package at.gv.egovernment.moa.id.config.auth; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.MalformedURLException; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; /** * A class providing access to the Auth Part of the MOA-ID configuration data. * *
Configuration data is read from an XML file, whose location is given by
* the moa.id.configuration
system property.
This class implements the Singleton pattern. The reload()
* method can be used to update the configuration data. Therefore, it is not
* guaranteed that consecutive calls to getInstance()
will return
* the same AuthConfigurationProvider
all the time. During the
* processing of a web service request, the current
* TransactionContext
should be used to obtain the
* AuthConfigurationProvider
local to that request.
BKUSelectionType
*/
public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
"HTMLComplete";
/**
* BKUSelectionType HTMLSelect, according to schema type BKUSelectionType
*/
public static final String BKU_SELECTION_TYPE_HTMLSELECT =
"HTMLSelect";
/**
* The name of the generic configuration property allowing https connection to
* the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
*/
public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
"FrontendServlets.EnableHTTPConnection";
/**
* The name of the generic configuration property allowing to set a individual
* DATA URL used to communicate with the BKU (SecurityLayer)
*/
public static final String INDIVIDUAL_DATA_URL_PREFIX =
"FrontendServlets.DataURLPrefix";
/** Singleton instance. null
, if none has been created. */
private static AuthConfigurationProvider instance;
//
// configuration data
//
/**
* main configuration file directory name used to configure MOA-ID
*/
private String rootConfigFileDir;
/**
* configuration files containing transformations for rendering in the
* secure viewer of the security layer implementation;
* multiple files can be given for different mime types
*/
private String[] transformsInfoFileNames;
/**
* transformations for rendering in the secure viewer of the security layer implementation,
* read from {@link transformsInfoFileNames};
* multiple transformation can be given for different mime types
*/
private String[] transformsInfos;
/**
* parameters for connection to MOA SP component
*/
private ConnectionParameter moaSpConnectionParameter;
/**
* trust profile ID to be used for verifying the identity link signature via MOA ID SP
*/
private String moaSpIdentityLinkTrustProfileID;
/**
* trust profile ID to be used for verifying the AUTH block signature via MOA ID SP
*/
private String moaSpAuthBlockTrustProfileID;
/**
* transformations to be used for verifying the AUTH block signature via MOA ID SP
*/
private String[] moaSpAuthBlockVerifyTransformsInfoIDs;
/**
* X509 SubjectNames which will be trusted
*/
private String[] identityLinkX509SubjectNames;
/**
* configuration parameters for online applications
*/
private OAAuthParameter[] onlineApplicationAuthParameters;
/**
* the Selection Type of the bku Selection Element
*/
private String bKUSelectionType;
/**
* is the bku Selection Element present?
*/
private boolean bKUSelectable;
/**
* the bku Selection Connection Parameters
*/
private ConnectionParameter bKUConnectionParameter;
/**
* Return the single instance of configuration data.
*
* @return AuthConfigurationProvider The current configuration data.
* @throws ConfigurationException
*/
public static synchronized AuthConfigurationProvider getInstance()
throws ConfigurationException {
if (instance == null) {
reload();
}
return instance;
}
/**
* Reload the configuration data and set it if successful.
*
* @return AuthConfigurationProvider The loaded configuration data.
* @throws ConfigurationException Failure to load the configuration data.
*/
public static synchronized AuthConfigurationProvider reload()
throws ConfigurationException {
String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
if (fileName == null) {
throw new ConfigurationException("config.01", null);
}
Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
instance = new AuthConfigurationProvider(fileName);
return instance;
}
/**
* Constructor for AuthConfigurationProvider.
* @param fileName
* @throws ConfigurationException
*/
public AuthConfigurationProvider(String fileName)
throws ConfigurationException {
load(fileName);
}
/**
* Load the configuration data from XML file with the given name and build
* the internal data structures representing the MOA ID configuration.
*
* @param fileName The name of the XML file to load.
* @throws ConfigurationException The MOA configuration could not be
* read/built.
*/
private void load(String fileName) throws ConfigurationException {
InputStream stream = null;
Element configElem;
ConfigurationBuilder builder;
try {
// load the main config file
stream = new BufferedInputStream(new FileInputStream(fileName));
configElem = DOMUtils.parseXmlValidating(stream);
} catch (Throwable t) {
throw new ConfigurationException("config.03", null, t);
}
finally {
try {
if (stream != null) {
stream.close();
}
} catch (IOException e) {
}
}
try {
// determine the directory of the root config file
rootConfigFileDir = new File(fileName).getParent();
try {
rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
} catch (MalformedURLException t) {
throw new ConfigurationException("config.03", null, t);
}
// build the internal datastructures
builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
bKUSelectable = (bKUConnectionParameter!=null);
bKUSelectionType = builder.buildAuthBKUSelectionType();
genericConfiguration = builder.buildGenericConfiguration();
transformsInfoFileNames = builder.buildTransformsInfoFileNames();
loadTransformsInfos();
moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters();
identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
defaultChainingMode = builder.getDefaultChainingMode();
chainingModes = builder.buildChainingModes();
trustedCACertificates = builder.getTrustedCACertificates();
trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); }
catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
}
}
/**
* Loads the transformsInfos
from files.
* @throws Exception on any exception thrown
*/
private void loadTransformsInfos() throws Exception {
transformsInfos = new String[transformsInfoFileNames.length];
for (int i = 0; i < transformsInfoFileNames.length; i++) {
String fileURL = transformsInfoFileNames[i];
//if fileURL is relative to rootConfigFileDir make it absolute
fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
transformsInfos[i] = transformsInfo;
}
}
/**
* Return a string array with all filenames leading
* to the Transforms Information for the Security Layer
* @return String[] of filenames to the Security Layer Transforms Information
*/
public String[] getTransformsInfoFileNames() {
return transformsInfoFileNames;
}
/**
* Build an array of the OnlineApplication Parameters containing information
* about the authentication component
* @return An OAProxyParameter array containing beans
* with all relevant information for theauthentication component of the online
* application
*/
public OAAuthParameter[] getOnlineApplicationParameters() {
return onlineApplicationAuthParameters;
}
/**
* Provides configuration information regarding the online application behind
* the given URL, relevant to the MOA-ID Auth component.
*
* @param oaURL URL requested for an online application
* @return an OAAuthParameter
, or null
* if none is applicable
*/
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
OAAuthParameter[] oaParams = getOnlineApplicationParameters();
for (int i = 0; i < oaParams.length; i++) {
OAAuthParameter oaParam = oaParams[i];
if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
return oaParam;
}
return null;
}
/**
* Return a string with a url-reference to the VerifyAuthBlock trust
* profile id within the moa-sp part of the authentication component
*
* @return String with a url-reference to the VerifyAuthBlock trust profile ID
*/
public String getMoaSpAuthBlockTrustProfileID() {
return moaSpAuthBlockTrustProfileID;
}
/**
* Return a string array with references to all verify transform info
* IDs within the moa-sp part of the authentication component
* @return A string array containing all urls to the
* verify transform info IDs
*/
public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() {
return moaSpAuthBlockVerifyTransformsInfoIDs;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component moa-sp element
* @return ConnectionParameter of the authentication component moa-sp element
*/
public ConnectionParameter getMoaSpConnectionParameter() {
return moaSpConnectionParameter;
}
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
* profile id within the moa-sp part of the authentication component
* @return String with a url-reference to the VerifyIdentityLink trust profile ID
*/
public String getMoaSpIdentityLinkTrustProfileID() {
return moaSpIdentityLinkTrustProfileID;
}
/**
* Returns the transformsInfos.
* @return String[]
*/
public String[] getTransformsInfos() {
return transformsInfos;
}
/**
* Returns the identityLinkX509SubjectNames.
* @return String[]
*/
public String[] getIdentityLinkX509SubjectNames() {
return identityLinkX509SubjectNames;
}
/**
* Returns the bKUConnectionParameter.
* @return ConnectionParameter
*/
public ConnectionParameter getBKUConnectionParameter() {
return bKUConnectionParameter;
}
/**
* Returns the bKUSelectable.
* @return boolean
*/
public boolean isBKUSelectable() {
return bKUSelectable;
}
/**
* Returns the bKUSelectionType.
* @return String
*/
public String getBKUSelectionType() {
return bKUSelectionType;
}
}