1 files changed, 286 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
new file mode 100644
index 000000000..c9c1e794d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -0,0 +1,286 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.axis.encoding.Base64;
+import org.apache.commons.fileupload.FileUploadException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class VerifyCertificateServlet extends AuthServlet {
+
+  /**
+   * Constructor for VerifyCertificateServlet.
+   */
+  public VerifyCertificateServlet() {
+    super();
+  }
+
+  /**
+   * GET requested by security layer implementation to verify
+   * that data URL resource is available.
+   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException { 
+    	
+		Logger.debug("GET VerifyCertificateServlet");
+		
+		
+  }
+
+  /**
+   * Gets the signer certificate from the InfoboxReadRequest and 
+   * responds with a new 
+   * <code>CreateXMLSignatureRequest</code>.
+   * <br>
+   * Request parameters:
+   * <ul>
+   * <li>MOASessionID: ID of associated authentication session</li>
+   * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+   * </ul>
+   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException {
+
+		Logger.debug("POST VerifyCertificateServlet");
+		
+		Map parameters;
+	    try 
+	    {
+	      parameters = getParameters(req);
+	    } catch (FileUploadException e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	     	}
+	    //@TODO Parameter
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    AuthenticationSession session = null;
+	    try {
+	       // check parameter
+	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	          throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+	       
+	    	session = AuthenticationServer.getSession(sessionID);
+	    	
+	    	X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+	    	
+	    	System.out.println(cert);
+	    	
+	    	String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert);
+
+	    	System.out.println(createXMLSignatureRequest);
+	    	
+	      // build dataurl (to the GetForeignIDSerlvet)
+       String dataurl =
+             new DataURLBuilder().buildDataURL(
+               session.getAuthURL(),
+               REQ_GET_FOREIGN_ID,
+               session.getSessionID());
+       
+       ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+	    	
+	    	
+//       Logger.debug("Send CreateXMLSignatureRequest to BKU");
+//       String keyboxIdentifier = "SecureSignatureKeypair";
+//       //String keyboxIdentifier = "CertifiedKeypair";             
+//       String xmlContent = "<html xmlns=\"http://www.w3.org/1999/xhtml\"> " +
+//          "<head><title>CreateXMLSignatureRequest</title>" + 
+//          "<style type=\"text/css\"/></head>" +
+//           "<body>" +
+//           "<p>I hereby request to access this e-government application by using my " +
+//           "domestic electronic identity. </p>" +
+//           "<p>I further affirm that I am not yet registered with the Austrian Central " + 
+//           "Residents Registry and that I am not obliged to register with the Austrian " + 
+//           "Central Residents Registry according to Austrian law.</p>" + 
+//           "<p>In the event I am not yet registered with the Supplementary Register, I " + 
+//           "explicitly grant to do so according to �6 (5) E-Government Act (EGovG, idF: " +
+//           "BGBl. I Nr.  7/2008 und BGBl. I Nr. 59/2008).</p>" +
+//          "</body></html>";
+//    
+//       // create the CreateXMLSignatureRequest
+//       String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilderForeign().build(
+//             keyboxIdentifier,
+//             xmlContent);
+//       
+//       // build dataurl (to the GetForeignIDSerlvet)
+//       String dataurl =
+//             new DataURLBuilder().buildDataURL(
+//               session.getAuthURL(),
+//               REQ_GET_FOREIGN_ID,
+//               session.getSessionID());
+//       
+//       ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+//       
+	    	
+			    		      
+	    }
+	    catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp);
+	    } 
+  }
+    
+  /**
+   * Adds a parameter to a URL.
+   * @param url the URL
+   * @param paramname parameter name
+   * @param paramvalue parameter value
+   * @return the URL with parameter added
+   */
+  private static String addURLParameter(String url, String paramname, String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+  	if (url.indexOf("?") < 0)
+	  	return url + "?" + param;
+  	else
+  		return url + "&" + param;
+  }
+  
+  /**
+   * Does the request to the SZR-GW
+   * @param givenname
+   * @param familyname
+   * @param dateofbirth
+   * @return Identity link assertion
+ * @throws SZRGWClientException 
+   */
+  /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
+     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+
+    SZRGWClient client = new SZRGWClient();
+      
+    try {
+    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
+    	Logger.debug("Connection Parameters: " + connectionParameters);
+      client.setAddress(connectionParameters.getUrl());
+      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+         Logger.debug("Initialisiere SSL Verbindung");
+         try {
+            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+         } catch (IOException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+         } catch (GeneralSecurityException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+         } catch (PKIException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+         }
+       }
+       
+       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+      
+   
+    }
+   catch (ConfigurationException e) {
+      Logger.warn(e);
+      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+
+    }
+    	// create request
+    	Document doc = buildGetIdentityLinkRequest(cert);
+    	Element request = doc.getDocumentElement();
+    	CreateIdentityLinkResponse response = null;
+   
+    //try {
+        response = client.createIdentityLinkResponse(request);
+    //} catch (SZRGWClientException e) {
+        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+      //  client = new SZRGWClient(url);
+      //  response = client.createIdentityLinkResponse(request);
+   // }
+   	 
+        
+	return response.getAssertion();
+	
+  }
+  
+  /**
+   * Builds the szrgw:GetIdentityLinkRequest f�r the SZR-GW
+   * @param givenname
+   * @param familyname
+   * @param birthday
+   * @return
+   */
+  private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+	  
+	  try {
+		  	byte[] certbyte = cert.getEncoded();
+		  	String certstring = Base64.encode(certbyte); 
+	      
+			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+			factory.setNamespaceAware(true);
+	        DocumentBuilder builder = factory.newDocumentBuilder();
+	        Document doc = builder.newDocument();
+	        
+	        Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+	        doc.appendChild(getIdentityLink);
+	        
+	        Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+	        getIdentityLink.appendChild(x509certificate);
+	        Text certbase64 = doc.createTextNode(certstring);
+	        x509certificate.appendChild(certbase64);
+	                          
+	        return doc;
+	    } catch (ParserConfigurationException e) {
+	    	e.printStackTrace();
+	    } catch (CertificateEncodingException e) {
+			e.printStackTrace();
+		}
+	    return null;
+	
+	}
+  
+    /**
+   * Checks a parameter.
+   * @param param parameter
+   * @return true if the parameter is null or empty
+   */
+  private boolean isEmpty(String param) {
+    return param == null || param.length() == 0;
+  }
+ 
+}