package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.logging.Logger;
/**
* Servlet requested for verifying the signed authentication block
* provided by the security layer implementation.
* Utilizes the {@link AuthenticationServer}.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class VerifyAuthenticationBlockServlet extends AuthServlet {
/**
* Constructor for VerifyAuthenticationBlockServlet.
*/
public VerifyAuthenticationBlockServlet() {
super();
}
/**
* GET requested by security layer implementation to verify
* that data URL resource is available.
* @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
*/
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("GET VerifyAuthenticationBlock");
}
/**
* Verifies the signed authentication block and redirects the browser
* to the online application requested, adding a parameter needed for
* retrieving the authentication data.
*
* Request parameters:
*
* - MOASessionID: ID of associated authentication session
* - XMLResponse:
<CreateXMLSignatureResponse>
*
* Response:
*
* - Status:
302
* - Header
"Location"
: URL of the online application requested, with
* parameters "Target"
and "SAMLArtifact"
added
* - Error status:
500
*
* @see AuthenticationServer#verifyAuthenticationBlock
* @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
*/
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("POST VerifyAuthenticationBlock");
Map parameters = getParameters(req);
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
// debug XMLSignatureResponse from BKU
if(null != createXMLSignatureResponse)
AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse);
try {
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
String samlArtifactBase64 =
AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
String redirectURL = session.getOAURLRequested();
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, session.getTarget());
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64));
redirectURL = resp.encodeRedirectURL(redirectURL);
resp.setStatus(302);
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
}
/**
* Adds a parameter to a URL.
* @param url the URL
* @param paramname parameter name
* @param paramvalue parameter value
* @return the URL with parameter added
*/
private static String addURLParameter(String url, String paramname, String paramvalue) {
String param = paramname + "=" + paramvalue;
if (url.indexOf("?") < 0)
return url + "?" + param;
else
return url + "&" + param;
}
}