diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java | 100 |
1 files changed, 65 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index d41d20def..7d825da17 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -40,6 +40,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -174,47 +176,75 @@ public class GetMISSessionIDServlet extends AuthServlet { // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); - // verify mandate signature - AuthenticationServer.getInstance().verifyMandate(session, mandate); - - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, - null, null).getDocumentElement(); - + String sMandate = new String(mandate.getMandate()); + if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + Logger.error("Mandate is empty."); + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + // TODO OW bPK (Offen: was bei saml:NameIdentifier // NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute // AttributeName="bPK" ) System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); // TODO wenn OW bPK vorhanden - in SAML Assertion setzen! - String redirectURL = null; - String samlArtifactBase64 = AuthenticationServer.getInstance() - .verifyAuthenticationBlockMandate(session, mandateDoc); - - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, - // URLEncoder.encode(session.getTarget(), "UTF-8")); - } - // redirectURL = addURLParameter(redirectURL, - // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, - // "UTF-8")); - redirectURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), - session.getAction()), samlArtifactBase64); - redirectURL = resp.encodeRedirectURL(redirectURL); - - } else { - redirectURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), - AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, - session.getSessionID()); - - } + //check if it is a parsable XML + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + // extract RepresentationType + AuthenticationServer.getInstance().verifyMandate(session, mandate); + + session.setMISMandate(mandate); + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + String oldsessionID = session.getSessionID(); + + //Session is implicite stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + String redirectURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), + session.getAction()), newMOASessionID); + redirectURL = resp.encodeRedirectURL(redirectURL); + + +// String samlArtifactBase64 = AuthenticationServer.getInstance() +// .verifyAuthenticationBlockMandate(session, mandateDoc); + +// if (!samlArtifactBase64.equals("Redirect to Input Processor")) { +// +// redirectURL = session.getOAURLRequested(); +// if (!session.getBusinessService()) { +// // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// // URLEncoder.encode(session.getTarget(), "UTF-8")); +// } +// // redirectURL = addURLParameter(redirectURL, +// // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, +// // "UTF-8")); +// redirectURL = new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// ModulUtils.buildAuthURL(session.getModul(), +// session.getAction()), samlArtifactBase64); +// redirectURL = resp.encodeRedirectURL(redirectURL); +// +// } else { +// redirectURL = new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, +// session.getSessionID()); +// +// } + + resp.setContentType("text/html"); resp.setStatus(302); |