at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet.java Source code

Java tutorial

Introduction

Here is the source code for at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet.java

Source

/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 * 
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 * 
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 ******************************************************************************/
/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */

package at.gv.egovernment.moa.id.auth.servlet;

import iaik.x509.X509Certificate;

import java.io.IOException;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;

import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.util.CertificateUtils;

/**
 * Servlet requested for getting the foreign eID
 * provided by the security layer implementation.
 * Utilizes the {@link AuthenticationServer}.
 * @deprecated Use {@link VerifyCertificateTask} instead.
 *
 */
public class VerifyCertificateServlet extends AuthServlet {

    /**
      * 
      */
    private static final long serialVersionUID = -4110159749768152538L;

    /**
       * Constructor for VerifyCertificateServlet.
       */
    public VerifyCertificateServlet() {
        super();
    }

    /**
     * GET requested by security layer implementation to verify
     * that data URL resource is available.
     * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
     */
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        Logger.debug("GET VerifyCertificateServlet");

        resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
        resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
        resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
        resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
    }

    /**
     * Gets the signer certificate from the InfoboxReadRequest and 
     * responds with a new 
     * <code>CreateXMLSignatureRequest</code>.
     * <br>
     * Request parameters:
     * <ul>
     * <li>MOASessionID: ID of associated authentication session</li>
     * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
     * </ul>
     * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
     */
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        Logger.debug("POST VerifyCertificateServlet");

        Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");

        resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
        resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
        resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
        resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

        String pendingRequestID = null;

        Map<String, String> parameters;
        try {
            parameters = getParameters(req);
        } catch (FileUploadException e) {
            Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
            throw new IOException(e.getMessage());
        }
        String sessionID = req.getParameter(PARAM_SESSIONID);

        // escape parameter strings
        sessionID = StringEscapeUtils.escapeHtml(sessionID);

        pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);

        AuthenticationSession session = null;
        try {
            // check parameter
            if (!ParamValidatorUtils.isValidSessionID(sessionID))
                throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");

            session = AuthenticationServer.getSession(sessionID);

            //change MOASessionID
            sessionID = AuthenticationSessionStoreage.changeSessionID(session);

            X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
            if (cert == null) {
                Logger.error("Certificate could not be read.");
                throw new AuthenticationException("auth.14", null);
            }

            boolean useMandate = session.getUseMandate();

            if (useMandate) {

                // verify certificate for OrganWalter
                String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance()
                        .verifyCertificate(session, cert);

                try {
                    AuthenticationSessionStoreage.storeSession(session);
                } catch (MOADatabaseException e) {
                    throw new MOAIDException("session store error", null);
                }

                ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
                        createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
                        "VerifyCertificate");

            } else {

                String countrycode = CertificateUtils.getIssuerCountry(cert);
                if (countrycode != null) {
                    if (countrycode.compareToIgnoreCase("AT") == 0) {
                        Logger.error(
                                "Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
                        throw new AuthenticationException("auth.22", null);
                    }
                }

                // Foreign Identities Modus   
                String createXMLSignatureRequest = AuthenticationServer.getInstance()
                        .createXMLSignatureRequestForeignID(session, cert);
                // build dataurl (to the GetForeignIDSerlvet)
                String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_GET_FOREIGN_ID,
                        session.getSessionID());

                try {
                    AuthenticationSessionStoreage.storeSession(session);
                } catch (MOADatabaseException e) {
                    throw new MOAIDException("session store error", null);
                }

                ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest,
                        AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);

                Logger.debug("Send CreateXMLSignatureRequest to BKU");
            }
        } catch (MOAIDException ex) {
            handleError(null, ex, req, resp, pendingRequestID);

        } catch (Exception e) {
            Logger.error("CertificateValidation has an interal Error.", e);
        }

        finally {
            ConfigurationDBUtils.closeSession();
        }
    }

}