aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Knall <t.knall@datentechnik-innovation.com>2015-01-22 15:18:51 +0100
committerThomas Knall <t.knall@datentechnik-innovation.com>2015-01-22 15:41:22 +0100
commit3a00ce9f1f9589f1e97ecd78154f024146ef83d0 (patch)
treed1997efe151555218b324a71a016487da1cdc770 /id/server
parentad40ae9233c5f2a32c983962d655e686af546677 (diff)
downloadmoa-id-spss-3a00ce9f1f9589f1e97ecd78154f024146ef83d0.tar.gz
moa-id-spss-3a00ce9f1f9589f1e97ecd78154f024146ef83d0.tar.bz2
moa-id-spss-3a00ce9f1f9589f1e97ecd78154f024146ef83d0.zip
Refactor VerifyIdentityLinkTask.
- Prevent redundant code. - Store moa session before sending response. - Update javadoc for AuthenticationServer
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java134
2 files changed, 61 insertions, 100 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 0b4b6b4af..b412b9964 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -311,27 +311,28 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
- * security layer implementation.<br>
+ * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the security layer implementation.<br>
* <ul>
* <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Parses identity link enclosed in
- * <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code></li>
* <li>Verifies identity link by calling the MOA SP component</li>
* <li>Checks certificate authority of identity link</li>
* <li>Stores identity link in the session</li>
* <li>Verifies all additional infoboxes returned from the BKU</li>
* <li>Creates an authentication block to be signed by the user</li>
- * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * containg the authentication block, meant to be returned to the security
- * layer implementation</li>
+ * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code> containg the authentication block, meant
+ * to be returned to the security layer implementation</li>
* </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param infoboxReadResponseParameters The parameters from the response returned from the BKU
- * including the <code>&lt;InfoboxReadResponse&gt;</code>
- * @return String representation of the
- * <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ *
+ * @param sessionID
+ * ID of associated authentication session data
+ * @param infoboxReadResponseParameters
+ * The parameters from the response returned from the BKU including the
+ * <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return String "found!" in case the identity link could be retrieved and successfully validated, {@code null} in
+ * case the identity link could not be retrieved (indicates that the card did not contain an identity link
+ * which might indicate a foreign identity). Note that failing to parse or failing to validate the identity
+ * link results in an Exception being thrown.
* @throws BKUException
*/
public String verifyIdentityLink(AuthenticationSession session,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
index c24e42b3a..09dd9e1f7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
@@ -20,7 +20,6 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -76,6 +75,11 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
Logger.debug("POST VerifyIdentityLink");
+ resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+ resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+ resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+
Map<String, String> parameters;
String pendingRequestID = null;
@@ -85,111 +89,67 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
- resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
-
+
try {
+
+ String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+
// check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+ }
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
// change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session,
- parameters);
-
- Logger.debug(createXMLSignatureRequestOrRedirect);
-
- if (createXMLSignatureRequestOrRedirect == null) {
- // no identity link found
-
- boolean useMandate = session.getUseMandate();
- if (useMandate) {
- Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
- throw new AuthenticationException("auth.13", null);
- }
- // TODO[branch]: Foreign citizen; respond with IRR for certificates, dataURL = "/VerifyCertificate"
-
- try {
-
- Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
-
- // create the InfoboxReadRequest to get the certificate
- String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-
- // build dataurl (to the VerifyCertificateSerlvet)
- String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
- session.getSessionID());
+ boolean identityLinkFound = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
+ boolean useMandate = session.getUseMandate();
+
+ if (!identityLinkFound && useMandate) {
+ Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+ throw new AuthenticationException("auth.13", null);
+ }
+
+ if (!identityLinkFound || useMandate) {
+
+ // TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+ Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest,
- AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+ // create the InfoboxReadRequest to get the certificate
+ String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
- } catch (Exception e) {
- handleError(null, e, req, resp, pendingRequestID);
- }
+ // build dataurl (to the VerifyCertificateSerlvet)
+ String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
+ session.getSessionID());
+ AuthenticationSessionStoreage.storeSession(session);
+
+ ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest,
+ AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
} else {
- boolean useMandate = session.getUseMandate();
-
- if (useMandate) { // Mandate modus
-
- // TODO[branch]: Mandate; respond with IRR for certificates, dataURL = "/VerifyCertificate"
-
- // read certificate and set dataurl to
- Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
-
- String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+ Logger.info("Normal");
- // build dataurl (to the GetForeignIDSerlvet)
- String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
- session.getSessionID());
+ // TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
- // Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
- // ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest,
- // AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest,
- AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+ String createXMLSignatureRequest = AuthenticationServer.getInstance()
+ .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
- } else {
- Logger.info("Normal");
-
- // TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL
- // "/VerifyAuthBlock"
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
-
- createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance()
- .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
-
- ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
- createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
- "VerifyIdentityLink");
- }
- }
-
- try {
AuthenticationSessionStoreage.storeSession(session);
-
- } catch (MOADatabaseException e) {
- Logger.info("No valid MOA session found. Authentification process is abourted.");
- throw new AuthenticationException("auth.20", null);
+
+ ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
+ createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
+ "VerifyIdentityLink");
}
+
} catch (ParseException ex) {
handleError(null, ex, req, resp, pendingRequestID);