package at.gv.egovernment.moa.id.config; import iaik.pki.pathvalidation.ChainingModes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; import java.math.BigInteger; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Vector; import org.w3c.dom.Attr; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.Schema; import at.gv.egovernment.moa.id.auth.data.SchemaImpl; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; /** * A class that builds configuration data from a DOM based representation. * * @author Patrick Peck * @author Stefan Knirsch * @version $Id$ */ public class ConfigurationBuilder { // // XPath namespace prefix shortcuts // /** an XPATH-Expression */ protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; /** an XPATH-Expression */ protected static final String DSIG = Constants.DSIG_PREFIX + ":"; // // chaining mode constants appearing in the configuration file // /** an XPATH-Expression */ protected static final String CM_CHAINING = "chaining"; /** an XPATH-Expression */ protected static final String CM_PKIX = "pkix"; /** an XPATH-Expression */ protected static final String DEFAULT_ENCODING = "UTF-8"; // // XPath expressions to select certain parts of the configuration // /** an XPATH-Expression */ protected static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; /** an XPATH-Expression */ protected static final String AUTH_BKU_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection"; /** an XPATH-Expression */ protected static final String AUTH_BKUSELECT_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; /** an XPATH-Expression */ protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; /** an XPATH-Expression */ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ protected static final String AUTH_MOA_SP_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP"; /** an XPATH-Expression */ protected static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID"; /** an XPATH-Expression */ protected static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID"; /** an XPATH-Expression */ protected static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID"; /** an XPATH-Expression */ protected static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName"; /** an XPATH-Expression */ public static final String AUTH_VERIFY_INFOBOXES_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes"; /** an XPATH-Expression */ protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; /** an XPATH-Expression */ protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber"; /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH = CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL"; /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH = CONF + "Templates/" + CONF + "Template/@URL"; /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes"; /** an XPATH-Expression */ protected static final String CONNECTION_PARAMETER_URL_XPATH = CONF + "ConnectionParameter/@URL"; /** an XPATH-Expression */ protected static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates"; /** an XPATH-Expression */ protected static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = CONF + "ConnectionParameter/" + CONF + "ClientKeyStore"; /** an XPATH-Expression */ protected static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password"; /** an XPATH-Expression */ protected static final String GENERIC_CONFIGURATION_XPATH = ROOT + CONF + "GenericConfiguration"; /** an XPATH-Expression */ protected static final String CHAINING_MODES_XPATH = ROOT + CONF + "ChainingModes"; /** an XPATH-Expression */ protected static final String CHAINING_MODES_DEFAULT_XPATH = CHAINING_MODES_XPATH + "/@systemDefaultMode"; /** an XPATH-Expression */ protected static final String TRUST_ANCHOR_XPATH = ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; /** an XPATH-Expression */ protected static final String ISSUER_XPATH = DSIG + "X509IssuerName"; /** an XPATH-Expression */ protected static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; /** an XPATH-Expression */ protected static final String TRUSTED_CA_CERTIFICATES_XPATH = ROOT + CONF + "TrustedCACertificates"; /** an XPATH-Expression */ protected static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile"; /** an XPATH-Expression */ protected static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID"; /** an XPATH-Expression */ protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox"; /** * main configuration file directory name used to configure MOA-ID */ protected String rootConfigFileDir_; /** The root element of the MOA-ID configuration */ protected Element configElem_; /** * Creates a new MOAConfigurationProvider. * * @param configElem The root element of the MOA-ID configuration. */ public ConfigurationBuilder(Element configElem, String rootConfigDir) { configElem_ = configElem; rootConfigFileDir_ = rootConfigDir; } /** * Returns the root element of the MOA-ID configuration. * * @return The root element of the MOA-ID configuration. */ public Element getConfigElem() { return configElem_; } /** * Build a ConnectionParameter object containing all information * of the moa-sp element in the authentication component * @return ConnectionParameter of the authentication component moa-sp element */ public ConnectionParameter buildAuthBKUConnectionParameter() { Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); if (authBKU==null) return null; return buildConnectionParameter(authBKU); } /** * Method buildAuthBKUSelectionType. * * Build a string with the configuration value of BKUSelectionAlternative * * @return String */ public String buildAuthBKUSelectionType() { Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH); if (authBKU==null) return null; return (authBKU).getAttribute("BKUSelectionAlternative"); } /** * Build a string array with all filenames leading * to the Transforms Information for the Security Layer * @param contextNode The node from which should be searched * @param xpathExpr The XPATH expression for the search * @return String[] of filenames to the Security Layer Transforms Information * or null if no transforms are included */ public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) { List transformsInfoFileNames = new ArrayList(); try { NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); Attr tiElem; while ((tiElem = (Attr) tiIter.nextNode()) != null) { String tiFileName = tiElem.getNodeValue(); transformsInfoFileNames.add(tiFileName); } String[] result = new String[transformsInfoFileNames.size()]; transformsInfoFileNames.toArray(result); return result; } catch (XPathException xpe) { return new String[0]; } } /** * Loads the transformsInfos from files. * @throws Exception on any exception thrown */ public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { String[] transformsInfos = new String[transformsInfoFileNames.length]; for (int i = 0; i < transformsInfoFileNames.length; i++) { String fileURL = transformsInfoFileNames[i]; //if fileURL is relative to rootConfigFileDir make it absolute fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); transformsInfos[i] = transformsInfo; } return transformsInfos; } /** * Build a ConnectionParameter bean containing all information * of the authentication component moa-sp element * @return ConnectionParameter of the authentication component moa-sp element */ public ConnectionParameter buildMoaSpConnectionParameter() { Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_MOA_SP_XPATH); if (connectionParameter==null) return null; return buildConnectionParameter(connectionParameter); } /** * Return a string with a url-reference to the VerifyIdentityLink trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyIdentityLink trust profile ID */ public String getMoaSpIdentityLinkTrustProfileID() { return XPathUtils.getElementValue( configElem_, AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH, ""); } /** * Return a string representation of an URL pointing to trusted CA Certificates * @return String representation of an URL pointing to trusted CA Certificates */ public String getTrustedCACertificates() { return XPathUtils.getElementValue( configElem_, TRUSTED_CA_CERTIFICATES_XPATH,null); } /** * Return a string with a url-reference to the VerifyAuthBlock trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyAuthBlock trust profile ID */ public String getMoaSpAuthBlockTrustProfileID() { return XPathUtils.getElementValue( configElem_, AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH, ""); } /** * Build a string array with references to all verify transform info * IDs within the moa-sp part of the authentication component * @return A string array containing all urls to the * verify transform info IDs */ public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() { List verifyTransformsInfoIDs = new ArrayList(); NodeIterator vtIter = XPathUtils.selectNodeIterator( configElem_, AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH); Element vtElem; while ((vtElem = (Element) vtIter.nextNode()) != null) { String vtInfoIDs = DOMUtils.getText(vtElem); verifyTransformsInfoIDs.add(vtInfoIDs); } String[] result = new String[verifyTransformsInfoIDs.size()]; verifyTransformsInfoIDs.toArray(result); return result; } /** * Returns a list containing all X509 Subject Names * of the Identity Link Signers * @return a list containing the configured identity-link signer X509 subject names */ public List getIdentityLink_X509SubjectNames() { Vector x509SubjectNameList = new Vector(); NodeIterator x509Iter = XPathUtils.selectNodeIterator( configElem_, AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH); Element x509Elem; while ((x509Elem = (Element) x509Iter.nextNode()) != null) { String vtInfoIDs = DOMUtils.getText(x509Elem); x509SubjectNameList.add(vtInfoIDs); } // now add the default identity link signers String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; for (int i=0; inull. * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating * the identity link signer certificate. Needed for * checking if this ID is not used for validating other * infoboxes. * * @return An OAProxyParameter array containing beans * with all relevant information for the authentication component of the online * application */ public OAAuthParameter[] buildOnlineApplicationAuthParameters( VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID) throws ConfigurationException { String bkuSelectionTemplateURL = XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); String templateURL = XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); for (int i = 0; i < OAIter.getLength(); i++) { Element oAElem = (Element) OAIter.item(i); Element authComponent = (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH); OAAuthParameter oap = new OAAuthParameter(); String publicURLPrefix = oAElem.getAttribute("publicURLPrefix"); oap.setPublicURLPrefix(publicURLPrefix); oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); // get the type of the online application String oaType = oAElem.getAttribute("type"); oap.setOaType(oaType); String slVersion = "1.1"; if ("businessService".equalsIgnoreCase(oaType)) { if (authComponent==null) { Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\""); throw new ConfigurationException("config.02", null); } Element identificationNumberElem = (Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH); if (identificationNumberElem==null) { Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); throw new ConfigurationException("config.02", null); } Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes()); if (identificationNumberChild == null) { Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); throw new ConfigurationException("config.02", null); } if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) { oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild)); } else { // If we have business service and want to dealt with GDA, the security layer can be advised to calulate // the Health Professional Identifier HPI instead of the wbPK Logger.info("OA uses HPI for Identification"); oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI); } // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2"); slVersion = "1.2"; } else { if (authComponent!=null) { slVersion = authComponent.getAttribute("slVersion"); } } oap.setSlVersion(slVersion); //Check if there is an Auth-Block to read from configuration if (authComponent!=null) { oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl"))); oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); try { oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames)); } catch (Exception ex) { Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms."); } Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH); oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters( verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); } OA_set.add(oap); } OAAuthParameter[] result = new OAAuthParameter[OA_set.size()]; OA_set.toArray(result); return result; } /** * Builds the URL for a BKUSelectionTemplate or a Template. The method selects * the uri string from the MOA ID configuration file via the given xpath expression * and returns either this string or the default value. * * @param oaAuthComponent The AuthComponent element to get the template from. * @param xpathExpr The xpath expression for selecting the template uri. * @param defaultURL The default template url. * @return The template url. This may either the via xpath selected uri * or, if no template is specified within the online appliacation, * the default url. Both may be null. */ protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) { String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL); if (templateURL != null) { templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_); } return templateURL; } /** * Method buildConnectionParameter: internal Method for creating a * ConnectionParameter object with all data found in the incoming element * @param root This Element contains the ConnectionParameter * @return ConnectionParameter */ protected ConnectionParameter buildConnectionParameter(Element root) { ConnectionParameter result = new ConnectionParameter(); result.setAcceptedServerCertificates( XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null)); result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL( result.getAcceptedServerCertificates(), rootConfigFileDir_)); result.setUrl( XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, "")); result.setClientKeyStore( XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null)); result.setClientKeyStore(FileUtils.makeAbsoluteURL( result.getClientKeyStore(), rootConfigFileDir_)); result.setClientKeyStorePassword( XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,"")); if ((result.getAcceptedServerCertificates()==null) && (result.getUrl()=="") && (result.getClientKeyStore()==null) && (result.getClientKeyStorePassword()=="")) return null; return result; } /** * Build the mapping of generic configuration properties. * * @return a {@link Map} of generic configuration properties (a name to value * mapping) from the configuration. */ public Map buildGenericConfiguration() { Map genericConfiguration = new HashMap(); NodeIterator gcIter = XPathUtils.selectNodeIterator( configElem_, GENERIC_CONFIGURATION_XPATH); Element gcElem; while ((gcElem = (Element) gcIter.nextNode()) != null) { String gcName = gcElem.getAttribute("name"); String gcValue = gcElem.getAttribute("value"); genericConfiguration.put(gcName, gcValue); } return genericConfiguration; } /** * Returns the default chaining mode from the configuration. * * @return The default chaining mode. */ public String getDefaultChainingMode() { String defaultChaining = XPathUtils.getAttributeValue( configElem_, CHAINING_MODES_DEFAULT_XPATH, CM_CHAINING); return translateChainingMode(defaultChaining); } /** * Build the chaining modes for all configured trust anchors. * * @return The mapping from trust anchors to chaining modes. */ public Map buildChainingModes() { Map chainingModes = new HashMap(); NodeIterator trustIter = XPathUtils.selectNodeIterator(configElem_, TRUST_ANCHOR_XPATH); Element trustAnchorElem; while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem); String mode = trustAnchorElem.getAttribute("mode"); if (issuerAndSerial != null) { chainingModes.put(issuerAndSerial, translateChainingMode(mode)); } } return chainingModes; } /** * Build an IssuerAndSerial from the DOM representation. * * @param root The root element (being of type dsig: * X509IssuerSerialType. * @return The issuer and serial number contained in the root * element or null if could not be built for any reason. */ protected IssuerAndSerial buildIssuerAndSerial(Element root) { String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null); String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null); if (issuer != null && serial != null) { try { RFC2253NameParser nameParser = new RFC2253NameParser(issuer); Principal issuerDN = nameParser.parse(); return new IssuerAndSerial(issuerDN, new BigInteger(serial)); } catch (RFC2253NameParserException e) { warn("config.09", new Object[] { issuer, serial }, e); return null; } catch (NumberFormatException e) { warn("config.09", new Object[] { issuer, serial }, e); return null; } } return null; } /** * Translate the chaining mode from the configuration file to one used in the * IAIK MOA API. * * @param chainingMode The chaining mode from the configuration. * @return The chaining mode as provided by the ChainingModes * interface. * @see iaik.pki.pathvalidation.ChainingModes */ protected String translateChainingMode(String chainingMode) { if (chainingMode.equals(CM_CHAINING)) { return ChainingModes.CHAIN_MODE; } else if (chainingMode.equals(CM_PKIX)) { return ChainingModes.PKIX_MODE; } else { return ChainingModes.CHAIN_MODE; } } /** * Builds the IdentityLinkDomainIdentifier as needed for providing it to the * SecurityLayer for computation of the wbPK. *

e.g.:
* input element: *
* <pr:Firmenbuchnummer Identifier="FN">000468 i</pr:Firmenbuchnummer> *

* return value: urn:publicid:gv.at+wbpk+FN468i * * @param number The element holding the identification number of the business * company. * @return The domain identifier */ protected String buildIdentityLinkDomainIdentifier(Element number) { if (number == null) { return null; } String identificationNumber = number.getFirstChild().getNodeValue(); String identifier = number.getAttribute("Identifier"); // remove all blanks identificationNumber = StringUtils.removeBlanks(identificationNumber); if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) { // delete zeros from the beginning of the number identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); // remove hyphens identificationNumber = StringUtils.removeToken(identificationNumber, "-"); } StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK); identityLinkDomainIdentifier.append("+"); if (!identificationNumber.startsWith(identifier)) { identityLinkDomainIdentifier.append(identifier); } identityLinkDomainIdentifier.append("+"); identityLinkDomainIdentifier.append(identificationNumber); return identityLinkDomainIdentifier.toString(); } /** * Builds the parameters for verifying additional infoboxes (additional to the * IdentityLink infobox). * * @param verifyInfoboxesElem The VerifyInfoboxes element from the * config file. This maybe the global element or the * elment from an Online application. * @param defaultVerifyInfoboxParameters Default parameters to be used, if no * VerifyInfoboxes element is present. * This only applies to parameters * of an specific online application and is set to * null when building the global parameters. * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating * the identity link signer certificate. Needed for * checking if this ID is not used for validating other * infoboxes. * * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters} * object needed for verifying additional infoboxes. * * @throws ConfigurationException If the trust profile for validating the identity link * signer certificate is used for validating another infobox. */ public VerifyInfoboxParameters buildVerifyInfoboxParameters( Node verifyInfoboxesElem, VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID) throws ConfigurationException { if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) { return null; } Vector identifiers = new Vector(); List defaultIdentifiers = null; Map defaultInfoboxParameters = null; if (defaultVerifyInfoboxParameters != null) { defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers(); defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters(); } Hashtable infoboxParameters = new Hashtable(); if (verifyInfoboxesElem != null) { // get the DefaultTrustProfileID String defaultTrustProfileID = null; Node defaultTrustProfileNode = XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH); if (defaultTrustProfileNode != null) { Node trustProfileIDNode = XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH); defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue(); if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) { throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID}); } } // get the Infoboxes NodeList infoboxes = XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH); for (int i=0; i