/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
/**
* Servlet requested for getting the foreign eID
* provided by the security layer implementation.
* Utilizes the {@link AuthenticationServer}.
*
*/
public class GetForeignIDServlet extends AuthServlet {
/**
*
*/
private static final long serialVersionUID = -3415644214702379483L;
/**
* Constructor for GetForeignIDServlet.
*/
public GetForeignIDServlet() {
super();
}
/**
* GET requested by security layer implementation to verify
* that data URL resource is available.
* @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
*/
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
super.doGet(req, resp);
}
/**
* Verifies the identity link and responds with a new
* CreateXMLSignatureRequest.
*
* Request parameters:
*
* - MOASessionID: ID of associated authentication session
* - XMLResponse:
<InfoboxReadResponse>
*
* Response:
*
* - Content type:
"text/xml"
* - Content: see return value of {@link AuthenticationServer#verifyIdentityLink}
* - Error status:
500
*
* @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
*/
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("POST GetForeignIDServlet");
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
Map parameters;
try
{
parameters = getParameters(req);
} catch (FileUploadException e)
{
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
String sessionID = req.getParameter(PARAM_SESSIONID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
String redirectURL = null;
AuthenticationSession session = null;
try {
String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse))
throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
session = AuthenticationServer.getSession(sessionID);
Logger.debug(xmlCreateXMLSignatureResponse);
CreateXMLSignatureResponse csresp =
new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig();
Element signature = csresp.getDsigSignature();
try {
session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
} catch (CertificateException e) {
Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
throw new MOAIDException("auth.14", null);
}
// make SZR request to the identity link
CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(null, null, null, null, signature);
if (response.isError()) {
throw new SZRGWClientException(response.getError());
}
else {
Element samlAssertion = response.getAssertion();
try {
System.out.println("PB: " + DOMUtils.serializeNode(samlAssertion));
} catch (TransformerException e) {
e.printStackTrace();
}
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
IdentityLink identitylink = ilParser.parseIdentityLink();
session.setIdentityLink(identitylink);
String samlArtifactBase64 =
AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
/*redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
redirectURL = resp.encodeRedirectURL(redirectURL);*/
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
redirectURL = resp.encodeRedirectURL(redirectURL);
} else {
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
}
try {
AuthenticationSessionStoreage.storeSession(session);
} catch (MOADatabaseException e) {
throw new MOAIDException("Session store error", null);
}
resp.setContentType("text/html");
resp.setStatus(302);
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
}
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
catch (SZRGWClientException ex) {
handleError(null, ex, req, resp);
}
}
/**
* Builds the szrgw:GetIdentityLinkRequest fuer the SZR-GW
* @param givenname
* @param familyname
* @param birthday
* @return
*/
// private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
//
// try {
// byte[] certbyte = cert.getEncoded();
// String certstring = Base64.encode(certbyte);
//
// DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
// factory.setNamespaceAware(true);
// DocumentBuilder builder = factory.newDocumentBuilder();
// Document doc = builder.newDocument();
//
// Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
// getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
// doc.appendChild(getIdentityLink);
//
// Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
// getIdentityLink.appendChild(x509certificate);
// Text certbase64 = doc.createTextNode(certstring);
// x509certificate.appendChild(certbase64);
//
// return doc;
// } catch (ParserConfigurationException e) {
// e.printStackTrace();
// } catch (CertificateEncodingException e) {
// e.printStackTrace();
// }
// return null;
//
// }
//
// /**
// * Checks a parameter.
// * @param param parameter
// * @return true if the parameter is null or empty
// */
// private boolean isEmpty(String param) {
// return param == null || param.length() == 0;
// }
}