package at.gv.egovernment.moa.id.auth.tasks;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
import iaik.x509.X509Certificate;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
import com.datentechnik.process_engine.api.ExecutionContext;
/**
* Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.
* In detail:
*
* - Renames the moa session id.
* - Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.
* - Verifies the certificate.
* - Creates the auth block to be signed using information from the certificate (Organwalter, foreign citizen.
* - Puts it in a {@code CreateXMLSignatureRequest}.
* - Updates moa session.
* - Responds with {@code CreateXMLSignatureRequest}.
*
* Expects:
*
* - HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}
* - HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.
*
* Result:
*
* - {@code CreateXMLSignatureRequest} send as HttpServletResponse (for CCE).
*
* Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet}.
* @author tknall
* @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
*
*/
public class VerifyCertificateTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws Exception {
// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet
Logger.debug("POST VerifyCertificateServlet");
String pendingRequestID = null;
Map parameters;
try
{
parameters = getParameters(req);
} catch (FileUploadException e)
{
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
String sessionID = req.getParameter(PARAM_SESSIONID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
AuthenticationSession session = null;
try {
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
session = AuthenticationServer.getSession(sessionID);
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
if (cert == null) {
Logger.error("Certificate could not be read.");
throw new AuthenticationException("auth.14", null);
}
boolean useMandate = session.getUseMandate();
if (useMandate) {
// verify certificate for OrganWalter
String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
try {
AuthenticationSessionStoreage.storeSession(session);
} catch (MOADatabaseException e) {
throw new MOAIDException("session store error", null);
}
// TODO[branch]: Mandate; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
}
else {
String countrycode = CertificateUtils.getIssuerCountry(cert);
if (countrycode != null) {
if (countrycode.compareToIgnoreCase("AT") == 0) {
Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
throw new AuthenticationException("auth.22", null);
}
}
// Foreign Identities Modus
String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_GET_FOREIGN_ID,
session.getSessionID());
try {
AuthenticationSessionStoreage.storeSession(session);
} catch (MOADatabaseException e) {
throw new MOAIDException("session store error", null);
}
// TODO[branch]: Foreign citizen; respond with CXSR for authblock signature, dataURL "/GetForeignID"
ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
Logger.debug("Send CreateXMLSignatureRequest to BKU");
}
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp, pendingRequestID);
} catch (Exception e) {
Logger.error("CertificateValidation has an interal Error.", e);
}
finally {
ConfigurationDBUtils.closeSession();
}
}
}