aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java321
1 files changed, 168 insertions, 153 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index a74635232..d41d20def 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -21,9 +21,8 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
+package at.gv.egovernment.moa.id.auth.servlet;
-package at.gv.egovernment.moa.id.auth.servlet;
-
import iaik.pki.PKIException;
import java.io.IOException;
@@ -59,166 +58,182 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.URLEncoder;
-
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- */
-public class GetMISSessionIDServlet extends AuthServlet {
-
- /**
+
+/**
+ * Servlet requested for getting the foreign eID provided by the security layer
+ * implementation. Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class GetMISSessionIDServlet extends AuthServlet {
+
+ /**
*
*/
private static final long serialVersionUID = 4666952867085392597L;
-/**
- * Constructor for GetMISSessionIDServlet.
- */
- public GetMISSessionIDServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doPost(req, resp);
-
-// Logger.debug("GET GetMISSessionIDServlet");
-//
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Gets the signer certificate from the InfoboxReadRequest and
- * responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST GetMISSessionIDServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-// Map parameters;
-// try
-// {
-// parameters = getParameters(req);
-// } catch (FileUploadException e)
-// {
-// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-// throw new IOException(e.getMessage());
-// }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- AuthenticationSession session = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- String misSessionID = session.getMISSessionID();
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
-
- if (list == null) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
-
- // for now: list contains only one element
- MISMandate mandate = (MISMandate)list.get(0);
-
-
- // verify mandate signature
- AuthenticationServer.getInstance().verifyMandate(session, mandate);
-
- byte[] byteMandate = mandate.getMandate();
- String stringMandate = new String(byteMandate);
- Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
-
- //TODO OW bPK (Offen: was bei saml:NameIdentifier NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute AttributeName="bPK" )
- System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK());
- // TODO wenn OW bPK vorhanden - in SAML Assertion setzen!
-
- String redirectURL = null;
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(session, mandateDoc);
-
-
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
-// redirectURL = session.getOAURLRequested();
-//
-// if (!session.getBusinessService()) {
-// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
-// }
-//
-// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
-// redirectURL = resp.encodeRedirectURL(redirectURL);
-
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
- ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
-
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
-
+ /**
+ * Constructor for GetMISSessionIDServlet.
+ */
+ public GetMISSessionIDServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify that data URL
+ * resource is available.
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest,
+ * HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doPost(req, resp);
+
+ // Logger.debug("GET GetMISSessionIDServlet");
+ //
+ // resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ // resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ // resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ // resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ }
+
+ /**
+ * Gets the signer certificate from the InfoboxReadRequest and responds with
+ * a new <code>CreateXMLSignatureRequest</code>. <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest,
+ * HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST GetMISSessionIDServlet");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ // Map parameters;
+ // try
+ // {
+ // parameters = getParameters(req);
+ // } catch (FileUploadException e)
+ // {
+ // Logger.error("Parsing mulitpart/form-data request parameters failed: "
+ // + e.getMessage());
+ // throw new IOException(e.getMessage());
+ // }
+
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+ AuthenticationSession session = null;
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyCertificate",
+ PARAM_SESSIONID, "auth.12");
+
+ session = AuthenticationServer.getSession(sessionID);
+
+ String misSessionID = session.getMISSessionID();
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+ ConnectionParameter connectionParameters = authConf
+ .getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+ AuthConfigurationProvider.getInstance(),
+ connectionParameters);
+
+ List list = MISSimpleClient.sendGetMandatesRequest(
+ connectionParameters.getUrl(), misSessionID, sslFactory);
+
+ if (list == null) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+ if (list.size() == 0) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+
+ // for now: list contains only one element
+ MISMandate mandate = (MISMandate) list.get(0);
+
+ // verify mandate signature
+ AuthenticationServer.getInstance().verifyMandate(session, mandate);
+
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ Element mandateDoc = DOMUtils.parseDocument(stringMandate, false,
+ null, null).getDocumentElement();
+
+ // TODO OW bPK (Offen: was bei saml:NameIdentifier
+ // NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute
+ // AttributeName="bPK" )
+ System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK());
+ // TODO wenn OW bPK vorhanden - in SAML Assertion setzen!
+
+ String redirectURL = null;
+ String samlArtifactBase64 = AuthenticationServer.getInstance()
+ .verifyAuthenticationBlockMandate(session, mandateDoc);
+
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+
+ redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ // redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+ // URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ // redirectURL = addURLParameter(redirectURL,
+ // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64,
+ // "UTF-8"));
+ redirectURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(),
+ session.getAction()), samlArtifactBase64);
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
+ session.getSessionID());
+
}
resp.setContentType("text/html");
resp.setStatus(302);
-
- resp.addHeader("Location", redirectURL);
+
+ resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
-
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+
+ } catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp);
} catch (SAXException e) {
handleError(null, e, req, resp);
} catch (ParserConfigurationException e) {
handleError(null, e, req, resp);
- }
- }
-
-
-
- }
+ }
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 15:39:27 +0000