package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import java.io.IOException; import java.util.*; import org.apache.xerces.parsers.DOMParser; import org.w3c.dom.*; // Referenced classes of package at.gv.egovernment.moa.id.proxy: // // TODO MOA-ID test full functionality public class XMLLoginParameterResolverPlainData implements LoginParameterResolver { private String configuration; /** * inner class used to store mapped parameters */ class LPRParams { /** * getter method for parameter Enabled. * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver */ public boolean getEnabled() { return enabled.booleanValue(); } /** * getter method for parameter UN (username) * @return Parameter UN or null not set. */ public String getUN() { return UN; } /** * getter method for parameter UN (username) * @return Parameter UN or null not set. */ public String getPlainUN() { return UN; } /** * getter method for parameter PW (password) * @return Parameter PW or null not set. */ public String getPW() { return PW; } /** * getter method for generic parameter Param1 * @return Parameter Param1 or null not set. */ public String getParam1() { return Param1; } /** * getter method for generic parameter Param2 * @return Parameter Param2 or null not set. */ public String getParam2() { return Param2; } /** * getter method for generic parameter Param3 * @return Parameter Param3 or null not set. */ public String getParam3() { return Param3; } /** * Returns a string representation of LPRParams * * @return a String representation of this object. * @see XMLLoginParameterResolver.LPRParams */ public String toString() { return "Enabled: " + enabled.toString() + "UN: '" + UN + "' PW: '" + PW + "' Param1: '" + Param1 + "' Param2: '" + Param2 + "' Param3: '" + Param3 + "'\n"; } //private member variables used to store the parameters private Boolean enabled = null; private String UN = null; private String PW = null; private String Param1 = null; private String Param2 = null; private String Param3 = null; /** * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. * * @param enabled enable user mapping to parameter set for the parameter set. * @param UN username used in HTTP 401 - BasicAuthentication * @param PW password used in HTTP 401 - BasicAuthentication * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication **/ LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) { this.enabled = new Boolean(enabled); this.UN = UN; this.PW = PW; this.Param1 = Param1; this.Param2 = Param2; this.Param3 = Param3; } /** * Constructs a newly allocated XMLLoginParameterResolver.LPRParams object. * * @param enabled enable user mapping to parameter set for the parameter set. * @param UN username used in HTTP 401 - BasicAuthentication * @param PW password used in HTTP 401 - BasicAuthentication **/ LPRParams(boolean enabled, String UN, String PW) { this(enabled, UN, PW, null, null, null); } } //TODO document public XMLLoginParameterResolverPlainData() { bPKMap = new HashMap(); namedMap = new HashMap(); } //TODO document public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException { Map result = new HashMap(); if(oaConf.getAuthType().equals("basic")) { String famName = resolveValue(MOAFamilyName, authData, clientIPAddress); String givenName = resolveValue(MOAGivenName, authData, clientIPAddress); String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress); String bPK =""; String wType= ""; if (businessService) { bPK = resolveValue(MOAWBPK, authData, clientIPAddress); wType = "w"; } else { bPK = resolveValue(MOABPK, authData, clientIPAddress); } String userid = ""; String password = ""; String param1 = ""; String param2 = ""; String param3 = ""; LPRParams params = null; boolean userFound = false; //first step: search for (w)bPK entry in user list Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for "+ wType + "bPK:" + bPK); params = (LPRParams)bPKMap.get(bPK); if(params == null) Logger.debug("XMLLoginParameterResolverPlainData: params for "+ wType + "bPK: " + bPK + " not found in file!"); else if(params.getEnabled()) { //if user is enabled: get related parameters Logger.debug("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is enabled"); Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); userid = params.getUN(); password = params.getPW(); param1 = params.getParam1(); param2 = params.getParam2(); param3 = params.getParam3(); userFound = true; } else { Logger.info("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is NOT enabled"); } if(!userFound) //secound step: search for name entry in user list { Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth); params = (LPRParams)namedMap.get(famName + "," + givenName + "," + dateOfBirth); if(params == null) { Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " not found in file!"); //try also with wildcard ("*") birthdate params = (LPRParams)namedMap.get(famName + "," + givenName + "," + "*"); if(params != null) Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + "*" + " found!"); } if(null != params && params.getEnabled()) { Logger.debug("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " found in file; user is enabled"); Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); userid = params.getUN(); password = params.getPW(); param1 = params.getParam1(); param2 = params.getParam2(); param3 = params.getParam3(); userFound = true; } } if(!userFound) //third step: search for default user in user list { //third step: search for (w)bPK for the default user entry in user list Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for default user"); params = (LPRParams)bPKMap.get("default"); if(params == null) Logger.debug("XMLLoginParameterResolverPlainData: params for default user not found in file!"); else if(params.getEnabled()) { //if user is enabled: get related parameters Logger.debug("XMLLoginParameterResolverPlainData: default user found in list; user is enabled"); Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString()); userid = params.getUN(); password = params.getPW(); param1 = params.getParam1(); param2 = params.getParam2(); param3 = params.getParam3(); userFound = true; } else { Logger.info("XMLLoginParameterResolverPlainData: default user found in list; user is NOT enabled"); } } if(!userFound) //if user is not found then throw NotAllowedException exception { //TODO MOA-ID proove this with testcases! Logger.info("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login"); throw new NotAllowedException("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login ", new Object[] { }); } try //if user was found: generate Authorization header entry with associated credemtials { String userIDPassword = userid + ":" + password; String credentials = Base64Utils.encode(userIDPassword.getBytes()); Logger.debug("XMLLoginParameterResolverPlainData: calculated credentials: " + credentials); result.put("Authorization", "Basic " + credentials); } catch(IOException ignore) { } } else if(oaConf.getAuthType().equals("header")) { String key; String resolvedValue; for(Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) { key = (String)iter.next(); String predicate = (String)oaConf.getHeaderAuthMapping().get(key); resolvedValue = resolveValue(predicate, authData, clientIPAddress); } } return result; } public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) { Map result = new HashMap(); if(oaConf.getAuthType().equals("param")) { String key; String resolvedValue; for(Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue)) { key = (String)iter.next(); String predicate = (String)oaConf.getParamAuthMapping().get(key); resolvedValue = resolveValue(predicate, authData, clientIPAddress); } } return result; } private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) { if(predicate.equals(MOAGivenName)) return authData.getGivenName(); if(predicate.equals(MOAFamilyName)) return authData.getFamilyName(); if(predicate.equals(MOADateOfBirth)) return authData.getDateOfBirth(); if(predicate.equals(MOABPK)) return authData.getBPK(); if(predicate.equals(MOAWBPK)) return authData.getWBPK(); if(predicate.equals(MOAPublicAuthority)) if(authData.isPublicAuthority()) return "true"; else return "false"; if(predicate.equals(MOABKZ)) return authData.getPublicAuthorityCode(); if(predicate.equals(MOAQualifiedCertificate)) if(authData.isQualifiedCertificate()) return "true"; else return "false"; if(predicate.equals(MOAStammzahl)) return authData.getIdentificationValue(); if (predicate.equals(MOAIdentificationValueType)) return authData.getIdentificationType(); if(predicate.equals(MOAIPAddress)) return clientIPAddress; else return null; } private Document readXMLFile(String fileName) throws LoginParameterResolverException { Logger.info("XMLLoginParameterResolverPlainData: Loading MOA-OA configuration " + fileName); DOMParser parser = new DOMParser(); try { parser.setFeature("http://xml.org/sax/features/validation", true); parser.setFeature("http://apache.org/xml/features/validation/schema", true); parser.parse(fileName); return parser.getDocument(); } catch(Exception e) { String msg = e.toString(); throw new LoginParameterResolverException("proxy.13", new Object[] {": XMLLoginParameterResolverPlainData: Error parsing file " + fileName, "detail problem: " + msg}); } } private void buildInfo(Document doc, boolean businessService) { Element root = doc.getDocumentElement(); NodeList idList = root.getElementsByTagName("Identity"); NodeList paramList = root.getElementsByTagName("Parameters"); String wType =""; if (businessService) wType = "w"; for(int i = 0; i < idList.getLength(); i++) Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName()); for(int i = 0; i < paramList.getLength(); i++) Logger.debug("XMLLoginParameterResolverPlainData: LocalName paramList: " + paramList.item(i).getLocalName()); for(int i = 0; i < idList.getLength(); i++) { Element tmpElem = (Element)idList.item(i); NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity"); for(int j = 0; j < tmpList.getLength(); j++) Logger.debug("XMLLoginParameterResolverPlainData: LocalName tmp: " + tmpList.item(j).getLocalName()); if(1 == tmpList.getLength()) { tmpElem = (Element)tmpList.item(0); String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName") + "," + tmpElem.getAttribute("BirthDate"); boolean tmpBool = false; if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) tmpBool = true; Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); tmpElem = (Element)paramList.item(i); Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW")); namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); } else { tmpList = tmpElem.getElementsByTagName(wType + "bPKIdentity"); if(1 == tmpList.getLength()) { tmpElem = (Element)tmpList.item(0); String tmpStr = tmpElem.getAttribute(wType + "bPK"); boolean tmpBool = false; if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0) tmpBool = true; Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString()); tmpElem = (Element)paramList.item(i); Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1")); bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW"))); } else { Logger.warn("XMLLoginParameterResolverPlainData: wrong format or incorrect mode; no NamedIdentity or " + wType + "bPKIdentity found"); } } } Logger.debug("namedMap:" + namedMap.toString()); Logger.debug(wType + "bPKMap:" + bPKMap.toString()); } //public static final String XSD_DOCELEM = "MOAIdentities"; //public static final String XSD_IDELEM = "Identity"; //public static final String XSD_NAMEDIDELEM = "NamedIdentity"; //public static final String XSD_BPKIDELEM = "bPKIdentity"; //public static final String XSD_PARAMELEM = "Parameters"; //public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration"; private Map bPKMap; private Map namedMap; public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException { Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration); this.configuration = configuration; String fileName = configuration; if(fileName == null) { fileName = "file:conf/moa-id/Identities.xml"; Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName); } Document doc = readXMLFile(fileName); buildInfo(doc, businessService.booleanValue() ); } }