aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-01-27 08:18:03 +0000
committerkstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>2012-01-27 08:18:03 +0000
commitd89d097cf6ae5f044e592d747a25395a06f95168 (patch)
tree7ebd79687a04b76dfe69378aa654dbc521d49e44 /id/server
parenta9b2e962d2853b74d314cb9f614cab446a7134c0 (diff)
downloadmoa-id-spss-d89d097cf6ae5f044e592d747a25395a06f95168.tar.gz
moa-id-spss-d89d097cf6ae5f044e592d747a25395a06f95168.tar.bz2
moa-id-spss-d89d097cf6ae5f044e592d747a25395a06f95168.zip
* Update Mindestanforderung JDK für Online-Vollmachten
* Update Online-Vollmachten-Ablauf git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1234 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server')
-rw-r--r--id/server/doc/moa_id/id-admin.htm3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java105
2 files changed, 76 insertions, 32 deletions
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 7d014299e..98f1e2cd0 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -111,11 +111,12 @@ Die Basis-Installation stellt einerseits die minimalen Anforderungen f&uuml;r de
Folgende Software ist Voraussetzung f&uuml;r die Basis-Installation:
<ul>
-<li>JDK 1.4.0, JDK 1.4.2, JDK 1.5.0 oder JDK 1.6</li>
+<li>JDK 1.4.0, JDK 1.4.2, JDK 1.5.0 oder JDK 1.6*)</li>
<li>Tomcat 4.1.31, Tomcat 5.0.28, Tomcat 5.5 oder Tomcat 6</li>
<li>MOA-ID-AUTH 1.5 </li>
<li>MOA SP/SS 1.5 oder neuer (entweder als WebService oder direkt als interne Bibliothek)</li>
</ul>
+<p>*) F&uuml;r den Online-Vollmachten-Modus m&uuml;ssen zumindest JDK 6 Update 22, JDK 5 Update 26 oder JDK 1.4.2 Update 28 eingesetzt werden. </p>
</div>
<div id="block">
Um m&ouml;glichen Versionskonflikten aus dem Weg zu gehen sollten stets die neuesten Versionen von MOA-ID als auch von MOA-SP/SS verwendet werden. <br/>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 17cbe7a3d..5ae508358 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -161,47 +161,90 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
if (samlArtifactBase64 == null) {
//mandate Mode
- callMISService(session, req, resp);
-
- //Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
-
- //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+ AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+
+ // get identitity link as byte[]
+ Element elem = session.getIdentityLink().getSamlAssertion();
+ String s = DOMUtils.serializeNode(elem);
+
+ //System.out.println("IDL: " + s);
+
+ byte[] idl = s.getBytes();
+
+ // redirect url
+ // build redirect(to the GetMISSessionIdSerlvet)
+ redirectURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ GET_MIS_SESSIONID,
+ session.getSessionID());
+
+ String oaURL = session.getOAURLRequested();
+ OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+ String profiles = oaParam.getMandateProfiles();
- // build dataurl
-// String dataurl =
-// new DataURLBuilder().buildDataURL(
-// session.getAuthURL(),
-// REQ_VERIFY_CERTIFICATE,
-// session.getSessionID());
-
-
- //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
- //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
- //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
- //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+ if (profiles == null) {
+ Logger.error("No Mandate/Profile for OA configured.");
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ }
+
+ String profilesArray[] = profiles.split(",");
+ for(int i = 0; i < profilesArray.length; i++) {
+ profilesArray[i] = profilesArray[i].trim();
+ }
+
+ String oaFriendlyName = oaParam.getFriendlyName();
+ String mandateReferenceValue = session.getMandateReferenceValue();
+ X509Certificate cert = session.getSignerCertificate();
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
+ String redirectMISGUI = misSessionID.getRedirectURL();
+
+ if (misSessionID == null) {
+ Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+ throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+ }
+
+ session.setMISSessionID(misSessionID.getSessiondId());
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectMISGUI);
+ Logger.debug("REDIRECT TO: " + redirectURL);
}
+ else {
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- }
- resp.setContentType("text/html");
- resp.setStatus(302);
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ }
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
+ } catch (GeneralSecurityException e) {
+ handleError(null, e, req, resp);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp);
+ } catch (TransformerException e) {
+ handleError(null, e, req, resp);
}
}