package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
* Creates {@code CreateXMLSignatureRequest} for auth block signature.
* In detail:
*
* - Renames the moa session id.
* - Creates {@code CreateXMLSignatureRequest} for auth block signature.
* - Responds with {@code CreateXMLSignatureRequest} (for CCE), {@code DataURL} is {@code /VerifyAuthBlock}
*
* Expects:
*
* - HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
*
* Result:
*
* - Responds with {@code CreateXMLSignatureRequest} (for CCE), {@code DataURL} is {@code /VerifyAuthBlock}
*
* Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
Logger.debug("Process IdentityLink");
setNoCachingHeaders(resp);
String pendingRequestID = null;
try {
String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
}
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
// change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
Logger.info("Normal");
// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
session.getPublicOAURLPrefix());
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
String createXMLSignatureRequest = AuthenticationServer.getInstance()
.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
AuthenticationSessionStoreage.storeSession(session);
ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
"VerifyIdentityLink");
} catch (MOAIDException ex) {
throw new TaskExecutionException(ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("IdentityLinkValidation has an interal Error.", e);
throw new TaskExecutionException(e.getMessage(), e);
}
finally {
ConfigurationDBUtils.closeSession();
}
}
}