/* * Copyright 2003 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; /** * Servlet requested for verifying the identity link * provided by the security layer implementation. * Utilizes the {@link AuthenticationServer}. * * @author Paul Ivancsics * @version $Id$ */ public class VerifyIdentityLinkServlet extends AuthServlet { /** * Constructor for VerifyIdentityLinkServlet. */ public VerifyIdentityLinkServlet() { super(); } /** * GET requested by security layer implementation to verify * that data URL resource is available. * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) */ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("GET VerifyIdentityLink"); resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); } /** * Verifies the identity link and responds with a new * CreateXMLSignatureRequest or a new * InfoboxReadRequest (in case of a foreign eID card). *
* Request parameters: * * Response: * * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) */ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("POST VerifyIdentityLink"); Map parameters; try { parameters = getParameters(req); } catch (FileUploadException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); try { // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); AuthenticationSession session = AuthenticationServer.getSession(sessionID); String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); Logger.debug(createXMLSignatureRequestOrRedirect); if (createXMLSignatureRequestOrRedirect == null) { // no identity link found boolean useMandate = session.getUseMandate(); if (useMandate) { Logger.error("Online-Mandate Mode for foreign citizencs not supported."); throw new AuthenticationException("auth.13", null); } try { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); // build dataurl (to the GetForeignIDSerlvet) String dataurl = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_CERTIFICATE, session.getSessionID()); ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } catch(Exception e) { handleError(null, e, req, resp); } } else { ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } } catch (ParseException ex) { handleError(null, ex, req, resp); } catch (MOAIDException ex) { handleError(null, ex, req, resp); } } }