 = new BPKBuilder().buildWBPK(idValueNode.getNodeValue(), registerID); + idValueNode.setNodeValue(bpkBase64); + + } else { + // bPK berechnen + idTypeNode.setNodeValue(Constants.URN_PREFIX_BPK); + String bpkBase64 = new BPKBuilder().buildBPK(idValueNode.getNodeValue(), target); + idValueNode.setNodeValue(bpkBase64); + } + } + } + } + } + } catch (Exception e) { + throw new BuildException("builder.02", null); + } + return hideElement; + } + + /** + * Replaces each substring of string s that matches the given + * search string by the given replace string. + * + * @param s The string where the replacement should take place. + * @param search The pattern that should be replaced. + * @param replace The string that should replace all each search + * string within s. + * @return A string where all occurrence of search are + * replaced with replace. + */ + public static String replaceAll (String s, String search, String replace) { + if (replace==null) replace = ""; + return StringUtils.replaceAll(s, search, replace); + } + + +// public static void main(String[] args) throws Exception { +// Document mandate = readDocFromIs(new FileInputStream("c:/Doku/work/Organwalter/schemas/Vertretung_OW_Max_Mustermann.xml")); +// Document mandate = readDocFromIs(new FileInputStream("c:/mandator.xml")); +// Document mandate = readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1.xml")); +// Element mandatorElement = extractMandator(mandate.getDocumentElement()); +// System.out.println(extractMandatorName(mandatorElement)); +// System.out.println(extractMandatorDateOfBirth(mandatorElement)); +// System.out.println(extractMandatorWbpk(mandatorElement)); +// //serializeElement(mandatorElement, System.out); +// serializeElement((extractPrPersonOfMandate(mandate.getDocumentElement())), System.out); +// } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java new file mode 100644 index 000000000..acd193a68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -0,0 +1,576 @@ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import java.io.File; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Vector; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; +import at.gv.egovernment.moa.id.auth.data.InfoboxToken; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * This class implements a MOA-ID Infobox Validator for validating + * a standardized XML mandate using the SZR-gateway. + * + * @author Peter Danner + */ +public class ParepValidator implements InfoboxValidator { + + /** activates debug settings */ + private boolean PAREP_DEBUG = false; + + /** contains the parameters the validator initially was called with */ + private InfoboxValidatorParams params = null; + + /** contains the configuration of the validator */ + private ParepConfiguration parepConfiguration = null; + + /** the requested representation ID (currently * or OID) */ + private String representationID = null; + + /** holds the information of the SZR-request */ + private CreateMandateRequest request = null; + + /** List of extended SAML attributes. */ + private Vector extendedSamlAttributes = new Vector(); + + /** the class which processes the user input */ + private ParepInputProcessor inputProcessor = null; + + /** The form if user input is necessary */ + private String form = null; + + /** unspecified error of parep-validator (must not know more about)*/ + private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufliche Parteienvetretung aufgetreten"; + + /** Default class to gather remaining mandator data. */ + public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; + + /** Default template to gather remaining mandator data. */ + public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; + + /** kind of representation text in AUTH block*/ + public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter"; + + /** Names of the produced SAML-attributes. */ + public final static String EXT_SAML_MANDATE_RAW = "Vollmacht"; + public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName"; + public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum"; + public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt"; + + /** register and register number for non physical persons - the domain identifier for business applications*/ + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer"; + + /** + * Parses the XML configuration element and creates the validators configuration + * Use this function if you want to preconfigure the validator. + * + * @param configElem + * the XML configuration element to parse. + * @throws ConfigurationException + * if an error occurs during the configuration process + */ + public void Configure(Element configElem) throws ConfigurationException { + if (this.parepConfiguration == null) { + Logger.debug("Lade Konfiguration."); + parepConfiguration = new ParepConfiguration(configElem); + Logger.debug("Konfiguration erfolgreich geladen."); + } + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams) + */ + public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException { + + InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); + + try { + Logger.debug("Starte Organwalter-/berufliche Parteienvertreterprüfung."); + this.params = params; + + Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); + // ParepUtils.serializeElement(mandate, System.out); + this.representationID = ParepUtils.extractRepresentativeID(mandate); + if (ParepUtils.isEmpty(representationID)) { + validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht"); + return validationResult; + } + + // Überprüfen der Identifikation (Type/Value). + String identificationType = this.params.getIdentificationType(); + String identificationValue = this.params.getIdentificationValue(); + if (this.params.getBusinessApplication()) { + if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { + validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen."); + return validationResult; + + } else { + Logger.debug("Parteienvertreter wird mit wbPK identifiziert"); + } + } else { + if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { + //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt + if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { + Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein."); + validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); + return validationResult; + } else { + Logger.debug("Organwalter wird mit Stammzahl identifiziert"); + } + } else { + if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { + // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist + identificationType = Constants.URN_PREFIX_CDID; + String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget()); + identificationValue = bpkBase64; + Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); + } else { + Logger.debug("Parteienvertreter wird mit bPK identifiziert"); + } + } + } + + Configure(this.params.getApplicationSpecificParams()); + // check if we have a configured party representative for that + if (!parepConfiguration.isPartyRepresentative(representationID)) { + Logger.info("Kein beruflicher Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); + validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); + return validationResult; + } + + // Vertreter + this.request = new CreateMandateRequest(); + request.setRepresentative(this.params, identificationType, identificationValue); + // ParepUtils.serializeElement(request.getRepresentative(), System.out); + //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml")); + + Logger.debug("Prüfe vorausgefüllte Daten..."); + boolean physical = true; + String familyName = ""; + String givenName = ""; + String dateOfBirth = ""; + String cbFullName = ""; + String cbIdentificationType = ""; + String cbIdentificationValue = ""; + String postalCode = ""; + String municipality = ""; + String streetName = ""; + String buildingNumber = ""; + String unit = ""; + + boolean formNecessary = false; + // Vertretener (erstes Vorkommen) + Element mandator = ParepUtils.extractMandator(mandate); + if (mandator != null) { + // ParepUtils.serializeElement(mandator, System.out); + // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml")); + if (ParepUtils.isPhysicalPerson(mandator)) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + physical = false; + cbFullName = ParepUtils.extractMandatorFullName(mandator); + cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); + cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); + } + postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); + municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); + streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); + buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); + unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); + + } + if (physical) { + if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) { + validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); + return validationResult; + } + if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) { + formNecessary = true; + } + } else { + if (!parepConfiguration.isRepresentingCorporateParty(representationID)) { + validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); + return validationResult; + } + if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { + formNecessary = true; + } + } + + //Zeigen wir, dass die Daten übernommen wurden: + if (parepConfiguration.isAlwaysShowForm()) formNecessary=true; + + // Input processor + this.form = ""; + if (formNecessary) { + ParepInputProcessor inputProcessor= getInputProcessor(); + this.form = inputProcessor.start( + physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, + cbFullName, cbIdentificationType, cbIdentificationValue); + if (this.form == null) { + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + } else { + // Request vorbereiten mit vorgegebenen Daten + request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, + cbIdentificationType, cbIdentificationValue); + } + + + // ParepUtils.serializeElement(request.getMandator(), System.out); + // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml")); + + addAuthBlockExtendedSamlAttributes(); + validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); + Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet"); + validationResult.setValid(true); + return validationResult; + } catch (Exception e) { + e.printStackTrace(); + Logger.info(e); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map) + */ + public InfoboxValidationResult validate(Map parameters) throws ValidateException { + + InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); + Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + Logger.debug("Prüfe im Formular ausgefüllte Daten..."); + if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); + + // Input processor + ParepInputProcessor inputProcessor= getInputProcessor(); + this.form = inputProcessor.validate(parameters, null); + if (this.form == null) { + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + extendedSamlAttributes.clear(); + addAuthBlockExtendedSamlAttributes(); + validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); + validationResult.setValid(true); + Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + return validationResult; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element) + */ + public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { + + InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); + Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung"); + this.form = ""; + try { + + // TODO: Frage ob OID im Zertifikat zu prüfen ist (macht derzeit das SZR-gateway). Dies würde aber zu eine Performanceeinbuße führen. + + request.setSignature(samlAssertion); + +//DPO debug +// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement(); +// String id = representationID; +// CreateMandateResponse response; +// if (true) { +// if (this.params.getHideStammzahl()) { +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml")); +// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können. +// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen. +// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK +// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); +// } +// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml")); + + //ParepUtils.serializeElement(request.toElement(), System.out); + if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml")); + + // configure szrgw client + Logger.debug("Lade SZR-GW Client."); + SZRGWClient client = new SZRGWClient(); + // System.out.println("Parameters: " + cfg.getConnectionParameters()); + Logger.debug("Initialisiere Verbindung..."); + ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID); + // Logger.debug("Connection Parameters: " + connectionParameters); + Logger.debug("SZR-GW URL: " + connectionParameters.getUrl()); + client.setAddress(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) { + Logger.debug("Initialisiere SSL Verbindung"); + client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + } + + Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway..."); + CreateMandateResponse response; + Element requ = request.toElement(); + try { + response = client.createMandateResponse(requ); + } catch (SZRGWClientException e) { + // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt. + Logger.debug("2. Versuch - Kommunikation mit dem Stammzahlenregister Gateway..."); + client = new SZRGWClient(connectionParameters.getUrl()); + if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters)); + response = client.createMandateResponse(requ); + } + if (response.getResultCode()==2000) { + if(response.getMandate()==null) { + Logger.error("Keine Vollmacht vom SZR-Gateway erhalten"); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + + + //DPO debug output (2lines) + String id = representationID; + if (id.equals("*")) id="standardisiert"; + + Element mandate = response.getMandate(); + // Replace Stammzahlen + if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml")); + if (this.params.getHideStammzahl()) { + ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); + if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml")); + } + + extendedSamlAttributes.clear(); + // Vollmacht + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); + validationResult.setValid(true); + Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet"); + } else { + String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; + String responseInfo = response.getInfo(); + if (response.getResultCode()>4000 && response.getResultCode()<4999) { + if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; + validationResult.setErrorMessage(errorMsg); + } else if (response.getResultCode()>=3000 && response.getResultCode()<=3000) { + // Person not found + ParepInputProcessor inputProcessor= getInputProcessor(); + if (response.getResultCode()==3000) { //TODO: verify code + errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Bitte ergänzen/ändern Sie ihre Angaben."; + } else { + if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo; + } + + this.form = inputProcessor.validate(generateParameters(), errorMsg); + if (this.form == null) { + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + validationResult.setValid(true); + } else { + // Do not inform the user too much + Logger.error(errorMsg); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + } + + } + return validationResult; + } catch (Exception e) { + e.printStackTrace(); + Logger.info(e); + validationResult.setErrorMessage(ParepValidator.COMMON_ERROR); + return validationResult; + } + } + + /** + * provides the primary infobox token of the given list. + * + * @param infoBoxTokens + * the list of infobox tokens. + * @return + * the XML element of the primary token. + * @throws ValidateException + * if an error occurs or list is not suitable. + */ + public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException { + if (infoBoxTokens == null || infoBoxTokens.size() == 0) { + throw new ValidateException("validator.62", null); + } + for (int i = 0; i < infoBoxTokens.size(); i++) { + InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i); + if (token.isPrimary()) { + return token.getXMLToken(); + } + } + throw new ValidateException("validator.62", null); + } + + /* + * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes() + */ + public ExtendedSAMLAttribute[] getExtendedSamlAttributes() { + ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()]; + extendedSamlAttributes.copyInto(ret); + Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length); + return ret; + } + + + /** + * @return The next pending user input form, which is "" if no form is to be shown, and null on errors. + */ + public String getForm() { + return this.form; + } + + /** + * Gets the user form input processor (class) assigned to the current party representative + * If the method is called for the first time it initializes the input processor. + * + * @return The user form input processor + */ + private ParepInputProcessor getInputProcessor() { + + if (this.inputProcessor!=null) return inputProcessor; + String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID); + ParepInputProcessor inputProcessor = null; + try { + Class inputProcessorClass = Class.forName(inputProcessorName); + inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance(); + inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request); + } catch (Exception e) { + Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage()); + } + this.inputProcessor = inputProcessor; + return inputProcessor; + } + + /** + * Generates the parameter list, which is needed to simulate a return from + * an user form. + * + * @return the form parameters + */ + private Map generateParameters() { + Map parameters = new HashMap(); + boolean physical = true; + String familyName = ""; + String givenName = ""; + String dateOfBirth = ""; + String cbFullName = ""; + String cbIdentificationType = ""; + String cbIdentificationValue = ""; + String postalCode = ""; + String municipality = ""; + String streetName = ""; + String buildingNumber = ""; + String unit = ""; + + try { + // Vertretener (erstes Vorkommen) + Element mandator = request.getMandator(); + ParepUtils.saveElementToFile(mandator, new File("c:/mandator_test.xml")); + if (mandator != null) { + if (ParepUtils.isPhysicalPerson(mandator)) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + physical = false; + cbFullName = ParepUtils.extractMandatorFullName(mandator); + cbIdentificationType = ParepUtils.getIdentification(mandator, "Type"); + cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator); + } + postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()"); + municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()"); + streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()"); + buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()"); + unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()"); + } + } catch (Exception e) { + Logger.error("Could not extract Mandator form SZR-gateway request"); + } + parameters.put("familyname", familyName); + parameters.put("givenname", givenName); + parameters.put("dateofbirth", dateOfBirth); + parameters.put("dobyear", dateOfBirth.substring(0,4)); + parameters.put("dobmonth", dateOfBirth.substring(5,7)); + parameters.put("dobday", dateOfBirth.substring(8,10)); + parameters.put("physical", physical ? "true" : "false"); + parameters.put("fullname", cbFullName); + parameters.put("cbidentificationtype", cbIdentificationType); + parameters.put("cbidentificationvalue", cbIdentificationValue); + parameters.put("postalcode", postalCode); + parameters.put("municipality", municipality); + parameters.put("streetname", streetName); + parameters.put("buildingnumber", buildingNumber); + parameters.put("unit", unit); + return parameters; + } + + /** + * Adds the AUTH block related SAML attributes to the validation result. + * This is needed always before the AUTH block is to be signed, because the + * name of the mandator has to be set + */ + private void addAuthBlockExtendedSamlAttributes() { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + Element mandator = request.getMandator(); + extendedSamlAttributes.clear(); + // Name + String name = ParepUtils.extractMandatorName(mandator); + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + // Geburtsdatum + String dob = ParepUtils.extractMandatorDateOfBirth(mandator); + if (dob != null && !"".equals(dob)) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + // (w)bpk + String wbpk = ParepUtils.extractMandatorWbpk(mandator); + if (!ParepUtils.isEmpty(wbpk)) { + if (!ParepUtils.isPhysicalPerson(mandator)){ + String idType = ParepUtils.extractMandatorIdentificationType(mandator); + if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } else if (this.params.getBusinessApplication()) { + extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); + } + } + } + +// public static void main(String[] args) throws Exception { +// } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java new file mode 100644 index 000000000..d6b71ad83 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -0,0 +1,159 @@ +/** + * + */ +package at.gv.egovernment.moa.id.auth.validator.parep; + +import at.gv.egovernment.moa.id.config.ConnectionParameter; + +/** + * @author Peter Danner + * + */ +public class PartyRepresentative { + + /** Object Identifier **/ + private String oid; + + private boolean representPhysicalParty; + + private boolean representCorporateParty; + + /** + * Text for representation description in SAML Assertion (Auth-Block) + * */ + private String representationText; + + /** + * SZR-GW connection parameters. + */ + private ConnectionParameter connectionParameters = null; + + private String inputProcessorClass = null; + private String inputProcessorTemplate = null; + + /** + * Constructor + */ +public PartyRepresentative() { + this.oid = null; + this.representPhysicalParty = false; + this.representCorporateParty = false; + this.connectionParameters = null; + this.representationText = null; +} + +/** + * Constructor + */ + public PartyRepresentative(boolean representPhysicalParty, boolean representCorporateParty) { + this.oid = null; + this.representPhysicalParty = representPhysicalParty; + this.representCorporateParty = representCorporateParty; + this.connectionParameters = null; + this.representationText = null; + this.inputProcessorClass = null; + this.inputProcessorTemplate = null; + } + + /** + * @return the oid + */ + public String getOid() { + return oid; + } + + /** + * @param oid the oid to set + */ + public void setOid(String oid) { + this.oid = oid; + } + + /** + * @return the representPhysicalParty + */ + public boolean isRepresentingPhysicalParty() { + return representPhysicalParty; + } + + /** + * @param representPhysicalParty the representPhysicalParty to set + */ + public void setRepresentingPhysicalParty(boolean representPhysicalParty) { + this.representPhysicalParty = representPhysicalParty; + } + + /** + * @return the representCorporateParty + */ + public boolean isRepresentingCorporateParty() { + return representCorporateParty; + } + + /** + * @param representCorporateParty the representCorporateParty to set + */ + public void setRepresentingCorporateParty(boolean representCorporateParty) { + this.representCorporateParty = representCorporateParty; + } + + /** + * @return the connectionParameters + */ + public ConnectionParameter getConnectionParameters() { + return connectionParameters; + } + + /** + * @param connectionParameters the connectionParameters to set + */ + public void setConnectionParameters(ConnectionParameter connectionParameters) { + this.connectionParameters = connectionParameters; + } + + + /** + * @return the representationText + */ + public String getRepresentationText() { + return representationText; + } + + + /** + * @param representationText the representationText to set + */ + public void setRepresentationText(String representationText) { + this.representationText = representationText; + } + + /** + * @return the inputProcessorClass + */ + public String getInputProcessorClass() { + return inputProcessorClass; + } + + /** + * @param inputProcessorClass the inputProcessorClass to set + */ + public void setInputProcessorClass(String inputProcessorClass) { + this.inputProcessorClass = inputProcessorClass; + } + + /** + * @return the inputProcessorTemplate + */ + public String getInputProcessorTemplate() { + return inputProcessorTemplate; + } + + /** + * @param inputProcessorTemplate the inputProcessorTemplate to set + */ + public void setInputProcessorTemplate(String inputProcessorTemplate) { + this.inputProcessorTemplate = inputProcessorTemplate; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java new file mode 100644 index 000000000..fe8e263ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -0,0 +1,235 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.util.Constants; + +/** + * This class implements a detailed CreateMandateRequest that + * will be sent to SZR-gateway. + * + * @author Peter Danner + */ +public class CreateMandateRequest { + + /** + * The Request. + */ + private Document document; + + /** + * List of mandate representatives as XML element. + */ + private List representatives; + + /** + * The mandator. + */ + private Element mandator; + + /** + * The representative. + */ + private Element representative; + + /** + * The signature to verify by the SZR-gateway + */ + private Element signature; + + + + /** + * Creates the CreateMandateRequest element that will + * be sent to SZR-gateway + * + * @return the CreateMandateRequest element. + */ + public Element toElement() throws SZRGWClientException{ + + this.document = ParepUtils.createEmptyDocument(); + Element root = this.document.createElement(SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_REQUEST); + root.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); + if (this.representative!=null) root.appendChild(this.document.importNode(this.representative, true)); + if (this.mandator!=null) root.appendChild(this.document.importNode(this.mandator, true)); + if (this.signature!=null) root.appendChild(this.document.importNode(this.signature, true)); + + return root; + } + + /** + * Adds a representative. + * + * @param representative an XML representative to add. + */ + public void addRepresentative(Element representative) { + if (representatives == null) { + representatives = new ArrayList(); + } + representatives.add(representative); + } + + /** + * Gets the representative. + * + * @return the representative. + */ + public Element getRepresentative() { + return representative; + } + + /** + * Gets the mandator. + * + * @return the mandator. + */ + public Element getMandator() { + return mandator; + } + + /** + * Sets the mandator. + * + * @param mandator the mandator. + */ + public void setMandator(Element mandator) { + this.mandator = mandator; + } + + /** + * Sets the Mandator. + * + * @param familyName the family name of the mandator. + */ + public void setMandator(String familyName, String givenName, String dateOfBirth, + String postalCode, String municipality, String streetName, String buildingNumber, String unit, + boolean physical, String cbFullName, String cbIdentificationType, String cbIdentificationValue) throws SZRGWClientException { + + Document mandatorDocument = ParepUtils.createEmptyDocument(); + + Element mandatorElem = mandatorDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.MANDATOR); +// mandatorElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); +/// mandatorElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + + if (physical) { + Element physicalPersonElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON); + physicalPersonElem.appendChild(createNameElem(mandatorDocument, givenName, familyName)); + physicalPersonElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.DATEOFBIRTH, dateOfBirth)); + mandatorElem.appendChild(physicalPersonElem); + Element postalAddressElement = createPostalAddressElem(mandatorDocument, postalCode, municipality, streetName, buildingNumber, unit); + if (null!=postalAddressElement) mandatorElem.appendChild(postalAddressElement); + } else { + Element corporateBodyElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY); + corporateBodyElem.appendChild(createIdentificationElem(mandatorDocument, cbIdentificationType, cbIdentificationValue)); + corporateBodyElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.FULLNAME, cbFullName)); + mandatorElem.appendChild(corporateBodyElem); + } + + + this.mandator = mandatorElem; + } + + private Element createPersonDataElem(Document document, String elementName, String elementValue) { + Element elem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + elementName); + Node value = document.createTextNode(elementValue); + elem.appendChild(value); + return elem; + } + + private Element createIdentificationElem(Document document, String identificationType, String identificationValue) { + Element identificationElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.IDENTIFICATION); + identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.VALUE, identificationValue)); + identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.TYPE, identificationType)); + return identificationElem; + } + private Element createNameElem(Document document, String givenName, String familyName) { + Element nameElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.NAME); + nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.GIVENNAME, givenName)); + nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.FAMILYNAME, familyName)); + return nameElem; + } + private Element createPostalAddressElem(Document document, String postalCode, String municipality, String streetName, String buildingNumber, String unit) { + + if (ParepUtils.isEmpty(postalCode) && ParepUtils.isEmpty(municipality) && ParepUtils.isEmpty(streetName) + && ParepUtils.isEmpty(buildingNumber) && ParepUtils.isEmpty(unit)) return null; + Element postalAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.POSTALADDRESS); + + if (!ParepUtils.isEmpty(postalCode)) { + postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.POSTALCODE, postalCode)); + } + if (!ParepUtils.isEmpty(municipality)) { + postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.MUNICIPALITY, municipality)); + } + if (!ParepUtils.isEmpty(streetName) || !ParepUtils.isEmpty(buildingNumber) || !ParepUtils.isEmpty(unit)) { + Element deliveryAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.DELIVERYADDRESS); + + if (!ParepUtils.isEmpty(streetName)) { + deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.STREETNAME, streetName)); + } + if (!ParepUtils.isEmpty(buildingNumber)) { + deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.BUILDINGNUMBER, buildingNumber)); + } + if (!ParepUtils.isEmpty(unit)) { + deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.UNIT, unit)); + } + postalAddressElem.appendChild(deliveryAddressElem); + } + return postalAddressElem; + } + + + + /** + * Sets the Representative. + * + * @param params InfoboxValidatorParams contain the data of the representative. + * @param identificationType the type of the identification of the representative (has to be urn:publicid:gv.at:cdid). + * @param identificationValue the identification value (bPK). + */ + public void setRepresentative(InfoboxValidatorParams params, String identificationType, String identificationValue) throws SZRGWClientException { + + Document representativeDocument = ParepUtils.createEmptyDocument(); + + Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE); +// representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI); +// representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + + representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue)); + representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName())); + representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth())); + + this.representative = representativeElem; + } + + /** + * @return the signature + */ + public Element getSignature() { + return signature; + } + + /** + * @param signature the signature to set + */ + public void setSignature(Element signature) throws SZRGWClientException{ + Document signatureDocument = ParepUtils.createEmptyDocument(); + Element signatureElem = signatureDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + "Signature"); + //SZR-gateway takes the first Signature + //signatureElem.setAttribute("SignatureLocation", "//saml:Assertion/dsig:Signature"); + signatureElem.appendChild(signatureDocument.importNode(signature, true)); + this.signature = signatureElem; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java new file mode 100644 index 000000000..0f6ed8abf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -0,0 +1,130 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.io.FileInputStream; +import java.util.Hashtable; +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + + +/** + * This class implements a SZR-gateway CreateMandate Response. + * + * @author Peter Danner + */ +public class CreateMandateResponse { + + /** + * Result code of the request. + */ + private int resultCode; + + /** + * Description of the result. + */ + private String resultInfo; + + /** + * The returned mandate. + */ + private Element mandate; + + /** + * @return the resultCode + */ + public int getResultCode() { + return resultCode; + } + + /** + * @param resultCode the resultCode to set + */ + public void setResultCode(String resultCode) { + if (resultCode!=null) { + this.resultCode = Integer.parseInt(resultCode); + } else { + this.resultCode = 0; + } + } + + /** + * @return the resultInfo + */ + public String getInfo() { + return resultInfo; + } + + /** + * @param resultInfo the resultInfo to set + */ + public void setInfo(String resultInfo) { + this.resultInfo = resultInfo; + } + + /** + * @return the mandate + */ + public Element getMandate() { + return mandate; + } + + /** + * @param mandate the mandate to set + */ + public void setMandate(Element mandate) { + this.mandate = mandate; + } + + + /** + * Parses the SZR-gateway response. + * + * @param response the SZR-gateway response. + * @throws SZRGWClientException if an error occurs. + */ + public void parse(Element response) throws SZRGWClientException { + try { + + // first check if response is a soap error + NodeList list = response.getElementsByTagName("faultstring"); + if (list.getLength() > 0) { + throw new SZRGWClientException("Fehler bei SZR-Gateway: "+list.item(0).getChildNodes().item(0).getNodeValue()); + } + + this.mandate = null; + this.resultCode = 2000; + this.resultInfo = null; + // parse single SZR-gateway results + Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS); + nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS); + + Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode); + if (mandateNode!=null) { + this.mandate = (Element) mandateNode; + } else { + String errorResponse = "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.ERROR_RESPONSE + "/"; + Node errorCode = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "ErrorCode/text()", nameSpaceNode); + if (errorCode!=null) setResultCode(errorCode.getNodeValue()); + Node errorInfo = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "Info/text()", nameSpaceNode); + this.setInfo(errorInfo.getNodeValue()); + } + } catch(Exception e) { + e.printStackTrace(); + throw new SZRGWClientException(e); + } + } + + public static void main(String[] args) throws Exception { +// CreateMandateResponse resp = new CreateMandateResponse(); +// Document doc = ParepUtils.readDocFromIs(new FileInputStream("c:/response2.xml")); +// Element response = doc.getDocumentElement(); +// resp.parse(response); +// System.out.println(resp.getResultCode()); +// System.out.println(resp.getInfo()); +// if (resp.getMandate()!=null) ParepUtils.serializeElement(resp.getMandate(), System.out); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java new file mode 100644 index 000000000..d9d248c81 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -0,0 +1,23 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +/** + * SOAP Envelope Constants. + * + * @author Arne Tauber + * @version $ $ + **/ +public interface SOAPConstants { + + /* + * Namespaces and namespace prefixes for SOAP message handling + */ + String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/"; + String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/"; + String SOAP_ENV_PREFIX = "soapenv:"; + String SOAP_ENV_POSTFIX = ":soapenv"; + + String ENVELOPE = "Envelope"; + String BODY = "Body"; + String ENCODING_STYLE = "encodingStyle"; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java new file mode 100644 index 000000000..1e6dc1039 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -0,0 +1,144 @@ + +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.security.Security; + +import javax.net.ssl.SSLSocketFactory; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.PostMethod; +import org.apache.commons.httpclient.protocol.Protocol; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; + + +/** + * This class implements a client for communication with the SZR-gateway + *

+ * Two types of requests are supported + *

    + *
  1. Basic Request
  2. + *
  3. Detailed Request
  4. + *
+ * + * @author Peter Danner + */ +public class SZRGWClient { + /** + * The URL of the SZR-gateway webservice. + */ + private String address; + + /** + * The SSL socket factory when using a secure connection. + */ + private SSLSocketFactory sSLSocketFactory; + + /** + * Constructor + */ + public SZRGWClient() { + } + + /** + * Constructor + * + * @param address the URL of the SZR-gateway webservice. + */ + public SZRGWClient(String address) { + this.address = address; + } + /** + * Sets the SSL socket factory. + * + * @param factory the SSL socket factory. + */ + public void setSSLSocketFactory(SSLSocketFactory factory) { + this.sSLSocketFactory = factory; + } + + /** + * Sets the SZR webservice URL + * + * @param address the URL of the SZR-gateway webservice. + */ + public void setAddress(String address) { + this.address = address; + } + + /** + * Creates a mandate. + * + * @param reqElem the request. + * @return a SZR-gateway response containing the result + * @throws SZRGWException when an error occurs creating the mandate. + */ + public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException { + Logger.info("Connecting to SZR-gateway."); + try { + if (address == null) { + throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null."); + } + HttpClient client = new HttpClient(); + PostMethod method = new PostMethod(address); + method.setRequestHeader("SOAPAction", ""); + + + // ssl settings + if (sSLSocketFactory != null) { + SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); + Protocol.registerProtocol("https", new Protocol("https", fac, 443)); + } + + // create soap body + Element soapBody = getSOAPBody(); + Document doc = soapBody.getOwnerDocument(); + soapBody.appendChild(doc.importNode(reqElem, true)); + Element requestElement = soapBody.getOwnerDocument().getDocumentElement(); + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ParepUtils.serializeElementAsDocument(requestElement, bos); + + method.setRequestBody(new ByteArrayInputStream(bos.toByteArray())); + + client.executeMethod(method); + CreateMandateResponse response = new CreateMandateResponse(); + + bos = new ByteArrayOutputStream(); + doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream()); + + response.parse(doc.getDocumentElement()); + + + return response; + } catch(Exception e) { + //e.printStackTrace(); + throw new SZRGWClientException(e); + } + } + + /* + * builds an XML soap envelope + */ + private Element getSOAPBody() throws SZRGWClientException { + Document doc_ = ParepUtils.createEmptyDocument(); + Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE); + doc_.appendChild(root); + + root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS); + //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE); + root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema"); + root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance"); + + Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY); + root.appendChild(body); + + return body; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java new file mode 100644 index 000000000..11aaf289b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +/** + * This class implements the basic exception type for the SZR-gateway client + * + * @author Peter Danner + */ +public class SZRGWClientException extends Exception { + + /* + * see super constructor. + */ + public SZRGWClientException() { + super(); + } + + /* + * see super constructor. + */ + public SZRGWClientException(String arg0) { + super(arg0); + } + + /* + * see super construction. + */ + public SZRGWClientException(Throwable arg0) { + super(arg0); + } + + /* + * see super constructor + */ + public SZRGWClientException(String arg0, Throwable arg1) { + super(arg0, arg1); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java new file mode 100644 index 000000000..4f815f1e7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +/** + * This interface specifies all the constants needed for the communication with the SZR-gateway. + * + * @author Peter Danner + */ +public interface SZRGWConstants { + + //PersonData + String PD_PREFIX = "pr:"; + String PD_POSTFIX = ":pr"; + String PERSON = "Person"; + String PHYSICALPERSON = "PhysicalPerson"; + String CORPORATEBODY = "CorporateBody"; + String IDENTIFICATION = "Identification"; + String VALUE = "Value"; + String TYPE = "Type"; + String NAME = "Name"; + String GIVENNAME = "GivenName"; + String FAMILYNAME = "FamilyName"; + String DATEOFBIRTH = "DateOfBirth"; + String FULLNAME = "FullName"; + String ORGANIZATION = "Organization"; + + String POSTALADDRESS = "PostalAddress"; + String DELIVERYADDRESS = "DeliveryAddress"; + String MUNICIPALITY = "Municipality"; + String POSTALCODE = "PostalCode"; + String STREETNAME = "StreetName"; + String BUILDINGNUMBER = "BuildingNumber"; + String UNIT = "Unit"; + //String ADDRESS = "Address"; + //String COUNTRYCODE = "CountryCode"; + //String DOORNUMBER = "DoorNumber"; + + // SZR-gateway constants + String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#"; + String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + String SZRGW_PREFIX = "sgw:"; + String SZRGW_POSTFIX = ":sgw"; + String CREATE_MANDATE_REQUEST = "CreateMandateRequest"; + String CREATE_MANDATE_RESPONSE = "CreateMandateResponse"; + String ERROR_RESPONSE = "ErrorResponse"; + String MANDATOR = "Mandator"; + String REPRESENTATIVE = "Representative"; + String MANDATE = "Mandate"; + String MANDATE_PREFIX = "md:"; + String MANDATE_POSTFIX = ":md"; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java new file mode 100644 index 000000000..41a07d146 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -0,0 +1,94 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import javax.net.ssl.SSLSocketFactory; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; + + +/** + * This class implements a secure protocol socket factory + * for the Apache HTTP client. + * + * @author Peter Danner + */ +public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { + + /** + * The SSL socket factory. + */ + private SSLSocketFactory factory; + + /** + * Creates a new Secure socket factory for the + * Apache HTTP client. + * + * @param factory the SSL socket factory to use. + */ + public SZRGWSecureSocketFactory(SSLSocketFactory factory) { + this.factory = factory; + } + + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) + */ + public Socket createSocket( + String host, + int port, + InetAddress clientHost, + int clientPort) + throws IOException, UnknownHostException { + + return this.factory.createSocket( + host, + port, + clientHost, + clientPort + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) + */ + public Socket createSocket(String host, int port) + throws IOException, UnknownHostException { + return this.factory.createSocket( + host, + port + ); + } + + /** + * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) + */ + public Socket createSocket( + Socket socket, + String host, + int port, + boolean autoClose) + throws IOException, UnknownHostException { + return this.factory.createSocket( + socket, + host, + port, + autoClose + ); + } + + /** + * @see java.lang.Object#equals(java.lang.Object) + */ + public boolean equals(Object obj) { + return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class)); + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return SZRGWSecureSocketFactory.class.hashCode(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java new file mode 100644 index 000000000..c56555b2e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -0,0 +1,411 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.config; + +import java.io.File; +import java.io.FileInputStream; +import java.util.HashMap; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.Constants; + +/** + * This class implements the Configuration. + * + * @author Peter Danner + */ +public class ParepConfiguration { + + /** + * System property for config file. + */ + public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config"; + + /** + * SZR-GW connection parameters. + */ + private ConnectionParameter standardConnectionParameters; + + /** + * Input field processor. + */ + private String standardInputProcessorClass; + + /** + * Input field processor template. + */ + private String standardInputProcessorTemplate; + + /** + * Configured party representatives. + */ + private HashMap partyRepresentatives; + + /** + * The configuration element. + */ + private Element configElement = null; + + /** + * Defines whether the user input form must be shown on each + * request or not (also predefined mandates) + */ + private boolean alwaysShowForm = false; + + /** + * The configuration base directory. + */ + private String baseDir_; + + /** + * Gets the SZR-GW connection parameters. + * + * @return the connection parameters. + */ + public ConnectionParameter getConnectionParameters(String representationID) { + if (partyRepresentatives == null || "*".equals(representationID)) + return standardConnectionParameters; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + ConnectionParameter connectionParameters = pr.getConnectionParameters(); + if (connectionParameters==null) connectionParameters = standardConnectionParameters; + return connectionParameters; + } + + /** + * Sets the SZR-GW connection parameters for standard connection. + * + * @param connectionParameters + * the connection parameters. + */ + public void setStandardConnectionParameters(ConnectionParameter connectionParameters) { + this.standardConnectionParameters = connectionParameters; + } + + /* + * + */ + public String getFullDirectoryName(String fileString) { + return makeAbsoluteURL(fileString, baseDir_); + } + + /* + * + */ + private static String makeAbsoluteURL(String url, String root) { + // if url is relative to rootConfigFileDirName make it absolute + + File keyFile; + String newURL = url; + + if (null == url) + return null; + + if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) { + return url; + } else { + // check if absolute - if not make it absolute + keyFile = new File(url); + if (!keyFile.isAbsolute()) { + keyFile = new File(root, url); + newURL = keyFile.getPath(); + } + return newURL; + } + } + + /** + * Initializes the configuration with a given XML configuration element found + * in the MOA-ID configuration. + * + * @param configElem + * the configuration element. + * @throws ConfigurationException + * if an error occurs initializing the configuration. + */ + public ParepConfiguration(Element configElem) throws ConfigurationException { + + partyRepresentatives = new HashMap(); + partyRepresentatives.put("*", new PartyRepresentative(true, true)); + + String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + + try { + + baseDir_ = (new File(fileName)).getParentFile().toURL().toString(); + Logger.trace("Config base directory: " + baseDir_); + // check for configuration in system properties + if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) { + Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG))); + this.configElement = doc.getDocumentElement(); + } else { + this.configElement = configElem; + } + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e); + } + load(); + } + + /* + * + */ + private void load() throws ConfigurationException { + Logger.debug("Parse ParepValidator Konfiguration"); + try { + Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + // nameSpaceNode.setAttribute("xmlns:sgw", + // SZRGWConstants.SZRGW_PROFILE_NS); + + Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); + if (inputProcessorNode != null) { + this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template"); + Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode); + if (inputProcessorClassNode != null) { + this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue(); + } + } + Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode); + if (alwaysShowFormNode != null) { + this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue()); + } + + // load connection parameters + Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter"); + Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode); + if (connectionParamElement != null) { + // parse connection parameters + // ParepUtils.serializeElement(connectionParamElement, System.out); + this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode); + } + + Logger.debug("Lade Konfiguration der Parteienvertreter"); + NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/" + + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode); + for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) { + + PartyRepresentative partyRepresentative = new PartyRepresentative(); + + Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i); + boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false; + boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false; + partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid")); + partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty); + partyRepresentative.setRepresentingCorporateParty(representCorporateParty); + partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText")); + + Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode); + if (inputProcessorSubNode != null) { + partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template")); + Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + + ":InputProcessor/text()", nameSpaceNode); + if (inputProcessorClassSubNode != null) { + partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue()); + } + } + + Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + + ":ConnectionParameter", nameSpaceNode); + if (connectionParamSubElement == null) { + if (this.standardConnectionParameters == null) { + throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter " + + partyRepresentative.getOid() + " fehlen.", null, null); + } + } else { + // parse connection parameters + // ParepUtils.serializeElement(connectionParamSubElement, System.out); + partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode)); + } + partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative); + Logger.info("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty=" + + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() + + ", representationText=" + partyRepresentative.getRepresentationText() + + ")"); + } + + Logger.debug("ParepValidator Konfiguration erfolgreich geparst."); + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e); + } + } + + /* + * + */ + private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException { + try { + ConnectionParameter connectionParameter = new ConnectionParameter(); + + // parse connection url + String URL = connParamElement.getAttribute("URL"); + connectionParameter.setUrl(URL); + + // accepted server certificates + Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()", + nameSpaceNode); + if (accServerCertsNode != null) { + + String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue()); + Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir); + connectionParameter.setAcceptedServerCertificates(serverCertsDir); + } + + // client key store + Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode); + if (clientKeyStoreNode != null) { + String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue()); + connectionParameter.setClientKeyStore(clientKeystore); + } + + // client key store password + Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password", + nameSpaceNode); + if (clientKeyStorePasswordNode != null) { + connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue()); + } + + return connectionParameter; + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); + } + } + + public boolean isPartyRepresentative(String representationID) { + if (partyRepresentatives == null) + return false; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + return pr != null; + } + + public boolean isRepresentingCorporateParty(String representationID) { + if (partyRepresentatives == null) return false; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr == null) return false; + return pr.isRepresentingCorporateParty(); + } + + public boolean isRepresentingPhysicalParty(String representationID) { + if (partyRepresentatives == null) return false; + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr == null) return false; + return pr.isRepresentingPhysicalParty(); + } + + public String getRepresentationText(String representationID) { + String result = ParepValidator.STANDARD_REPRESENTATION_TEXT; + if (partyRepresentatives != null) { + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr != null) { + if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText(); + } + } + return result; + } + + /** + * @return the input processor classname corresponding to representationID + * @param representationID + * the representation ID. + */ + public String getInputProcessorClass(String representationID) { + String inputProcessorClass = standardInputProcessorClass; + if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR; + if (!(partyRepresentatives == null || "*".equals(representationID))) { + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr!=null) { + String prInputProcessorClass = pr.getInputProcessorClass(); + if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass; + } + } + return inputProcessorClass; + } + + /** + * @param standardInputProcessorClass the standardInputProcessorClass to set + */ + public void setStandardInputProcessorClass(String standardInputProcessorClass) { + this.standardInputProcessorClass = standardInputProcessorClass; + } + + /** + * @return the InputProcessorTemplate + */ + public String getInputProcessorTemplate(String representationID) { + String inputProcessorTemplate = standardInputProcessorTemplate; + if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE; + if (!(partyRepresentatives == null || "*".equals(representationID))) { + PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID); + if (pr!=null) { + String prInputProcessorTemplate = pr.getInputProcessorTemplate(); + if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate; + } + } + return inputProcessorTemplate; + } + + /** + * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set + */ + public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) { + this.standardInputProcessorTemplate = standardInputProcessorTemplate; + } + + /** + * @return the alwaysShowForm + */ + public boolean isAlwaysShowForm() { + return alwaysShowForm; + } + + /** + * @param alwaysShowForm the alwaysShowForm to set + */ + public void setAlwaysShowForm(String alwaysShowForm) { + if (ParepUtils.isEmpty(alwaysShowForm)) { + this.alwaysShowForm = false; + } else { + this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true"); + } + } + + public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException { + try { + Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode); + if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) { + return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true"); + } + return false; + } catch (Exception e) { + throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e); + } + + } + + +// public static void main(String[] args) throws Exception { +// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml"); +// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml"); +// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties"); +// Configuration cfg = new Configuration(null); +// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110")); +//} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 90b780526..27955602f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -79,6 +79,9 @@ public class ConfigurationBuilder { /** an XPATH-Expression */ protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; + /** an XPATH-Expression */ + protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; /** an XPATH-Expression */ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; @@ -392,6 +395,8 @@ public class ConfigurationBuilder { XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); String templateURL = XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + String inputProcessorSignTemplateURL = + XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); @@ -457,6 +462,7 @@ public class ConfigurationBuilder { oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); try { @@ -669,7 +675,7 @@ public class ConfigurationBuilder { String identifier = number.getAttribute("Identifier"); // remove all blanks identificationNumber = StringUtils.removeBlanks(identificationNumber); - if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) { + if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn") || identifier.equalsIgnoreCase("xfn")) { // delete zeros from the beginning of the number identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); // remove hyphens diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index ba3b61f9d..132bebce3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -64,6 +64,10 @@ public class OAAuthParameter extends OAParameter { * template for web page "Anmeldung mit Bürgerkarte" */ private String templateURL; + /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; /** * Parameters for verifying infoboxes. */ @@ -163,6 +167,15 @@ public class OAAuthParameter extends OAParameter { return templateURL; } + /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or null if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + /** * Returns the parameters for verifying additional infoboxes. * @@ -257,6 +270,16 @@ public class OAAuthParameter extends OAParameter { this.templateURL = templateURL; } + /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + /** * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. * @@ -265,4 +288,5 @@ public class OAAuthParameter extends OAParameter { public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { this.verifyInfoboxParameters = verifyInfoboxParameters; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java new file mode 100644 index 000000000..a4a89e183 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -0,0 +1,63 @@ +/** + * + */ +package at.gv.egovernment.moa.id.util; + +import java.io.IOException; +import java.io.OutputStream; + +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author Peter Danner + * + */ +public class ServletUtils { + + /** + * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing + * depending on the requests starting text. + * + * @param resp The httpServletResponse + * @param session The current AuthenticationSession + * @param createXMLSignatureRequestOrRedirect The request + * @param servletGoal The servlet to which the redirect should happen + * @param servletName The servlet name for debug purposes + * @throws MOAIDException + * @throws IOException + */ + public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName) + throws MOAIDException, + IOException + { + if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { + resp.setStatus(307); + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, session.getSessionID()); + resp.addHeader("Location", dataURL); + + //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) + resp.setContentType("text/xml;charset=UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST " + servletName); + } else { + String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID()); + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + } + +} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 4cfa6f765..8e8f9583b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -64,6 +64,7 @@ parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth builder.00=Fehler beim Aufbau der Struktur "{0}": {1} builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt +builder.02=Fehler beim Ausblenden von Stammzahlen service.00=Fehler beim Aufruf des Web Service: {0} service.01=Fehler beim Aufruf des Web Service: kein Endpoint @@ -156,5 +157,11 @@ validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Prüfprofil überein. +validator.60=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden. +validator.61=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten für berufliche Parteienvertreter nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden. +validator.62=Fehler in der Übermittlung: keine primäre Vollmacht übergeben. +validator.63=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten. +validator.64=Fehler beim Austausch von Vollmachtsdaten +validator.65=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden. ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html new file mode 100644 index 000000000..a7608b9b4 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html @@ -0,0 +1,134 @@ + + + + + +Berufliche Parteieinvertretung + + +Berufliche Parteienvertretung einer natürlichen/juristischen Person +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Vertreter:
Vorname  Dieses Feld muss ausgefüllt sein! +
Name  Dieses Feld muss ausgefüllt sein! +
Geburtsdatum  Dieses Feld muss ausgefüllt sein! + - + - +

+ Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.
 

+ Vetretene Person:
 natürliche Person: 
Vorname  Dieses Feld muss ausgefüllt sein! Vorname laut ZMR Schreibweise +
Name  Dieses Feld muss ausgefüllt sein! Familienname laut ZMR Schreibweise +
Geburtsdatum  Dieses Feld muss ausgefüllt sein! + - + -  Format: JJJJ-MM-TT +
otional: +
Straße  Straüe laut ZMR Schreibweise +
Hausnmummer  Hausnummer laut ZMR Schreibweise +
Einh. Nr.  Nutzungseinheitsnummer laut ZMR Schreibweise +
Postleitzahl  Postleitzahl laut ZMR Schreibweise +
Gemeinde  Gemeinde laut ZMR Schreibweise +
 
 juristische Person: 
Name  Dieses Feld muss ausgefüllt sein! Name der Organisation laut ZMR Schreibweise +
  Dieses Feld muss ausgefüllt sein! Ordnungsbegriff laut ZMR Schreibweise +
+
+

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

+ + +

+ + diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html new file mode 100644 index 000000000..acfd9ead6 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -0,0 +1,171 @@ + + + + + + +Berufliche Parteieinvertretung + + + + + + + + + + +
+ + + +
+
E-Gov Logo
+
+

Berufliche Parteienvertretung

+
+
+Bitte beachten Sie +
+
+
+
+ Dieses Feld muss ausgefüllt sein!  Feld muss ausgefüllt sein +
+
+ Hilfe zum Ausfüllen   Ausfüllhilfe +
+
+ Angabe bitte ergänzen oder richtig stellen!   Fehlerhinweis
+
 
+ +

Berufliche Parteienvertretung einer natürlichen/juristischen Person +

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Vertreter:
Vorname  Dieses Feld muss ausgefüllt sein! +
Name  Dieses Feld muss ausgefüllt sein! +
Geburtsdatum  Dieses Feld muss ausgefüllt sein! + - + - +

+ Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.
 

+ Vetretene Person:
 natürliche Person: 
Vorname  Dieses Feld muss ausgefüllt sein! Vorname laut ZMR Schreibweise +
Name  Dieses Feld muss ausgefüllt sein! Familienname laut ZMR Schreibweise +
Geburtsdatum  Dieses Feld muss ausgefüllt sein! + - + -  Format: JJJJ-MM-TT +
otional: +
Straße  Straüe laut ZMR Schreibweise +
Hausnmummer  Hausnummer laut ZMR Schreibweise +
Einh. Nr.  Nutzungseinheitsnummer laut ZMR Schreibweise +
Postleitzahl  Postleitzahl laut ZMR Schreibweise +
Gemeinde  Gemeinde laut ZMR Schreibweise +
 
 juristische Person: 
Name  Dieses Feld muss ausgefüllt sein! Name der Organisation laut ZMR Schreibweise +
  Dieses Feld muss ausgefüllt sein! Ordnungsbegriff laut ZMR Schreibweise +
+
+

Bitte halten Sie Ihre Bürgerkartenumgebung bereit.

+ + +

+ +
+ + -- cgit v1.2.3