package at.gv.egovernment.moa.id.config;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathException;
import at.gv.egovernment.moa.util.XPathUtils;
/**
* A class that builds configuration data from a DOM based representation.
*
* @author Patrick Peck
* @author Stefan Knirsch
* @version $Id$
*/
public class ConfigurationBuilder {
//
// XPath namespace prefix shortcuts
//
/** an XPATH-Expression */
private static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":";
/** an XPATH-Expression */
private static final String DSIG = Constants.DSIG_PREFIX + ":";
//
// chaining mode constants appearing in the configuration file
//
/** an XPATH-Expression */
private static final String CM_CHAINING = "chaining";
/** an XPATH-Expression */
private static final String CM_PKIX = "pkix";
/** an XPATH-Expression */
private static final String DEFAULT_ENCODING = "UTF-8";
/**
* Default online application configuration file name
* (used when /OnlineApplication/ProxyComponent@configFileURL
is null
).
*/
public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml";
//
// XPath expressions to select certain parts of the configuration
//
/** an XPATH-Expression */
private static final String ROOT = "/" + CONF + "MOA-IDConfiguration/";
/** an XPATH-Expression */
private static final String ROOTOA = "/" + CONF + "Configuration/";
/** an XPATH-Expression */
private static final String AUTH_BKU_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection";
/** an XPATH-Expression */
public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
/** an XPATH-Expression */
private static final String AUTH_MOA_SP_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP";
/** an XPATH-Expression */
private static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID";
/** an XPATH-Expression */
private static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID";
/** an XPATH-Expression */
private static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID";
/** an XPATH-Expression */
private static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
/** an XPATH-Expression */
private static final String PROXY_AUTH_XPATH =
ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
/** an XPATH-Expression */
private static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
/** an XPATH-Expression */
private static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
/** an XPATH-Expression */
private static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent";
/** an XPATH-Expression */
private static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber";
/** an XPATH-Expression */
private static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename";
/** an XPATH-Expression */
private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
/** an XPATH-Expression */
private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
/** an XPATH-Expression */
private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL";
/** an XPATH-Expression */
private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut";
/** an XPATH-Expression */
private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
/** an XPATH-Expression */
private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
/** an XPATH-Expression */
private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
/** an XPATH-Expression */
private static final String CONNECTION_PARAMETER_URL_XPATH =
CONF + "ConnectionParameter/@URL";
/** an XPATH-Expression */
private static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH =
CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates";
/** an XPATH-Expression */
private static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH =
CONF + "ConnectionParameter/" + CONF + "ClientKeyStore";
/** an XPATH-Expression */
private static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH =
CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password";
/** an XPATH-Expression */
private static final String GENERIC_CONFIGURATION_XPATH =
ROOT + CONF + "GenericConfiguration";
/** an XPATH-Expression */
private static final String OACONF_LOGIN_TYPE_XPATH =
ROOTOA + CONF + "LoginType";
/** an XPATH-Expression */
private static final String OACONF_BINDING_TYPE_XPATH =
ROOTOA + CONF + "Binding";
/** an XPATH-Expression */
private static final String OACONF_PARAM_AUTH_PARAMETER_XPATH =
ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter";
/** an XPATH-Expression */
private static final String OACONF_USER_ID_XPATH =
ROOTOA + CONF + "BasicAuth/" + CONF + "UserID";
/** an XPATH-Expression */
private static final String OACONF_PASSWORD_XPATH =
ROOTOA + CONF + "BasicAuth/" + CONF + "Password";
/** an XPATH-Expression */
private static final String OACONF_HEADER_AUTH_HEADER_XPATH =
ROOTOA + CONF + "HeaderAuth/" + CONF + "Header";
/** an XPATH-Expression */
private static final String CHAINING_MODES_XPATH =
ROOT + CONF + "ChainingModes";
/** an XPATH-Expression */
private static final String CHAINING_MODES_DEFAULT_XPATH =
CHAINING_MODES_XPATH + "/@systemDefaultMode";
/** an XPATH-Expression */
private static final String TRUST_ANCHOR_XPATH =
ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor";
/** an XPATH-Expression */
private static final String ISSUER_XPATH = DSIG + "X509IssuerName";
/** an XPATH-Expression */
private static final String SERIAL_XPATH = DSIG + "X509SerialNumber";
/** an XPATH-Expression */
private static final String TRUSTED_CA_CERTIFICATES_XPATH =
ROOT + CONF + "TrustedCACertificates";
/**
* main configuration file directory name used to configure MOA-ID
*/
private String rootConfigFileDir;
/** The root element of the MOA-ID configuration */
private Element configElem;
/**
* Creates a new MOAConfigurationProvider
.
*
* @param configElem The root element of the MOA-ID configuration.
*/
public ConfigurationBuilder(Element configElem, String rootConfigDir) {
this.configElem = configElem;
this.rootConfigFileDir = rootConfigDir;
}
/**
* Returns the root element of the MOA-ID configuration.
*
* @return The root element of the MOA-ID configuration.
*/
public Element getConfigElem() {
return configElem;
}
/**
* Build a ConnectionParameter object containing all information
* of the moa-sp element in the authentication component
* @return ConnectionParameter of the authentication component moa-sp element
*/
public ConnectionParameter buildAuthBKUConnectionParameter() {
Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
if (authBKU==null) return null;
return buildConnectionParameter(authBKU);
}
/**
* Method buildAuthBKUSelectionType.
*
* Build a string with the configuration value of BKUSelectionAlternative
*
* @return String
*/
public String buildAuthBKUSelectionType() {
Element authBKU = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_BKU_XPATH);
if (authBKU==null) return null;
return (authBKU).getAttribute("BKUSelectionAlternative");
}
/**
* Build a string array with all filenames leading
* to the Transforms Information for the Security Layer
* @param businessService true
if the application is a
* business application, otherwise false
* @return String[] of filenames to the Security Layer Transforms Information
* or null
if no transforms are included
*/
public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) {
List transformsInfoFileNames = new ArrayList();
try {
NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr);
Attr tiElem;
while ((tiElem = (Attr) tiIter.nextNode()) != null) {
String tiFileName = tiElem.getNodeValue();
transformsInfoFileNames.add(tiFileName);
}
String[] result = new String[transformsInfoFileNames.size()];
transformsInfoFileNames.toArray(result);
return result;
} catch (XPathException xpe) {
return new String[0];
}
}
/**
* Loads the transformsInfos
from files.
* @throws Exception on any exception thrown
*/
public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
String[] transformsInfos = new String[transformsInfoFileNames.length];
for (int i = 0; i < transformsInfoFileNames.length; i++) {
String fileURL = transformsInfoFileNames[i];
//if fileURL is relative to rootConfigFileDir make it absolute
fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
transformsInfos[i] = transformsInfo;
}
return transformsInfos;
}
/**
* Build a ConnectionParameter bean containing all information
* of the authentication component moa-sp element
* @return ConnectionParameter of the authentication component moa-sp element
*/
public ConnectionParameter buildMoaSpConnectionParameter() {
Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), AUTH_MOA_SP_XPATH);
if (connectionParameter==null) return null;
return buildConnectionParameter(connectionParameter);
}
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
* profile id within the moa-sp part of the authentication component
* @return String with a url-reference to the VerifyIdentityLink trust profile ID
*/
public String getMoaSpIdentityLinkTrustProfileID() {
return XPathUtils.getElementValue(
getConfigElem(),
AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH,
"");
}
/**
* Return a string representation of an URL pointing to trusted CA Certificates
* @return String representation of an URL pointing to trusted CA Certificates
*/
public String getTrustedCACertificates() {
return XPathUtils.getElementValue(
getConfigElem(),
TRUSTED_CA_CERTIFICATES_XPATH,null);
}
/**
* Return a string with a url-reference to the VerifyAuthBlock trust
* profile id within the moa-sp part of the authentication component
* @return String with a url-reference to the VerifyAuthBlock trust profile ID
*/
public String getMoaSpAuthBlockTrustProfileID() {
return XPathUtils.getElementValue(
getConfigElem(),
AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH,
"");
}
/**
* Build a string array with references to all verify transform info
* IDs within the moa-sp part of the authentication component
* @return A string array containing all urls to the
* verify transform info IDs
*/
public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() {
List verifyTransformsInfoIDs = new ArrayList();
NodeIterator vtIter =
XPathUtils.selectNodeIterator(
getConfigElem(),
AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH);
Element vtElem;
while ((vtElem = (Element) vtIter.nextNode()) != null) {
String vtInfoIDs = DOMUtils.getText(vtElem);
verifyTransformsInfoIDs.add(vtInfoIDs);
}
String[] result = new String[verifyTransformsInfoIDs.size()];
verifyTransformsInfoIDs.toArray(result);
return result;
}
/**
* Return a string array containing all X509 Subject Names
* of the Identity Link Signers
* @return String with a url-reference to the VerifyAuthBlock trust profile ID
*/
public String[] getIdentityLink_X509SubjectNames() {
List x509SubjectNameList = new ArrayList();
NodeIterator x509Iter =
XPathUtils.selectNodeIterator(
getConfigElem(),
AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH);
Element x509Elem;
while ((x509Elem = (Element) x509Iter.nextNode()) != null) {
String vtInfoIDs = DOMUtils.getText(x509Elem);
x509SubjectNameList.add(vtInfoIDs);
}
String[] result = new String[x509SubjectNameList.size()];
x509SubjectNameList.toArray(result);
return result;
}
/**
* Build an array of the OnlineApplication Parameters containing information
* about the authentication component
* @return An OAProxyParameter array containing beans
* with all relevant information for the authentication component of the online
* application
*/
public OAAuthParameter[] buildOnlineApplicationAuthParameters() throws ConfigurationException {
List OA_set = new ArrayList();
NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
for (int i = 0; i < OAIter.getLength(); i++) {
Element oAElem = (Element) OAIter.item(i);
Element authComponent =
(Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH);
OAAuthParameter oap = new OAAuthParameter();
String publicURLPrefix = oAElem.getAttribute("publicURLPrefix");
oap.setPublicURLPrefix(publicURLPrefix);
oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
// get the type of the online application
String oaType = oAElem.getAttribute("type");
oap.setOaType(oaType);
String slVersion = "1.1";
if ("businessService".equalsIgnoreCase(oaType)) {
if (authComponent==null) {
Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\"");
throw new ConfigurationException("config.02", null);
}
Element identificationNumberElem =
(Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH);
if (identificationNumberElem==null) {
Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\"");
throw new ConfigurationException("config.02", null);
}
Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes());
if (identificationNumberChild == null) {
Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\"");
throw new ConfigurationException("config.02", null);
}
oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
// if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file
Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2");
slVersion = "1.2";
} else {
if (authComponent!=null) {
slVersion = authComponent.getAttribute("slVersion");
}
}
oap.setSlVersion(slVersion);
//Check if there is an Auth-Block to read from configuration
if (authComponent!=null)
{
oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl")));
oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));
// load OA specific transforms if present
String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH);
try {
oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames));
} catch (Exception ex) {
Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms.");
}
}
OA_set.add(oap);
}
OAAuthParameter[] result =
new OAAuthParameter[OA_set.size()];
OA_set.toArray(result);
return result;
}
/**
* Build a bean containing all information about the ProxyComponent
* @return The ConnectionParameter for the Proxy Component
*/
public ConnectionParameter buildAuthComponentConnectionParameter()
{
Element connectionParameter = (Element) XPathUtils.selectSingleNode(getConfigElem(), PROXY_AUTH_XPATH);
if (connectionParameter==null) return null;
return buildConnectionParameter(connectionParameter);
}
/**
* Method buildConnectionParameter: internal Method for creating a
* ConnectionParameter object with all data found in the incoming element
* @param root: this Element contains the ConnectionParameter
* @return ConnectionParameter
*/
protected ConnectionParameter buildConnectionParameter(Element root)
{
ConnectionParameter result = new ConnectionParameter();
result.setAcceptedServerCertificates(
XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
result.getAcceptedServerCertificates(), rootConfigFileDir));
result.setUrl(
XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
result.setClientKeyStore(
XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
result.setClientKeyStore(FileUtils.makeAbsoluteURL(
result.getClientKeyStore(), rootConfigFileDir));
result.setClientKeyStorePassword(
XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
if ((result.getAcceptedServerCertificates()==null)
&& (result.getUrl()=="")
&& (result.getClientKeyStore()==null)
&& (result.getClientKeyStorePassword()==""))
return null;
return result;
}
/**
* Build an array of OnlineApplication Parameter Beans containing information
* about the proxy component
* @return An OAProxyParameter array containing beans
* with all relevant information for the proxy component of the online
* application
*/
public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{
List oA_list = new ArrayList();
NodeList OAIter = XPathUtils.selectNodeList(getConfigElem(), OA_XPATH);
for (int i = 0; i < OAIter.getLength(); i++) {
Element oAElem = (Element) OAIter.item(i);
OAProxyParameter oap = new OAProxyParameter();
oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
oap.setOaType(oAElem.getAttribute("type"));
Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH);
if (proxyComponentElem != null) {
oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null));
oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir));
// default session time out: 3600 sec = 1 h
oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue());
oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null));
oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
oap.setConnectionParameter(conPara);
OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap));
oap.setOaConfiguration(oaConf);
oA_list.add(oap);
}
}
OAProxyParameter[] result =
new OAProxyParameter[oA_list.size()];
oA_list.toArray(result);
return result;
}
/**
* Build the mapping of generic configuration properties.
*
* @return a {@link Map} of generic configuration properties (a name to value
* mapping) from the configuration.
*/
public Map buildGenericConfiguration() {
Map genericConfiguration = new HashMap();
NodeIterator gcIter =
XPathUtils.selectNodeIterator(
getConfigElem(),
GENERIC_CONFIGURATION_XPATH);
Element gcElem;
while ((gcElem = (Element) gcIter.nextNode()) != null) {
String gcName = gcElem.getAttribute("name");
String gcValue = gcElem.getAttribute("value");
genericConfiguration.put(gcName, gcValue);
}
return genericConfiguration;
}
/**
* Method buildOAConfiguration.
*
* Build an {@link OAConfiguration} Object from the given configuration DOM element
*
* @param root
* @return OAConfiguration
* @throws ConfigurationException
*/
public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{
OAConfiguration oaConfiguration = new OAConfiguration();
//The LoginType hast to be "stateless" or "stateful" to be valid
oaConfiguration.setLoginType(
XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null));
oaConfiguration.setBinding(
XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL));
//Try to build the Parameter Auth Parameters
NodeIterator paramAuthIter =
XPathUtils.selectNodeIterator(
root,
OACONF_PARAM_AUTH_PARAMETER_XPATH);
Element paramAuthElem;
HashMap paramAuthMap = new HashMap();
while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) {
String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
if (paramAuthMap.containsKey(name))
throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
paramAuthMap.put(name, value);
}
oaConfiguration.setParamAuthMapping(paramAuthMap);
// Try to build the BasicAuthParameters
oaConfiguration.setBasicAuthUserIDMapping(
XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null));
oaConfiguration.setBasicAuthPasswordMapping(
XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null));
//Try to build the Parameter Auth Parameters
NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH);
Element headerAuthElem;
HashMap headerAuthMap = new HashMap();
while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) {
String name =
XPathUtils.getAttributeValue(headerAuthElem, "@Name", null);
String value =
XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
// Contains Key (Neue Config-Exception: doppelte werte)
if (headerAuthMap.containsKey(name))
throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
headerAuthMap.put(name, value);
}
oaConfiguration.setHeaderAuthMapping(headerAuthMap);
if (paramAuthMap.size() == 0) {
if (oaConfiguration.getBasicAuthUserIDMapping() == null) {
oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH);
}
else
oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH);
}
else
oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH);
return oaConfiguration;
}
/**
* Reads the configuration file of the online application, and creates a DOM tree from it.
* If /OnlineApplication/ProxyComponent@configFileURL
is not given,
* uses default configuration file location.
*
* @param oap configuration data of online application, meant for use by MOA-ID-PROXY
* @return Element DOM tree root element
* @throws ConfigurationException on any exception thrown
*/
private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException
{
try {
String configFileURL = oap.getConfigFileURL();
if (configFileURL == null) {
// use default config file URL, when config file URL is not given
configFileURL = oap.getConnectionParameter().getUrl();
if (configFileURL.charAt(configFileURL.length() - 1) != '/')
configFileURL += "/";
configFileURL += DEFAULT_OA_CONFIG_FILENAME;
}
Logger.info("Loading MOA-OA configuration " + configFileURL);
Element configElem = DOMUtils.parseXmlValidating(
new ByteArrayInputStream(FileUtils.readURL(configFileURL)));
return configElem;
}
catch (Throwable t) {
throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t);
}
}
/**
* Returns the default chaining mode from the configuration.
*
* @return The default chaining mode.
*/
public String getDefaultChainingMode() {
String defaultChaining =
XPathUtils.getAttributeValue(
getConfigElem(),
CHAINING_MODES_DEFAULT_XPATH,
CM_CHAINING);
return translateChainingMode(defaultChaining);
}
/**
* Build the chaining modes for all configured trust anchors.
*
* @return The mapping from trust anchors to chaining modes.
*/
public Map buildChainingModes() {
Map chainingModes = new HashMap();
NodeIterator trustIter =
XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
Element trustAnchorElem;
while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) {
IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem);
String mode = trustAnchorElem.getAttribute("mode");
if (issuerAndSerial != null) {
chainingModes.put(issuerAndSerial, translateChainingMode(mode));
}
}
return chainingModes;
}
/**
* Build an IssuerAndSerial
from the DOM representation.
*
* @param root The root element (being of type dsig:
* X509IssuerSerialType
.
* @return The issuer and serial number contained in the root
* element or null
if could not be built for any reason.
*/
private IssuerAndSerial buildIssuerAndSerial(Element root) {
String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null);
String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null);
if (issuer != null && serial != null) {
try {
RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
Principal issuerDN = nameParser.parse();
return new IssuerAndSerial(issuerDN, new BigInteger(serial));
} catch (RFC2253NameParserException e) {
warn("config.09", new Object[] { issuer, serial }, e);
return null;
} catch (NumberFormatException e) {
warn("config.09", new Object[] { issuer, serial }, e);
return null;
}
}
return null;
}
/**
* Translate the chaining mode from the configuration file to one used in the
* IAIK MOA API.
*
* @param chainingMode The chaining mode from the configuration.
* @return The chaining mode as provided by the ChainingModes
* interface.
* @see iaik.pki.pathvalidation.ChainingModes
*/
private String translateChainingMode(String chainingMode) {
if (chainingMode.equals(CM_CHAINING)) {
return ChainingModes.CHAIN_MODE;
} else if (chainingMode.equals(CM_PKIX)) {
return ChainingModes.PKIX_MODE;
} else {
return ChainingModes.CHAIN_MODE;
}
}
/**
* Builds the IdentityLinkDomainIdentifier as needed for providing it to the
* SecurityLayer for computation of the wbPK.
*
e.g.:
* input element:
*
* <pr:Firmenbuchnummer shortForm="FN">000468 i</pr:Firmenbuchnummer>
*
* return value: urn:publicid:gv.at+wbpk+FN468i
*
* @param number The element holding the identification number of the business
* company.
* @return
*/
private String buildIdentityLinkDomainIdentifier(Element number) {
if (number == null) {
return null;
}
String identificationNumber = number.getFirstChild().getNodeValue();
// remove all blanks
identificationNumber = StringUtils.removeBlanks(identificationNumber);
if (number.getLocalName().equals("Firmenbuchnummer")) {
// delete zeros from the beginning of the number
identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber);
// remove hyphens
identificationNumber = StringUtils.removeToken(identificationNumber, "-");
}
StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK);
identityLinkDomainIdentifier.append("+");
String shortForm = number.getAttribute("ShortForm");
if (!identificationNumber.startsWith(shortForm)) {
identityLinkDomainIdentifier.append(shortForm);
}
identityLinkDomainIdentifier.append("+");
identityLinkDomainIdentifier.append(identificationNumber);
return identityLinkDomainIdentifier.toString();
}
/**
* Method warn.
* @param messageId to identify a country-specific message
* @param parameters for the logger
*/
//
// various utility methods
//
private static void warn(String messageId, Object[] parameters) {
Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
}
/**
* Method warn.
* @param messageId to identify a country-specific message
* @param args for the logger
* @param t as throwabl
*/
private static void warn(String messageId, Object[] args, Throwable t) {
Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
}
}