/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.invoke;
import java.util.Vector;
import javax.xml.namespace.QName;
import javax.xml.rpc.Call;
import javax.xml.rpc.Service;
import javax.xml.rpc.ServiceFactory;
import org.apache.axis.message.SOAPBodyElement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
/**
* Invoker of the SignatureVerification web service of MOA-SPSS.
* Either invokes the web service, or calls the corresponding API, depending on configuration data.
*
* @author Stefan Knirsch
* @version $Id$
*/
public class SignatureVerificationInvoker {
/** This QName Object identifies the SignatureVerification endpoint of the web service */
private static final QName SERVICE_QNAME = new QName("SignatureVerification");
/**
* Method verifyXMLSignature.
* @param request to be sent
* @return Element with the answer
* @throws ServiceException if an error occurs
*/
public Element verifyXMLSignature(Element request) throws ServiceException {
return doCall(SERVICE_QNAME, request);
}
/**
* Method doCall.
* @param serviceName the name of the service
* @param request the request to be sent
* @return Element the answer
* @throws ServiceException if an error occurs
*/
protected Element doCall(QName serviceName, Element request) throws ServiceException {
ConnectionParameter authConnParam = null;
try {
Service service = ServiceFactory.newInstance().createService(serviceName);
Call call = service.createCall();
SOAPBodyElement body = new SOAPBodyElement(request);
SOAPBodyElement[] params = new SOAPBodyElement[] { body };
Vector responses;
SOAPBodyElement response;
String endPoint;
AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance();
authConnParam = authConfigProvider.getMoaSpConnectionParameter();
//If the ConnectionParameter do NOT exist, we try to get the api to work....
if (authConnParam != null) {
Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
endPoint = authConnParam.getUrl();
call.setTargetEndpointAddress(endPoint);
responses = (Vector) call.invoke(serviceName, params);
Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
response = (SOAPBodyElement) responses.get(0);
return response.getAsDOM();
}
else {
SignatureVerificationService svs = SignatureVerificationService.getInstance();
VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
Logger.setHierarchy("moa.id.auth");
return result.getDocumentElement();
}
}
catch (Exception ex) {
if (authConnParam != null) {
throw new ServiceException("service.00", new Object[] { ex.toString()}, ex);
} else {
throw new ServiceException("service.03", new Object[] { ex.toString()}, ex);
}
}
}
}