/* * Copyright 2003 Federal Chancellery Austria * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.io.OutputStream; import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; /** * Servlet requested for processing user input forms of infobox validators * * Utilizes the {@link AuthenticationServer}. * * @author Peter Danner * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $ */ public class ProcessValidatorInputServlet extends AuthServlet { public static final long serialVersionUID = 1; /** * Constructor for VerifyIdentityLinkServlet. */ public ProcessValidatorInputServlet() { super(); } /** * Shows the user input forms of infobox validators * * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) */ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("GET ProcessInput"); Map parameters; try { parameters = getParameters(req); } catch (FileUploadException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); InfoboxValidator infoboxvalidator = session.getFirstPendingValidator(); String outputStream; String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, sessionID); if (infoboxvalidator!=null) { outputStream = infoboxvalidator.getForm(); // replace strings the validators can not know outputStream = ParepUtils.replaceAll(outputStream, "", session.getAuthURL()); outputStream = ParepUtils.replaceAll(outputStream, "", sessionID); outputStream = ParepUtils.replaceAll(outputStream, "", session.getBkuURL()); outputStream = ParepUtils.replaceAll(outputStream, "", dataURL); outputStream = ParepUtils.replaceAll(outputStream, "", session.getPushInfobox()); } else { throw new ValidateException("validator.65", null); } //resp.setStatus(200); resp.setContentType("text/html;charset=UTF-8"); OutputStream out = resp.getOutputStream(); out.write(outputStream.getBytes("UTF-8")); out.flush(); out.close(); Logger.debug("Finished GET ProcessInput"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); } } /** * Verifies the user input forms of infobox validators * * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse) */ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("POST ProcessInput"); Map parameters; try { parameters = getParameters(req); } catch (FileUploadException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID); if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_"); try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); AuthenticationServer.processInput(session, parameters); String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null); if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { // Now sign the AUTH Block String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); String htmlForm = null; boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed String inputProcessorSignForm = req.getParameter("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form"); if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true"); if (doInputProcessorSign) { // Test if we have a user input form sign template String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); String inputProcessorSignTemplate = null; OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested()); // override template url by url from configuration file if (oaParam.getInputProcessorSignTemplateURL() != null) { inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL(); } if (inputProcessorSignTemplateURL != null) { try { inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL)); } catch (IOException ex) { throw new AuthenticationException( "auth.03", new Object[] { inputProcessorSignTemplateURL, ex.toString()}, ex); } } htmlForm = new GetVerifyAuthBlockFormBuilder().build( inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox()); htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getAuthURL()); htmlForm = ParepUtils.replaceAll(htmlForm, "", sessionID); htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getBkuURL()); htmlForm = ParepUtils.replaceAll(htmlForm, "", dataURL); htmlForm = ParepUtils.replaceAll(htmlForm, "", session.getPushInfobox()); resp.setContentType("text/html;charset=UTF-8"); } else { htmlForm = createXMLSignatureRequestOrRedirect; resp.setStatus(307); resp.addHeader("Location", dataURL); //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) resp.setContentType("text/xml;charset=UTF-8"); } OutputStream out = resp.getOutputStream(); out.write(htmlForm.getBytes("UTF-8")); out.flush(); out.close(); Logger.debug("Finished POST ProcessInput"); } else { String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); } } catch (MOAIDException ex) { handleError(null, ex, req, resp); } } }