aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java225
1 files changed, 225 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
new file mode 100644
index 000000000..9d26ded8a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -0,0 +1,225 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.List;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class GetMISSessionIDServlet extends AuthServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4666952867085392597L;
+
+/**
+ * Constructor for GetMISSessionIDServlet.
+ */
+ public GetMISSessionIDServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doPost(req, resp);
+
+// Logger.debug("GET GetMISSessionIDServlet");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ }
+
+ /**
+ * Gets the signer certificate from the InfoboxReadRequest and
+ * responds with a new
+ * <code>CreateXMLSignatureRequest</code>.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST GetMISSessionIDServlet");
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+// Map parameters;
+// try
+// {
+// parameters = getParameters(req);
+// } catch (FileUploadException e)
+// {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// }
+
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+ AuthenticationSession session = null;
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+
+ session = AuthenticationServer.getSession(sessionID);
+
+ String misSessionID = session.getMISSessionID();
+
+ AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+
+ List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
+
+ if (list == null) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+ if (list.size() == 0) {
+ Logger.error("Keine Vollmacht gefunden.");
+ throw new MISSimpleClientException("Keine Vollmacht gefunden");
+ }
+
+ // for now: list contains only one element
+ MISMandate mandate = (MISMandate)list.get(0);
+
+ // verify mandate signature
+ AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
+
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+ //session.setMandateElem(mandateDoc.getDocumentElement());
+
+ String redirectURL = null;
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc);
+
+
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp);
+ } catch (SAXException e) {
+ handleError(null, e, req, resp);
+ } catch (ParserConfigurationException e) {
+ handleError(null, e, req, resp);
+ }
+ }
+
+ /**
+ * Adds a parameter to a URL.
+ * @param url the URL
+ * @param paramname parameter name
+ * @param paramvalue parameter value
+ * @return the URL with parameter added
+ */
+ private static String addURLParameter(String url, String paramname, String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 12:26:02 +0000