/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.servlet;
import iaik.pki.PKIException;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.GeneralSecurityException;
import java.util.List;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
/**
* Servlet requested for getting the foreign eID
* provided by the security layer implementation.
* Utilizes the {@link AuthenticationServer}.
*
*/
public class GetMISSessionIDServlet extends AuthServlet {
/**
* Constructor for GetMISSessionIDServlet.
*/
public GetMISSessionIDServlet() {
super();
}
/**
* GET requested by security layer implementation to verify
* that data URL resource is available.
* @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
*/
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
doPost(req, resp);
// Logger.debug("GET GetMISSessionIDServlet");
//
// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
}
/**
* Gets the signer certificate from the InfoboxReadRequest and
* responds with a new
* CreateXMLSignatureRequest.
*
* Request parameters:
*
* - MOASessionID: ID of associated authentication session
* - XMLResponse:
<InfoboxReadResponse>
*
* @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
*/
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("POST GetMISSessionIDServlet");
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
// Map parameters;
// try
// {
// parameters = getParameters(req);
// } catch (FileUploadException e)
// {
// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
// throw new IOException(e.getMessage());
// }
String sessionID = req.getParameter(PARAM_SESSIONID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
AuthenticationSession session = null;
try {
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
session = AuthenticationServer.getSession(sessionID);
String misSessionID = session.getMISSessionID();
//System.out.println("MIS Session ID (GetMISServlet): " + misSessionID);
AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
if (list == null) {
Logger.error("Keine Vollmacht gefunden.");
throw new MISSimpleClientException("Keine Vollmacht gefunden");
}
if (list.size() == 0) {
Logger.error("Keine Vollmacht gefunden.");
throw new MISSimpleClientException("Keine Vollmacht gefunden");
}
// for now: list contains only one element
MISMandate mandate = (MISMandate)list.get(0);
// verify mandate signature
String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
byte[] byteMandate = mandate.getMandate();
String stringMandate = new String(byteMandate);
Document mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null);
session.setMandateElem(mandateDoc.getDocumentElement());
//System.out.println("stringMandate: " + stringMandate);
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_VERIFY_AUTH_BLOCK,
session.getSessionID());
Logger.debug(createXMLSignatureRequestOrRedirect);
String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl, session.getPublicOAURLPrefix());
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
out.print(request);
out.flush();
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
} catch (GeneralSecurityException ex) {
handleError(null, ex, req, resp);
} catch (PKIException e) {
handleError(null, e, req, resp);
} catch (MISSimpleClientException e) {
handleError(null, e, req, resp);
} catch (SAXException e) {
handleError(null, e, req, resp);
} catch (ParserConfigurationException e) {
handleError(null, e, req, resp);
}
}
private static String getHTMLForm(String request, String bkuURI, String dataURL, String oaUrl) throws BuildException {
return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL, oaUrl);
}
}