1 files changed, 0 insertions, 268 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
deleted file mode 100644
index 0409719da..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ /dev/null
@@ -1,268 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;

-

-import java.io.IOException;

-import java.io.OutputStream;

-import java.util.Map;

-

-import javax.servlet.ServletException;

-import javax.servlet.http.HttpServletRequest;

-import javax.servlet.http.HttpServletResponse;

-

-import org.apache.commons.fileupload.FileUploadException;

-import org.apache.commons.lang.StringEscapeUtils;
-

-import at.gv.egovernment.moa.id.auth.AuthenticationServer;

-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

-import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder;

-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;

-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;

-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;

-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;

-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;

-import at.gv.egovernment.moa.util.FileUtils;

-

-/**

- * Servlet requested for processing user input forms of infobox validators

- * 

- * Utilizes the {@link AuthenticationServer}.

- *

- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner

- * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $

- */

-public class ProcessValidatorInputServlet extends AuthServlet {

-

-  public static final long serialVersionUID = 1;

-  

-  /**

-   * Constructor for VerifyIdentityLinkServlet.

-   */

-  public ProcessValidatorInputServlet() {

-    super();

-  }

-

-  /**

-   * Shows the user input forms of infobox validators

-   *  

-   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)

-   */

-  protected void doGet(HttpServletRequest req, HttpServletResponse resp)

-    throws ServletException, IOException { 
-	  
-    Logger.debug("GET ProcessInput");
-    resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-	resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-	resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-	resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-	  

-    Map parameters;

-    try {

-      parameters = getParameters(req);

-    } catch (FileUploadException e) {

-      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());

-      throw new IOException(e.getMessage());

-    }
-    String sessionID = req.getParameter(PARAM_SESSIONID);

-    if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);

-    if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);

-    if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");

-    
-    // escape parameter strings
-    sessionID = StringEscapeUtils.escapeHtml(sessionID);
-    

-    try {
-    	
-    	if (!ParamValidatorUtils.isValidSessionID(sessionID))
-            throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
-    	

-      AuthenticationSession session = AuthenticationServer.getSession(sessionID);

-      InfoboxValidator infoboxvalidator = session.getFirstPendingValidator();

-      String outputStream;

-      String dataURL = new DataURLBuilder().buildDataURL(

-          session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, sessionID);

-      if (infoboxvalidator!=null) {

-        outputStream = infoboxvalidator.getForm();

-        // replace strings the validators can not know

-        outputStream = ParepUtils.replaceAll(outputStream, "<BASE_href>", session.getAuthURL());

-        outputStream = ParepUtils.replaceAll(outputStream, "<MOASessionID>", sessionID);

-        outputStream = ParepUtils.replaceAll(outputStream, "<BKU>", session.getBkuURL());

-        outputStream = ParepUtils.replaceAll(outputStream, "<DataURL>", dataURL);

-        outputStream = ParepUtils.replaceAll(outputStream, "<PushInfobox>", session.getPushInfobox());

-      } else {

-        throw new ValidateException("validator.65", null);

-      }

-      //resp.setStatus(200);

-      resp.setContentType("text/html;charset=UTF-8");

-      OutputStream out = resp.getOutputStream();

-      out.write(outputStream.getBytes("UTF-8"));

-      out.flush();

-      out.close();

-      Logger.debug("Finished GET ProcessInput");

-    }
-    catch (WrongParametersException ex) {
-        handleWrongParameters(ex, req, resp);
-      }

-    catch (MOAIDException ex) {

-      handleError(null, ex, req, resp, null);  //TODO: is this Class required?

-    }

-  }

-

-  /**

-   * Verifies the user input forms of infobox validators 

-   *

-   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)

-   */

-  protected void doPost(HttpServletRequest req, HttpServletResponse resp)

-    throws ServletException, IOException {

-

-//		Logger.debug("POST ProcessInput");
-//		
-//		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-//		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-//		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-//		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-//		

-//    Map parameters;

-//    try {

-//      parameters = getParameters(req);

-//    } catch (FileUploadException e) {

-//      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());

-//      throw new IOException(e.getMessage());

-//    }
-//
-//    String sessionID = req.getParameter(PARAM_SESSIONID);

-//    if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);

-//    if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);

-//    if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");

-//        
-//    // escape parameter strings
-//    sessionID = StringEscapeUtils.escapeHtml(sessionID);
-//    

-//    try {
-//    	
-//    	if (!ParamValidatorUtils.isValidSessionID(sessionID))
-//            throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
-//		    

-//      AuthenticationSession session = AuthenticationServer.getSession(sessionID);

-//      AuthenticationServer.processInput(session, parameters);

-//      String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);

-//      if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {

-//        // Now sign the AUTH Block

-//        String dataURL = new DataURLBuilder().buildDataURL(

-//            session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);

-//        

-//        String htmlForm = null;

-//        

-//        boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed 

-//
-//        String inputProcessorSignForm = req.getParameter("Sign_Form");

-//        if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");

-//        if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");

-//        if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
-//        // escape parameter strings
-//        inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);

-//        if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");

-//        if (doInputProcessorSign) {

-//          // Test if we have a user input form sign template
-//         

-//          String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
-//          
-//          if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
-//              throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
-//          

-//          String inputProcessorSignTemplate = null;

-//          OAAuthParameter oaParam =

-//            AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());

-//          // override template url by url from configuration file

-//          if (oaParam.getInputProcessorSignTemplateURL() != null) {

-//            inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();

-//          }       

-//          if (inputProcessorSignTemplateURL != null) {

-//            try {

-//              inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));

-//            } catch (IOException ex) {

-//              throw new AuthenticationException(

-//                "auth.03",

-//                new Object[] { inputProcessorSignTemplateURL, ex.toString()},

-//                ex);

-//            }

-//          }

-//          

-//          htmlForm = new GetVerifyAuthBlockFormBuilder().build(

-//              inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());

-//          htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());

-//          htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);

-//          htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());

-//          htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);

-//          htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());

-//          resp.setContentType("text/html;charset=UTF-8");

-//        } else {

-//          htmlForm = createXMLSignatureRequestOrRedirect;

-//          resp.setStatus(307);

-//          resp.addHeader("Location", dataURL);

-//          //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)

-//          resp.setContentType("text/xml;charset=UTF-8");

-//        }

-//        

-//        OutputStream out = resp.getOutputStream();

-//        out.write(htmlForm.getBytes("UTF-8"));

-//        out.flush();

-//        out.close();

-//        Logger.debug("Finished POST ProcessInput");

-//      } else {

-//        String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());

-//        resp.setContentType("text/html");

-//        resp.setStatus(302);

-//        resp.addHeader("Location", redirectURL);

-//        Logger.debug("REDIRECT TO: " + redirectURL);

-//      }
-//      
-//  	try {
-//		AuthenticationSessionStoreage.storeSession(session);
-//		
-//	} catch (MOADatabaseException e) {
-//		throw new AuthenticationException("", null);
-//	}
-//      

-//    }
-//    catch (WrongParametersException ex) {
-//        handleWrongParameters(ex, req, resp);
-//      }

-//    catch (MOAIDException ex) {

-//      handleError(null, ex, req, resp);

-//    }

-  }

-

-}