/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.parser;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
/**
* Parses an <InfoboxReadResponse> returned from
* the security layer
*
* @author Stefan Knirsch
* @version $Id$
*/
public class CreateXMLSignatureResponseParser {
//
// XPath namespace prefix shortcuts
//
/** Xpath prefix for reaching SAML Namespaces */
private static final String SAML = Constants.SAML_PREFIX + ":";
/** Xpath prefix for reaching XML-DSIG Namespaces */
private static final String DSIG = Constants.DSIG_PREFIX + ":";
/** Xpath expression to the root element */
private static final String ROOT = ":CreateXMLSignatureResponse/";
/** Xpath expression to the SAML:Assertion element */
private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion";
/** Xpath expression to the SAML:NameIdentifier element */
private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier";
/** Xpath expression to the AttributeStatement element */
private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute";
/** Xpath expression to the AttributeValue element */
private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue";
/** This is the root element of the CreateXMLsignatureResponse */
private Element sigResponse_;
private static final Map parserFeatures =
Collections.unmodifiableMap(new HashMap() {
private static final long serialVersionUID = 1L;
{
put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
}
});
/**
* Parses and validates the document given as string and extracts the
* root element.
*
* @param xmlResponse <CreateXMLSignatureResponse> as String
*
* @throws AuthenticationException if any authentication error occurs
* @throws ParseException if an element cannot be parsed
* @throws
*/
public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException, BKUException{
try {
InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
init(s);
}
catch (BKUException e) {
throw e;
} catch (Throwable t) {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
}
}
/**
* Parses and validates the document given as stream and extracts the
* root element.
*
* @param is <InfoboxReadResponse> as InputStream
*
* @throws AuthenticationException If any authentication error occurs
* @throws ParseException If an element cannot be parsed
* @throws BKUException
*/
public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException, BKUException {
init(is);
}
/**
* Constructor for CreateXMLSignatureResponseParser.
* The incoming Element will be used for further operations
* @param xmlResponse <InfoboxReadResponse> as InputStream
*/
public CreateXMLSignatureResponseParser(Element xmlResponse) {
sigResponse_ = xmlResponse;
}
/**
* Initializes the parser.
* Parses and validates the document given as stream and extracts the
* root element.
*
* @param is The CreateXMLSignatureResponse as stream.
* @throws AuthenticationException if an authentication error occurs.
* @throws ParseException If an error occurs on parsing the the document.
* @throws BKUException
*/
private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
try {
Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) {
sigResponse_ = responseElem;
} else {
ErrorResponseParser erp = new ErrorResponseParser(responseElem);
throw new BKUException("auth.08",
new Object[] { erp.getErrorCode(), erp.getErrorInfo()},
erp.getErrorCode(),
erp.getErrorInfo());
}
} catch (BKUException e) {
throw e;
} catch (Throwable t) {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
}
}
/**
* Unmarshalls the <@link sigResponse> to an
* <CreateXMLSignatureResponse> object.
*
* @return a <CreateXMLSignatureResponse> object
* @throws ParseException
*/
public CreateXMLSignatureResponse parseResponseDsig() throws ParseException {
CreateXMLSignatureResponse cResp;
try {
cResp = new CreateXMLSignatureResponse();
NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
Element dsigSignatureNode = (Element) list.item(0);
Element dsigSignatureElement = (Element) dsigSignatureNode;
cResp.setDsigSignature(dsigSignatureElement);
}
catch (Throwable t) {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
}
return cResp;
}
/**
* Unmarshalls the <@link sigResponse> to an
* <CreateXMLSignatureResponse> object.
*
* @return a <CreateXMLSignatureResponse> object
* @throws ParseException
*/
public CreateXMLSignatureResponse parseResponse() throws ParseException {
CreateXMLSignatureResponse cResp;
try {
cResp = new CreateXMLSignatureResponse();
String slPrefix = XPathUtils.getSlPrefix(sigResponse_);
cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse_, "/" + slPrefix + SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null));
cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse_, "/" + slPrefix + SAML_ASSERTION_XPATH));
NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse_, "/" + slPrefix + SAML_ATTRIBUTE_XPATH);
Element samlAttr;
List samlAttributes = new ArrayList();
while ((samlAttr = (Element) attrIter.nextNode()) != null) {
String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", "");
String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", "");
Object attrValue;
Element attrValueElem = (Element)XPathUtils.selectSingleNode(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH);
attrValue = DOMUtils.getElementFromNodeList(attrValueElem.getChildNodes());
if (attrValue == null) {
if (null!=attrValueElem.getFirstChild()) {
attrValue = attrValueElem.getFirstChild().getNodeValue();
} else {
attrValue = "";
}
}
samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue));
}
SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
samlAttributes.toArray(result);
cResp.setSamlAttributes(result);
NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
Element dsigSignatureNode = (Element) list.item(0);
cResp.setDsigSignature(dsigSignatureNode);
}
catch (Throwable t) {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
}
return cResp;
}
// public CreateXMLSignatureResponse parseResponse() throws ParseException {
// CreateXMLSignatureResponse cResp;
// try {
// cResp = new CreateXMLSignatureResponse();
// Element samlAssertion = (Element)sigResponse.getElementsByTagNameNS(Constants.SAML_NS_URI, "Assertion").item(0);
// cResp.setSamlAssertion(samlAssertion);
// Element samlAttributeStatement = (Element)samlAssertion.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeStatement").item(0);
// Element samlSubject = (Element)samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Subject").item(0);
// Element samlNameIdentifier = (Element)samlSubject.getElementsByTagNameNS(Constants.SAML_NS_URI, "NameIdentifier").item(0);
// cResp.setSamlNameIdentifier(samlNameIdentifier.getFirstChild().getNodeValue());
// NodeList nl = samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Attribute");
// List samlAttributes = new ArrayList();
// for (int i=0; i