diff options
Diffstat (limited to 'id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java')
-rw-r--r-- | id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java | 148 |
1 files changed, 0 insertions, 148 deletions
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java deleted file mode 100644 index 0bc4a4839..000000000 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Date; - -import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.VelocityContext; - -import com.google.gson.JsonObject; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.MiscUtil; -import net.glxn.qrgen.QRCode; -import net.glxn.qrgen.image.ImageType; - - - -/** - * @author tlenz - * - */ -@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession") -public class SSOTransferGUIServlet extends AuthServlet { - - private static final long serialVersionUID = 3974201828186450839L; - - public SSOTransferGUIServlet() { - super(); - Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'."); - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - super.doGet(req, resp); - - //search SSO session - SSOManager ssomanager = SSOManager.getInstance(); - String ssoid = ssomanager.getSSOSessionID(req); - - VelocityContext context = new VelocityContext(); - - try { - if (ssomanager.isValidSSOSession(ssoid, null)) { - Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); - if (createQRObj != null && createQRObj instanceof Integer) { - - - - } else { - //create first step of SSO Transfer GUI - String authURL = HTTPUtils.extractAuthURLFromRequest(req); - if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). - contains(authURL)) { - Logger.warn("Requested URL is not allowed.");; - resp.sendError(500, "Requested URL is not allowed."); - - } - - String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSession authSession = AuthenticationSessionStoreage - .getSession(moaSessionID); - if(authSession != null) { - Date now = new Date(); - String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now); - - String token = Random.nextRandom(); - AssertionStorage.getInstance().put(token, encodedSSOContainer); - - String containerURL = authURL - + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE - + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; - - JsonObject qrResult = new JsonObject(); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, - SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); - - ByteArrayOutputStream qrStream = - QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); - String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - context.put("QRImage", base64EncodedImage); - - context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation."); - - GUIUtils.printSSOTransferGUI(context, resp); - - } - } - } - - } else { - context.put("errorMsg", - "No active Single Sign-On session found! SSO Session transfer is not possible."); - GUIUtils.printSSOTransferGUI(context, resp); - } - - } catch (MOAIDException | MOADatabaseException e) { - e.printStackTrace(); - resp.sendError(500, e.getMessage()); - - } - - } - - -} |