aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/auth/servlet
diff options
context:
space:
mode:
authorrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-10-24 08:34:56 +0000
committerrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-10-24 08:34:56 +0000
commitdd45e938564249a5e6897bd92dd29808d8990868 (patch)
tree372d8a4b128cff09262ad09d6a4cf5765d672d61 /id.server/src/at/gv/egovernment/moa/id/auth/servlet
parent59f78a67d7357fd31de68fc2b623f95b3d654ebc (diff)
downloadmoa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.gz
moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.bz2
moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.zip
MOA-ID version 1.1 (initial)
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/servlet')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java117
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java74
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java135
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java95
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java102
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java110
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java97
7 files changed, 730 insertions, 0 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
new file mode 100644
index 000000000..3a1cab4be
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -0,0 +1,117 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLDecoder;
+
+/**
+ * Base class for MOA-ID Auth Servlets, providing standard error handling
+ * and constant names.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
+
+
+ /**
+ * Handles an error. <br>
+ * <ul>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request
+ * as request attributes (to be used by <code>"/errorpage.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
+ * </ul>
+ *
+ * @param errorMessage error message
+ * @param exceptionThrown exception thrown
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ protected void handleError(
+ String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+
+ if (exceptionThrown != null)
+ Logger.error(errorMessage, exceptionThrown);
+ else
+ Logger.error(errorMessage);
+ req.setAttribute("ErrorMessage", errorMessage);
+ req.setAttribute("ExceptionThrown", exceptionThrown);
+ resp.setStatus(500);
+ }
+ /**
+ * Handles a <code>WrongParametersException</code>.
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
+ Logger.error(ex.toString());
+ req.setAttribute("WrongParameters", "true");
+ resp.setStatus(500);
+ }
+
+ /**
+ * Logs all servlet parameters for debugging purposes.
+ */
+ protected void logParameters(HttpServletRequest req) {
+ for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements(); ) {
+ String parname = (String)enum.nextElement();
+ Logger.debug("Parameter " + parname + req.getParameter(parname));
+ }
+ }
+ /**
+ * Parses the request input stream for parameters,
+ * assuming parameters are encoded UTF-8.
+ * @param req servlet request
+ * @return mapping parameter name -> value
+ */
+ protected Map getParameters(HttpServletRequest req) throws IOException {
+ Map parameters = new HashMap();
+ InputStream in = req.getInputStream();
+ String paramName;
+ String paramValueURLEncoded;
+ do {
+ paramName = new String(readBytesUpTo(in, '='));
+ if (paramName.length() > 0) {
+ paramValueURLEncoded = readBytesUpTo(in, '&');
+ String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
+ parameters.put(paramName, paramValue);
+ }
+ }
+ while (paramName.length() > 0);
+ in.close();
+
+ return parameters;
+ }
+ /**
+ * Reads bytes up to a delimiter, consuming the delimiter.
+ * @param in input stream
+ * @param delimiter delimiter character
+ * @return String constructed from the read bytes
+ * @throws IOException
+ */
+ protected String readBytesUpTo(InputStream in, char delimiter) throws IOException {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ boolean done = false;
+ int b;
+ while (! done && (b = in.read()) >= 0) {
+ if (b == delimiter)
+ done = true;
+ else
+ bout.write(b);
+ }
+ return bout.toString();
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
new file mode 100644
index 000000000..554819f73
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -0,0 +1,74 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for updating the MOA-ID Auth configuration from configuration file
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConfigurationServlet extends HttpServlet {
+ /** Constant for the DTD-Doc type */
+ private static final String DOC_TYPE =
+ "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
+
+ /**
+ * Handle a HTTP GET request, used to indicated that the MOA
+ * configuration needs to be updated (reloaded).
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+ MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
+ PrintWriter out;
+
+ response.setContentType("text/html");
+ out = response.getWriter();
+ out.println(DOC_TYPE);
+ out.println("<head><title>MOA configuration update</title></head>");
+ out.println("<body bgcolor=\"#FFFFFF\">");
+ try {
+ MOAIDAuthInitializer.initialized=false;
+ MOAIDAuthInitializer.initialize();
+ String message = msg.getMessage("config.00", null);
+ Logger.info(message);
+ out.println("<p><b>");
+ out.println(message);
+ out.println("</b></p>");
+ } catch (Throwable t) {
+ String errorMessage = msg.getMessage("config.04", null);
+ Logger.error(errorMessage, t);
+ out.println("<p><b>");
+ out.println(errorMessage);
+ out.println("</b></p>");
+ }
+ out.println("</body>");
+
+ out.flush();
+ out.close();
+ }
+
+ /**
+ * Do the same as <code>doGet</code>.
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ doGet(request, response);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
new file mode 100644
index 000000000..c41b514c8
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
@@ -0,0 +1,135 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.util.Calendar;
+
+import org.apache.axis.AxisFault;
+import org.w3c.dom.Element;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Web service for picking up authentication data created in the MOA-ID Auth component.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
+ */
+public class GetAuthenticationDataService implements Constants {
+
+ /**
+ * Constructor for GetAuthenticationDataService.
+ */
+ public GetAuthenticationDataService() {
+ super();
+ }
+
+ /**
+ * Takes a <code>lt;samlp:Request&gt;</code> containing a
+ * <code>SAML artifact</code> and returns the corresponding
+ * authentication data <code>lt;saml:Assertion&gt;</code>
+ * (obtained from the <code>AuthenticationServer</code>),
+ * enclosed in a <code>lt;samlp:Response&gt;</code>.
+ * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode&gt;</code>s,
+ * possibly containing enclosed sub-<code>lt;samlp:StatusCode&gt;</code>s.
+ * The status codes are defined in the SAML specification.
+ *
+ * @param requests request elements of type <code>lt;samlp:Request&gt;</code>;
+ * only 1 request element is allowed
+ * @return response element of type <code>lt;samlp:Response&gt;</code>,
+ * packed into an <code>Element[]</code>
+ * @throws AxisFault thrown when an error occurs in assembling the
+ * <code>lt;samlp:Response&gt;</code>
+ */
+ public Element[] Request(Element[] requests)
+ throws AxisFault {
+
+ Element request = requests[0];
+ Element[] responses = new Element[1];
+ String requestID = "";
+ String statusCode = "";
+ String subStatusCode = null;
+ String statusMessageCode = null;
+ String statusMessage = null;
+ String samlAssertion = "";
+ if (requests.length > 1) {
+ // more than 1 request given as parameter
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:TooManyResponses";
+ statusMessageCode = "1201";
+ }
+ else {
+ try {
+ DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null);
+ NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact");
+ if (samlArtifactList.getLength() == 0) {
+ // no SAML artifact given in request
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1202";
+ }
+ else if (samlArtifactList.getLength() > 1) {
+ // too many SAML artifacts given in request
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:TooManyResponses";
+ statusMessageCode = "1203";
+ }
+ else {
+ Element samlArtifactElem = (Element)samlArtifactList.item(0);
+ requestID = samlArtifactElem.getAttribute("RequestID");
+ String samlArtifact = DOMUtils.getText(samlArtifactElem);
+ try {
+ AuthenticationData authData = AuthenticationServer.getInstance().
+ getAuthenticationData(samlArtifact);
+ // success
+ samlAssertion = authData.getSamlAssertion();
+ statusCode = "samlp:Success";
+ statusMessageCode = "1200";
+ }
+ catch (AuthenticationException ex) {
+ // no authentication data for given SAML artifact
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:ResourceNotRecognized";
+ statusMessage = ex.toString();
+ }
+ }
+ }
+ catch (Throwable t) {
+ // invalid request format
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1204";
+ }
+ }
+ try {
+ String responseID = Random.nextRandom();
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ if (statusMessage == null)
+ statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
+ responses[0] = new SAMLResponseBuilder().build(
+ responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
+ }
+ catch (MOAIDException e) {
+ AxisFault fault = AxisFault.makeFault(e);
+ fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+ throw fault;
+ }
+ catch (Throwable t) {
+ MOAIDException e = new MOAIDException("1299", null, t);
+ AxisFault fault = AxisFault.makeFault(e);
+ fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+ throw fault;
+ }
+ return responses;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
new file mode 100644
index 000000000..50ca21c69
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -0,0 +1,95 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for selecting a BKU.
+ * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete,
+ * the browser is redirected to the configured "BKU-Auswahl-URL".
+ * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect,
+ * the list of available BKU's is fetched from a BKU-Auswahl server, and presented
+ * to the user in an HTML form.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SelectBKUServlet extends AuthServlet {
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+ /**
+ * Responds with an HTML form which requests the user to choose a BKU.
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET SelectBKU");
+ String authURL =
+ req.getScheme() + "://" +
+ req.getServerName() + ":" +
+ req.getServerPort() +
+ req.getContextPath() + "/";
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
+ resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
+ resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+
+ try {
+ String returnValue = AuthenticationServer.getInstance().selectBKU(
+ authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
+ String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
+ if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+ // bkuSelectionType==HTMLComplete
+ String redirectURL = returnValue;
+ resp.sendRedirect(redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ else {
+ // bkuSelectionType==HTMLSelect
+ String htmlForm = returnValue;
+ resp.setContentType("text/html");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(htmlForm);
+ out.flush();
+ Logger.debug("Finished GET SelectBKU");
+ }
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (Throwable ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
new file mode 100644
index 000000000..2ea43935b
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -0,0 +1,102 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for starting a MOA ID authentication session.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ * @see AuthenticationServer#startAuthentication
+ */
+public class StartAuthenticationServlet extends AuthServlet {
+
+ /**
+ * Responds with an HTML form which upon submit requests the identity link
+ * from the security layer implementation.
+ * <br>
+ * Response:
+ * <ul>
+ * <li>Content type: <code>"text/html"</code></li>
+ * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET StartAuthentication");
+ String authURL =
+ req.getScheme() + "://" +
+ req.getServerName() + ":" +
+ req.getServerPort() +
+ req.getContextPath() + "/";
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
+ resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
+ resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+ try {
+ String getIdentityLinkForm =
+ AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID);
+ resp.setContentType("text/html");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET StartAuthentication");
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+
+ /**
+ * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doGet(req, resp);
+ }
+
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
new file mode 100644
index 000000000..8d16f73dd
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -0,0 +1,110 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for verifying the signed authentication block
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class VerifyAuthenticationBlockServlet extends AuthServlet {
+
+
+ /**
+ * Constructor for VerifyAuthenticationBlockServlet.
+ */
+ public VerifyAuthenticationBlockServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET VerifyAuthenticationBlock");
+ }
+
+ /**
+ * Verifies the signed authentication block and redirects the browser
+ * to the online application requested, adding a parameter needed for
+ * retrieving the authentication data.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * </ul>
+ * Response:
+ * <ul>
+ * <li>Status: <code>302</code></li>
+ * <li>Header <code>"Location"</code>: URL of the online application requested, with
+ * parameters <code>"Target"</code> and <code>"SAMLArtifact"</code> added</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see AuthenticationServer#verifyAuthenticationBlock
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST VerifyAuthenticationBlock");
+ Map parameters = getParameters(req);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+ // debug output
+ AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse);
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ String redirectURL = session.getOAURLRequested();
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget());
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+
+ }
+ /**
+ * Adds a parameter to a URL.
+ * @param url the URL
+ * @param paramname parameter name
+ * @param paramvalue parameter value
+ * @return the URL with parameter added
+ */
+ private static String addURLParameter(String url, String paramname, String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
new file mode 100644
index 000000000..d3a28c7d4
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -0,0 +1,97 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for verifying the identity link
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class VerifyIdentityLinkServlet extends AuthServlet {
+
+ /**
+ * Constructor for VerifyIdentityLinkServlet.
+ */
+ public VerifyIdentityLinkServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET VerifyIdentityLink");
+ }
+
+ /**
+ * Verifies the identity link and responds with a new
+ * <code>CreateXMLSignatureRequest</code>.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ * Response:
+ * <ul>
+ * <li>Content type: <code>"text/xml"</code></li>
+ * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST VerifyIdentityLink");
+ Map parameters = getParameters(req);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+ // debug output
+ AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse);
+ try {
+ String createXMLSignatureRequest =
+ AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse);
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ resp.setStatus(307);
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+ resp.addHeader("Location", dataURL);
+ resp.setContentType("text/xml");
+ // debug output
+ AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest);
+ OutputStream out = resp.getOutputStream();
+ out.write(createXMLSignatureRequest.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST VerifyIdentityLink");
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+}