package at.gv.egovernment.moa.id.config; import iaik.pki.pathvalidation.ChainingModes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import org.w3c.dom.Attr; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; /** * A class that builds configuration data from a DOM based representation. * * @author Patrick Peck * @author Stefan Knirsch * @version $Id$ */ public class ConfigurationBuilder { // // XPath namespace prefix shortcuts // /** an XPATH-Expression */ private static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":"; /** an XPATH-Expression */ private static final String DSIG = Constants.DSIG_PREFIX + ":"; // // chaining mode constants appearing in the configuration file // /** an XPATH-Expression */ private static final String CM_CHAINING = "chaining"; /** an XPATH-Expression */ private static final String CM_PKIX = "pkix"; /** an XPATH-Expression */ private static final String DEFAULT_ENCODING = "UTF-8"; /** * Default online application configuration file name * (used when /OnlineApplication/ProxyComponent@configFileURL is null). */ public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml"; // // XPath expressions to select certain parts of the configuration // /** an XPATH-Expression */ private static final String ROOT = "/" + CONF + "MOA-IDConfiguration/"; /** an XPATH-Expression */ private static final String ROOTOA = "/" + CONF + "Configuration/"; /** an XPATH-Expression */ private static final String AUTH_BKU_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection"; /** an XPATH-Expression */ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ private static final String AUTH_MOA_SP_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP"; /** an XPATH-Expression */ private static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID"; /** an XPATH-Expression */ private static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID"; /** an XPATH-Expression */ private static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID"; /** an XPATH-Expression */ private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName"; /** an XPATH-Expression */ private static final String PROXY_AUTH_XPATH = ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent"; /** an XPATH-Expression */ private static final String OA_XPATH = ROOT + CONF + "OnlineApplication"; /** an XPATH-Expression */ private static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL"; /** an XPATH-Expression */ private static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent"; /** an XPATH-Expression */ private static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber"; /** an XPATH-Expression */ private static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent"; /** an XPATH-Expression */ private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent"; /** an XPATH-Expression */ private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL"; /** an XPATH-Expression */ private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut"; /** an XPATH-Expression */ private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; /** an XPATH-Expression */ private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; /** an XPATH-Expression */ private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; /** an XPATH-Expression */ private static final String CONNECTION_PARAMETER_URL_XPATH = CONF + "ConnectionParameter/@URL"; /** an XPATH-Expression */ private static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH = CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates"; /** an XPATH-Expression */ private static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH = CONF + "ConnectionParameter/" + CONF + "ClientKeyStore"; /** an XPATH-Expression */ private static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH = CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password"; /** an XPATH-Expression */ private static final String GENERIC_CONFIGURATION_XPATH = ROOT + CONF + "GenericConfiguration"; /** an XPATH-Expression */ private static final String OACONF_LOGIN_TYPE_XPATH = ROOTOA + CONF + "LoginType"; /** an XPATH-Expression */ private static final String OACONF_BINDING_TYPE_XPATH = ROOTOA + CONF + "Binding"; /** an XPATH-Expression */ private static final String OACONF_PARAM_AUTH_PARAMETER_XPATH = ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter"; /** an XPATH-Expression */ private static final String OACONF_USER_ID_XPATH = ROOTOA + CONF + "BasicAuth/" + CONF + "UserID"; /** an XPATH-Expression */ private static final String OACONF_PASSWORD_XPATH = ROOTOA + CONF + "BasicAuth/" + CONF + "Password"; /** an XPATH-Expression */ private static final String OACONF_HEADER_AUTH_HEADER_XPATH = ROOTOA + CONF + "HeaderAuth/" + CONF + "Header"; /** an XPATH-Expression */ private static final String CHAINING_MODES_XPATH = ROOT + CONF + "ChainingModes"; /** an XPATH-Expression */ private static final String CHAINING_MODES_DEFAULT_XPATH = CHAINING_MODES_XPATH + "/@systemDefaultMode"; /** an XPATH-Expression */ private static final String TRUST_ANCHOR_XPATH = ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; /** an XPATH-Expression */ private static final String ISSUER_XPATH = DSIG + "X509IssuerName"; /** an XPATH-Expression */ private static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; /** an XPATH-Expression */ private static final String TRUSTED_CA_CERTIFICATES_XPATH = ROOT + CONF + "TrustedCACertificates"; /** * main configuration file directory name used to configure MOA-ID */ private String rootConfigFileDir; /** The root element of the MOA-ID configuration */ private Element configElem; /** * Creates a new MOAConfigurationProvider. * * @param configElem The root element of the MOA-ID configuration. */ public ConfigurationBuilder(Element configElem, String rootConfigDir) { this.configElem = configElem; this.rootConfigFileDir = rootConfigDir; } /** * Returns the root element of the MOA-ID configuration. * * @return The root element of the MOA-ID configuration. */ public Element getConfigElem() { return configElem; } /** * Build a ConnectionParameter object containing all information * of the moa-sp element in the authentication component * @return ConnectionParameter of the authentication component moa-sp element */ public ConnectionParameter buildAuthBKUConnectionParameter() { Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH); if (authBKU==null) return null; return buildConnectionParameter(authBKU); } /** * Method buildAuthBKUSelectionType. * * Build a string with the configuration value of BKUSelectionAlternative * * @return String */ public String buildAuthBKUSelectionType() { Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH); if (authBKU==null) return null; return (authBKU).getAttribute("BKUSelectionAlternative"); } /** * Build a string array with all filenames leading * to the Transforms Information for the Security Layer * @param businessService true if the application is a * business application, otherwise false * @return String[] of filenames to the Security Layer Transforms Information * or null if no transforms are included */ public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) { List transformsInfoFileNames = new ArrayList(); try { NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr); Attr tiElem; while ((tiElem = (Attr) tiIter.nextNode()) != null) { String tiFileName = tiElem.getNodeValue(); transformsInfoFileNames.add(tiFileName); } String[] result = new String[transformsInfoFileNames.size()]; transformsInfoFileNames.toArray(result); return result; } catch (XPathException xpe) { return new String[0]; } } /** * Loads the transformsInfos from files. * @throws Exception on any exception thrown */ public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { String[] transformsInfos = new String[transformsInfoFileNames.length]; for (int i = 0; i < transformsInfoFileNames.length; i++) { String fileURL = transformsInfoFileNames[i]; //if fileURL is relative to rootConfigFileDir make it absolute fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); transformsInfos[i] = transformsInfo; } return transformsInfos; } /** * Build a ConnectionParameter bean containing all information * of the authentication component moa-sp element * @return ConnectionParameter of the authentication component moa-sp element */ public ConnectionParameter buildMoaSpConnectionParameter() { Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_MOA_SP_XPATH); if (connectionParameter==null) return null; return buildConnectionParameter(connectionParameter); } /** * Return a string with a url-reference to the VerifyIdentityLink trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyIdentityLink trust profile ID */ public String getMoaSpIdentityLinkTrustProfileID() { return XPathUtils.getElementValue( getConfigElem(), AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH, ""); } /** * Return a string representation of an URL pointing to trusted CA Certificates * @return String representation of an URL pointing to trusted CA Certificates */ public String getTrustedCACertificates() { return XPathUtils.getElementValue( getConfigElem(), TRUSTED_CA_CERTIFICATES_XPATH,null); } /** * Return a string with a url-reference to the VerifyAuthBlock trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyAuthBlock trust profile ID */ public String getMoaSpAuthBlockTrustProfileID() { return XPathUtils.getElementValue( getConfigElem(), AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH, ""); } /** * Build a string array with references to all verify transform info * IDs within the moa-sp part of the authentication component * @return A string array containing all urls to the * verify transform info IDs */ public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() { List verifyTransformsInfoIDs = new ArrayList(); NodeIterator vtIter = XPathUtils.selectNodeIterator( getConfigElem(), AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH); Element vtElem; while ((vtElem = (Element) vtIter.nextNode()) != null) { String vtInfoIDs = DOMUtils.getText(vtElem); verifyTransformsInfoIDs.add(vtInfoIDs); } String[] result = new String[verifyTransformsInfoIDs.size()]; verifyTransformsInfoIDs.toArray(result); return result; } /** * Return a string array containing all X509 Subject Names * of the Identity Link Signers * @return String with a url-reference to the VerifyAuthBlock trust profile ID */ public String[] getIdentityLink_X509SubjectNames() { List x509SubjectNameList = new ArrayList(); NodeIterator x509Iter = XPathUtils.selectNodeIterator( getConfigElem(), AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH); Element x509Elem; while ((x509Elem = (Element) x509Iter.nextNode()) != null) { String vtInfoIDs = DOMUtils.getText(x509Elem); x509SubjectNameList.add(vtInfoIDs); } String[] result = new String[x509SubjectNameList.size()]; x509SubjectNameList.toArray(result); return result; } /** * Build an array of the OnlineApplication Parameters containing information * about the authentication component * @return An OAProxyParameter array containing beans * with all relevant information for the authentication component of the online * application */ public OAAuthParameter[] buildOnlineApplicationAuthParameters() throws ConfigurationException { List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH); for (int i = 0; i < OAIter.getLength(); i++) { Element oAElem = (Element) OAIter.item(i); Element authComponent = (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH); OAAuthParameter oap = new OAAuthParameter(); String publicURLPrefix = oAElem.getAttribute("publicURLPrefix"); oap.setPublicURLPrefix(publicURLPrefix); oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); // get the type of the online application String oaType = oAElem.getAttribute("type"); oap.setOaType(oaType); String slVersion = "1.1"; if ("businessService".equalsIgnoreCase(oaType)) { if (authComponent==null) { Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\""); throw new ConfigurationException("config.02", null); } Element identificationNumberElem = (Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH); if (identificationNumberElem==null) { Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); throw new ConfigurationException("config.02", null); } Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes()); if (identificationNumberChild == null) { Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); throw new ConfigurationException("config.02", null); } oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild)); // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2"); slVersion = "1.2"; } else { if (authComponent!=null) { slVersion = authComponent.getAttribute("slVersion"); } } oap.setSlVersion(slVersion); //Check if there is an Auth-Block to read from configuration if (authComponent!=null) { oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl"))); oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock"))); oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink"))); oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); try { oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames)); } catch (Exception ex) { Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms."); } } OA_set.add(oap); } OAAuthParameter[] result = new OAAuthParameter[OA_set.size()]; OA_set.toArray(result); return result; } /** * Build a bean containing all information about the ProxyComponent * @return The ConnectionParameter for the Proxy Component */ public ConnectionParameter buildAuthComponentConnectionParameter() { Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), PROXY_AUTH_XPATH); if (connectionParameter==null) return null; return buildConnectionParameter(connectionParameter); } /** * Method buildConnectionParameter: internal Method for creating a * ConnectionParameter object with all data found in the incoming element * @param root: this Element contains the ConnectionParameter * @return ConnectionParameter */ protected ConnectionParameter buildConnectionParameter(Element root) { ConnectionParameter result = new ConnectionParameter(); result.setAcceptedServerCertificates( XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null)); result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL( result.getAcceptedServerCertificates(), rootConfigFileDir)); result.setUrl( XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, "")); result.setClientKeyStore( XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null)); result.setClientKeyStore(FileUtils.makeAbsoluteURL( result.getClientKeyStore(), rootConfigFileDir)); result.setClientKeyStorePassword( XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,"")); if ((result.getAcceptedServerCertificates()==null) && (result.getUrl()=="") && (result.getClientKeyStore()==null) && (result.getClientKeyStorePassword()=="")) return null; return result; } /** * Build an array of OnlineApplication Parameter Beans containing information * about the proxy component * @return An OAProxyParameter array containing beans * with all relevant information for the proxy component of the online * application */ public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{ List oA_list = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH); for (int i = 0; i < OAIter.getLength(); i++) { Element oAElem = (Element) OAIter.item(i); OAProxyParameter oap = new OAProxyParameter(); oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix")); oap.setOaType(oAElem.getAttribute("type")); Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH); if (proxyComponentElem != null) { oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null)); oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir)); // default session time out: 3600 sec = 1 h oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue()); oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null)); oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); oap.setConnectionParameter(conPara); OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap)); oap.setOaConfiguration(oaConf); oA_list.add(oap); } } OAProxyParameter[] result = new OAProxyParameter[oA_list.size()]; oA_list.toArray(result); return result; } /** * Build the mapping of generic configuration properties. * * @return a {@link Map} of generic configuration properties (a name to value * mapping) from the configuration. */ public Map buildGenericConfiguration() { Map genericConfiguration = new HashMap(); NodeIterator gcIter = XPathUtils.selectNodeIterator( getConfigElem(), GENERIC_CONFIGURATION_XPATH); Element gcElem; while ((gcElem = (Element) gcIter.nextNode()) != null) { String gcName = gcElem.getAttribute("name"); String gcValue = gcElem.getAttribute("value"); genericConfiguration.put(gcName, gcValue); } return genericConfiguration; } /** * Method buildOAConfiguration. * * Build an {@link OAConfiguration} Object from the given configuration DOM element * * @param root * @return OAConfiguration * @throws ConfigurationException */ public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{ OAConfiguration oaConfiguration = new OAConfiguration(); //The LoginType hast to be "stateless" or "stateful" to be valid oaConfiguration.setLoginType( XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null)); oaConfiguration.setBinding( XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL)); //Try to build the Parameter Auth Parameters NodeIterator paramAuthIter = XPathUtils.selectNodeIterator( root, OACONF_PARAM_AUTH_PARAMETER_XPATH); Element paramAuthElem; HashMap paramAuthMap = new HashMap(); while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) { String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); if (paramAuthMap.containsKey(name)) throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); paramAuthMap.put(name, value); } oaConfiguration.setParamAuthMapping(paramAuthMap); // Try to build the BasicAuthParameters oaConfiguration.setBasicAuthUserIDMapping( XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null)); oaConfiguration.setBasicAuthPasswordMapping( XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null)); //Try to build the Parameter Auth Parameters NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH); Element headerAuthElem; HashMap headerAuthMap = new HashMap(); while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) { String name = XPathUtils.getAttributeValue(headerAuthElem, "@Name", null); String value = XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); // Contains Key (Neue Config-Exception: doppelte werte) if (headerAuthMap.containsKey(name)) throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); headerAuthMap.put(name, value); } oaConfiguration.setHeaderAuthMapping(headerAuthMap); if (paramAuthMap.size() == 0) { if (oaConfiguration.getBasicAuthUserIDMapping() == null) { oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH); } else oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH); } else oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH); return oaConfiguration; } /** * Reads the configuration file of the online application, and creates a DOM tree from it. * If /OnlineApplication/ProxyComponent@configFileURL is not given, * uses default configuration file location. * * @param oap configuration data of online application, meant for use by MOA-ID-PROXY * @return Element DOM tree root element * @throws ConfigurationException on any exception thrown */ private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException { try { String configFileURL = oap.getConfigFileURL(); if (configFileURL == null) { // use default config file URL, when config file URL is not given configFileURL = oap.getConnectionParameter().getUrl(); if (configFileURL.charAt(configFileURL.length() - 1) != '/') configFileURL += "/"; configFileURL += DEFAULT_OA_CONFIG_FILENAME; } Logger.info("Loading MOA-OA configuration " + configFileURL); Element configElem = DOMUtils.parseXmlValidating( new ByteArrayInputStream(FileUtils.readURL(configFileURL))); return configElem; } catch (Throwable t) { throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t); } } /** * Returns the default chaining mode from the configuration. * * @return The default chaining mode. */ public String getDefaultChainingMode() { String defaultChaining = XPathUtils.getAttributeValue( getConfigElem(), CHAINING_MODES_DEFAULT_XPATH, CM_CHAINING); return translateChainingMode(defaultChaining); } /** * Build the chaining modes for all configured trust anchors. * * @return The mapping from trust anchors to chaining modes. */ public Map buildChainingModes() { Map chainingModes = new HashMap(); NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); Element trustAnchorElem; while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem); String mode = trustAnchorElem.getAttribute("mode"); if (issuerAndSerial != null) { chainingModes.put(issuerAndSerial, translateChainingMode(mode)); } } return chainingModes; } /** * Build an IssuerAndSerial from the DOM representation. * * @param root The root element (being of type dsig: * X509IssuerSerialType. * @return The issuer and serial number contained in the root * element or null if could not be built for any reason. */ private IssuerAndSerial buildIssuerAndSerial(Element root) { String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null); String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null); if (issuer != null && serial != null) { try { RFC2253NameParser nameParser = new RFC2253NameParser(issuer); Principal issuerDN = nameParser.parse(); return new IssuerAndSerial(issuerDN, new BigInteger(serial)); } catch (RFC2253NameParserException e) { warn("config.09", new Object[] { issuer, serial }, e); return null; } catch (NumberFormatException e) { warn("config.09", new Object[] { issuer, serial }, e); return null; } } return null; } /** * Translate the chaining mode from the configuration file to one used in the * IAIK MOA API. * * @param chainingMode The chaining mode from the configuration. * @return The chaining mode as provided by the ChainingModes * interface. * @see iaik.pki.pathvalidation.ChainingModes */ private String translateChainingMode(String chainingMode) { if (chainingMode.equals(CM_CHAINING)) { return ChainingModes.CHAIN_MODE; } else if (chainingMode.equals(CM_PKIX)) { return ChainingModes.PKIX_MODE; } else { return ChainingModes.CHAIN_MODE; } } /** * Builds the IdentityLinkDomainIdentifier as needed for providing it to the * SecurityLayer for computation of the wbPK. *

e.g.:
* input element: *
* <pr:Firmenbuchnummer shortForm="FN">000468 i</pr:Firmenbuchnummer> *

* return value: urn:publicid:gv.at+wbpk+FN468i * * @param number The element holding the identification number of the business * company. * @return */ private String buildIdentityLinkDomainIdentifier(Element number) { if (number == null) { return null; } String identificationNumber = number.getFirstChild().getNodeValue(); // remove all blanks identificationNumber = StringUtils.removeBlanks(identificationNumber); if (number.getLocalName().equals("Firmenbuchnummer")) { // delete zeros from the beginning of the number identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); // remove hyphens identificationNumber = StringUtils.removeToken(identificationNumber, "-"); } StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK); identityLinkDomainIdentifier.append("+"); String shortForm = number.getAttribute("ShortForm"); if (!identificationNumber.startsWith(shortForm)) { identityLinkDomainIdentifier.append(shortForm); } identityLinkDomainIdentifier.append("+"); identityLinkDomainIdentifier.append(identificationNumber); return identityLinkDomainIdentifier.toString(); } /** * Method warn. * @param messageId to identify a country-specific message * @param parameters for the logger */ // // various utility methods // private static void warn(String messageId, Object[] parameters) { Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); } /** * Method warn. * @param messageId to identify a country-specific message * @param args for the logger * @param t as throwabl */ private static void warn(String messageId, Object[] args, Throwable t) { Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t); } }