/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
* Servlet requested for verifying the identity link
* provided by the security layer implementation.
* Utilizes the {@link AuthenticationServer}.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class VerifyIdentityLinkServlet extends AuthServlet {
/**
*
*/
private static final long serialVersionUID = -7074476974026049958L;
/**
* Constructor for VerifyIdentityLinkServlet.
*/
public VerifyIdentityLinkServlet() {
super();
}
/**
* GET requested by security layer implementation to verify
* that data URL resource is available.
* @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
*/
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("GET VerifyIdentityLink");
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
}
/**
* Verifies the identity link and responds with a new
* CreateXMLSignatureRequest or a new
* InfoboxReadRequest (in case of a foreign eID card).
*
* Request parameters:
*
* - MOASessionID: ID of associated authentication session
* - XMLResponse:
<InfoboxReadResponse>
*
* Response:
*
* - Content type:
"text/xml"
* - Content: see return value of {@link AuthenticationServer#verifyIdentityLink}
* - Error status:
500
*
* @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
*/
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("POST VerifyIdentityLink");
Map parameters;
String pendingRequestID = null;
try
{
parameters = getParameters(req);
} catch (Exception e)
{
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
String sessionID = req.getParameter(PARAM_SESSIONID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
try {
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);
Logger.debug(createXMLSignatureRequestOrRedirect);
if (createXMLSignatureRequestOrRedirect == null) {
// no identity link found
boolean useMandate = session.getUseMandate();
if (useMandate) {
Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
throw new AuthenticationException("auth.13", null);
}
try {
Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
// create the InfoboxReadRequest to get the certificate
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
// build dataurl (to the VerifyCertificateSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_VERIFY_CERTIFICATE,
session.getSessionID());
ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
}
catch(Exception e) {
handleError(null, e, req, resp, pendingRequestID);
}
}
else {
boolean useMandate = session.getUseMandate();
if (useMandate) { // Mandate modus
// read certificate and set dataurl to
Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_VERIFY_CERTIFICATE,
session.getSessionID());
//Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
//ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
}
else {
Logger.info("Normal");
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance()
.getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
authConf, oaParam);
ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
}
}
try {
AuthenticationSessionStoreage.storeSession(session);
} catch (MOADatabaseException e) {
Logger.info("No valid MOA session found. Authentification process is abourted.");
throw new AuthenticationException("auth.20", null);
}
}
catch (ParseException ex) {
handleError(null, ex, req, resp, pendingRequestID);
} catch (MOAIDException ex) {
handleError(null, ex, req, resp, pendingRequestID);
} catch (Exception e) {
Logger.error("IdentityLinkValidation has an interal Error.", e);
}
finally {
ConfigurationDBUtils.closeSession();
}
}
}