diff options
author | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-01-28 19:40:11 +0000 |
---|---|---|
committer | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-01-28 19:40:11 +0000 |
commit | 54aa4703e3d66c5b1a63b8d925fd4c9c1766687c (patch) | |
tree | 28bde8b9ec66dd2f94a34e39ee8392e40e9f0809 /utils/src/main/java/at/gv | |
parent | cfae494572cdac7ab124f9a4214bc8f43b87b7fe (diff) | |
download | mocca-54aa4703e3d66c5b1a63b8d925fd4c9c1766687c.tar.gz mocca-54aa4703e3d66c5b1a63b8d925fd4c9c1766687c.tar.bz2 mocca-54aa4703e3d66c5b1a63b8d925fd4c9c1766687c.zip |
activation
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@291 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'utils/src/main/java/at/gv')
5 files changed, 750 insertions, 612 deletions
diff --git a/utils/src/main/java/at/gv/egiz/idlink/CompressedIdentityLinkFactory.java b/utils/src/main/java/at/gv/egiz/idlink/CompressedIdentityLinkFactory.java index 5f4e5d92..31e5163a 100644 --- a/utils/src/main/java/at/gv/egiz/idlink/CompressedIdentityLinkFactory.java +++ b/utils/src/main/java/at/gv/egiz/idlink/CompressedIdentityLinkFactory.java @@ -14,403 +14,403 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package at.gv.egiz.idlink;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.security.PublicKey;
-import java.security.cert.X509Certificate;
-import java.util.List;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.PropertyException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.Source;
-import javax.xml.transform.dom.DOMResult;
-
-import org.w3._2000._09.xmldsig_.KeyValueType;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-import at.buergerkarte.namespaces.personenbindung._20020506_.CompressedIdentityLinkType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.AbstractPersonType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value;
-import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
-import at.gv.egiz.idlink.ans1.CitizenPublicKey;
-import at.gv.egiz.idlink.ans1.IdentityLink;
-import at.gv.egiz.idlink.ans1.PersonData;
-import at.gv.egiz.idlink.ans1.PhysicalPersonData;
-import at.gv.egiz.xmldsig.KeyTypeNotSupportedException;
-import at.gv.egiz.xmldsig.KeyValueFactory;
-
-public class CompressedIdentityLinkFactory {
-
- /**
- * The instance returned by {@link #getInstance()}.
- */
- private static CompressedIdentityLinkFactory instance;
-
- /**
- * The <code>JAXBContext</code>.
- */
- private static JAXBContext jaxbContext;
-
- /**
- * The <code>KeyValueFactory</code>.
- */
- private static KeyValueFactory keyValueFactory;
-
- /**
- * Get an instance of this <code>CompressedIdentityLinkFactory</code>.
- *
- * @return an instance of this <code>CompressedIdentityLinkFactory</code>
- */
- public synchronized static CompressedIdentityLinkFactory getInstance() {
- if (instance == null) {
- instance = new CompressedIdentityLinkFactory();
- }
- return instance;
- }
-
- /**
- * Private constructor.
- */
- private CompressedIdentityLinkFactory() {
-
- keyValueFactory = new KeyValueFactory();
-
- StringBuffer packageNames = new StringBuffer();
- packageNames.append(at.gv.e_government.reference.namespace.persondata._20020228_.ObjectFactory.class.getPackage().getName());
- packageNames.append(":");
- packageNames.append(org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName());
- packageNames.append(":");
- packageNames.append(org.w3._2001._04.xmldsig_more_.ObjectFactory.class.getPackage().getName());
- packageNames.append(":");
- packageNames.append(at.buergerkarte.namespaces.personenbindung._20020506_.ObjectFactory.class.getPackage().getName());
-
- try {
- jaxbContext = JAXBContext.newInstance(packageNames.toString());
- } catch (JAXBException e) {
- // we should not get an JAXBException initializing the JAXBContext
- throw new RuntimeException(e);
- }
-
- }
-
- public IdentityLink createIdLink(CompressedIdentityLinkType compressedIdentityLinkType) {
-
- // IssuerTemplate
- String issuerTemplate = compressedIdentityLinkType.getIssuerTemplate();
-
- // AssertionId
- String assertionID = compressedIdentityLinkType.getAssertionID();
-
- // IssueInstant
- String issueInstant = compressedIdentityLinkType.getIssueInstant();
-
- AbstractPersonType personDataType = compressedIdentityLinkType.getPersonData();
-
- String baseId = null;
-
- List<IdentificationType> identifications = personDataType.getIdentification();
- for (IdentificationType identificationType : identifications) {
- String type = identificationType.getType();
- if ("urn:publicid:gv.at:baseid".equals(type)) {
- baseId = identificationType.getValue().getValue();
- }
- }
-
- String givenName = null;
- String familyName = null;
- String dateOfBirth = null;
-
- if (personDataType instanceof PhysicalPersonType) {
- PhysicalPersonType physicalPersonType = (PhysicalPersonType) personDataType;
- PersonNameType name = physicalPersonType.getName();
- List<String> givenNames = name.getGivenName();
- if (!givenNames.isEmpty()) {
- givenName = givenNames.get(0);
- }
- List<FamilyName> familyNames = name.getFamilyName();
- if (!familyNames.isEmpty()) {
- familyName = familyNames.get(0).getValue();
- }
- dateOfBirth = physicalPersonType.getDateOfBirth();
- }
-
- PhysicalPersonData physicalPersonData = new PhysicalPersonData(baseId, givenName, familyName, dateOfBirth);
- PersonData personData = new PersonData(physicalPersonData);
-
- int numKeys = compressedIdentityLinkType.getCitizenPublicKey().size();
- CitizenPublicKey[] citizenPublicKeys = new CitizenPublicKey[numKeys];
- for (int i = 0; i < numKeys;) {
- citizenPublicKeys[i] = new CitizenPublicKey(++i);
- }
-
- byte[] signatureValue = compressedIdentityLinkType.getSignatureValue();
- byte[] referenceDigest = compressedIdentityLinkType.getReferenceDigest();
- byte[] referenceManifestDigest = compressedIdentityLinkType.getReferenceManifestDigest();
- byte[] manifestReferenceDigest = compressedIdentityLinkType.getManifestReferenceDigest();
-
- IdentityLink idLink = new IdentityLink(issuerTemplate, assertionID, issueInstant, personData, citizenPublicKeys, signatureValue);
- idLink.setReferenceDigest(referenceDigest);
- idLink.setReferenceManifestDigest(referenceManifestDigest);
- idLink.setManifestReferenceDigest(manifestReferenceDigest);
-
- return idLink;
-
- }
-
- /**
- * Creates a new <code>CompressedIdentityLink</code> element from the given
- * ASN.1 representation of an <code>idLink</code>.
- *
- * @param idLink
- * the ASN.1 representation of an <code>IdentityLink</code>
- * @param certificates
- * a list of {@link X509Certificate}s containing the corresponding
- * public keys
- * @param domainId TODO
- * @return a new <code>CompressedIdentityLink</code> element
- *
- * @throws NullPointerException
- * if <code>idLink</code> or <code>certificates</code> is
- * <code>null</code>
- * @throws IllegalArgumentException
- * if <code>idLink</code> references certificates not in the range
- * of the <code>certificates</code> list
- */
- public JAXBElement<CompressedIdentityLinkType> createCompressedIdentityLink(
- at.gv.egiz.idlink.ans1.IdentityLink idLink,
- List<X509Certificate> certificates, String domainId) {
-
- at.gv.e_government.reference.namespace.persondata._20020228_.ObjectFactory prFactory =
- new at.gv.e_government.reference.namespace.persondata._20020228_.ObjectFactory();
-
- at.buergerkarte.namespaces.personenbindung._20020506_.ObjectFactory pbFactory =
- new at.buergerkarte.namespaces.personenbindung._20020506_.ObjectFactory();
-
- org.w3._2000._09.xmldsig_.ObjectFactory dsFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
-
- // PersonData
- PhysicalPersonData __physicalPersonData = idLink.getPersonData()
- .getPhysicalPerson();
-
- Value identificationTypeValue = prFactory.createIdentificationTypeValue();
- identificationTypeValue.setValue(__physicalPersonData.getBaseId());
- IdentificationType identificationType = prFactory
- .createIdentificationType();
- identificationType.setValue(identificationTypeValue);
- if (domainId != null) {
- identificationType.setType(domainId);
- } else {
- identificationType.setType("urn:publicid:gv.at:baseid");
- }
-
- PersonNameType personNameType = prFactory.createPersonNameType();
- FamilyName personNameTypeFamilyName = prFactory
- .createPersonNameTypeFamilyName();
- personNameTypeFamilyName.setValue(__physicalPersonData.getFamilyName());
- personNameType.getFamilyName().add(personNameTypeFamilyName);
- personNameType.getGivenName().add(__physicalPersonData.getGivenName());
-
- PhysicalPersonType physicalPersonType = prFactory
- .createPhysicalPersonType();
- physicalPersonType.getIdentification().add(identificationType);
- physicalPersonType.setName(personNameType);
- physicalPersonType.setDateOfBirth(__physicalPersonData.getDateOfBirth());
-
- // CompressedIdentityLink
- CompressedIdentityLinkType compressedIdentityLinkType = pbFactory
- .createCompressedIdentityLinkType();
- compressedIdentityLinkType.setIssuerTemplate(idLink.getIssuerTemplate());
- compressedIdentityLinkType.setAssertionID(idLink.getAssertionID());
- compressedIdentityLinkType.setIssueInstant(idLink.getIssueInstant());
- compressedIdentityLinkType.setPersonData(physicalPersonType);
-
- // CitizenPublicKey
- CitizenPublicKey[] __citizenPublicKeys = idLink.getCitizenPublicKeys();
- for (CitizenPublicKey __citizenPublicKey : __citizenPublicKeys) {
-
- X509Certificate certificate = certificates.get(__citizenPublicKey.getOnToken());
- PublicKey publicKey = certificate.getPublicKey();
-
- JAXBElement<?> keyValue;
- try {
- keyValue = keyValueFactory.createKeyValue(publicKey);
- } catch (KeyTypeNotSupportedException e) {
- // TODO: handle exception properly
- throw new RuntimeException(e);
- }
-
- KeyValueType keyValueType = dsFactory.createKeyValueType();
- keyValueType.getContent().add(keyValue);
-
- compressedIdentityLinkType.getCitizenPublicKey().add(keyValueType);
- }
-
- compressedIdentityLinkType.setSignatureValue(idLink.getSignatureValue());
- compressedIdentityLinkType.setReferenceDigest(idLink.getReferenceDigest());
- compressedIdentityLinkType.setReferenceManifestDigest(idLink
- .getReferenceManifestDigest());
- compressedIdentityLinkType.setManifestReferenceDigest(idLink
- .getManifestReferenceDigest());
- JAXBElement<CompressedIdentityLinkType> compressedIdentityLink = pbFactory
- .createCompressedIdentityLink(compressedIdentityLinkType);
-
- return compressedIdentityLink;
-
- }
-
- /**
- * Marshall the given <code>compressedIdentityLink</code> into a DOM document
- * with the given Nodes as <code>parent</code> and <code>nextSibling</code>
- * nodes.
- *
- * @param compressedIdentityLink
- * the <code>CompressedIdentityLink</code> element
- * @param parent
- * the parent node
- * @param nextSibling
- * the next sibling node (may be <code>null</code>)
- * @param applyWorkarounds
- * apply workarounds as spefiyed by
- * {@link #applyWorkarounds(Element, int)}
- *
- * @throws JAXBException
- * if an unexpected error occurs while marshalling
- * @throws NullPointerException
- * if <code>compressdIdentityLink</code> or <code>parent</code> is
- * <code>null</code>
- */
- public void marshallCompressedIdentityLink(
- JAXBElement<CompressedIdentityLinkType> compressedIdentityLink,
- Node parent, Node nextSibling, boolean applyWorkarounds) throws JAXBException {
-
- DOMResult result = new DOMResult(parent, nextSibling);
-
-
- try {
- Marshaller marshaller = jaxbContext.createMarshaller();
-
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
-
- marshaller.marshal(compressedIdentityLink, result);
- } catch (PropertyException e) {
- throw new RuntimeException(e);
- }
-
- if (applyWorkarounds) {
- Element element = (Element) ((nextSibling != null)
- ? nextSibling.getPreviousSibling()
- : parent.getFirstChild());
- applyWorkarounds(element, 76);
- }
-
- }
-
- @SuppressWarnings("unchecked")
- public CompressedIdentityLinkType unmarshallCompressedIdentityLink(Source source) throws JAXBException {
-
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
-
- return ((JAXBElement<CompressedIdentityLinkType>) unmarshaller.unmarshal(source)).getValue();
-
- }
-
- /**
- * Apply some workarounds to the given CompressedIdentityLink
- * <code>element</code> to achieve compatibility with IdentityLink
- * transformation stylesheets that have been designed for a (buggy) form of
- * the CompressedIdentityLink as produced by a well-known citizen card
- * environment implementation.
- *
- * <ol>
- * <li>Replace the attribute node <code>URN</code> of the
- * <code>NamedCurve</code> element of an <code>ECDSAKeyValue</code> element by
- * a child text-node with the same content.</li>
- * <li>Replace the attribute nodes <code>Value</code> of the <code>X</code>
- * and <code>Y</code> elements of an <code>ECDSAKeyValue</code> element by a
- * child text-node with the same content.</li>
- * <li>Insert "\n" at <code>base64LineLength</code> into the Base64
- * content of the <code>Modulus</code> element of an <code>RSAKeyValue</code>
- * element.
- * </ol>
- *
- * @param element
- * the <code>CompressedIdentityLink</code> element
- * @param base64LineLength
- * the line length of Base64 content
- */
- public void applyWorkarounds(Element element, int base64LineLength) {
-
- Document document = element.getOwnerDocument();
-
- NodeList nodeList = element.getElementsByTagNameNS(
- "http://www.w3.org/2001/04/xmldsig-more#", "NamedCurve");
- for (int i = 0; i < nodeList.getLength(); i++) {
- Node ecdsaNameCurve = nodeList.item(i);
- Attr attrNode = ((Element) ecdsaNameCurve).getAttributeNodeNS(null,
- "URN");
- ecdsaNameCurve
- .appendChild(document.createTextNode(attrNode.getValue()));
- ((Element) ecdsaNameCurve).removeAttributeNode(attrNode);
- }
- nodeList = document.getElementsByTagNameNS(
- "http://www.w3.org/2001/04/xmldsig-more#", "X");
- for (int i = 0; i < nodeList.getLength(); i++) {
- Node x = nodeList.item(i);
- Attr attrNode = ((Element) x).getAttributeNodeNS(null, "Value");
- x.appendChild(document.createTextNode(attrNode.getValue()));
- ((Element) x).removeAttributeNode(attrNode);
- }
- nodeList = document.getElementsByTagNameNS(
- "http://www.w3.org/2001/04/xmldsig-more#", "Y");
- for (int i = 0; i < nodeList.getLength(); i++) {
- Node y = nodeList.item(i);
- Attr attrNode = ((Element) y).getAttributeNodeNS(null, "Value");
- y.appendChild(document.createTextNode(attrNode.getValue()));
- ((Element) y).removeAttributeNode(attrNode);
- }
-
- if (base64LineLength > 0) {
- nodeList = document.getElementsByTagNameNS(
- "http://www.w3.org/2000/09/xmldsig#", "Modulus");
- for (int i = 0; i < nodeList.getLength(); i++) {
- Node modulus = nodeList.item(i);
- String value = ((Element) modulus).getTextContent();
- BufferedReader reader = new BufferedReader(new InputStreamReader(
- new ByteArrayInputStream(value.getBytes())));
- char[] buff = new char[base64LineLength];
- StringBuffer newValue = new StringBuffer();
- int found = 0;
- try {
- while ((found = reader.read(buff)) > 0) {
- newValue.append(buff, 0, found);
- if (found == base64LineLength)
- newValue.append('\n');
- }
- } catch (IOException e) {
- // this should never happen, as we are reading from a ByteArrayInputStream
- throw new RuntimeException(e);
- }
- ((Element) modulus).setTextContent(newValue.toString());
- }
-
- }
-
-
- }
-
-}
+package at.gv.egiz.idlink; + +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStreamReader; +import java.security.PublicKey; +import java.security.cert.X509Certificate; +import java.util.List; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.bind.PropertyException; +import javax.xml.bind.Unmarshaller; +import javax.xml.transform.Source; +import javax.xml.transform.dom.DOMResult; + +import org.w3._2000._09.xmldsig_.KeyValueType; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.buergerkarte.namespaces.personenbindung._20020506_.CompressedIdentityLinkType; +import at.gv.e_government.reference.namespace.persondata._20020228_.AbstractPersonType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value; +import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; +import at.gv.egiz.idlink.ans1.CitizenPublicKey; +import at.gv.egiz.idlink.ans1.IdentityLink; +import at.gv.egiz.idlink.ans1.PersonData; +import at.gv.egiz.idlink.ans1.PhysicalPersonData; +import at.gv.egiz.marshal.MarshallerFactory; +import at.gv.egiz.marshal.NamespacePrefixMapperImpl; +import at.gv.egiz.xmldsig.KeyTypeNotSupportedException; +import at.gv.egiz.xmldsig.KeyValueFactory; + +public class CompressedIdentityLinkFactory { + + /** + * The instance returned by {@link #getInstance()}. + */ + private static CompressedIdentityLinkFactory instance; + + /** + * The <code>JAXBContext</code>. + */ + private static JAXBContext jaxbContext; + + /** + * The <code>KeyValueFactory</code>. + */ + private static KeyValueFactory keyValueFactory; + + /** + * Get an instance of this <code>CompressedIdentityLinkFactory</code>. + * + * @return an instance of this <code>CompressedIdentityLinkFactory</code> + */ + public synchronized static CompressedIdentityLinkFactory getInstance() { + if (instance == null) { + instance = new CompressedIdentityLinkFactory(); + } + return instance; + } + + /** + * Private constructor. + */ + private CompressedIdentityLinkFactory() { + + keyValueFactory = new KeyValueFactory(); + + StringBuffer packageNames = new StringBuffer(); + packageNames.append(at.gv.e_government.reference.namespace.persondata._20020228_.ObjectFactory.class.getPackage().getName()); + packageNames.append(":"); + packageNames.append(org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName()); + packageNames.append(":"); + packageNames.append(org.w3._2001._04.xmldsig_more_.ObjectFactory.class.getPackage().getName()); + packageNames.append(":"); + packageNames.append(at.buergerkarte.namespaces.personenbindung._20020506_.ObjectFactory.class.getPackage().getName()); + + try { + jaxbContext = JAXBContext.newInstance(packageNames.toString()); + } catch (JAXBException e) { + // we should not get an JAXBException initializing the JAXBContext + throw new RuntimeException(e); + } + + } + + public IdentityLink createIdLink(CompressedIdentityLinkType compressedIdentityLinkType) { + + // IssuerTemplate + String issuerTemplate = compressedIdentityLinkType.getIssuerTemplate(); + + // AssertionId + String assertionID = compressedIdentityLinkType.getAssertionID(); + + // IssueInstant + String issueInstant = compressedIdentityLinkType.getIssueInstant(); + + AbstractPersonType personDataType = compressedIdentityLinkType.getPersonData(); + + String baseId = null; + + List<IdentificationType> identifications = personDataType.getIdentification(); + for (IdentificationType identificationType : identifications) { + String type = identificationType.getType(); + if ("urn:publicid:gv.at:baseid".equals(type)) { + baseId = identificationType.getValue().getValue(); + } + } + + String givenName = null; + String familyName = null; + String dateOfBirth = null; + + if (personDataType instanceof PhysicalPersonType) { + PhysicalPersonType physicalPersonType = (PhysicalPersonType) personDataType; + PersonNameType name = physicalPersonType.getName(); + List<String> givenNames = name.getGivenName(); + if (!givenNames.isEmpty()) { + givenName = givenNames.get(0); + } + List<FamilyName> familyNames = name.getFamilyName(); + if (!familyNames.isEmpty()) { + familyName = familyNames.get(0).getValue(); + } + dateOfBirth = physicalPersonType.getDateOfBirth(); + } + + PhysicalPersonData physicalPersonData = new PhysicalPersonData(baseId, givenName, familyName, dateOfBirth); + PersonData personData = new PersonData(physicalPersonData); + + int numKeys = compressedIdentityLinkType.getCitizenPublicKey().size(); + CitizenPublicKey[] citizenPublicKeys = new CitizenPublicKey[numKeys]; + for (int i = 0; i < numKeys;) { + citizenPublicKeys[i] = new CitizenPublicKey(++i); + } + + byte[] signatureValue = compressedIdentityLinkType.getSignatureValue(); + byte[] referenceDigest = compressedIdentityLinkType.getReferenceDigest(); + byte[] referenceManifestDigest = compressedIdentityLinkType.getReferenceManifestDigest(); + byte[] manifestReferenceDigest = compressedIdentityLinkType.getManifestReferenceDigest(); + + IdentityLink idLink = new IdentityLink(issuerTemplate, assertionID, issueInstant, personData, citizenPublicKeys, signatureValue); + idLink.setReferenceDigest(referenceDigest); + idLink.setReferenceManifestDigest(referenceManifestDigest); + idLink.setManifestReferenceDigest(manifestReferenceDigest); + + return idLink; + + } + + /** + * Creates a new <code>CompressedIdentityLink</code> element from the given + * ASN.1 representation of an <code>idLink</code>. + * + * @param idLink + * the ASN.1 representation of an <code>IdentityLink</code> + * @param certificates + * a list of {@link X509Certificate}s containing the corresponding + * public keys + * @param domainId TODO + * @return a new <code>CompressedIdentityLink</code> element + * + * @throws NullPointerException + * if <code>idLink</code> or <code>certificates</code> is + * <code>null</code> + * @throws IllegalArgumentException + * if <code>idLink</code> references certificates not in the range + * of the <code>certificates</code> list + */ + public JAXBElement<CompressedIdentityLinkType> createCompressedIdentityLink( + at.gv.egiz.idlink.ans1.IdentityLink idLink, + List<X509Certificate> certificates, String domainId) { + + at.gv.e_government.reference.namespace.persondata._20020228_.ObjectFactory prFactory = + new at.gv.e_government.reference.namespace.persondata._20020228_.ObjectFactory(); + + at.buergerkarte.namespaces.personenbindung._20020506_.ObjectFactory pbFactory = + new at.buergerkarte.namespaces.personenbindung._20020506_.ObjectFactory(); + + org.w3._2000._09.xmldsig_.ObjectFactory dsFactory = new org.w3._2000._09.xmldsig_.ObjectFactory(); + + // PersonData + PhysicalPersonData __physicalPersonData = idLink.getPersonData() + .getPhysicalPerson(); + + Value identificationTypeValue = prFactory.createIdentificationTypeValue(); + identificationTypeValue.setValue(__physicalPersonData.getBaseId()); + IdentificationType identificationType = prFactory + .createIdentificationType(); + identificationType.setValue(identificationTypeValue); + if (domainId != null) { + identificationType.setType(domainId); + } else { + identificationType.setType("urn:publicid:gv.at:baseid"); + } + + PersonNameType personNameType = prFactory.createPersonNameType(); + FamilyName personNameTypeFamilyName = prFactory + .createPersonNameTypeFamilyName(); + personNameTypeFamilyName.setValue(__physicalPersonData.getFamilyName()); + personNameType.getFamilyName().add(personNameTypeFamilyName); + personNameType.getGivenName().add(__physicalPersonData.getGivenName()); + + PhysicalPersonType physicalPersonType = prFactory + .createPhysicalPersonType(); + physicalPersonType.getIdentification().add(identificationType); + physicalPersonType.setName(personNameType); + physicalPersonType.setDateOfBirth(__physicalPersonData.getDateOfBirth()); + + // CompressedIdentityLink + CompressedIdentityLinkType compressedIdentityLinkType = pbFactory + .createCompressedIdentityLinkType(); + compressedIdentityLinkType.setIssuerTemplate(idLink.getIssuerTemplate()); + compressedIdentityLinkType.setAssertionID(idLink.getAssertionID()); + compressedIdentityLinkType.setIssueInstant(idLink.getIssueInstant()); + compressedIdentityLinkType.setPersonData(physicalPersonType); + + // CitizenPublicKey + CitizenPublicKey[] __citizenPublicKeys = idLink.getCitizenPublicKeys(); + for (CitizenPublicKey __citizenPublicKey : __citizenPublicKeys) { + + X509Certificate certificate = certificates.get(__citizenPublicKey.getOnToken()); + PublicKey publicKey = certificate.getPublicKey(); + + JAXBElement<?> keyValue; + try { + keyValue = keyValueFactory.createKeyValue(publicKey); + } catch (KeyTypeNotSupportedException e) { + // TODO: handle exception properly + throw new RuntimeException(e); + } + + KeyValueType keyValueType = dsFactory.createKeyValueType(); + keyValueType.getContent().add(keyValue); + + compressedIdentityLinkType.getCitizenPublicKey().add(keyValueType); + } + + compressedIdentityLinkType.setSignatureValue(idLink.getSignatureValue()); + compressedIdentityLinkType.setReferenceDigest(idLink.getReferenceDigest()); + compressedIdentityLinkType.setReferenceManifestDigest(idLink + .getReferenceManifestDigest()); + compressedIdentityLinkType.setManifestReferenceDigest(idLink + .getManifestReferenceDigest()); + JAXBElement<CompressedIdentityLinkType> compressedIdentityLink = pbFactory + .createCompressedIdentityLink(compressedIdentityLinkType); + + return compressedIdentityLink; + + } + + /** + * Marshall the given <code>compressedIdentityLink</code> into a DOM document + * with the given Nodes as <code>parent</code> and <code>nextSibling</code> + * nodes. + * + * @param compressedIdentityLink + * the <code>CompressedIdentityLink</code> element + * @param parent + * the parent node + * @param nextSibling + * the next sibling node (may be <code>null</code>) + * @param applyWorkarounds + * apply workarounds as spefiyed by + * {@link #applyWorkarounds(Element, int)} + * + * @throws JAXBException + * if an unexpected error occurs while marshalling + * @throws NullPointerException + * if <code>compressdIdentityLink</code> or <code>parent</code> is + * <code>null</code> + */ + public void marshallCompressedIdentityLink( + JAXBElement<CompressedIdentityLinkType> compressedIdentityLink, + Node parent, Node nextSibling, boolean applyWorkarounds) throws JAXBException { + + DOMResult result = new DOMResult(parent, nextSibling); + + + try { + Marshaller marshaller = MarshallerFactory.createMarshaller(jaxbContext); + + marshaller.marshal(compressedIdentityLink, result); + } catch (PropertyException e) { + throw new RuntimeException(e); + } + + if (applyWorkarounds) { + Element element = (Element) ((nextSibling != null) + ? nextSibling.getPreviousSibling() + : parent.getFirstChild()); + applyWorkarounds(element, 76); + } + + } + + @SuppressWarnings("unchecked") + public CompressedIdentityLinkType unmarshallCompressedIdentityLink(Source source) throws JAXBException { + + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + + return ((JAXBElement<CompressedIdentityLinkType>) unmarshaller.unmarshal(source)).getValue(); + + } + + /** + * Apply some workarounds to the given CompressedIdentityLink + * <code>element</code> to achieve compatibility with IdentityLink + * transformation stylesheets that have been designed for a (buggy) form of + * the CompressedIdentityLink as produced by a well-known citizen card + * environment implementation. + * + * <ol> + * <li>Replace the attribute node <code>URN</code> of the + * <code>NamedCurve</code> element of an <code>ECDSAKeyValue</code> element by + * a child text-node with the same content.</li> + * <li>Replace the attribute nodes <code>Value</code> of the <code>X</code> + * and <code>Y</code> elements of an <code>ECDSAKeyValue</code> element by a + * child text-node with the same content.</li> + * <li>Insert "\n" at <code>base64LineLength</code> into the Base64 + * content of the <code>Modulus</code> element of an <code>RSAKeyValue</code> + * element. + * </ol> + * + * @param element + * the <code>CompressedIdentityLink</code> element + * @param base64LineLength + * the line length of Base64 content + */ + public void applyWorkarounds(Element element, int base64LineLength) { + + Document document = element.getOwnerDocument(); + + NodeList nodeList = element.getElementsByTagNameNS( + "http://www.w3.org/2001/04/xmldsig-more#", "NamedCurve"); + for (int i = 0; i < nodeList.getLength(); i++) { + Node ecdsaNameCurve = nodeList.item(i); + Attr attrNode = ((Element) ecdsaNameCurve).getAttributeNodeNS(null, + "URN"); + ecdsaNameCurve + .appendChild(document.createTextNode(attrNode.getValue())); + ((Element) ecdsaNameCurve).removeAttributeNode(attrNode); + } + nodeList = document.getElementsByTagNameNS( + "http://www.w3.org/2001/04/xmldsig-more#", "X"); + for (int i = 0; i < nodeList.getLength(); i++) { + Node x = nodeList.item(i); + Attr attrNode = ((Element) x).getAttributeNodeNS(null, "Value"); + x.appendChild(document.createTextNode(attrNode.getValue())); + ((Element) x).removeAttributeNode(attrNode); + } + nodeList = document.getElementsByTagNameNS( + "http://www.w3.org/2001/04/xmldsig-more#", "Y"); + for (int i = 0; i < nodeList.getLength(); i++) { + Node y = nodeList.item(i); + Attr attrNode = ((Element) y).getAttributeNodeNS(null, "Value"); + y.appendChild(document.createTextNode(attrNode.getValue())); + ((Element) y).removeAttributeNode(attrNode); + } + + if (base64LineLength > 0) { + nodeList = document.getElementsByTagNameNS( + "http://www.w3.org/2000/09/xmldsig#", "Modulus"); + for (int i = 0; i < nodeList.getLength(); i++) { + Node modulus = nodeList.item(i); + String value = ((Element) modulus).getTextContent(); + BufferedReader reader = new BufferedReader(new InputStreamReader( + new ByteArrayInputStream(value.getBytes()))); + char[] buff = new char[base64LineLength]; + StringBuffer newValue = new StringBuffer(); + int found = 0; + try { + while ((found = reader.read(buff)) > 0) { + newValue.append(buff, 0, found); + if (found == base64LineLength) + newValue.append('\n'); + } + } catch (IOException e) { + // this should never happen, as we are reading from a ByteArrayInputStream + throw new RuntimeException(e); + } + ((Element) modulus).setTextContent(newValue.toString()); + } + + } + + + } + +} diff --git a/utils/src/main/java/at/gv/egiz/idlink/IdentityLinkFactory.java b/utils/src/main/java/at/gv/egiz/idlink/IdentityLinkFactory.java index fb7943dc..38597446 100644 --- a/utils/src/main/java/at/gv/egiz/idlink/IdentityLinkFactory.java +++ b/utils/src/main/java/at/gv/egiz/idlink/IdentityLinkFactory.java @@ -87,6 +87,8 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameTy import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value; import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; +import at.gv.egiz.marshal.MarshallerFactory; +import at.gv.egiz.marshal.NamespacePrefixMapperImpl; import at.gv.egiz.xmldsig.KeyTypeNotSupportedException; import at.gv.egiz.xmldsig.KeyValueFactory; import oasis.names.tc.saml._1_0.assertion.AnyType; @@ -276,9 +278,7 @@ public class IdentityLinkFactory { DOMResult result = new DOMResult(parent, nextSibling); try { - Marshaller marshaller = jaxbContext.createMarshaller(); - - marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); + Marshaller marshaller = MarshallerFactory.createMarshaller(jaxbContext, true); marshaller.marshal(identityLink, result); } catch (PropertyException e) { diff --git a/utils/src/main/java/at/gv/egiz/marshal/MarshallerFactory.java b/utils/src/main/java/at/gv/egiz/marshal/MarshallerFactory.java new file mode 100644 index 00000000..ccebcc81 --- /dev/null +++ b/utils/src/main/java/at/gv/egiz/marshal/MarshallerFactory.java @@ -0,0 +1,52 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.marshal; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.bind.PropertyException; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class MarshallerFactory { + + private static final Log log = LogFactory.getLog(MarshallerFactory.class); + + public static Marshaller createMarshaller(JAXBContext ctx, boolean formattedOutput) throws JAXBException { + Marshaller m = ctx.createMarshaller(); + try { + if (formattedOutput) { + log.trace("setting marshaller property FORMATTED_OUTPUT"); + m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); + } + log.trace("setting marshaller property NamespacePrefixMapper"); + m.setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapperImpl()); + } catch (PropertyException ex) { + log.info("failed to set marshaller property: " + ex.getMessage()); + } + return m; + } + + public static Marshaller createMarshaller(JAXBContext ctx) throws JAXBException { + return createMarshaller(ctx, false); + } +} diff --git a/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java b/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java new file mode 100644 index 00000000..a08c1188 --- /dev/null +++ b/utils/src/main/java/at/gv/egiz/marshal/NamespacePrefixMapperImpl.java @@ -0,0 +1,86 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.marshal; + +//import com.sun.xml.internal.bind.marshaller.NamespacePrefixMapper; +import com.sun.xml.bind.marshaller.NamespacePrefixMapper; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class NamespacePrefixMapperImpl extends NamespacePrefixMapper { + + private static final Log log = LogFactory.getLog(NamespacePrefixMapperImpl.class); + + @Override + public String getPreferredPrefix(String namespaceUri, String suggestion, boolean requirePrefix) { + + if (log.isTraceEnabled()) { + log.trace("prefix for namespace " + namespaceUri + " requested"); + } + if ("http://www.w3.org/2001/XMLSchema-instance".equals(namespaceUri)) { + return "xsi"; + } + + if ("http://www.w3.org/2000/09/xmldsig#".equals(namespaceUri)) { + return "dsig"; + } + + if ("http://www.buergerkarte.at/namespaces/securitylayer/1.2#".equals(namespaceUri)) { + return "sl"; + } + + if ("http://www.buergerkarte.at/cardchannel".equals(namespaceUri)) { + return "cc"; + } + + if ("http://www.w3.org/2001/04/xmldsig-more#".equals(namespaceUri)) { + return "ecdsa"; + } + + if ("http://reference.e-government.gv.at/namespace/persondata/20020228#".equals(namespaceUri)) { + return "pr"; + } + + if ("urn:oasis:names:tc:SAML:1.0:assertion".equals(namespaceUri)) { + return "saml"; + } + + if ("http://uri.etsi.org/01903/v1.1.1#".equals(namespaceUri)) { + return "xades"; + } + + return suggestion; + } + + /** + * Returns a list of namespace URIs that should be declared + * at the root element. + * <p> + * By default, the JAXB RI produces namespace declarations only when + * they are necessary, only at where they are used. Because of this + * lack of look-ahead, sometimes the marshaller produces a lot of + * namespace declarations that look redundant to human eyes. For example, + */ + @Override + public String[] getPreDeclaredNamespaceUris() { + return new String[]{ "http://www.buergerkarte.at/namespaces/securitylayer/1.2#" }; + } +} diff --git a/utils/src/main/java/at/gv/egiz/xades/QualifyingPropertiesFactory.java b/utils/src/main/java/at/gv/egiz/xades/QualifyingPropertiesFactory.java index ae159215..71ca1db9 100644 --- a/utils/src/main/java/at/gv/egiz/xades/QualifyingPropertiesFactory.java +++ b/utils/src/main/java/at/gv/egiz/xades/QualifyingPropertiesFactory.java @@ -14,212 +14,212 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package at.gv.egiz.xades;
-
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.GregorianCalendar;
-import java.util.List;
-import java.util.TimeZone;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.PropertyException;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.datatype.DatatypeConfigurationException;
-import javax.xml.datatype.DatatypeFactory;
-import javax.xml.datatype.XMLGregorianCalendar;
-
-import org.etsi.uri._01903.v1_1.CertIDListType;
-import org.etsi.uri._01903.v1_1.CertIDType;
-import org.etsi.uri._01903.v1_1.DataObjectFormatType;
-import org.etsi.uri._01903.v1_1.DigestAlgAndValueType;
-import org.etsi.uri._01903.v1_1.QualifyingPropertiesType;
-import org.etsi.uri._01903.v1_1.SignaturePolicyIdentifierType;
-import org.etsi.uri._01903.v1_1.SignedDataObjectPropertiesType;
-import org.etsi.uri._01903.v1_1.SignedPropertiesType;
-import org.etsi.uri._01903.v1_1.SignedSignaturePropertiesType;
-import org.w3._2000._09.xmldsig_.DigestMethodType;
-import org.w3._2000._09.xmldsig_.X509IssuerSerialType;
-import org.w3c.dom.Node;
-
-public class QualifyingPropertiesFactory {
-
- public static String NS_URI_V1_1_1 = "http://uri.etsi.org/01903/v1.1.1#";
-
- public static String SIGNED_PROPERTIES_REFERENCE_TYPE_V1_1_1 = NS_URI_V1_1_1 + "SignedProperties";
-
- private static QualifyingPropertiesFactory instance;
-
- /**
- * The <code>JAXBContext</code>.
- */
- private static JAXBContext jaxbContext;
-
- public static synchronized QualifyingPropertiesFactory getInstance() {
- if (instance == null) {
- instance = new QualifyingPropertiesFactory();
- }
- return instance;
- }
-
- private DatatypeFactory datatypeFactory;
-
- private org.etsi.uri._01903.v1_1.ObjectFactory qpFactory;
-
- private org.w3._2000._09.xmldsig_.ObjectFactory dsFactory;
-
- public QualifyingPropertiesFactory() {
-
- try {
- datatypeFactory = DatatypeFactory.newInstance();
- } catch (DatatypeConfigurationException e) {
- throw new RuntimeException(e);
- }
-
- qpFactory = new org.etsi.uri._01903.v1_1.ObjectFactory();
-
- dsFactory = new org.w3._2000._09.xmldsig_.ObjectFactory();
-
- StringBuffer packageNames = new StringBuffer();
-
- packageNames.append(org.etsi.uri._01903.v1_1.ObjectFactory.class.getPackage().getName());
- packageNames.append(":");
- packageNames.append(org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName());
-
- try {
- jaxbContext = JAXBContext.newInstance(packageNames.toString());
- } catch (JAXBException e) {
- // we should not get an JAXBException initializing the JAXBContext
- throw new RuntimeException(e);
- }
-
- }
-
- public DigestAlgAndValueType createDigestAlgAndValueType(X509Certificate certificate) throws QualifyingPropertiesException {
-
- DigestMethodType digestMethodType = dsFactory.createDigestMethodType();
- digestMethodType.setAlgorithm(DigestMethod.SHA1);
-
- byte[] digest;
- try {
- MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
- digest = messageDigest.digest(certificate.getEncoded());
- } catch (CertificateEncodingException e) {
- throw new QualifyingPropertiesException(e);
- } catch (NoSuchAlgorithmException e) {
- throw new QualifyingPropertiesException(e);
- }
-
- DigestAlgAndValueType digestAlgAndValueType = qpFactory.createDigestAlgAndValueType();
- digestAlgAndValueType.setDigestMethod(digestMethodType);
- digestAlgAndValueType.setDigestValue(digest);
-
- return digestAlgAndValueType;
-
- }
-
- public X509IssuerSerialType createX509IssuerSerialType(X509Certificate certificate) {
-
- String name = certificate.getIssuerX500Principal().getName("RFC2253");
- BigInteger serialNumber = certificate.getSerialNumber();
-
- X509IssuerSerialType issuerSerialType = dsFactory.createX509IssuerSerialType();
- issuerSerialType.setX509IssuerName(name);
- issuerSerialType.setX509SerialNumber(serialNumber);
-
- return issuerSerialType;
-
- }
-
- public DataObjectFormatType createDataObjectFormatType(String objectReference, String mimeType, String description) {
-
- DataObjectFormatType dataObjectFormatType = qpFactory.createDataObjectFormatType();
- dataObjectFormatType.setObjectReference(objectReference);
-
- if (mimeType != null) {
- dataObjectFormatType.setMimeType(mimeType);
- }
- if (description != null) {
- dataObjectFormatType.setDescription(description);
- }
-
- return dataObjectFormatType;
- }
-
- public JAXBElement<QualifyingPropertiesType> createQualifyingProperties111(Date signingTime, List<X509Certificate> certificates, String idValue, List<DataObjectFormatType> dataObjectFormats) throws QualifyingPropertiesException {
-
- GregorianCalendar gregorianCalendar = new GregorianCalendar();
- gregorianCalendar.setTimeZone(TimeZone.getTimeZone("UTC"));
- gregorianCalendar.setTime(signingTime);
-
- SignedSignaturePropertiesType signedSignaturePropertiesType = qpFactory.createSignedSignaturePropertiesType();
-
- // SigningTime
- XMLGregorianCalendar xmlGregorianCalendar = datatypeFactory.newXMLGregorianCalendar(gregorianCalendar);
- xmlGregorianCalendar.setFractionalSecond(null);
- signedSignaturePropertiesType.setSigningTime(xmlGregorianCalendar);
-
- // SigningCertificate
- CertIDListType certIDListType = qpFactory.createCertIDListType();
- List<CertIDType> certIDs = certIDListType.getCert();
-
- for (X509Certificate certificate : certificates) {
-
- CertIDType certIDType = qpFactory.createCertIDType();
- certIDType.setCertDigest(createDigestAlgAndValueType(certificate));
- certIDType.setIssuerSerial(createX509IssuerSerialType(certificate));
-
- certIDs.add(certIDType);
-
- }
- signedSignaturePropertiesType.setSigningCertificate(certIDListType);
-
- // SignaturePolicy
- SignaturePolicyIdentifierType signaturePolicyIdentifierType = qpFactory.createSignaturePolicyIdentifierType();
- signaturePolicyIdentifierType.setSignaturePolicyImplied(new SignaturePolicyIdentifierType.SignaturePolicyImplied());
- signedSignaturePropertiesType.setSignaturePolicyIdentifier(signaturePolicyIdentifierType);
-
- // SignedProperties
- SignedPropertiesType signedPropertiesType = qpFactory.createSignedPropertiesType();
- signedPropertiesType.setSignedSignatureProperties(signedSignaturePropertiesType);
-
- // DataObjectFormat
- if (dataObjectFormats != null && !dataObjectFormats.isEmpty()) {
- SignedDataObjectPropertiesType signedDataObjectPropertiesType = qpFactory.createSignedDataObjectPropertiesType();
- List<DataObjectFormatType> dataObjectFormatTypes = signedDataObjectPropertiesType.getDataObjectFormat();
- dataObjectFormatTypes.addAll(dataObjectFormats);
- signedPropertiesType.setSignedDataObjectProperties(signedDataObjectPropertiesType);
- }
-
- signedPropertiesType.setId(idValue);
-
- // QualifyingProperties
- QualifyingPropertiesType qualifyingPropertiesType = qpFactory.createQualifyingPropertiesType();
- qualifyingPropertiesType.setSignedProperties(signedPropertiesType);
-
- return qpFactory.createQualifyingProperties(qualifyingPropertiesType);
-
- }
-
- public void marshallQualifyingProperties(JAXBElement<QualifyingPropertiesType> qualifyingProperties, Node parent) throws JAXBException {
-
- try {
- Marshaller marshaller = jaxbContext.createMarshaller();
-
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
-
- marshaller.marshal(qualifyingProperties, parent);
- } catch (PropertyException e) {
- throw new RuntimeException(e);
- }
-
- }
-
-}
+package at.gv.egiz.xades; + +import at.gv.egiz.marshal.MarshallerFactory; +import at.gv.egiz.marshal.NamespacePrefixMapperImpl; +import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.List; +import java.util.TimeZone; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.bind.PropertyException; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.datatype.DatatypeConfigurationException; +import javax.xml.datatype.DatatypeFactory; +import javax.xml.datatype.XMLGregorianCalendar; + +import org.etsi.uri._01903.v1_1.CertIDListType; +import org.etsi.uri._01903.v1_1.CertIDType; +import org.etsi.uri._01903.v1_1.DataObjectFormatType; +import org.etsi.uri._01903.v1_1.DigestAlgAndValueType; +import org.etsi.uri._01903.v1_1.QualifyingPropertiesType; +import org.etsi.uri._01903.v1_1.SignaturePolicyIdentifierType; +import org.etsi.uri._01903.v1_1.SignedDataObjectPropertiesType; +import org.etsi.uri._01903.v1_1.SignedPropertiesType; +import org.etsi.uri._01903.v1_1.SignedSignaturePropertiesType; +import org.w3._2000._09.xmldsig_.DigestMethodType; +import org.w3._2000._09.xmldsig_.X509IssuerSerialType; +import org.w3c.dom.Node; + +public class QualifyingPropertiesFactory { + + public static String NS_URI_V1_1_1 = "http://uri.etsi.org/01903/v1.1.1#"; + + public static String SIGNED_PROPERTIES_REFERENCE_TYPE_V1_1_1 = NS_URI_V1_1_1 + "SignedProperties"; + + private static QualifyingPropertiesFactory instance; + + /** + * The <code>JAXBContext</code>. + */ + private static JAXBContext jaxbContext; + + public static synchronized QualifyingPropertiesFactory getInstance() { + if (instance == null) { + instance = new QualifyingPropertiesFactory(); + } + return instance; + } + + private DatatypeFactory datatypeFactory; + + private org.etsi.uri._01903.v1_1.ObjectFactory qpFactory; + + private org.w3._2000._09.xmldsig_.ObjectFactory dsFactory; + + public QualifyingPropertiesFactory() { + + try { + datatypeFactory = DatatypeFactory.newInstance(); + } catch (DatatypeConfigurationException e) { + throw new RuntimeException(e); + } + + qpFactory = new org.etsi.uri._01903.v1_1.ObjectFactory(); + + dsFactory = new org.w3._2000._09.xmldsig_.ObjectFactory(); + + StringBuffer packageNames = new StringBuffer(); + + packageNames.append(org.etsi.uri._01903.v1_1.ObjectFactory.class.getPackage().getName()); + packageNames.append(":"); + packageNames.append(org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName()); + + try { + jaxbContext = JAXBContext.newInstance(packageNames.toString()); + } catch (JAXBException e) { + // we should not get an JAXBException initializing the JAXBContext + throw new RuntimeException(e); + } + + } + + public DigestAlgAndValueType createDigestAlgAndValueType(X509Certificate certificate) throws QualifyingPropertiesException { + + DigestMethodType digestMethodType = dsFactory.createDigestMethodType(); + digestMethodType.setAlgorithm(DigestMethod.SHA1); + + byte[] digest; + try { + MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); + digest = messageDigest.digest(certificate.getEncoded()); + } catch (CertificateEncodingException e) { + throw new QualifyingPropertiesException(e); + } catch (NoSuchAlgorithmException e) { + throw new QualifyingPropertiesException(e); + } + + DigestAlgAndValueType digestAlgAndValueType = qpFactory.createDigestAlgAndValueType(); + digestAlgAndValueType.setDigestMethod(digestMethodType); + digestAlgAndValueType.setDigestValue(digest); + + return digestAlgAndValueType; + + } + + public X509IssuerSerialType createX509IssuerSerialType(X509Certificate certificate) { + + String name = certificate.getIssuerX500Principal().getName("RFC2253"); + BigInteger serialNumber = certificate.getSerialNumber(); + + X509IssuerSerialType issuerSerialType = dsFactory.createX509IssuerSerialType(); + issuerSerialType.setX509IssuerName(name); + issuerSerialType.setX509SerialNumber(serialNumber); + + return issuerSerialType; + + } + + public DataObjectFormatType createDataObjectFormatType(String objectReference, String mimeType, String description) { + + DataObjectFormatType dataObjectFormatType = qpFactory.createDataObjectFormatType(); + dataObjectFormatType.setObjectReference(objectReference); + + if (mimeType != null) { + dataObjectFormatType.setMimeType(mimeType); + } + if (description != null) { + dataObjectFormatType.setDescription(description); + } + + return dataObjectFormatType; + } + + public JAXBElement<QualifyingPropertiesType> createQualifyingProperties111(Date signingTime, List<X509Certificate> certificates, String idValue, List<DataObjectFormatType> dataObjectFormats) throws QualifyingPropertiesException { + + GregorianCalendar gregorianCalendar = new GregorianCalendar(); + gregorianCalendar.setTimeZone(TimeZone.getTimeZone("UTC")); + gregorianCalendar.setTime(signingTime); + + SignedSignaturePropertiesType signedSignaturePropertiesType = qpFactory.createSignedSignaturePropertiesType(); + + // SigningTime + XMLGregorianCalendar xmlGregorianCalendar = datatypeFactory.newXMLGregorianCalendar(gregorianCalendar); + xmlGregorianCalendar.setFractionalSecond(null); + signedSignaturePropertiesType.setSigningTime(xmlGregorianCalendar); + + // SigningCertificate + CertIDListType certIDListType = qpFactory.createCertIDListType(); + List<CertIDType> certIDs = certIDListType.getCert(); + + for (X509Certificate certificate : certificates) { + + CertIDType certIDType = qpFactory.createCertIDType(); + certIDType.setCertDigest(createDigestAlgAndValueType(certificate)); + certIDType.setIssuerSerial(createX509IssuerSerialType(certificate)); + + certIDs.add(certIDType); + + } + signedSignaturePropertiesType.setSigningCertificate(certIDListType); + + // SignaturePolicy + SignaturePolicyIdentifierType signaturePolicyIdentifierType = qpFactory.createSignaturePolicyIdentifierType(); + signaturePolicyIdentifierType.setSignaturePolicyImplied(new SignaturePolicyIdentifierType.SignaturePolicyImplied()); + signedSignaturePropertiesType.setSignaturePolicyIdentifier(signaturePolicyIdentifierType); + + // SignedProperties + SignedPropertiesType signedPropertiesType = qpFactory.createSignedPropertiesType(); + signedPropertiesType.setSignedSignatureProperties(signedSignaturePropertiesType); + + // DataObjectFormat + if (dataObjectFormats != null && !dataObjectFormats.isEmpty()) { + SignedDataObjectPropertiesType signedDataObjectPropertiesType = qpFactory.createSignedDataObjectPropertiesType(); + List<DataObjectFormatType> dataObjectFormatTypes = signedDataObjectPropertiesType.getDataObjectFormat(); + dataObjectFormatTypes.addAll(dataObjectFormats); + signedPropertiesType.setSignedDataObjectProperties(signedDataObjectPropertiesType); + } + + signedPropertiesType.setId(idValue); + + // QualifyingProperties + QualifyingPropertiesType qualifyingPropertiesType = qpFactory.createQualifyingPropertiesType(); + qualifyingPropertiesType.setSignedProperties(signedPropertiesType); + + return qpFactory.createQualifyingProperties(qualifyingPropertiesType); + + } + + public void marshallQualifyingProperties(JAXBElement<QualifyingPropertiesType> qualifyingProperties, Node parent) throws JAXBException { + + try { + Marshaller marshaller = MarshallerFactory.createMarshaller(jaxbContext, true); + + marshaller.marshal(qualifyingProperties, parent); + } catch (PropertyException e) { + throw new RuntimeException(e); + } + + } + +} |