diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet')
5 files changed, 206 insertions, 40 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java new file mode 100644 index 000000000..df480b624 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -0,0 +1,175 @@ +package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * Servlet requested for processing user input forms of infobox validators
+ *
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $
+ */
+public class ProcessValidatorInputServlet extends AuthServlet {
+
+ public static final long serialVersionUID = 1;
+
+ /**
+ * Constructor for VerifyIdentityLinkServlet.
+ */
+ public ProcessValidatorInputServlet() {
+ super();
+ }
+
+ /**
+ * Shows the user input forms of infobox validators
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET ProcessInput");
+ Map parameters;
+ try {
+ parameters = getParameters(req);
+ } catch (FileUploadException e) {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ InfoboxValidator infoboxvalidator = session.getFirstPendingValidator();
+ String outputStream;
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+ if (infoboxvalidator!=null) {
+ outputStream = infoboxvalidator.getForm();
+ // replace strings the validators can not know
+ outputStream = ParepUtils.replaceAll(outputStream, "<BASE_href>", session.getAuthURL());
+ outputStream = ParepUtils.replaceAll(outputStream, "<MOASessionID>", sessionID);
+ outputStream = ParepUtils.replaceAll(outputStream, "<BKU>", session.getBkuURL());
+ outputStream = ParepUtils.replaceAll(outputStream, "<DataURL>", dataURL);
+ outputStream = ParepUtils.replaceAll(outputStream, "<PushInfobox>", session.getPushInfobox());
+ } else {
+ throw new ValidateException("validator.65", null);
+ }
+ //resp.setStatus(200);
+ resp.setContentType("text/html;charset=UTF-8");
+ OutputStream out = resp.getOutputStream();
+ out.write(outputStream.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished GET ProcessInput");
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+ /**
+ * Verifies the user input forms of infobox validators
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST ProcessInput");
+ Map parameters;
+ try {
+ parameters = getParameters(req);
+ } catch (FileUploadException e) {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ AuthenticationServer.processInput(session, parameters);
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+ // Now sign the AUTH Block
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+
+ // Test if we have a user input form sign template
+ String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+ String inputProcessorSignTemplate = null;
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+ // override template url by url from configuration file
+ if (oaParam.getInputProcessorSignTemplateURL() != null) {
+ inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+ }
+ if (inputProcessorSignTemplateURL != null) {
+ try {
+ inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+ ex);
+ }
+ }
+
+
+
+ String htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+ inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+
+ resp.setContentType("text/html;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(htmlForm.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST ProcessInput");
+ } else {
+ String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 4dc69c70b..6e2a932d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -54,11 +54,11 @@ public class SelectBKUServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET SelectBKU"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 6098f5138..9f0cf6606 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -41,11 +41,11 @@ public class StartAuthenticationServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET StartAuthentication"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 6ec4a247d..b81107ff2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,8 +1,9 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Iterator; import java.util.Map; +import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -12,8 +13,13 @@ import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for verifying the signed authentication block @@ -80,17 +86,21 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - + String redirectURL = null; try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - String redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 2134c1444..b9d8f8c75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,22 +1,18 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.OutputStream; -import java.util.Enumeration; import java.util.Map; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -79,25 +75,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); - try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - String createXMLSignatureRequest = - AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); - resp.setStatus(307); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - resp.addHeader("Location", dataURL); - - //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); - - OutputStream out = resp.getOutputStream(); - out.write(createXMLSignatureRequest.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST VerifyIdentityLink"); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); |