aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java112
1 files changed, 101 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index f7f9d8fed..17cbe7a3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -24,26 +24,40 @@
package at.gv.egovernment.moa.id.auth.servlet;
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
import java.io.IOException;
+import java.security.GeneralSecurityException;
import java.util.Map;
+import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.URLEncoder;
/**
@@ -143,27 +157,31 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String samlArtifactBase64 =
AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+
if (samlArtifactBase64 == null) {
//mandate Mode
+
+ callMISService(session, req, resp);
- Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+ //Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
- String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+ //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
// build dataurl
- String dataurl =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_VERIFY_CERTIFICATE,
- session.getSessionID());
+// String dataurl =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// REQ_VERIFY_CERTIFICATE,
+// session.getSessionID());
//Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
//ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
- Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+ //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+ //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
}
+
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
@@ -187,6 +205,78 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
}
+
+ /**
+ * Calls the MIS Service
+ * @param session
+ * @throws IOException
+ */
+ private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException {
+
+ try {
+ AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+
+ // get identitity link as byte[]
+ Element elem = session.getIdentityLink().getSamlAssertion();
+ String s = DOMUtils.serializeNode(elem);
+
+ System.out.println("IDL: " + s);
+
+ byte[] idl = s.getBytes();
+
+ // redirect url
+ // build redirect(to the GetMISSessionIdSerlvet)
+ String redirectURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ GET_MIS_SESSIONID,
+ session.getSessionID());
+
+ String oaURL = session.getOAURLRequested();
+ OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+ String profiles = oaParam.getMandateProfiles();
+
+ if (profiles == null) {
+ Logger.error("No Mandate/Profile for OA configured.");
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ }
+
+ String profilesArray[] = profiles.split(",");
+ for(int i = 0; i < profilesArray.length; i++) {
+ profilesArray[i] = profilesArray[i].trim();
+ }
+
+ String oaFriendlyName = oaParam.getFriendlyName();
+ String mandateReferenceValue = session.getMandateReferenceValue();
+ X509Certificate cert = session.getSignerCertificate();
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
+ String redirectMISGUI = misSessionID.getRedirectURL();
+
+ if (misSessionID == null) {
+ Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+ throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+ }
+
+ session.setMISSessionID(misSessionID.getSessiondId());
+
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectMISGUI);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp);
+ } catch (TransformerException e) {
+ handleError(null, e, req, resp);
+ }
+ }
/**
* Adds a parameter to a URL.
* @param url the URL
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 00:26:06 +0000