1 files changed, 52 insertions, 23 deletions

diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 50ef11f27..2c23254e4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -1,6 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
 
 import java.io.IOException;
 import java.util.Map;
@@ -9,23 +9,23 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * Verifies the identity link.<p/>
@@ -51,17 +51,16 @@ import at.gv.egovernment.moa.logging.Logger;
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
  */
+@Service("VerifyIdentityLinkTask")
 public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 
+	@Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
+	
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws TaskExecutionException {
 
-		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
-
-		Logger.debug("POST VerifyIdentityLink");
-
-		setNoCachingHeaders(resp);
+		Logger.debug("Receive VerifyIdentityLink Response");
 		
 		Map<String, String> parameters;
 
@@ -74,20 +73,50 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 		
 		try {
 			
-			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-			// check parameter
-			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
-				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+			String pendingRequestID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID));
+			
+			if (MiscUtil.isEmpty(pendingRequestID)) {				
+				Logger.info("No PendingRequestID received");
+				throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
 			}
-			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
-			IRequest pendingReq = RequestStorage.getPendingRequest(
-					(String) executionContext.get("pendingRequestID"));			
-			MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+			
+			IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);	
+		
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+				
+			}
+						
+			//change pending-request ID
+			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+									
+			AuthenticationSession moasession = null;;
+			try {			
+				moasession  = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+			
+				if (moasession == null) {
+					Logger.warn("MOASessionID is empty.");
+					throw new MOAIDException("auth.18", new Object[] {});
+				}
+				
+			} catch (MOADatabaseException e) {
+				Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+
+			} catch (Throwable e) {
+				Logger.info("No HTTP Session found!");
+				throw new MOAIDException("auth.18", new Object[] {});
+			}
+			
+		
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
 					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 			
-			boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null;
-			AuthenticationSessionStoreage.storeSession(session);
+			boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
+			
+			authenticatedSessionStorage.storeSession(moasession);
 
 			executionContext.put("identityLinkAvailable", identityLinkAvailable);