1 files changed, 239 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
new file mode 100644
index 000000000..1d3c82aaf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -0,0 +1,239 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
+
+	public static void parse(AuthenticationSession moasession, 
+			String target,
+			String sourceID,
+			String oaURL,
+			String bkuURL,
+			String templateURL,
+			String useMandate,
+			String ccc,
+			String module,
+			String action,
+			HttpServletRequest req) throws WrongParametersException, MOAIDException {
+		
+		String targetFriendlyName = null;
+		
+	    // escape parameter strings
+	    //TODO: use URLEncoder.encode!!
+	    target = StringEscapeUtils.escapeHtml(target);
+	    sourceID = StringEscapeUtils.escapeHtml(sourceID);
+	    oaURL = StringEscapeUtils.escapeHtml(oaURL);
+	    bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
+	    templateURL = StringEscapeUtils.escapeHtml(templateURL);
+	    useMandate = StringEscapeUtils.escapeHtml(useMandate);
+	    ccc = StringEscapeUtils.escapeHtml(ccc);
+
+	      // check parameter
+		if (!ParamValidatorUtils.isValidOA(oaURL))
+         throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+	    if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+	       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+	    if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+	       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+	    if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");		    
+	    if (!ParamValidatorUtils.isValidSourceID(sourceID))
+             throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+	    if (!ParamValidatorUtils.isValidCCC(ccc))
+             throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+	    		    
+		//check UseMandate flag
+		String useMandateString = null;
+		boolean useMandateBoolean = false;
+		if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+			useMandateString = useMandate;
+		} else {
+			useMandateString = "false";
+		}
+
+		if (useMandateString.compareToIgnoreCase("true") == 0)
+			useMandateBoolean = true;
+		else
+			useMandateBoolean = false;
+	    
+		moasession.setUseMandate(useMandateString);
+					
+	    //load OnlineApplication configuration
+	    OAAuthParameter oaParam;
+		if (moasession.getPublicOAURLPrefix() != null) {
+			oaParam = AuthConfigurationProvider.getInstance()
+					.getOnlineApplicationParameter(
+							moasession.getPublicOAURLPrefix());
+			
+	        if (oaParam == null)
+		          throw new AuthenticationException("auth.00", 
+		        		  new Object[] { moasession.getPublicOAURLPrefix() });
+			
+		} else {
+			oaParam = AuthConfigurationProvider.getInstance()
+					.getOnlineApplicationParameter(oaURL);
+			
+			if (oaParam == null)
+				throw new AuthenticationException("auth.00",
+						new Object[] { oaURL });
+			
+			
+		    // get target and target friendly name from config
+		    String targetConfig = oaParam.getTarget();
+			String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
+			 			
+			if (StringUtils.isEmpty(targetConfig)) {
+			    	// no target attribut is given in OA config
+			    	// target is used from request
+			    	// check parameter
+			 	if (!ParamValidatorUtils.isValidTarget(target))
+			   		throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");			    			   
+			} else {
+			    	// use target from config			    	
+			    	target = targetConfig;
+			    	targetFriendlyName = targetFriendlyNameConfig;
+			}
+			
+			
+			if (!oaParam.getBusinessService()) {
+				if (isEmpty(target))
+					throw new WrongParametersException("StartAuthentication",
+							PARAM_TARGET, "auth.05");
+				
+			} else {
+				if (useMandateBoolean) {
+					Logger.error("Online-Mandate Mode for bussines application not supported.");
+					throw new AuthenticationException("auth.17", null);
+				}
+				target = null;
+				targetFriendlyName = null;
+			}
+			
+			moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+			moasession.setTarget(target);
+			moasession.setTargetFriendlyName(targetFriendlyName);
+			moasession.setBusinessService(oaParam.getBusinessService());
+			moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
+		}
+	   
+		//check OnlineApplicationURL
+		if (isEmpty(oaURL))
+			throw new WrongParametersException("StartAuthentication",
+					PARAM_OA, "auth.05");
+		moasession.setOAURLRequested(oaURL);
+		
+		//check AuthURL
+	    String authURL = req.getScheme() + "://" + req.getServerName();
+	    if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { 
+	      authURL = authURL.concat(":" + req.getServerPort());
+	    }
+	    authURL = authURL.concat(req.getContextPath() + "/");
+		
+		if (isEmpty(authURL))
+			throw new WrongParametersException("StartAuthentication",
+					"AuthURL", "auth.05");
+
+		// check if HTTP Connection may be allowed (through
+		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+		String boolStr = AuthConfigurationProvider
+				.getInstance()
+				.getGenericConfigurationParameter(
+						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+		if ((!authURL.startsWith("https:"))
+				&& (false == BoolUtils.valueOf(boolStr)))
+			throw new AuthenticationException("auth.07",
+					new Object[] { authURL + "*" });
+		
+		moasession.setAuthURL(authURL);
+
+		//check and set SourceID
+		if (sourceID != null)
+			moasession.setSourceID(sourceID);
+		
+		// BKU URL has not been set yet, even if session already exists
+		if (bkuURL == null) {
+			if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) {
+				bkuURL = DEFAULT_BKU_HTTPS;
+			} else {
+				bkuURL = DEFAULT_BKU;
+			}
+		}
+		moasession.setBkuURL(bkuURL);
+		
+		// override template url by url from configuration file
+		if (oaParam.getTemplateURL() != null) {
+			templateURL = oaParam.getTemplateURL();
+		}
+		moasession.setTemplateURL(templateURL);
+		moasession.setCcc(ccc);
+		
+	}
+	
+	public static void parse(HttpServletRequest req, HttpServletResponse resp, 
+			AuthenticationSession moasession) throws WrongParametersException, MOAIDException {
+		
+	    //check Module and Action
+	    HttpSession httpSession = req.getSession();    
+	    IRequest request = RequestStorage.getPendingRequest(httpSession);
+	    
+	    String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
+	    String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
+	    
+	    modul = StringEscapeUtils.escapeHtml(modul);
+	    action = StringEscapeUtils.escapeHtml(action);
+	    if(modul == null) {
+	    	modul = SAML1Protocol.PATH;
+	    }
+	    
+	    if(action == null) {
+	    	action = SAML1Protocol.GETARTIFACT;
+	    }
+		moasession.setModul(modul);
+		moasession.setAction(action);
+				
+		//get Parameters from request
+		String target = req.getParameter(PARAM_TARGET);
+	    String sourceID = req.getParameter(PARAM_SOURCEID);
+	    String oaURL = req.getParameter(PARAM_OA);
+	    String bkuURL = req.getParameter(PARAM_BKU);
+	    String templateURL = req.getParameter(PARAM_TEMPLATE);
+	    String useMandate = req.getParameter(PARAM_USEMANDATE);
+	    String ccc = req.getParameter(PARAM_CCC);
+
+	    oaURL = request.getOAURL();
+	    target = request.getTarget();
+	    
+	    parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
+
+	}
+	
+	/**
+	 * Checks a parameter.
+	 * 
+	 * @param param
+	 *            parameter
+	 * @return true if the parameter is null or empty
+	 */
+	private static boolean isEmpty(String param) {
+		return param == null || param.length() == 0;
+	}
+}