package at.gv.egovernment.moa.id.auth.builder;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
import at.gv.egovernment.moa.id.*;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.OutputXML2File;
import at.gv.egovernment.moa.util.XPathUtils;
/**
* Builder for the <VerifyXMLSignatureRequestBuilder> structure
* used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP.
*
* @author Stefan Knirsch
* @version $Id$
*/
public class VerifyXMLSignatureRequestBuilder {
/** The MOA-Prefix */
private static final String MOA = Constants.MOA_PREFIX + ":";
/** the request as string */
private String request;
/** the request as DOM-Element */
private Element reqElem;
/**
* Constructor for VerifyXMLSignatureRequestBuilder.
*/
public VerifyXMLSignatureRequestBuilder() {
}
/**
* Builds a <VerifyXMLSignatureRequest>
* from an IdentityLink with a known trustProfileID which
* has to exist in MOA-SP
* @param idl - The IdentityLink
* @param trustProfileID - a preconfigured TrustProfile at MOA-SP
* @return Element - The complete request as Dom-Element
* @throws ParseException
*/
public Element build(IdentityLink idl, String trustProfileID)
throws ParseException { //samlAssertionObject
request =
""
+ ""
+ " "
+ " "
+ " "
+ " "
+ " "
+ " //dsig:Signature"
+ " "
+ " " // True bei CreateXMLSig Überprüfung
+" " + " "
// Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock)
+" "
+ " "
+ " "
+ " "
+ trustProfileID
+ ""
+ "";
try {
InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
reqElem = DOMUtils.parseXmlValidating(s);
String CONTENT_XPATH =
"//"
+ MOA
+ "VerifyXMLSignatureRequest/"
+ MOA
+ "VerifySignatureInfo/"
+ MOA
+ "VerifySignatureEnvironment/"
+ MOA
+ "Base64Content";
Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
String dtdString =
"\n"
+ "]>";
String serializedAssertion = DOMUtils.serializeNode(idl.getSamlAssertion());
//insert mini dtd after xml declaration to allow usage of AssertionID
//encode then base64 and put this into Element Base64Content
String dtdAndIL =
serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2)
+ dtdString
+ serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2);
String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8"));
//replace all '\r' characters by no char.
String replaced = "";
for (int i = 0; i < b64dtdAndIL.length(); i ++) {
if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i);
}
b64dtdAndIL = replaced;
Text b64content = (Text) insertTo.getFirstChild();
b64content.setData(b64dtdAndIL);
String SIGN_MANI_CHECK_PARAMS_XPATH =
"//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams";
insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH);
insertTo.removeChild(
(Element) XPathUtils.selectSingleNode(
reqElem,
SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo"));
Element[] dsigTransforms = idl.getDsigReferenceTransforms();
for (int i = 0; i < 1; i++) //dsigTransforms.length; i++)
{
Element refInfo =
insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo");
insertTo.appendChild(refInfo);
Element verifyTransformsInfoProfile =
insertTo.getOwnerDocument().createElementNS(
Constants.MOA_NS_URI,
"VerifyTransformsInfoProfile");
refInfo.appendChild(verifyTransformsInfoProfile);
verifyTransformsInfoProfile.appendChild(
insertTo.getOwnerDocument().importNode(dsigTransforms[i], true));
}
} catch (Throwable t) {
throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)");
"builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
}
return reqElem;
}
/**
* Builds a <VerifyXMLSignatureRequest>
* from the signed AUTH-Block with a known trustProfileID which
* has to exist in MOA-SP
* @param csr - signed AUTH-Block
* @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID
* @param trustProfileID - a preconfigured TrustProfile at MOA-SP
* @return Element - The complete request as Dom-Element
* @throws ParseException
*/
public Element build(
CreateXMLSignatureResponse csr,
String[] verifyTransformsInfoProfileID,
String trustProfileID)
throws ParseException { //samlAssertionObject
request =
""
+ ""
+ " "
+ " "
+ " "
+ " "
+ " //dsig:Signature"
+ " "
+ " "
+ " ";
for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
request += " "
+ verifyTransformsInfoProfileID[i]
+ "";
// Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....)
}
request += " " + " "
// Testweise ReturnReferenceInputData = False
+" "
+ " "
+ trustProfileID
+ ""
+ "";
try {
// Build a DOM-Tree of the obove String
InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8"));
reqElem = DOMUtils.parseXmlValidating(s);
//Insert the SAML-Assertion-Object
String CONTENT_XPATH =
"//"
+ MOA
+ "VerifyXMLSignatureRequest/"
+ MOA
+ "VerifySignatureInfo/"
+ MOA
+ "VerifySignatureEnvironment/"
+ MOA
+ "XMLContent";
Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH);
insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true));
} catch (Throwable t) {
throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
}
return reqElem;
}
}