/*
* Copyright 2003 Federal Chancellery Austria
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
/**
* Servlet requested for verifying the signed authentication block
* provided by the security layer implementation.
* Utilizes the {@link AuthenticationServer}.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class VerifyAuthenticationBlockServlet extends AuthServlet {
/**
* Constructor for VerifyAuthenticationBlockServlet.
*/
public VerifyAuthenticationBlockServlet() {
super();
}
/**
* GET requested by security layer implementation to verify
* that data URL resource is available.
* @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
*/
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
//doPost(req, resp);
Logger.debug("GET VerifyAuthenticationBlock");
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
}
/**
* Verifies the signed authentication block and redirects the browser
* to the online application requested, adding a parameter needed for
* retrieving the authentication data.
*
* Request parameters:
*
* - MOASessionID: ID of associated authentication session
* - XMLResponse:
<CreateXMLSignatureResponse>
*
* Response:
*
* - Status:
302
* - Header
"Location": URL of the online application requested, with
* parameters "Target"(only if the online application is
* a public service) and "SAMLArtifact" added
* - Error status:
500
*
* @see AuthenticationServer#verifyAuthenticationBlock
* @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
*/
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("POST VerifyAuthenticationBlock");
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
Map parameters;
try
{
parameters = getParameters(req);
} catch (FileUploadException e)
{
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
String redirectURL = null;
try {
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
String samlArtifactBase64 =
AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
redirectURL = resp.encodeRedirectURL(redirectURL);
} else {
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
}
resp.setContentType("text/html");
resp.setStatus(302);
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
}
/**
* Adds a parameter to a URL.
* @param url the URL
* @param paramname parameter name
* @param paramvalue parameter value
* @return the URL with parameter added
*/
private static String addURLParameter(String url, String paramname, String paramvalue) {
String param = paramname + "=" + paramvalue;
if (url.indexOf("?") < 0)
return url + "?" + param;
else
return url + "&" + param;
}
}