1 |
7737
|
leinfelder
|
/**
|
2 |
|
|
* This work was created by participants in the DataONE project, and is
|
3 |
|
|
* jointly copyrighted by participating institutions in DataONE. For
|
4 |
|
|
* more information on DataONE, see our web site at http://dataone.org.
|
5 |
|
|
*
|
6 |
|
|
* Copyright ${year}
|
7 |
|
|
*
|
8 |
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
9 |
|
|
* you may not use this file except in compliance with the License.
|
10 |
|
|
* You may obtain a copy of the License at
|
11 |
|
|
*
|
12 |
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
13 |
|
|
*
|
14 |
|
|
* Unless required by applicable law or agreed to in writing, software
|
15 |
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
16 |
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
17 |
|
|
* See the License for the specific language governing permissions and
|
18 |
|
|
* limitations under the License.
|
19 |
|
|
*
|
20 |
|
|
* $Id$
|
21 |
|
|
*/
|
22 |
|
|
|
23 |
|
|
package edu.ucsb.nceas.metacat.portal;
|
24 |
|
|
|
25 |
|
|
import org.dataone.portal.PortalCertificateManager;
|
26 |
|
|
|
27 |
|
|
import edu.uiuc.ncsa.myproxy.oa4mp.client.Asset;
|
28 |
|
|
import edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse;
|
29 |
|
|
import edu.uiuc.ncsa.myproxy.oa4mp.client.servlet.ClientServlet;
|
30 |
|
|
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
|
31 |
|
|
import edu.uiuc.ncsa.security.servlet.JSPUtil;
|
32 |
|
|
|
33 |
|
|
import javax.servlet.ServletConfig;
|
34 |
|
|
import javax.servlet.ServletException;
|
35 |
|
|
import javax.servlet.http.HttpServletRequest;
|
36 |
|
|
import javax.servlet.http.HttpServletResponse;
|
37 |
|
|
import java.io.PrintWriter;
|
38 |
|
|
import java.security.cert.X509Certificate;
|
39 |
|
|
|
40 |
|
|
import static edu.uiuc.ncsa.security.util.pkcs.CertUtil.toPEM;
|
41 |
|
|
|
42 |
|
|
/**
|
43 |
|
|
* <p>Created by Jeff Gaynor<br>
|
44 |
|
|
* on Jul 31, 2010 at 3:29:09 PM
|
45 |
|
|
*/
|
46 |
|
|
public class SuccessServlet extends ClientServlet {
|
47 |
|
|
|
48 |
|
|
public void init(ServletConfig config) throws ServletException {
|
49 |
|
|
super.init(config);
|
50 |
|
|
// TODO: anything needed?
|
51 |
|
|
}
|
52 |
|
|
|
53 |
|
|
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
|
54 |
|
|
String identifier = clearCookie(request, response);
|
55 |
|
|
if (identifier == null) {
|
56 |
|
|
throw new ServletException("Error: No identifier for this delegation request was found. ");
|
57 |
|
|
}
|
58 |
|
|
info("2.a. Getting token and verifier.");
|
59 |
|
|
String token = request.getParameter(TOKEN_KEY);
|
60 |
|
|
String verifier = request.getParameter(VERIFIER_KEY);
|
61 |
|
|
if (token == null || verifier == null) {
|
62 |
|
|
warn("2.a. The token is " + (token==null?"null":token) + " and the verifier is " + (verifier==null?"null":verifier));
|
63 |
|
|
GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and verifier. It cannot be called directly.");
|
64 |
|
|
request.setAttribute("exception", ge);
|
65 |
|
|
JSPUtil.handleException(ge, request, response, "/pages/client-error.jsp");
|
66 |
|
|
return;
|
67 |
|
|
//throw ge;
|
68 |
|
|
}
|
69 |
|
|
info("2.a Token and verifier found.");
|
70 |
|
|
X509Certificate cert = null;
|
71 |
|
|
AssetResponse assetResponse = null;
|
72 |
|
|
|
73 |
|
|
try {
|
74 |
|
|
info("2.a. Getting the cert(s) from the service");
|
75 |
|
|
assetResponse = getOA4MPService().getCert(token, verifier);
|
76 |
|
|
X509Certificate[] certificates = assetResponse.getX509Certificates();
|
77 |
|
|
// update the asset to include the returned certificate
|
78 |
|
|
Asset asset = getOA4MPService().getEnvironment().getAssetStore().get(identifier);
|
79 |
|
|
asset.setCertificates(certificates);
|
80 |
|
|
getOA4MPService().getEnvironment().getAssetStore().save(asset);
|
81 |
|
|
cert = certificates[0];
|
82 |
|
|
} catch (Throwable t) {
|
83 |
|
|
warn("2.a. Exception from the server: " + t.getCause().getMessage());
|
84 |
|
|
error("Exception while trying to get cert. message:" + t.getMessage());
|
85 |
|
|
request.setAttribute("exception", t);
|
86 |
|
|
JSPUtil.handleException(t, request, response, "/pages/client-error.jsp");
|
87 |
|
|
return;
|
88 |
|
|
//throw t;
|
89 |
|
|
}
|
90 |
|
|
|
91 |
|
|
// add teh cookie for later request processing
|
92 |
|
|
PortalCertificateManager.getInstance().setCookie(identifier, response);
|
93 |
|
|
|
94 |
|
|
// find where we should end up
|
95 |
|
|
String target = (String) request.getSession().getAttribute("target");
|
96 |
|
|
if (target != null) {
|
97 |
|
|
// remove from the session once we use it
|
98 |
|
|
request.getSession().removeAttribute("target");
|
99 |
|
|
// send the redirect
|
100 |
|
|
response.sendRedirect(target);
|
101 |
|
|
return;
|
102 |
|
|
}
|
103 |
|
|
|
104 |
|
|
// otherwise show us information
|
105 |
|
|
response.setContentType("text/html");
|
106 |
|
|
PrintWriter pw = response.getWriter();
|
107 |
|
|
/* Put the key and certificate in the result, but allow them to be initially hidden. */
|
108 |
|
|
String y = "<html>\n" +
|
109 |
|
|
"<style type=\"text/css\">\n" +
|
110 |
|
|
".hidden { display: none; }\n" +
|
111 |
|
|
".unhidden { display: block; }\n" +
|
112 |
|
|
"</style>\n" +
|
113 |
|
|
"<script type=\"text/javascript\">\n" +
|
114 |
|
|
"function unhide(divID) {\n" +
|
115 |
|
|
" var item = document.getElementById(divID);\n" +
|
116 |
|
|
" if (item) {\n" +
|
117 |
|
|
" item.className=(item.className=='hidden')?'unhidden':'hidden';\n" +
|
118 |
|
|
" }\n" +
|
119 |
|
|
"}\n" +
|
120 |
|
|
"</script>\n" +
|
121 |
|
|
"<body>\n" +
|
122 |
|
|
"<h1>Success!</h1>\n" +
|
123 |
|
|
"<p>You have successfully requested a DataONE certificate. It will be accessible for 18 hours using your cookie.</p>\n" +
|
124 |
|
|
"<ul>\n" +
|
125 |
|
|
" <li><a href=\"javascript:unhide('showSubject');\">Show/Hide subject</a></li>\n" +
|
126 |
|
|
" <div id=\"showSubject\" class=\"unhidden\">\n" +
|
127 |
|
|
" <p><pre>" + cert.getSubjectDN().toString() + "</pre>\n" +
|
128 |
|
|
" </div>\n" +
|
129 |
|
|
" <li><a href=\"javascript:unhide('showCert');\">Show/Hide certificate</a></li>\n" +
|
130 |
|
|
" <div id=\"showCert\" class=\"hidden\">\n" +
|
131 |
|
|
" <p><pre>" + toPEM(cert) + "</pre>\n" +
|
132 |
|
|
" </div>\n" +
|
133 |
|
|
" <li><a href=\"javascript:unhide('showKey');\">Show/Hide private key</a></li>\n" +
|
134 |
|
|
" <div id=\"showKey\" class=\"hidden\">\n" +
|
135 |
|
|
" <p><pre>" + "hidden for security" + "</pre>\n" +
|
136 |
|
|
" </div>\n" +
|
137 |
|
|
"\n" +
|
138 |
|
|
"</ul>\n" +
|
139 |
|
|
"<a href=" + request.getContextPath() + ">" +
|
140 |
|
|
"Return to portal" +
|
141 |
|
|
"</a> or " +
|
142 |
|
|
"<a href=" + target + ">" +
|
143 |
|
|
"Continue to target" +
|
144 |
|
|
"</a>" +
|
145 |
|
|
"</body>\n" +
|
146 |
|
|
"</html>";
|
147 |
|
|
pw.println(y);
|
148 |
|
|
pw.flush();
|
149 |
|
|
}
|
150 |
|
|
|
151 |
|
|
|
152 |
|
|
}
|