1 files changed, 114 insertions, 82 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 489a24675..80b1547c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -1,54 +1,77 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
 package at.gv.egovernment.moa.id.auth.servlet;
 
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
 
 /**
  * Servlet requested for getting the foreign eID
@@ -58,11 +81,11 @@ import at.gv.egovernment.moa.logging.Logger;
  */
 public class VerifyCertificateServlet extends AuthServlet {
 
-  /**
-	 * 
-	 */
-	private static final long serialVersionUID = -4110159749768152538L;
-
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = -4110159749768152538L;
+
 /**
    * Constructor for VerifyCertificateServlet.
    */
@@ -107,8 +130,8 @@ public class VerifyCertificateServlet extends AuthServlet {
 		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
 		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-		
-		String pendingRequestID = null;
+		
+		String pendingRequestID = null;
 		
 		Map<String, String> parameters;
 	    try 
@@ -123,8 +146,8 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    
 	    // escape parameter strings
 		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-		
-		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		
+		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
 		
 	    AuthenticationSession session = null;
 	    try {
@@ -141,25 +164,34 @@ public class VerifyCertificateServlet extends AuthServlet {
     			throw new AuthenticationException("auth.14", null);    		
     		}
     		
-	    	boolean useMandate = session.getUseMandate();
-	    	
+	    	boolean useMandate = session.getUseMandate();
+	    	
 	    	
 	    	if (useMandate) {
-
-	    		// verify certificate for OrganWalter
-	    		String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
-	    		
-		    	try {
-					AuthenticationSessionStoreage.storeSession(session);
-				} catch (MOADatabaseException e) {
-					throw new MOAIDException("session store error", null);
-				}
-	    		
+
+	    		// verify certificate for OrganWalter
+	    		String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+	    		
+		    	try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("session store error", null);
+				}
+	    		
 	    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
 	    	}
 	    	else {
+	    			
+		    	
+	    		String countrycode = CertificateUtils.getIssuerCountry(cert);
+	    		if (countrycode != null) {
+	    			if (countrycode.compareToIgnoreCase("AT") == 0) {
+	    				Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
+	    				throw new AuthenticationException("auth.22", null);
+	    			}
+	    		}
+	    		
 	    		// Foreign Identities Modus	
-		    	
 		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
 		      // build dataurl (to the GetForeignIDSerlvet)
 		    	String dataurl =
@@ -167,12 +199,12 @@ public class VerifyCertificateServlet extends AuthServlet {
 	               session.getAuthURL(),
 	               REQ_GET_FOREIGN_ID,
 	               session.getSessionID());
-	       
-		    	try {
-					AuthenticationSessionStoreage.storeSession(session);
-				} catch (MOADatabaseException e) {
-					throw new MOAIDException("session store error", null);
-				}
+	       
+		    	try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("session store error", null);
+				}
 		    	
 		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 		    	
@@ -180,13 +212,13 @@ public class VerifyCertificateServlet extends AuthServlet {
 		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
 	    	}	    		    	 
 	    }
-	    catch (MOAIDException ex) {
+	    catch (MOAIDException ex) {
 
 	      handleError(null, ex, req, resp, pendingRequestID);
-	    }
-	    
-	    finally {
-	    	ConfigurationDBUtils.closeSession();
+	    }
+	    
+	    finally {
+	    	ConfigurationDBUtils.closeSession();
 	    }
   }