MOA configuration update

From dd45e938564249a5e6897bd92dd29808d8990868 Mon Sep 17 00:00:00 2001 From: rudolf Date: Fri, 24 Oct 2003 08:34:56 +0000 Subject: MOA-ID version 1.1 (initial) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/auth/servlet/AuthServlet.java | 117 ++++++++++++++++++ .../moa/id/auth/servlet/ConfigurationServlet.java | 74 +++++++++++ .../auth/servlet/GetAuthenticationDataService.java | 135 +++++++++++++++++++++ .../moa/id/auth/servlet/SelectBKUServlet.java | 95 +++++++++++++++ .../auth/servlet/StartAuthenticationServlet.java | 102 ++++++++++++++++ .../servlet/VerifyAuthenticationBlockServlet.java | 110 +++++++++++++++++ .../id/auth/servlet/VerifyIdentityLinkServlet.java | 97 +++++++++++++++ 7 files changed, 730 insertions(+) create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java create mode 100644 id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/servlet') diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java new file mode 100644 index 000000000..3a1cab4be --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -0,0 +1,117 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Map; + +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLDecoder; + +/** + * Base class for MOA-ID Auth Servlets, providing standard error handling + * and constant names. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { + + + /** + * Handles an error.
+ *

Logs the error
Places error message and exception thrown into the request + * as request attributes (to be used by "/errorpage.jsp")
Sets HTTP status 500 (internal server error)

+ * + * @param errorMessage error message + * @param exceptionThrown exception thrown + * @param req servlet request + * @param resp servlet response + */ + protected void handleError( + String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + + if (exceptionThrown != null) + Logger.error(errorMessage, exceptionThrown); + else + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage); + req.setAttribute("ExceptionThrown", exceptionThrown); + resp.setStatus(500); + } + /** + * Handles a WrongParametersException. + * @param req servlet request + * @param resp servlet response + */ + protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) { + Logger.error(ex.toString()); + req.setAttribute("WrongParameters", "true"); + resp.setStatus(500); + } + + /** + * Logs all servlet parameters for debugging purposes. + */ + protected void logParameters(HttpServletRequest req) { + for (Enumeration enum = req.getParameterNames(); enum.hasMoreElements(); ) { + String parname = (String)enum.nextElement(); + Logger.debug("Parameter " + parname + req.getParameter(parname)); + } + } + /** + * Parses the request input stream for parameters, + * assuming parameters are encoded UTF-8. + * @param req servlet request + * @return mapping parameter name -> value + */ + protected Map getParameters(HttpServletRequest req) throws IOException { + Map parameters = new HashMap(); + InputStream in = req.getInputStream(); + String paramName; + String paramValueURLEncoded; + do { + paramName = new String(readBytesUpTo(in, '=')); + if (paramName.length() > 0) { + paramValueURLEncoded = readBytesUpTo(in, '&'); + String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); + parameters.put(paramName, paramValue); + } + } + while (paramName.length() > 0); + in.close(); + + return parameters; + } + /** + * Reads bytes up to a delimiter, consuming the delimiter. + * @param in input stream + * @param delimiter delimiter character + * @return String constructed from the read bytes + * @throws IOException + */ + protected String readBytesUpTo(InputStream in, char delimiter) throws IOException { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + boolean done = false; + int b; + while (! done && (b = in.read()) >= 0) { + if (b == delimiter) + done = true; + else + bout.write(b); + } + return bout.toString(); + } +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java new file mode 100644 index 000000000..554819f73 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java @@ -0,0 +1,74 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for updating the MOA-ID Auth configuration from configuration file + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class ConfigurationServlet extends HttpServlet { + /** Constant for the DTD-Doc type */ + private static final String DOC_TYPE = + "\n"; + + /** + * Handle a HTTP GET request, used to indicated that the MOA + * configuration needs to be updated (reloaded). + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); + PrintWriter out; + + response.setContentType("text/html"); + out = response.getWriter(); + out.println(DOC_TYPE); + out.println("MOA configuration update"); + out.println(""); + try { + MOAIDAuthInitializer.initialized=false; + MOAIDAuthInitializer.initialize(); + String message = msg.getMessage("config.00", null); + Logger.info(message); + out.println("

"); + out.println(message); + out.println("

"); + } catch (Throwable t) { + String errorMessage = msg.getMessage("config.04", null); + Logger.error(errorMessage, t); + out.println("

"); + out.println(errorMessage); + out.println("

"); + } + out.println(""); + + out.flush(); + out.close(); + } + + /** + * Do the same as doGet. + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + doGet(request, response); + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java new file mode 100644 index 000000000..c41b514c8 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -0,0 +1,135 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.util.Calendar; + +import org.apache.axis.AxisFault; +import org.w3c.dom.Element; + +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Web service for picking up authentication data created in the MOA-ID Auth component. + * + * @author Paul Ivancsics + * @version $Id$ + * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData + */ +public class GetAuthenticationDataService implements Constants { + + /** + * Constructor for GetAuthenticationDataService. + */ + public GetAuthenticationDataService() { + super(); + } + + /** + * Takes a lt;samlp:Request> containing a + * SAML artifact and returns the corresponding + * authentication data lt;saml:Assertion> + * (obtained from the AuthenticationServer), + * enclosed in a lt;samlp:Response>. + *
Bad requests are mapped into various lt;samlp:StatusCode>s, + * possibly containing enclosed sub-lt;samlp:StatusCode>s. + * The status codes are defined in the SAML specification. + * + * @param requests request elements of type lt;samlp:Request>; + * only 1 request element is allowed + * @return response element of type lt;samlp:Response>, + * packed into an Element[] + * @throws AxisFault thrown when an error occurs in assembling the + * lt;samlp:Response> + */ + public Element[] Request(Element[] requests) + throws AxisFault { + + Element request = requests[0]; + Element[] responses = new Element[1]; + String requestID = ""; + String statusCode = ""; + String subStatusCode = null; + String statusMessageCode = null; + String statusMessage = null; + String samlAssertion = ""; + if (requests.length > 1) { + // more than 1 request given as parameter + statusCode = "samlp:Requester"; + subStatusCode = "samlp:TooManyResponses"; + statusMessageCode = "1201"; + } + else { + try { + DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); + NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); + if (samlArtifactList.getLength() == 0) { + // no SAML artifact given in request + statusCode = "samlp:Requester"; + statusMessageCode = "1202"; + } + else if (samlArtifactList.getLength() > 1) { + // too many SAML artifacts given in request + statusCode = "samlp:Requester"; + subStatusCode = "samlp:TooManyResponses"; + statusMessageCode = "1203"; + } + else { + Element samlArtifactElem = (Element)samlArtifactList.item(0); + requestID = samlArtifactElem.getAttribute("RequestID"); + String samlArtifact = DOMUtils.getText(samlArtifactElem); + try { + AuthenticationData authData = AuthenticationServer.getInstance(). + getAuthenticationData(samlArtifact); + // success + samlAssertion = authData.getSamlAssertion(); + statusCode = "samlp:Success"; + statusMessageCode = "1200"; + } + catch (AuthenticationException ex) { + // no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); + } + } + } + catch (Throwable t) { + // invalid request format + statusCode = "samlp:Requester"; + statusMessageCode = "1204"; + } + } + try { + String responseID = Random.nextRandom(); + String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); + if (statusMessage == null) + statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); + responses[0] = new SAMLResponseBuilder().build( + responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); + } + catch (MOAIDException e) { + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + throw fault; + } + catch (Throwable t) { + MOAIDException e = new MOAIDException("1299", null, t); + AxisFault fault = AxisFault.makeFault(e); + fault.setFaultDetail(new Element[] { e.toErrorResponse()}); + throw fault; + } + return responses; + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java new file mode 100644 index 000000000..50ca21c69 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -0,0 +1,95 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for selecting a BKU. + *
In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete, + * the browser is redirected to the configured "BKU-Auswahl-URL". + *
In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect, + * the list of available BKU's is fetched from a BKU-Auswahl server, and presented + * to the user in an HTML form. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SelectBKUServlet extends AuthServlet { + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + try { + MOAIDAuthInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + + /** + * Responds with an HTML form which requests the user to choose a BKU. + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET SelectBKU"); + String authURL = + req.getScheme() + "://" + + req.getServerName() + ":" + + req.getServerPort() + + req.getContextPath() + "/"; + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); + String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); + String templateURL = req.getParameter(PARAM_TEMPLATE); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); + resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); + resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); + + try { + String returnValue = AuthenticationServer.getInstance().selectBKU( + authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); + String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); + if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { + // bkuSelectionType==HTMLComplete + String redirectURL = returnValue; + resp.sendRedirect(redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + else { + // bkuSelectionType==HTMLSelect + String htmlForm = returnValue; + resp.setContentType("text/html"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(htmlForm); + out.flush(); + Logger.debug("Finished GET SelectBKU"); + } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + catch (Throwable ex) { + handleError(null, ex, req, resp); + } + } +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java new file mode 100644 index 000000000..2ea43935b --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -0,0 +1,102 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for starting a MOA ID authentication session. + * Utilizes the {@link AuthenticationServer}. + * + * @author Paul Ivancsics + * @version $Id$ + * @see AuthenticationServer#startAuthentication + */ +public class StartAuthenticationServlet extends AuthServlet { + + /** + * Responds with an HTML form which upon submit requests the identity link + * from the security layer implementation. + *
+ * Response: + *

Content type: "text/html"
Content: see return value of {@link AuthenticationServer#startAuthentication}
Error status: 500 + *

+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET StartAuthentication"); + String authURL = + req.getScheme() + "://" + + req.getServerName() + ":" + + req.getServerPort() + + req.getContextPath() + "/"; + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String sessionID = req.getParameter(PARAM_SESSIONID); + resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); + resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); + resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); + try { + String getIdentityLinkForm = + AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID); + resp.setContentType("text/html"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET StartAuthentication"); + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + + + /** + * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doGet(req, resp); + } + + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + try { + MOAIDAuthInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java new file mode 100644 index 000000000..8d16f73dd --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -0,0 +1,110 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.net.URLEncoder; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for verifying the signed authentication block + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class VerifyAuthenticationBlockServlet extends AuthServlet { + + + /** + * Constructor for VerifyAuthenticationBlockServlet. + */ + public VerifyAuthenticationBlockServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET VerifyAuthenticationBlock"); + } + + /** + * Verifies the signed authentication block and redirects the browser + * to the online application requested, adding a parameter needed for + * retrieving the authentication data. + *
+ * Request parameters: + *

MOASessionID: ID of associated authentication session
XMLResponse: <CreateXMLSignatureResponse>

+ * Response: + *

Status: 302
Header "Location": URL of the online application requested, with + * parameters "Target" and "SAMLArtifact" added
Error status: 500 + *

+ * @see AuthenticationServer#verifyAuthenticationBlock + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST VerifyAuthenticationBlock"); + Map parameters = getParameters(req); + String sessionID = req.getParameter(PARAM_SESSIONID); + String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + // debug output + AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse); + try { + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + String samlArtifactBase64 = + AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + String redirectURL = session.getOAURLRequested(); + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget()); + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64)); + redirectURL = resp.encodeRedirectURL(redirectURL); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + + } + /** + * Adds a parameter to a URL. + * @param url the URL + * @param paramname parameter name + * @param paramvalue parameter value + * @return the URL with parameter added + */ + private static String addURLParameter(String url, String paramname, String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java new file mode 100644 index 000000000..d3a28c7d4 --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -0,0 +1,97 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet requested for verifying the identity link + * provided by the security layer implementation. + * Utilizes the {@link AuthenticationServer}. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class VerifyIdentityLinkServlet extends AuthServlet { + + /** + * Constructor for VerifyIdentityLinkServlet. + */ + public VerifyIdentityLinkServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify + * that data URL resource is available. + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("GET VerifyIdentityLink"); + } + + /** + * Verifies the identity link and responds with a new + * CreateXMLSignatureRequest. + *
+ * Request parameters: + *

MOASessionID: ID of associated authentication session
XMLResponse: <InfoboxReadResponse>

+ * Response: + *

Content type: "text/xml"
Content: see return value of {@link AuthenticationServer#verifyIdentityLink}
Error status: 500 + *

+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST VerifyIdentityLink"); + Map parameters = getParameters(req); + String sessionID = req.getParameter(PARAM_SESSIONID); + String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE); + // debug output + AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse); + try { + String createXMLSignatureRequest = + AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse); + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + resp.setStatus(307); + String dataURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); + resp.addHeader("Location", dataURL); + resp.setContentType("text/xml"); + // debug output + AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest); + OutputStream out = resp.getOutputStream(); + out.write(createXMLSignatureRequest.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST VerifyIdentityLink"); + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + } + +} -- cgit v1.2.3