From 07449c789f2561bb768d111e5b7d2c14e5dec26f Mon Sep 17 00:00:00 2001 From: kstranacher Date: Thu, 7 Apr 2011 19:22:50 +0000 Subject: =?UTF-8?q?*=20Update=20Parameter=C3=BCberpr=C3=BCfung=20Templates?= =?UTF-8?q?=20*=20Update=20Beispiel-Konfigurationen=20*=20Update=20Content?= =?UTF-8?q?Type=20f=C3=BCr=20InfoBoxReadRequest=20(Zertifikat)=20bei=20Onl?= =?UTF-8?q?ine-Mandates?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1202 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../id/auth/servlet/VerifyCertificateServlet.java | 2 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 6 ++- .../moa/id/util/ParamValidatorUtils.java | 8 +++- .../gv/egovernment/moa/id/util/ServletUtils.java | 54 +++++++++++++++++----- 4 files changed, 55 insertions(+), 15 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index d101df1fa..0014d2647 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -110,7 +110,7 @@ public class VerifyCertificateServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); - + AuthenticationSession session = null; try { // check parameter diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 23861d290..740c85942 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -108,6 +108,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); + // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); @@ -178,7 +179,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { session.getSessionID()); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); + //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); + ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index d35fc875d..a1e039661 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -270,8 +270,12 @@ public class ParamValidatorUtils { // check if template url starts with http or https if (template.startsWith("http") || template.startsWith("https")) { - // check if template url is from same server - if (template.contains(req.getServerName())) { + // check if template url is from same server + String name = req.getServerName(); + String httpName = "http://" + name; + String httpsName = "https://" + name; + + if (template.startsWith(httpName) || template.startsWith(httpsName)) { new URL(template); Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft"); return true; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index 24e5ff3d0..c3d548d54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -18,16 +18,17 @@ */ package at.gv.egovernment.moa.id.util; -import java.io.IOException; -import java.io.OutputStream; - -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.logging.Logger; +import java.io.IOException; +import java.io.OutputStream; +import java.net.URLEncoder; + +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; /** * @author Peter Danner @@ -96,7 +97,7 @@ public class ServletUtils { //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) resp.setContentType("text/xml;charset=UTF-8"); - + OutputStream out = resp.getOutputStream(); out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8")); out.flush(); @@ -104,5 +105,36 @@ public class ServletUtils { Logger.debug("Finished POST " + servletName); } + + /** + * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing + * depending on the requests starting text. + * + * @param resp The httpServletResponse + * @param session The current AuthenticationSession + * @param createXMLSignatureRequestOrRedirect The request + * @param servletGoal The servlet to which the redirect should happen + * @param servletName The servlet name for debug purposes + * @throws MOAIDException + * @throws IOException + */ + public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) + throws MOAIDException, + IOException { + resp.setStatus(200); + Logger.debug("ContentType set to: application/x-www-form-urlencoded"); + + resp.setContentType("application/x-www-form-urlencoded"); + + String content = "XMLRequest=" + URLEncoder.encode(createXMLSignatureRequestOrRedirect, "UTF-8") + "&" + + "DataURL=" + URLEncoder.encode(dataURL, "UTF-8"); + + OutputStream out = resp.getOutputStream(); + out.write(content.getBytes("UTF-8")); + out.flush(); + out.close(); + Logger.debug("Finished POST " + servletName); + + } } -- cgit v1.2.3