/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.parser;
import iaik.utils.Base64InputStream;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
/**
* Parses a <VerifyXMLSignatureResponse> returned by
* MOA-SPSS.
* This class implements the Singleton pattern
*
* @author Stefan Knirsch
* @version $Id$
*/
public class VerifyXMLSignatureResponseParser {
//
// XPath namespace prefix shortcuts
//
/** Xpath prefix for reaching MOA Namespaces */
private static final String MOA = Constants.MOA_PREFIX + ":";
/** Xpath prefix for reaching DSIG Namespaces */
private static final String DSIG = Constants.DSIG_PREFIX + ":";
/** Xpath expression to the root element */
private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
/** Xpath expression to the X509SubjectName element */
private static final String DSIG_SUBJECT_NAME_XPATH =
ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
DSIG + "X509SubjectName";
/** Xpath expression to the X509Certificate element */
private static final String DSIG_X509_CERTIFICATE_XPATH =
ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
DSIG + "X509Certificate";
/** Xpath expression to the PublicAuthority element */
private static final String PUBLIC_AUTHORITY_XPATH =
ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
MOA + "PublicAuthority";
/** Xpath expression to the PublicAuthorityCode element */
private static final String PUBLIC_AUTHORITY_CODE_XPATH =
PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";
/** Xpath expression to the QualifiedCertificate element */
private static final String QUALIFIED_CERTIFICATE_XPATH =
ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
MOA + "QualifiedCertificate";
/** Xpath expression to the SignatureCheckCode element */
private static final String SIGNATURE_CHECK_CODE_XPATH =
ROOT + MOA + "SignatureCheck/" + MOA + "Code";
/** Xpath expression to the XMLDSIGManifestCheckCode element */
private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH =
ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
/** Xpath expression to the SignatureManifestCheckCode element */
private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH =
ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code";
/** Xpath expression to the CertificateCheckCode element */
private static final String CERTIFICATE_CHECK_CODE_XPATH =
ROOT + MOA + "CertificateCheck/" + MOA + "Code";
/** This is the root element of the XML-Document provided by the Security Layer Card*/
private Element verifyXMLSignatureResponse;
/**
* Constructor for VerifyXMLSignatureResponseParser.
* A DOM-representation of the incoming String will be created
* @param xmlResponse <InfoboxReadResponse> as String
* @throws ParseException on any parsing error
*/
public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
try {
InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s);
}
catch (Throwable t) {
throw new ParseException("parser.01", new Object[] { t.toString() }, t);
}
}
/**
* Constructor for VerifyXMLSignatureResponseParser.
* A DOM-representation of the incoming Inputstream will be created
* @param xmlResponse <InfoboxReadResponse> as InputStream
* @throws Exception on any parsing error
*/
public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
{
try {
verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);
}
catch (Throwable t) {
throw new ParseException("parser.01", null, t);
}
}
/**
* Constructor for VerifyXMLSignatureResponseParser.
* The incoming Element will be used for further operations
* @param xmlResponse <InfoboxReadResponse> as Element
*/
public VerifyXMLSignatureResponseParser(Element xmlResponse)
{
verifyXMLSignatureResponse =xmlResponse;
}
/**
* Parse identity link from <InfoboxReadResponse>
* @return Identity link
* @throws ParseException on any parsing error
*/
public IVerifiyXMLSignatureResponse parseData() throws ParseException {
IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
try {
String s = DOMUtils.serializeNode(verifyXMLSignatureResponse);
respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
respData.setQualifiedCertificate(e!=null);
Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
respData.setX509certificate(new X509Certificate(in));
Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH);
respData.setPublicAuthority(publicAuthority != null);
respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
if (xmlDsigCheckCode!=null) {
respData.setXmlDSIGManigest(true);
respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
} else {
respData.setXmlDSIGManigest(false);
}
String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null);
if (signatureManifestCheckCode != null) {
respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue());
}
respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());
}
catch (Throwable t) {
throw new ParseException("parser.01", null, t);
}
return respData;
}
}