/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.auth.modules.eidas; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * */ @Controller public class eIDASSignalServlet extends AbstractProcessEngineSignalController { public eIDASSignalServlet() { super(); Logger.debug("Registering servlet " + getClass().getName() + " with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + "' and '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + "'."); } @RequestMapping(value = { "/eidas/sp/post", "/eidas/sp/redirect" }, method = {RequestMethod.POST, RequestMethod.GET}) public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { signalProcessManagement(req, resp); } @Override /** * Protocol specific implementation to get the pending-requestID * from http request object * * @param request The http Servlet-Request object * @return The Pending-request id * */ public String getPendingRequestId(HttpServletRequest request) { String sessionId = super.getPendingRequestId(request); try { // use SAML2 relayState if (sessionId == null) { sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState")); } else Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id."); // take from InResponseTo attribute of SAMLResponse // if (sessionId == null) { // String base64SamlToken = request.getParameter("SAMLResponse"); // if (base64SamlToken != null && false) { // byte[] samlToken = Base64Utils.decode(base64SamlToken, false); // Document samlResponse = parseDocument(new ByteArrayInputStream(samlToken)); // // XPath xPath = XPathFactory.newInstance().newXPath(); // SimpleNamespaceContext nsContext = new SimpleNamespaceContext(); // nsContext.bindNamespaceUri("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol"); // xPath.setNamespaceContext(nsContext); // XPathExpression expression = xPath.compile("string(/saml2p:Response/@InResponseTo)"); // sessionId = (String) expression.evaluate(samlResponse, XPathConstants.STRING); // sessionId = StringEscapeUtils.escapeHtml(StringUtils.trimToNull(sessionId)); // } else { // Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id."); // } // } } catch (Exception e) { Logger.warn("Unable to retrieve moa session id.", e); } return sessionId; } }