From 3a00ce9f1f9589f1e97ecd78154f024146ef83d0 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Thu, 22 Jan 2015 15:18:51 +0100 Subject: Refactor VerifyIdentityLinkTask. - Prevent redundant code. - Store moa session before sending response. - Update javadoc for AuthenticationServer --- .../moa/id/auth/AuthenticationServer.java | 27 +++-- .../moa/id/auth/tasks/VerifyIdentityLinkTask.java | 134 ++++++++------------- 2 files changed, 61 insertions(+), 100 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 0b4b6b4af..b412b9964 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -311,27 +311,28 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Processes an <InfoboxReadResponse> sent by the - * security layer implementation.
+ * Processes an <InfoboxReadResponse> sent by the security layer implementation.
* - * - * @param sessionID ID of associated authentication session data - * @param infoboxReadResponseParameters The parameters from the response returned from the BKU - * including the <InfoboxReadResponse> - * @return String representation of the - * <CreateXMLSignatureRequest> + * + * @param sessionID + * ID of associated authentication session data + * @param infoboxReadResponseParameters + * The parameters from the response returned from the BKU including the + * <InfoboxReadResponse> + * @return String "found!" in case the identity link could be retrieved and successfully validated, {@code null} in + * case the identity link could not be retrieved (indicates that the card did not contain an identity link + * which might indicate a foreign identity). Note that failing to parse or failing to validate the identity + * link results in an Exception being thrown. * @throws BKUException */ public String verifyIdentityLink(AuthenticationSession session, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java index c24e42b3a..09dd9e1f7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java @@ -20,7 +20,6 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -76,6 +75,11 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { Logger.debug("POST VerifyIdentityLink"); + resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES); + resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA); + resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE); + Map parameters; String pendingRequestID = null; @@ -85,111 +89,67 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - String sessionID = req.getParameter(PARAM_SESSIONID); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - - resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE); - + try { + + String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); + // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) + if (!ParamValidatorUtils.isValidSessionID(sessionID)) { throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); + } + + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); AuthenticationSession session = AuthenticationServer.getSession(sessionID); // change MOASessionID sessionID = AuthenticationSessionStoreage.changeSessionID(session); - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, - parameters); - - Logger.debug(createXMLSignatureRequestOrRedirect); - - if (createXMLSignatureRequestOrRedirect == null) { - // no identity link found - - boolean useMandate = session.getUseMandate(); - if (useMandate) { - Logger.error("Online-Mandate Mode for foreign citizencs not supported."); - throw new AuthenticationException("auth.13", null); - } - // TODO[branch]: Foreign citizen; respond with IRR for certificates, dataURL = "/VerifyCertificate" - - try { - - Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); - - // create the InfoboxReadRequest to get the certificate - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - - // build dataurl (to the VerifyCertificateSerlvet) - String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE, - session.getSessionID()); + boolean identityLinkFound = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null; + boolean useMandate = session.getUseMandate(); + + if (!identityLinkFound && useMandate) { + Logger.error("Online-Mandate Mode for foreign citizencs not supported."); + throw new AuthenticationException("auth.13", null); + } + + if (!identityLinkFound || useMandate) { + + // TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate" + Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, - AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + // create the InfoboxReadRequest to get the certificate + String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - } catch (Exception e) { - handleError(null, e, req, resp, pendingRequestID); - } + // build dataurl (to the VerifyCertificateSerlvet) + String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE, + session.getSessionID()); + AuthenticationSessionStoreage.storeSession(session); + + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, + AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } else { - boolean useMandate = session.getUseMandate(); - - if (useMandate) { // Mandate modus - - // TODO[branch]: Mandate; respond with IRR for certificates, dataURL = "/VerifyCertificate" - - // read certificate and set dataurl to - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); + + Logger.info("Normal"); - // build dataurl (to the GetForeignIDSerlvet) - String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE, - session.getSessionID()); + // TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock" - // Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); - // ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, - // AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, - AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + String createXMLSignatureRequest = AuthenticationServer.getInstance() + .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); - } else { - Logger.info("Normal"); - - // TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL - // "/VerifyAuthBlock" - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - - createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance() - .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); - - ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, - createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, - "VerifyIdentityLink"); - } - } - - try { AuthenticationSessionStoreage.storeSession(session); - - } catch (MOADatabaseException e) { - Logger.info("No valid MOA session found. Authentification process is abourted."); - throw new AuthenticationException("auth.20", null); + + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, + createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, + "VerifyIdentityLink"); } + } catch (ParseException ex) { handleError(null, ex, req, resp, pendingRequestID); -- cgit v1.2.3