package at.gv.egovernment.moa.id.auth.builder; import java.io.ByteArrayInputStream; import java.io.InputStream; import org.w3c.dom.Element; import org.w3c.dom.Text; import at.gv.egovernment.moa.id.*; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; /** * Builder for the <VerifyXMLSignatureRequestBuilder> structure * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. * * @author Stefan Knirsch * @version $Id$ */ public class VerifyXMLSignatureRequestBuilder { /** The MOA-Prefix */ private static final String MOA = Constants.MOA_PREFIX + ":"; /** the request as string */ private String request; /** the request as DOM-Element */ private Element reqElem; /** * Constructor for VerifyXMLSignatureRequestBuilder. */ public VerifyXMLSignatureRequestBuilder() { } /** * Builds a <VerifyXMLSignatureRequest> * from an IdentityLink with a known trustProfileID which * has to exist in MOA-SP * @param idl - The IdentityLink * @param trustProfileID - a preconfigured TrustProfile at MOA-SP * @return Element - The complete request as Dom-Element * @throws ParseException */ public Element build(IdentityLink idl, String trustProfileID) throws ParseException { //samlAssertionObject request = "" + "" + " " + " " + " " + " " + " " + " //dsig:Signature" + " " + " " // True bei CreateXMLSig Überprüfung +" " + " " // Profile ID für create (alle auslesen aus IDCOnfig VerifyAuthBlock) +" " + " " + " " + " " + trustProfileID + "" + ""; try { InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); reqElem = DOMUtils.parseXmlValidating(s); String CONTENT_XPATH = "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "VerifySignatureInfo/" + MOA + "VerifySignatureEnvironment/" + MOA + "Base64Content"; Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); String dtdString = "" /* TODO MOA-ID-AUTH remove dtdString processing if it is not nec. in further versions + "\n" + "]>" */ ; String serializedAssertion = DOMUtils.serializeNode(idl.getSamlAssertion()); //insert mini dtd after xml declaration to allow usage of AssertionID //encode then base64 and put this into Element Base64Content String dtdAndIL = serializedAssertion.substring(0, serializedAssertion.indexOf("?>") + 2) + dtdString + serializedAssertion.substring(serializedAssertion.indexOf("?>") + 2); String b64dtdAndIL = Base64Utils.encode(dtdAndIL.getBytes("UTF-8")); //replace all '\r' characters by no char. String replaced = ""; for (int i = 0; i < b64dtdAndIL.length(); i ++) { if (b64dtdAndIL.charAt(i) != '\r') replaced += b64dtdAndIL.charAt(i); } b64dtdAndIL = replaced; Text b64content = (Text) insertTo.getFirstChild(); b64content.setData(b64dtdAndIL); String SIGN_MANI_CHECK_PARAMS_XPATH = "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "SignatureManifestCheckParams"; insertTo = (Element) XPathUtils.selectSingleNode(reqElem, SIGN_MANI_CHECK_PARAMS_XPATH); insertTo.removeChild( (Element) XPathUtils.selectSingleNode( reqElem, SIGN_MANI_CHECK_PARAMS_XPATH + "/" + MOA + "ReferenceInfo")); Element[] dsigTransforms = idl.getDsigReferenceTransforms(); for (int i = 0; i < 1; i++) //dsigTransforms.length; i++) { Element refInfo = insertTo.getOwnerDocument().createElementNS(Constants.MOA_NS_URI, "ReferenceInfo"); insertTo.appendChild(refInfo); Element verifyTransformsInfoProfile = insertTo.getOwnerDocument().createElementNS( Constants.MOA_NS_URI, "VerifyTransformsInfoProfile"); refInfo.appendChild(verifyTransformsInfoProfile); verifyTransformsInfoProfile.appendChild( insertTo.getOwnerDocument().importNode(dsigTransforms[i], true)); } } catch (Throwable t) { throw new ParseException(//"VerifyXMLSignatureRequest (IdentityLink)"); "builder.00", new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); } return reqElem; } /** * Builds a <VerifyXMLSignatureRequest> * from the signed AUTH-Block with a known trustProfileID which * has to exist in MOA-SP * @param csr - signed AUTH-Block * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID * @param trustProfileID - a preconfigured TrustProfile at MOA-SP * @return Element - The complete request as Dom-Element * @throws ParseException */ public Element build( CreateXMLSignatureResponse csr, String[] verifyTransformsInfoProfileID, String trustProfileID) throws ParseException { //samlAssertionObject request = "" + "" + " " + " " + " " + " " + " //dsig:Signature" + " " + " " + " "; for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { request += " " + verifyTransformsInfoProfileID[i] + ""; // Profile ID für create (auslesen aus IDCOnfig VerifyAuthBlock ODER per String übergeben....) } request += " " + " " // Testweise ReturnReferenceInputData = False +" " + " " + trustProfileID + "" + ""; try { // Build a DOM-Tree of the obove String InputStream s = new ByteArrayInputStream(request.getBytes("UTF-8")); reqElem = DOMUtils.parseXmlValidating(s); //Insert the SAML-Assertion-Object String CONTENT_XPATH = "//" + MOA + "VerifyXMLSignatureRequest/" + MOA + "VerifySignatureInfo/" + MOA + "VerifySignatureEnvironment/" + MOA + "XMLContent"; Element insertTo = (Element) XPathUtils.selectSingleNode(reqElem, CONTENT_XPATH); insertTo.appendChild(insertTo.getOwnerDocument().importNode(csr.getSamlAssertion(), true)); } catch (Throwable t) { throw new ParseException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); } return reqElem; } }