package at.gv.egovernment.moa.id.auth.parser; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.StringUtils; public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ public static void parse(AuthenticationSession moasession, String target, String sourceID, String oaURL, String bkuURL, String templateURL, String useMandate, String ccc, String module, String action, HttpServletRequest req) throws WrongParametersException, MOAIDException { String targetFriendlyName = null; // escape parameter strings //TODO: use URLEncoder.encode!! target = StringEscapeUtils.escapeHtml(target); sourceID = StringEscapeUtils.escapeHtml(sourceID); oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); useMandate = StringEscapeUtils.escapeHtml(useMandate); ccc = StringEscapeUtils.escapeHtml(ccc); // check parameter if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); if (!ParamValidatorUtils.isValidSourceID(sourceID)) throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); if (!ParamValidatorUtils.isValidCCC(ccc)) throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); //check UseMandate flag String useMandateString = null; boolean useMandateBoolean = false; if ((useMandate != null) && (useMandate.compareTo("") != 0)) { useMandateString = useMandate; } else { useMandateString = "false"; } if (useMandateString.compareToIgnoreCase("true") == 0) useMandateBoolean = true; else useMandateBoolean = false; moasession.setUseMandate(useMandateString); //load OnlineApplication configuration OAAuthParameter oaParam; if (moasession.getPublicOAURLPrefix() != null) { oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter( moasession.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); } else { oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { oaURL }); // get target and target friendly name from config String targetConfig = oaParam.getTarget(); String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); if (StringUtils.isEmpty(targetConfig)) { // no target attribut is given in OA config // target is used from request // check parameter if (!ParamValidatorUtils.isValidTarget(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); } else { // use target from config target = targetConfig; targetFriendlyName = targetFriendlyNameConfig; } if (!oaParam.getBusinessService()) { if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); } else { if (useMandateBoolean) { Logger.error("Online-Mandate Mode for bussines application not supported."); throw new AuthenticationException("auth.17", null); } target = null; targetFriendlyName = null; } moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); moasession.setTarget(target); moasession.setTargetFriendlyName(targetFriendlyName); moasession.setBusinessService(oaParam.getBusinessService()); moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); } //check OnlineApplicationURL if (isEmpty(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.05"); moasession.setOAURLRequested(oaURL); //check AuthURL String authURL = req.getScheme() + "://" + req.getServerName(); if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { authURL = authURL.concat(":" + req.getServerPort()); } authURL = authURL.concat(req.getContextPath() + "/"); if (isEmpty(authURL)) throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.05"); // check if HTTP Connection may be allowed (through // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) String boolStr = AuthConfigurationProvider .getInstance() .getGenericConfigurationParameter( AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); moasession.setAuthURL(authURL); //check and set SourceID if (sourceID != null) moasession.setSourceID(sourceID); // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) { bkuURL = DEFAULT_BKU_HTTPS; } else { bkuURL = DEFAULT_BKU; } } moasession.setBkuURL(bkuURL); // override template url by url from configuration file if (oaParam.getTemplateURL() != null) { templateURL = oaParam.getTemplateURL(); } moasession.setTemplateURL(templateURL); moasession.setCcc(ccc); } public static void parse(HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) throws WrongParametersException, MOAIDException { //check Module and Action HttpSession httpSession = req.getSession(); IRequest request = RequestStorage.getPendingRequest(httpSession); String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); String action = request.requestedAction();//req.getParameter(PARAM_ACTION); modul = StringEscapeUtils.escapeHtml(modul); action = StringEscapeUtils.escapeHtml(action); if(modul == null) { modul = SAML1Protocol.PATH; } if(action == null) { action = SAML1Protocol.GETARTIFACT; } moasession.setModul(modul); moasession.setAction(action); //get Parameters from request String target = req.getParameter(PARAM_TARGET); String sourceID = req.getParameter(PARAM_SOURCEID); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); String useMandate = req.getParameter(PARAM_USEMANDATE); String ccc = req.getParameter(PARAM_CCC); oaURL = request.getOAURL(); target = request.getTarget(); parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); } /** * Checks a parameter. * * @param param * parameter * @return true if the parameter is null or empty */ private static boolean isEmpty(String param) { return param == null || param.length() == 0; } }