aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modul-citizencard_authentication
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-modul-citizencard_authentication')
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java297
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java63
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java43
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java3
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java70
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java142
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java (renamed from id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java)12
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java48
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java70
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java79
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java96
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java88
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java62
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java96
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java126
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java93
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java54
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java211
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java52
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java35
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java10
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider1
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml22
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml57
25 files changed, 578 insertions, 1254 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 11917d0c3..21e7f2027 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1,10 +1,6 @@
package at.gv.egovernment.moa.id.auth;
-import iaik.asn1.ObjectID;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionInitException;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -22,6 +18,8 @@ import javax.xml.transform.TransformerException;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.xpath.XPathAPI;
import org.opensaml.xml.util.Base64;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@@ -29,7 +27,6 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
@@ -62,8 +59,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -76,6 +72,9 @@ import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+import iaik.asn1.ObjectID;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
/**
* API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
@@ -85,24 +84,12 @@ import at.gv.egovernment.moa.util.StringUtils;
* @version $Id: AuthenticationServer.java 1273 2012-02-27 14:50:18Z kstranacher
* $
*/
+@Service("CitizenCardAuthenticationServer")
public class AuthenticationServer extends BaseAuthenticationServer {
- /**
- * single instance
- */
- private static AuthenticationServer instance;
-
- /**
- * Returns the single instance of <code>AuthenticationServer</code>.
- *
- * @return the single instance of <code>AuthenticationServer</code>
- */
- public static AuthenticationServer getInstance() {
- if (instance == null)
- instance = new AuthenticationServer();
- return instance;
- }
-
+ @Autowired private MOAReversionLogger revisionsLogger;
+ @Autowired private AuthConfiguration authConfig;
+
/**
* Constructor for AuthenticationServer.
*/
@@ -139,13 +126,14 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @param templateMandteURL URL providing an HTML template for the HTML form generated
* (for signing in mandates mode)
* @param req determines the protocol used
+ * @param pendingReq
* @param sourceID
* @return HTML form
* @throws AuthenticationException
* @see GetIdentityLinkFormBuilder
* @see InfoboxReadRequestBuilder
*/
- public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException,
+ public String startAuthentication(AuthenticationSession session, HttpServletRequest req, IRequest pendingReq) throws WrongParametersException,
AuthenticationException, ConfigurationException, BuildException {
if (session == null) {
@@ -153,40 +141,37 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
//load OnlineApplication configuration
- OAAuthParameter oaParam =
- AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()});
+ throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()});
//load Template
+ String templateURL = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class);
String template = null;
- if (session.getTemplateURL() != null) {
+ if (MiscUtil.isNotEmpty(templateURL)) {
try {
-
- template = new String(FileUtils.readURL(session.getTemplateURL()));
+ template = new String(FileUtils.readURL(templateURL));
+
} catch (IOException ex) {
throw new AuthenticationException("auth.03", new Object[]{
- session.getTemplateURL(), ex.toString()}, ex);
+ templateURL, ex.toString()}, ex);
+
}
+
+ } else {
+ throw new AuthenticationException("auth.04", new Object[]{
+ "SecurityLayerTemplate", "No template definde"});
+
}
String infoboxReadRequest = "";
-
- String domainIdentifier = AuthConfigurationProviderFactory.getInstance().getSSOTagetIdentifier().trim();
- if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) {
- //do not use SSO if no Target is set
- Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
- session.setSsoRequested(false);
-
- }
-
- if (session.isSsoRequested()) {
+ if (pendingReq.needSingleSignOnFunctionality()) {
Logger.info("SSO Login requested");
//load identityLink with SSO Target
boolean isbuisness = false;
-
+ String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
if (domainIdentifier.startsWith(PREFIX_WPBK)) {
-
isbuisness = true;
} else {
@@ -207,36 +192,19 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
-
+ //build DataURL for BKU request
String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
- .getSessionID());
+ pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID());
//removed in MOAID 2.0
String pushInfobox = "";
- // VerifyInfoboxParameters verifyInfoboxParameters = oaParam
- // .getVerifyInfoboxParameters();
- // if (verifyInfoboxParameters != null) {
- // pushInfobox = verifyInfoboxParameters.getPushInfobox();
- // session.setPushInfobox(pushInfobox);
- // }
-
- //build CertInfo request
- //removed in MOA-ID 2.0
- // String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
- // .build();
- // String certInfoDataURL = new DataURLBuilder()
- // .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
- // session.getSessionID());
-
//get Applet Parameters
String appletwidth = req.getParameter(PARAM_APPLET_WIDTH);
String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH);
appletheigth = StringEscapeUtils.escapeHtml(appletheigth);
appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
- //TODO: cleanup before MOA-ID 2.1 release
try {
String htmlForm = new GetIdentityLinkFormBuilder().build(template,
session.getBkuURL(), infoboxReadRequest, dataURL, null,
@@ -291,9 +259,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
// check if an identity link was found
// Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform
// (SL1.2))
@@ -323,7 +288,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
IdentityLinkValidator.getInstance().validate(identityLink);
// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .build(identityLink, authConf
+ .build(identityLink, authConfig
.getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore()));
// invokes the call
@@ -333,13 +298,12 @@ public class AuthenticationServer extends BaseAuthenticationServer {
VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
domVerifyXMLSignatureResponse).parseData();
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
// validates the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponseValidator.getInstance().validate(
verifyXMLSignatureResponse,
- authConf.getIdentityLinkX509SubjectNames(),
+ authConfig.getIdentityLinkX509SubjectNames(),
VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
oaParam);
@@ -349,7 +313,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
//Removed in MOA-ID 2.0
//verifyInfoboxes(session, infoboxReadResponseParameters, false);
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
return "found!";
@@ -379,15 +343,11 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String verifyCertificate(AuthenticationSession session,
+ public void verifyCertificate(AuthenticationSession session,
X509Certificate certificate, IRequest pendingReq) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, MOAIDException {
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
// check if person is a Organwalter
// if true - don't show bPK in AUTH Block
try {
@@ -403,16 +363,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
session.setOW(false);
}
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
- authConf, oaParam, pendingReq);
-
- return returnvalue;
}
/**
@@ -426,6 +376,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* layer implementation</li>
* </ul>
* @param pendingReq
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param infoboxReadResponseParameters The parameters from the response returned from the BKU
@@ -433,7 +384,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public void verifyMandate(AuthenticationSession session, MISMandate mandate)
+ public void verifyMandate(IRequest pendingReq, AuthenticationSession session, MISMandate mandate)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ValidateException, ServiceException {
@@ -441,9 +392,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
throw new AuthenticationException("auth.10", new Object[]{
GET_MIS_SESSIONID, PARAM_SESSIONID});
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
try {
// sets the extended SAML attributes for OID (Organwalter)
setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
@@ -470,8 +419,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
/**
* @param session
- * @param authConf
- * @param oaParam
* @param pendingReq
* @return
* @throws ConfigurationException
@@ -479,26 +426,16 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @throws ValidateException
*/
public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
- AuthenticationSession session, AuthConfiguration authConf,
- OAAuthParameter oaParam, IRequest pendingReq) throws ConfigurationException,
+ AuthenticationSession session, IRequest pendingReq) throws ConfigurationException,
BuildException, ValidateException {
- // // check for intermediate processing of the infoboxes
- // if (session.isValidatorInputPending())
- // return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = AuthConfigurationProviderFactory.getInstance();
- if (oaParam == null)
- oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq);
// builds the <CreateXMLSignatureRequest>
- List<String> transformsInfos = authConf.getTransformsInfos();
+ List<String> transformsInfos = authConfig.getTransformsInfos();
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
.build(authBlock, oaParam.getKeyBoxIdentifier(),
@@ -511,112 +448,26 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* <ul>
* <li>Creates an CreateXMLSignatureRequest to be signed by the user</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param cert The certificate from the user
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String createXMLSignatureRequestForeignID(AuthenticationSession session,
+ public String createXMLSignatureRequestForeignID(IRequest pendingReq,
X509Certificate cert) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException {
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
- cert);
- }
-
- public String getCreateXMLSignatureRequestForeigID(
- AuthenticationSession session, AuthConfiguration authConf,
- OAAuthParameter oaParam, X509Certificate cert)
- throws ConfigurationException {
-
- // // check for intermediate processing of the infoboxes
- // if (session.isValidatorInputPending())
- // return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = AuthConfigurationProviderFactory.getInstance();
- if (oaParam == null)
- oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
-
Principal subject = cert.getSubjectDN();
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
- .buildForeignID(subject.toString(), oaParam, session);
+ .buildForeignID(subject.toString(), pendingReq);
return createXMLSignatureRequest;
+
}
-// /**
-// * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
-// * security layer implementation.<br>
-// * <ul>
-// * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
-// * <li>Parses response enclosed in
-// * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
-// * <li>Verifies signature by calling the MOA SP component</li>
-// * <li>Returns the signer certificate</li>
-// * </ul>
-// *
-// * @param sessionID ID of associated authentication session data
-// * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU
-// * including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
-// * @throws BKUException
-// */
-// public X509Certificate verifyXMLSignature(String sessionID,
-// Map<String, String> createXMLSignatureResponseParameters)
-// throws AuthenticationException, BuildException, ParseException,
-// ConfigurationException, ValidateException, ServiceException, BKUException {
-//
-// if (isEmpty(sessionID))
-// throw new AuthenticationException("auth.10", new Object[]{
-// REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
-//
-// String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters
-// .get(PARAM_XMLRESPONSE);
-//
-// if (isEmpty(xmlCreateXMLSignatureResponse))
-// throw new AuthenticationException("auth.10", new Object[]{
-// REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
-//
-// AuthConfiguration authConf = AuthConfigurationProviderFactory
-// .getInstance();
-//
-// // parses the <CreateXMLSignatureResponse>
-// CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(
-// xmlCreateXMLSignatureResponse);
-// CreateXMLSignatureResponse createXMLSignatureResponse = p
-// .parseResponseDsig();
-//
-// // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
-// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
-// .buildDsig(createXMLSignatureResponse, authConf
-// .getMoaSpAuthBlockTrustProfileID());
-//
-// // invokes the call
-// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
-// .verifyXMLSignature(domVerifyXMLSignatureRequest);
-//
-// // parses the <VerifyXMLSignatureResponse>
-// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
-// domVerifyXMLSignatureResponse).parseData();
-//
-// return verifyXMLSignatureResponse.getX509certificate();
-//
-// }
-
/**
* Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
* security layer implementation.<br>
@@ -634,15 +485,11 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* including the <code>&lt;ReadInfoboxResponse&gt;</code>
* @throws BKUException
*/
- public X509Certificate getCertificate(IRequest pendingReq, String sessionID,
+ public X509Certificate getCertificate(IRequest pendingReq,
Map<String, String> readInfoboxResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, BKUException {
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters
.get(PARAM_XMLRESPONSE);
@@ -655,7 +502,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
xmlReadInfoboxResponse);
X509Certificate cert = p.parseCertificate();
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED);
return cert;
@@ -673,7 +520,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* to be appended to the AUTH-Block.
*/
private String buildAuthenticationBlock(AuthenticationSession session,
- OAAuthParameter oaParam, IRequest pendingReq) throws BuildException {
+ IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException {
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
@@ -682,8 +529,16 @@ public class AuthenticationServer extends BaseAuthenticationServer {
String identificationValue = null;
String identificationType = null;
+ //get processing data from pending-request
+ String authURL = pendingReq.getAuthURL();
+ String requestedTarget = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
+ String targetFriendlyName = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
+
+
//set empty AuthBlock BPK in case of OW or SSO or bpk is not requested
- if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) {
+ if (session.isOW() || pendingReq.needSingleSignOnFunctionality() || oaParam.isRemovePBKFromAuthBlock()) {
identificationType = "";
identificationValue = "";
@@ -700,11 +555,11 @@ public class AuthenticationServer extends BaseAuthenticationServer {
else
identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
- } else {
+ } else {
String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
+ .getIdentificationValue(), requestedTarget);
identificationValue = bpkBase64;
- identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
+ identificationType = Constants.URN_PREFIX_CDID + "+" + requestedTarget;
}
@@ -714,12 +569,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
+ //set AuthBlock generation time to session
String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar
.getInstance());
session.setIssueInstant(issueInstant);
- String authURL = session.getAuthURL();
- String target = session.getTarget();
- String targetFriendlyName = session.getTargetFriendlyName();
// Bug #485
// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
@@ -728,22 +581,22 @@ public class AuthenticationServer extends BaseAuthenticationServer {
List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- if (session.isSsoRequested()) {
+ if (pendingReq.needSingleSignOnFunctionality()) {
String oaURL = pendingReq.getAuthURL();
if (MiscUtil.isNotEmpty(oaURL))
oaURL = oaURL.replaceAll("&", "&amp;");
String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlockSSO(issuer, issueInstant, authURL, target,
+ .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session, oaParam);
return authBlock;
- } else {
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+ } else {
+ String oaURL = oaParam.getPublicURLPrefix().replaceAll("&", "&amp;");
String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlock(issuer, issueInstant, authURL, target,
+ .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session, oaParam);
@@ -1066,8 +919,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
// parses <CreateXMLSignatureResponse>
CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(
xmlCreateXMLSignatureReadResponse).parseResponse();
@@ -1084,14 +935,15 @@ public class AuthenticationServer extends BaseAuthenticationServer {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
}
// validates <CreateXMLSignatureResponse>
- if (session.isSsoRequested())
+ if (pendingReq.needSingleSignOnFunctionality())
new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq);
+
else
new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq);
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
- List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
- String tpid = authConf.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore());
+ List<String> vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore());
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
vtids, tpid);
// debug output
@@ -1121,8 +973,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
}
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
// validates the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,
@@ -1163,10 +1014,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
//set QAA Level four in case of card authentifcation
session.setQAALevel(PVPConstants.STORK_QAA_1_4);
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
- MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink()
+ revisionsLogger.logPersonalInformationEvent(pendingReq, session.getIdentityLink()
);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java
new file mode 100644
index 000000000..18bf5a1ba
--- /dev/null
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class CitizenCardAuthenticationSpringResourceProvider implements SpringResourceProvider {
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+ */
+ @Override
+ public Resource[] getResourcesToLoad() {
+ ClassPathResource citizenCardAuthConfig = new ClassPathResource("/moaid_citizencard_auth.beans.xml", MOAIDAuthSpringResourceProvider.class);
+
+ return new Resource[] {citizenCardAuthConfig};
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+ */
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+ */
+ @Override
+ public String getName() {
+ return "MOA-ID-CitizenCardAuthentication SpringResourceProvider";
+ }
+
+}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 760d28d5b..9ae1dc6a7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -52,7 +52,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -175,7 +174,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
AuthenticationSession session,
- OAAuthParameter oaParam)
+ IOAAuthParameters oaParam)
throws BuildException
{
@@ -264,15 +263,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String text = "";
- try {
- OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) {
- Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- text = oaparam.getAditionalAuthBlockText();
- }
-
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) {
+ Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix());
+ text = oaParam.getAditionalAuthBlockText();
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
@@ -345,25 +338,14 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
- AuthenticationSession session)
+ AuthenticationSession session,
+ IOAAuthParameters oaParam)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
String gebeORwbpk = "";
String wbpkNSDeclaration = "";
-
- //BZ.., reading OA parameters
- OAAuthParameter oaParam;
- try {
- oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } catch (ConfigurationException e) {
- Logger.error("Error on building AUTH-Block: " + e.getMessage());
- throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
- }
- //..BZ
-
-
+
if (target == null) {
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
@@ -419,14 +401,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
//..BZ
String text = "";
- try {
- OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) {
- Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- text = oaparam.getAditionalAuthBlockText();
- }
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) {
+ Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix());
+ text = oaParam.getAditionalAuthBlockText();
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
index 8b0d906fe..306c871fc 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
@@ -123,7 +123,8 @@ public class SAMLResponseBuilder implements Constants {
statusMessage,
StringUtils.removeXMLDeclaration(samlAssertion) });
Element domResponse = DOMUtils.parseDocument(xmlResponse, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
- return domResponse;
+ return domResponse;
+
}
catch (Throwable ex) {
throw new BuildException(
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
deleted file mode 100644
index 5c1b12e0d..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.builder;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class StartAuthenticationBuilder {
-
- private static StartAuthenticationBuilder instance = null;
-
- public static StartAuthenticationBuilder getInstance() {
- if (instance == null) {
- instance = new StartAuthenticationBuilder();
- }
- return instance;
- }
-
-
- /**
- * Depending on the selected citizen's country ({@code moasession.ccc}):
- * <ul>
- * <li><strong>Either</strong> creates an "IdentityLinkForm" with embedded {@code InfoBoxReadRequest} to be submitted to a citizen card
- * environment for reading the subject's IdentityLink</li>
- * </ul>
- *
- * @return The IdentityLinkForm.
- */
- public String build(AuthenticationSession moasession, HttpServletRequest req,
- HttpServletResponse resp) throws WrongParametersException, MOAIDException {
-
- if (moasession == null) {
- throw new AuthenticationException("auth.18", new Object[] { });
- }
-
- //normal MOA-ID authentication
- Logger.debug("Starting normal MOA-ID authentication");
-
- String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req);
-
- return getIdentityLinkForm;
- }
-}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
deleted file mode 100644
index 72a7d3ba1..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ /dev/null
@@ -1,142 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.invoke;
-
-import java.util.Vector;
-
-import javax.xml.namespace.QName;
-import javax.xml.rpc.Call;
-import javax.xml.rpc.Service;
-import javax.xml.rpc.ServiceFactory;
-
-import org.apache.axis.message.SOAPBodyElement;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
-import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
-import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
- * Either invokes the web service, or calls the corresponding API, depending on configuration data.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class SignatureVerificationInvoker {
- /** This QName Object identifies the SignatureVerification endpoint of the web service */
- private static final QName SERVICE_QNAME = new QName("SignatureVerification");
-
- /**
- * Method verifyXMLSignature.
- * @param request to be sent
- * @return Element with the answer
- * @throws ServiceException if an error occurs
- */
- public Element verifyXMLSignature(Element request) throws ServiceException {
- return doCall(SERVICE_QNAME, request);
- }
-
- /**
- * Method doCall.
- * @param serviceName the name of the service
- * @param request the request to be sent
- * @return Element the answer
- * @throws ServiceException if an error occurs
- */
- protected Element doCall(QName serviceName, Element request) throws ServiceException {
- ConnectionParameter authConnParam = null;
- try {
- Service service = ServiceFactory.newInstance().createService(serviceName);
- Call call = service.createCall();
- SOAPBodyElement body = new SOAPBodyElement(request);
- SOAPBodyElement[] params = new SOAPBodyElement[] { body };
- Vector responses;
- SOAPBodyElement response;
-
- String endPoint;
- AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
- authConnParam = authConfigProvider.getMoaSpConnectionParameter();
- //If the ConnectionParameter do NOT exist, we try to get the api to work....
- if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
- Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
- endPoint = authConnParam.getUrl();
- call.setTargetEndpointAddress(endPoint);
- responses = (Vector) call.invoke(serviceName, params);
- Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
- response = (SOAPBodyElement) responses.get(0);
- return response.getAsDOM();
- }
- else {
- SignatureVerificationService svs = SignatureVerificationService.getInstance();
- VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
-
- VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
- Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
-
- //Logger.setHierarchy("moa.id.auth");
- return result.getDocumentElement();
- }
- }
- catch (Exception ex) {
- if (authConnParam != null) {
- throw new ServiceException("service.00", new Object[] { ex.toString()}, ex);
- } else {
- throw new ServiceException("service.03", new Object[] { ex.toString()}, ex);
- }
- }
- }
-}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java
index cac7359c7..29118ac17 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java
@@ -1,5 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal;
+
import org.apache.commons.lang3.StringUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -9,7 +10,7 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
/**
* Module descriptor
*/
-public class DefaultAuthModuleImpl implements AuthModule {
+public class AuthModuleImpl implements AuthModule {
@Override
public int getPriority() {
@@ -19,8 +20,15 @@ public class DefaultAuthModuleImpl implements AuthModule {
@Override
public String selectProcess(ExecutionContext context) {
//select process if BKU is selected and it is no STORK authentication
+
+ boolean performBKUSelection = false;
+ Object performBKUSelectionObj = context.get("performBKUSelection");
+ if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
+ performBKUSelection = (boolean) performBKUSelectionObj;
+
if (StringUtils.isBlank((String) context.get("ccc")) &&
- StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)))
+ StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) &&
+ !performBKUSelection)
return "DefaultAuthentication";
else
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index 7e1bf1fc7..e3afc713b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -1,29 +1,25 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.BooleanUtils;
+import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -46,53 +42,43 @@ import at.gv.egovernment.moa.logging.Logger;
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
+@Component("CertificateReadRequestTask")
public class CertificateReadRequestTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
-
- // TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate"
- Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
-
- setNoCachingHeaders(resp);
+ Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+
try {
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
- String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
- throw new WrongParametersException("CertificateReadRequestTask", PARAM_SESSIONID, "auth.12");
- }
-
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
- boolean useMandate = session.getUseMandate();
- boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));
-
+ boolean useMandate = moasession.getUseMandate();
+ boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));
if (!identityLinkAvailable && useMandate) {
Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
throw new AuthenticationException("auth.13", null);
}
-
- // change MOASessionID
- AuthenticationSessionStoreage.changeSessionID(session);
// create the InfoboxReadRequest to get the certificate
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
// build dataurl (to the VerifyCertificateSerlvet)
- String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
- session.getSessionID());
+ String dataurl = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), REQ_VERIFY_CERTIFICATE,
+ pendingReq.getRequestID());
CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest,
AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
} catch (MOAIDException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
} catch (IOException e) {
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } catch (MOADatabaseException e1) {
+ throw new TaskExecutionException(pendingReq, e1.getMessage(), e1);
} finally {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index 307074ee2..cbaaa5ec7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -1,33 +1,24 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;
-
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.BooleanUtils;
-import org.apache.commons.lang3.ObjectUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -62,46 +53,27 @@ import at.gv.egovernment.moa.util.StringUtils;
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
+@Component("CreateIdentityLinkFormTask")
public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
+ @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws TaskExecutionException {
-
- String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID)));
- AuthenticationSession moasession = null;
+ throws TaskExecutionException {
try {
-
- if (MiscUtil.isEmpty(moasessionid)) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- try {
- moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
+
+ //normal MOA-ID authentication
+ Logger.debug("Starting normal MOA-ID authentication");
+ String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq);
- AuthenticationSessionStoreage.changeSessionID(moasession);
- executionContext.remove(PARAM_SESSIONID);
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { moasessionid });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
- String getIdentityLinkForm = startauth.build(moasession, req, resp);
-
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate")))
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
if (!StringUtils.isEmpty(getIdentityLinkForm)) {
@@ -109,21 +81,21 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
PrintWriter out = new PrintWriter(resp.getOutputStream());
out.print(getIdentityLinkForm);
out.flush();
- Logger.debug("Finished GET " + GenerateIFrameTemplateServlet.class);
+ Logger.debug("Finished GET " + CreateIdentityLinkFormTask.class);
}
} catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
+
}
catch (MOAIDException ex) {
Logger.info("GetIdentityLink request generation FAILED. Reason:" + ex.getMessage());
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("CreateIdentityLinkFormTask has an interal Error.", e);
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index b729f26e1..204e39b8c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK;
import java.io.ByteArrayInputStream;
import java.io.IOException;
@@ -12,14 +13,13 @@ import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -32,12 +32,8 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -68,16 +64,17 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
+@Component("GetForeignIDTask")
public class GetForeignIDTask extends AbstractAuthServletTask {
+ @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
Logger.debug("POST GetForeignIDServlet");
- setNoCachingHeaders(resp);
-
Map<String, String> parameters;
try {
@@ -85,41 +82,28 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
} catch (FileUploadException | IOException e) {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
+ throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
}
- String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
- String pendingRequestID = null;
- String redirectURL = null;
- AuthenticationSession session = null;
try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
- throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
- }
+ //check if response exists
String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE);
if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) {
throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
+
}
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
- session = AuthenticationServer.getSession(sessionID);
-
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
-
- // change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
Logger.debug(xmlCreateXMLSignatureResponse);
-
+
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
+
+
CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse)
.parseResponseDsig();
try {
String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature());
- session.setAuthBlock(serializedAssertion);
+ moasession.setAuthBlock(serializedAssertion);
} catch (TransformerException e) {
throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
@@ -132,13 +116,14 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
Element signature = csresp.getDsigSignature();
try {
- session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
+ moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
+
} catch (CertificateException e) {
Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
throw new MOAIDException("auth.14", null);
}
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
// make SZR request to the identity link
@@ -152,38 +137,32 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
response.getIdentityLink()));
IdentityLink identitylink = ilParser.parseIdentityLink();
- session.setIdentityLink(identitylink);
+ moasession.setIdentityLink(identitylink);
// set QAA Level four in case of card authentifcation
- session.setQAALevel(PVPConstants.STORK_QAA_1_4);
-
- AuthenticationServer.getInstance().getForeignAuthenticationData(session);
-
- // session is implicit stored in changeSessionID!!!!
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+ moasession.setQAALevel(PVPConstants.STORK_QAA_1_4);
- Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
- Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+ authServer.getForeignAuthenticationData(moasession);
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
try {
- AuthenticationSessionStoreage.storeSession(session);
+ authenticatedSessionStorage.storeSession(moasession);
+
} catch (MOADatabaseException e) {
throw new MOAIDException("Session store error", null);
}
- //put session to context
- executionContext.put(PARAM_SESSIONID, session.getSessionID());
+
}
} catch (MOAIDException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("GetForeignIDServlet has an interal Error.", e);
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index d85681b40..0a1e3c8f5 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -1,7 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-import iaik.pki.PKIException;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
import java.security.GeneralSecurityException;
import java.util.List;
@@ -11,35 +10,25 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
-import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
+import iaik.pki.PKIException;
/**
* Retrieves a mandate from the online mandate issuing service.<p/>
@@ -64,64 +53,47 @@ import at.gv.egovernment.moa.util.DOMUtils;
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
+@Component("GetMISSessionIDTask")
public class GetMISSessionIDTask extends AbstractAuthServletTask {
+ @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
Logger.debug("POST GetMISSessionIDServlet");
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- AuthenticationSession session = null;
- String pendingRequestID = null;
try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate",
- PARAM_SESSIONID, "auth.12");
-
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
- session = AuthenticationServer.getSession(sessionID);
+ //get MIS sessionID
+ String misSessionID = moasession.getMISSessionID();
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
-
- //change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- String misSessionID = session.getMISSessionID();
-
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
- ConnectionParameter connectionParameters = authConf
+ //get mandates from MIS
+ ConnectionParameter connectionParameters = authConfig
.getOnlineMandatesConnectionParameter();
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
- AuthConfigurationProviderFactory.getInstance(),
+ authConfig,
connectionParameters);
-
List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
connectionParameters.getUrl(), misSessionID, sslFactory);
+ //check if mandates received
if (list == null || list.size() == 0) {
Logger.error("Keine Vollmacht gefunden.");
throw new AuthenticationException("auth.15", null);
}
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED);
// for now: list contains only one element
MISMandate mandate = (MISMandate) list.get(0);
- // TODO[tlenz]: UTF-8 ?
- String sMandate = new String(mandate.getMandate());
+ String sMandate = new String(mandate.getMandate(), "UTF-8");
if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
Logger.error("Mandate is empty.");
throw new AuthenticationException("auth.15",
@@ -136,43 +108,35 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
null, null).getDocumentElement();
// extract RepresentationType
- AuthenticationServer.getInstance().verifyMandate(session, mandate);
+ authServer.verifyMandate(pendingReq, moasession, mandate);
- session.setMISMandate(mandate);
+ moasession.setMISMandate(mandate);
//log mandate specific set of events
- MOAReversionLogger.getInstance().logMandateEventSet(pendingReq, mandate);
-
- String oldsessionID = session.getSessionID();
+ revisionsLogger.logMandateEventSet(pendingReq, mandate);
+
+ //Stor MOAsession
+ authenticatedSessionStorage.storeSession(moasession);
- //Session is implicite stored in changeSessionID!!!
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
- Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
- Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
-
- //put session to context
- executionContext.put(PARAM_SESSIONID, session.getSessionID());
-
-
} catch (MOAIDException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
} catch (GeneralSecurityException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
} catch (PKIException e) {
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
} catch (SAXException e) {
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
} catch (ParserConfigurationException e) {
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
} catch (Exception e) {
Logger.error("MISMandateValidation has an interal Error.", e);
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
}
finally {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index 1dd4780f7..54db1d8ff 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -27,22 +27,19 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -51,8 +48,11 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
+@Component("InitializeBKUAuthenticationTask")
public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
+ @Autowired StartAuthentificationParameterParser authInitialisationParser;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@@ -62,19 +62,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try {
- String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);
- String pendingRequestID = (String) executionContext.get("pendingRequestID");
-
- //load pending request
- IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //load MOASession object
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+ Logger.info("BKU is selected -> Start BKU communication ...");
+ defaultTaskInitialization(request, executionContext);
boolean isLegacyRequest = false;
Object isLegacyRequestObj = executionContext.get("isLegacyRequest");
@@ -83,21 +72,18 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
if (isLegacyRequest) {
//parse request parameter into MOASession
- Logger.info("Start Authentication Module: " + moasession.getModul()
- + " Action: " + moasession.getAction());
+ Logger.info("Start Authentication Module: " + pendingReq.requestedModule()
+ + " Action: " + pendingReq.requestedAction());
- StartAuthentificationParameterParser.parse(executionContext, request, moasession, pendingReq);
+ authInitialisationParser.parse(executionContext, request, moasession, pendingReq);
} else {
String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU);
String useMandate = (String) executionContext.get(MOAIDAuthConstants.PARAM_USEMANDATE);
String ccc = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
-
- //remove MOASessionID from executionContext because it is not needed any more
-
-
- if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) {
- Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use.");
+
+ if (MiscUtil.isEmpty(bkuid)) {
+ Logger.warn("BKU-type is empty. Maybe an old BKU-selection template is in use.");
throw new MOAIDException("auth.23", new Object[] {});
}
@@ -105,24 +91,24 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
+ throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
else {
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid);
//get Target from config or from request in case of SAML 1
String target = null;
- if (MiscUtil.isNotEmpty(pendingReq.getTarget()) &&
- pendingReq.requestedModule().equals("id_saml1"))
- target = pendingReq.getTarget();
+ if (MiscUtil.isNotEmpty(pendingReq.getGenericData("target", String.class)) &&
+ pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol"))
+ target = pendingReq.getGenericData("target", String.class);
else
target = oaParam.getTarget();
String bkuURL = oaParam.getBKUURL(bkuid);
if (MiscUtil.isEmpty(bkuURL)) {
Logger.info("No OA specific BKU defined. Use BKU from default configuration");
- bkuURL = AuthConfigurationProviderFactory.getInstance().getDefaultBKUURL(bkuid);
+ bkuURL = authConfig.getDefaultBKUURL(bkuid);
}
//search for OA specific template
@@ -133,13 +119,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
templateURL = oaTemplateURLList.get(0);
} else {
- templateURL = AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(bkuid);
+ templateURL = authConfig.getSLRequestTemplates(bkuid);
}
//make url absolut if it is a local url
if (MiscUtil.isNotEmpty(templateURL))
templateURL = FileUtils.makeAbsoluteURL(templateURL,
- AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+ authConfig.getRootConfigFileDir());
if (oaParam.isOnlyMandateAllowed())
useMandate = "true";
@@ -148,25 +134,25 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
useMandate = "false";
//parse all OA parameters i
- StartAuthentificationParameterParser.parse(moasession,
- target,
- moasession.getOAURLRequested(),
- bkuURL,
- templateURL,
- useMandate,
- ccc,
- moasession.getModul(),
- moasession.getAction(),
- request,
- pendingReq);
+ authInitialisationParser.parse( moasession,
+ target,
+ pendingReq.getOAURL(),
+ bkuURL,
+ templateURL,
+ useMandate,
+ ccc,
+ request,
+ pendingReq);
}
}
executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.getUseMandate());
- // make sure moa session has been persisted before running the process
+ // make sure MOASession and Pending-Request has been persisted before running the process
try {
- AuthenticationSessionStoreage.storeSession(moasession);
+ authenticatedSessionStorage.storeSession(moasession);
+ requestStoreage.storePendingRequest(pendingReq);
+
} catch (MOADatabaseException e) {
Logger.error("Database Error! MOASession is not stored!");
throw new MOAIDException("init.04", new Object[] {
@@ -176,11 +162,11 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
} catch (MOADatabaseException | MOAIDException e) {
Logger.info("Initialize BKUAuthentication FAILED. Reason:" + e.getMessage());
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
} catch (Exception e) {
Logger.warn("InitializeBKUAuthentication has an internal error", e);
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index 49888c136..b9a8fecf6 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -1,28 +1,18 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -45,56 +35,40 @@ import at.gv.egovernment.moa.logging.Logger;
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
+@Component("PrepareAuthBlockSignatureTask")
public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
+ @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
- Logger.debug("Process IdentityLink");
-
- setNoCachingHeaders(resp);
+ Logger.debug("Process CreateAuthBlock Task");
- String pendingRequestID = null;
-
try {
+ //initialize task
+ defaultTaskInitialization(req, executionContext);
- String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
- throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
- }
-
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
-
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
- // change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance();
-
- String createXMLSignatureRequest = AuthenticationServer.getInstance()
- .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, pendingReq);
+ //build authBlock
+ String createXMLSignatureRequest = authServer
+ .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
- AuthenticationSessionStoreage.storeSession(session);
+ //store MOASession
+ authenticatedSessionStorage.storeSession(moasession);
- CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
+ //write response
+ CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq,
createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
"VerifyIdentityLink");
} catch (MOAIDException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("IdentityLinkValidation has an interal Error.", e);
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
}
finally {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 099bc085c..f976c0b49 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -23,17 +23,17 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;
import java.util.List;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Component;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -44,25 +44,19 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
*
*/
+@Component("PrepareGetMISMandateTask")
public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
/* (non-Javadoc)
@@ -75,66 +69,26 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
//mandate Mode
try {
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
-
- //get Session from context
- String moasessionid = (String) executionContext.get(PARAM_SESSIONID);
- AuthenticationSession session = null;
- if (MiscUtil.isEmpty(moasessionid)) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- try {
- session = AuthenticationSessionStoreage.getSession(moasessionid);
- AuthenticationSessionStoreage.changeSessionID(session);
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { moasessionid });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
-
- } finally {
- executionContext.remove(PARAM_SESSIONID);
-
- }
-
-
- AuthConfiguration authConf= AuthConfigurationProviderFactory.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProviderFactory.getInstance(), connectionParameters);
+ //perform default task initialization
+ defaultTaskInitialization(request, executionContext);
+
+ ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters);
// get identitity link as byte[]
- Element elem = session.getIdentityLink().getSamlAssertion();
+ Element elem = moasession.getIdentityLink().getSamlAssertion();
String s = DOMUtils.serializeNode(elem);
//System.out.println("IDL: " + s);
byte[] idl = s.getBytes("UTF-8");
-
- // redirect url
- // build redirect(to the GetMISSessionIdSerlvet)
-
- //change MOASessionID before MIS request
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
+
String redirectURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
+ pendingReq.getAuthURL(),
GET_MIS_SESSIONID,
- newMOASessionID);
+ pendingReq.getRequestID());
- String oaURL = session.getOAURLRequested();
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
- if (oaParam == null) {
- oaParam = authConf.getOnlineApplicationParameter(oaURL);
- Logger.info("No Service info in PendingRequest --> load service info from configuration");
-
- }
-
List<String> profiles = oaParam.getMandateProfiles();
if (profiles == null) {
@@ -143,24 +97,21 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
}
String oaFriendlyName = oaParam.getFriendlyName();
- String mandateReferenceValue = session.getMandateReferenceValue();
- byte[] cert = session.getEncodedSignerCertificate();
- byte[] authBlock = session.getAuthBlock().getBytes("UTF-8");
+ String mandateReferenceValue = moasession.getMandateReferenceValue();
+ byte[] cert = moasession.getEncodedSignerCertificate();
+ byte[] authBlock = moasession.getAuthBlock().getBytes("UTF-8");
//TODO: check in case of SSO!!!
String targetType = null;
- if(oaParam.getBusinessService()) {
- String id = oaParam.getIdentityLinkDomainIdentifier();
- if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
- targetType = id;
- else
- targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+ if(oaParam.getBusinessService()){
+ targetType = oaParam.getIdentityLinkDomainIdentifier();
} else {
targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+
}
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue);
MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
@@ -178,20 +129,21 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
if (misSessionID == null) {
Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+
}
String redirectMISGUI = misSessionID.getRedirectURL();
- session.setMISSessionID(misSessionID.getSessiondId());
+ moasession.setMISSessionID(misSessionID.getSessiondId());
try {
- AuthenticationSessionStoreage.storeSession(session);
+ authenticatedSessionStorage.storeSession(moasession);
} catch (MOADatabaseException | BuildException e) {
throw new MOAIDException("Session store error", null);
}
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
response.setStatus(302);
@@ -199,7 +151,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
Logger.debug("REDIRECT TO: " + redirectMISGUI);
} catch (Exception e ) {
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
}
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 35104bf3e..b52778577 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -1,50 +1,27 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-import iaik.pki.PKIException;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.util.List;
import java.util.Map;
-import javax.net.ssl.SSLSocketFactory;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.w3c.dom.Element;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
/**
* Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/>
@@ -79,82 +56,63 @@ import at.gv.egovernment.moa.util.DOMUtils;
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
+@Component("VerifyAuthenticationBlockTask")
public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
+ @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
-
- // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet
Logger.debug("POST VerifyAuthenticationBlock");
- String pendingRequestID = null;
-
Map<String, String> parameters;
try
{
parameters = getParameters(req);
- } catch (FileUploadException | IOException e)
- {
+ } catch (FileUploadException | IOException e) {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
- }
+ throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
- String sessionID = req.getParameter(PARAM_SESSIONID);
- String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
- String redirectURL = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
- if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
-
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
-
- //change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- AuthenticationServer.getInstance().verifyAuthenticationBlock(pendingReq, session, createXMLSignatureResponse);
-
- //store all changes in session DAO
- AuthenticationSessionStoreage.storeSession(session);
-
- //put session to context
- executionContext.put(PARAM_SESSIONID, session.getSessionID());
-
- }
+ }
- catch (MOAIDException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
-
+ String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+ try {
+ //check if authblock is received
+ if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
+
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
-
- } catch (Exception e) {
- Logger.error("AuthBlockValidation has an interal Error.", e);
- throw new TaskExecutionException(e.getMessage(), e);
-
- }
-
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
- finally {
-
- }
-
-
+ //verify authBlock
+ authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
+
+ //store all changes in session DAO
+ authenticatedSessionStorage.storeSession(moasession);
+
+ }
+
+ catch (MOAIDException ex) {
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
+
+ } catch (Exception e) {
+ Logger.error("AuthBlockValidation has an interal Error.", e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ }
+
+ finally {
+
+ }
+
}
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 2734d1027..464c1f3a1 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -1,7 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-import iaik.x509.X509Certificate;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID;
import java.io.IOException;
import java.util.Map;
@@ -10,29 +9,23 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
+import iaik.x509.X509Certificate;
/**
* Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/>
@@ -59,15 +52,18 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils;
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
+@Component("VerifyCertificateTask")
public class VerifyCertificateTask extends AbstractAuthServletTask {
+ @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet
- Logger.debug("POST VerifyCertificateServlet");
+ Logger.debug("Reveive VerifyCertificate Response");
Map<String, String> parameters;
try
@@ -76,53 +72,42 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
} catch (FileUploadException | IOException e)
{
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
+ throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
}
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
- AuthenticationSession session = null;
try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
+
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
- //change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- X509Certificate cert = AuthenticationServer.getInstance().getCertificate(pendingReq, sessionID, parameters);
+ //read certificate from response
+ X509Certificate cert = authServer.getCertificate(pendingReq, parameters);
if (cert == null) {
Logger.error("Certificate could not be read.");
throw new AuthenticationException("auth.14", null);
}
-
- boolean useMandate = session.getUseMandate();
-
- if (useMandate) {
+
+ if (moasession.getUseMandate()) {
- // verify certificate for OrganWalter
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert, pendingReq);
+ // verify certificate for OrganWalter
+ authServer.verifyCertificate(moasession, cert, pendingReq);
+
+ //create AuthBlock
+ String createXMLSignatureRequestOrRedirect =
+ authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
try {
- AuthenticationSessionStoreage.storeSession(session);
+ authenticatedSessionStorage.storeSession(moasession);
+
} catch (MOADatabaseException e) {
throw new MOAIDException("session store error", null);
}
- // TODO[branch]: Mandate; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
- CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+ CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
- }
- else {
+ } else {
String countrycode = CertificateUtils.getIssuerCountry(cert);
if (countrycode != null) {
@@ -133,35 +118,29 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
}
// Foreign Identities Modus
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);
- String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
+ String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert);
+
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
+ pendingReq.getAuthURL(),
REQ_GET_FOREIGN_ID,
- session.getSessionID());
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
-
- // TODO[branch]: Foreign citizen; respond with CXSR for authblock signature, dataURL "/GetForeignID"
+ pendingReq.getRequestID());
+
CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
Logger.debug("Send CreateXMLSignatureRequest to BKU");
}
}
catch (MOAIDException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("CertificateValidation has an interal Error.", e);
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 50ef11f27..23e92c0c0 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -1,30 +1,22 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -51,17 +43,16 @@ import at.gv.egovernment.moa.logging.Logger;
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
+@Component("VerifyIdentityLinkTask")
public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
+ @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
- // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
-
- Logger.debug("POST VerifyIdentityLink");
-
- setNoCachingHeaders(resp);
+ Logger.debug("Receive VerifyIdentityLink Response");
Map<String, String> parameters;
@@ -69,37 +60,34 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
parameters = getParameters(req);
} catch (Exception e) {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
+ throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
}
try {
-
- String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
- throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
- }
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
+
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
+ //verify identityLink
+ boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
- boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null;
- AuthenticationSessionStoreage.storeSession(session);
+ //store session
+ authenticatedSessionStorage.storeSession(moasession);
+ //set 'identityLink exists' flag to context
executionContext.put("identityLinkAvailable", identityLinkAvailable);
} catch (ParseException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
} catch (MOAIDException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
+ throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("IdentityLinkValidation has an interal Error.", e);
- throw new TaskExecutionException(e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
deleted file mode 100644
index 7bce406e0..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ /dev/null
@@ -1,211 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.parser;
-
-import iaik.utils.Base64InputStream;
-import iaik.x509.X509Certificate;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
- * MOA-SPSS.
- * This class implements the Singleton pattern
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-
-
-public class VerifyXMLSignatureResponseParser {
- //
- // XPath namespace prefix shortcuts
- //
- /** Xpath prefix for reaching MOA Namespaces */
- private static final String MOA = Constants.MOA_PREFIX + ":";
- /** Xpath prefix for reaching DSIG Namespaces */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
-
- /** Xpath expression to the X509SubjectName element */
- private static final String DSIG_SUBJECT_NAME_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- DSIG + "X509SubjectName";
- /** Xpath expression to the X509Certificate element */
- private static final String DSIG_X509_CERTIFICATE_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- DSIG + "X509Certificate";
- /** Xpath expression to the PublicAuthority element */
- private static final String PUBLIC_AUTHORITY_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- MOA + "PublicAuthority";
- /** Xpath expression to the PublicAuthorityCode element */
- private static final String PUBLIC_AUTHORITY_CODE_XPATH =
- PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";
- /** Xpath expression to the QualifiedCertificate element */
- private static final String QUALIFIED_CERTIFICATE_XPATH =
- ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
- MOA + "QualifiedCertificate";
-
- /** Xpath expression to the SignatureCheckCode element */
- private static final String SIGNATURE_CHECK_CODE_XPATH =
- ROOT + MOA + "SignatureCheck/" + MOA + "Code";
- /** Xpath expression to the XMLDSIGManifestCheckCode element */
- private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH =
- ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
- /** Xpath expression to the SignatureManifestCheckCode element */
- private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH =
- ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code";
- /** Xpath expression to the CertificateCheckCode element */
- private static final String CERTIFICATE_CHECK_CODE_XPATH =
- ROOT + MOA + "CertificateCheck/" + MOA + "Code";
-
-
- /** This is the root element of the XML-Document provided by the Security Layer Card*/
- private Element verifyXMLSignatureResponse;
-
- /**
- * Constructor for VerifyXMLSignatureResponseParser.
- * A DOM-representation of the incoming String will be created
- * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
- * @throws ParseException on any parsing error
- */
- public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
- try {
- InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
-
- verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString() }, t);
- }
- }
-
- /**
- * Constructor for VerifyXMLSignatureResponseParser.
- * A DOM-representation of the incoming Inputstream will be created
- * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
- * @throws Exception on any parsing error
- */
- public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
- {
- try {
- verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", null, t);
- }
- }
-
- /**
- * Constructor for VerifyXMLSignatureResponseParser.
- * The incoming Element will be used for further operations
- * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
- */
- public VerifyXMLSignatureResponseParser(Element xmlResponse)
- {
- verifyXMLSignatureResponse =xmlResponse;
-
- }
-
- /**
- * Parse identity link from <code>&lt;InfoboxReadResponse&gt;</code>
- * @return Identity link
- * @throws ParseException on any parsing error
- */
-
- public VerifyXMLSignatureResponse parseData() throws ParseException {
-
- VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
-
- try {
-
- String s = DOMUtils.serializeNode(verifyXMLSignatureResponse);
- respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
- Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
- respData.setQualifiedCertificate(e!=null);
-
- Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
- verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
-
- respData.setX509certificate(new X509Certificate(in));
- Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH);
- respData.setPublicAuthority(publicAuthority != null);
- respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
- respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
-
- String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
- if (xmlDsigCheckCode!=null) {
- respData.setXmlDSIGManigest(true);
- respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
- } else {
- respData.setXmlDSIGManigest(false);
- }
- String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null);
- if (signatureManifestCheckCode != null) {
- respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue());
- }
- respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());
- }
- catch (Throwable t) {
- throw new ParseException("parser.01", null, t);
- }
- return respData;
- }
-
-
-}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java
new file mode 100644
index 000000000..139be49fe
--- /dev/null
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class CitizenCardAuthProcessEngineSignalController extends AbstractProcessEngineSignalController {
+
+ @RequestMapping(value = {"/GetMISSessionID",
+ "/GetForeignID",
+ "/VerifyAuthBlock",
+ "/VerifyCertificate",
+ "/VerifyIdentityLink"
+ },
+ method = {RequestMethod.POST, RequestMethod.GET})
+ public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ signalProcessManagement(req, resp);
+
+}
+}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 8a9c19c80..5e0a69fd4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -56,6 +56,7 @@ import javax.xml.bind.DatatypeConverter;
import org.jaxen.SimpleNamespaceContext;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -66,7 +67,7 @@ import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -132,10 +133,14 @@ public class CreateXMLSignatureResponseValidator {
throws ValidateException {
// A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
-
- String gbTarget = session.getTarget();
- String oaURL = session.getPublicOAURLPrefix();
- boolean businessService = session.getBusinessService();
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
+ String gbTarget = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
+ String targetFriendlyName = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
+ String oaURL = oaParam.getPublicURLPrefix();
+ boolean businessService = oaParam.getBusinessService();
IdentityLink identityLink = session.getIdentityLink();
@@ -227,8 +232,7 @@ public class CreateXMLSignatureResponseValidator {
}
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundGB = true;
- String targetFriendlyName = session.getTargetFriendlyName();
+ foundGB = true;
String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget);
if (StringUtils.isEmpty(sectorName)) {
if (targetFriendlyName != null)
@@ -293,23 +297,18 @@ public class CreateXMLSignatureResponseValidator {
samlSpecialText = samlSpecialText.replaceAll("'", "&#39;");
String text = "";
- try {
- OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) {
- Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- text = oaparam.getAditionalAuthBlockText();
- }
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) {
+ Logger.info("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix());
+ text = oaParam.getAditionalAuthBlockText();
}
-
-
+
String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
if (!samlSpecialText.equals(specialText)) {
- throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
}
} else {
throw new ValidateException("validator.35", null);
+
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
index 276d6a105..36bab9355 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
@@ -53,13 +53,13 @@ import java.io.IOException;
import java.io.OutputStream;
import java.net.URLEncoder;
-import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -73,21 +73,21 @@ public class CitizenCardServletUtils extends ServletUtils{
* depending on the requests starting text.
*
* @param resp The httpServletResponse
- * @param session The current AuthenticationSession
+ * @param pendingReq The current AuthenticationSession
* @param createXMLSignatureRequestOrRedirect The request
* @param servletGoal The servlet to which the redirect should happen
* @param servletName The servlet name for debug purposes
* @throws MOAIDException
* @throws IOException
*/
- public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName)
+ public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, IRequest pendingReq, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName)
throws MOAIDException,
IOException
{
if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
resp.setStatus(307);
String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, session.getSessionID());
+ pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getRequestID());
resp.addHeader("Location", dataURL);
//TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
@@ -100,7 +100,7 @@ public class CitizenCardServletUtils extends ServletUtils{
Logger.debug("Finished POST " + servletName);
} else {
- String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());
+ String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getRequestID());
resp.setContentType("text/html");
resp.setStatus(302);
resp.addHeader("Location", redirectURL);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..2ca8587b6
--- /dev/null
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.CitizenCardAuthenticationSpringResourceProvider \ No newline at end of file
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
index 865096055..02b4e5d7c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
@@ -1,2 +1,2 @@
# The default moaid process
-at.gv.egovernment.moa.id.auth.modules.internal.DefaultAuthModuleImpl
+at.gv.egovernment.moa.id.auth.modules.internal.AuthModuleImpl
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
index 6bbaf6ece..74792ed72 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -5,17 +5,17 @@
- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
- Legacy authentication for foreign citizens using MOCCA supported signature cards.
-->
- <pd:Task id="initializeBKUAuthentication" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask" />
- <pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateIdentityLinkFormTask" />
- <pd:Task id="verifyIdentityLink" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask" async="true" />
- <pd:Task id="verifyAuthBlock" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask" async="true" />
- <pd:Task id="verifyCertificate" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask" async="true" />
- <pd:Task id="getMISMandate" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask" async="true" />
- <pd:Task id="certificateReadRequest" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CertificateReadRequestTask" />
- <pd:Task id="prepareAuthBlockSignature" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareAuthBlockSignatureTask" />
- <pd:Task id="prepareGetMISMandate" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareGetMISMandateTask" />
- <pd:Task id="finalizeAuthentication" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" />
- <pd:Task id="getForeignID" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask" async="true" />
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+ <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
+ <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
+ <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
+ <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" />
+ <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" />
+ <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" />
+ <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+ <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+ <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml
new file mode 100644
index 000000000..b0ab11a11
--- /dev/null
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="CitizenCardAuthenticationServer"
+ class="at.gv.egovernment.moa.id.auth.AuthenticationServer"/>
+
+
+<!-- Authentication Process Tasks -->
+ <bean id="InitializeBKUAuthenticationTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask"
+ scope="prototype"/>
+
+ <bean id="CreateIdentityLinkFormTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateIdentityLinkFormTask"
+ scope="prototype"/>
+
+ <bean id="VerifyIdentityLinkTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask"
+ scope="prototype"/>
+
+ <bean id="CertificateReadRequestTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CertificateReadRequestTask"
+ scope="prototype"/>
+
+ <bean id="VerifyCertificateTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask"
+ scope="prototype"/>
+
+ <bean id="PrepareAuthBlockSignatureTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareAuthBlockSignatureTask"
+ scope="prototype"/>
+
+ <bean id="VerifyAuthenticationBlockTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask"
+ scope="prototype"/>
+
+ <bean id="PrepareGetMISMandateTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareGetMISMandateTask"
+ scope="prototype"/>
+
+ <bean id="GetMISSessionIDTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask"
+ scope="prototype"/>
+
+ <bean id="GetForeignIDTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask"
+ scope="prototype"/>
+
+</beans> \ No newline at end of file