services/fednsso/FSIntersiteTransferService.java

a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSIntersiteTransferService.java,v 1.6 2008/08/29 04:57:16 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.services.fednsso;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.CircleOfTrustManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.COTException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.COTConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.LogUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.IDPEntries;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.IDPEntry;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSIDPList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSScoping;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.plugins.FederationSPAdapter;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSSignatureException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.Base64;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.ArrayList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.io.PrintWriter;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.io.IOException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Set;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.List;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Iterator;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.ServletException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.HttpServletRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.HttpServletResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.HttpSession;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.HttpServlet;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.logging.Level;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets called to send <code>AuthnRequest</code> to <code>IDP</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class FSIntersiteTransferService extends HttpServlet {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    String framedLoginPageURL = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private void redirectToCommonDomain(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String requestID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "redirectToCommonDomain: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            HttpSession session = request.getSession(true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            Set cotSet =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                   (Set)session.getAttribute(IFSConstants.SESSION_COTSET_ATTR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            CircleOfTrustManager cotManager = new CircleOfTrustManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if(cotSet == null){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                cotSet = cotManager.getAllCirclesOfTrust(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if(cotSet != null){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    session.setAttribute(IFSConstants.SESSION_COTSET_ATTR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                         cotSet);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if(cotSet == null || cotSet.isEmpty()){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.debug.error("FSIntersiteTransferService. redirect"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + "ToCommonDomain: No CommonDomain metadata found");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    String[] data =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        { FSUtils.bundle.getString("noCommonDomainMetadata") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                  LogUtil.COMMON_DOMAIN_META_DATA_NOT_FOUND,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                  data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    //response.sendRedirect(framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.forwardRequest(request, response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                           framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if(cotSet.isEmpty()){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "redirectToCommonDomain: No more CommonDomain left");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                String[] data =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        { FSUtils.bundle.getString("noCommonDomainMetadata") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                  LogUtil.COMMON_DOMAIN_META_DATA_NOT_FOUND,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                  data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                //response.sendRedirect(framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.forwardRequest(request, response, framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            Iterator iter = cotSet.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String cotName =(String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            cotSet.remove(cotName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            session.setAttribute(IFSConstants.SESSION_COTSET_ATTR, cotSet);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String readerServiceURL =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                cotManager.getCircleOfTrust(realm, cotName)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    .getIDFFReaderServiceURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if(readerServiceURL != null){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                StringBuffer redirectURL = new StringBuffer(300);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                StringBuffer returnURL = request.getRequestURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                returnURL.append("?")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                         .append(IFSConstants.AUTH_REQUEST_ID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                         .append("=")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                         .append(URLEncDec.encode(requestID));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                returnURL.append("&")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                         .append(IFSConstants.META_ALIAS)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                         .append("=")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                         .append(URLEncDec.encode(metaAlias));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                redirectURL.append(readerServiceURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                redirectURL.append("?");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                redirectURL.append(IFSConstants.LRURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                redirectURL.append("=");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                redirectURL.append(URLEncDec.encode(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    returnURL.toString()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                String url = redirectURL.toString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + "redirectToCommonDomain: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + "Redirecting to check for PrefferedIDP @:" + url);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.setHeader("Location", url);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendRedirect(url);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } catch(COTException e){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "redirectToCommonDomain: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "COTException occured while trying to "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "redirect to the CommonDomain: " , e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                //response.sendRedirect(framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.forwardRequest(request, response, framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } catch(Exception ex) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "redirectToCommonDomain: IOException : " , ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } catch(IOException e){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "redirectToCommonDomain: IOException"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + " occured while trying to redirect to the CommonDomain: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private String findRequestID(HttpServletRequest request) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            "FSIntersiteTransferService.findRequestID: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String requestID = request.getParameter(IFSConstants.AUTH_REQUEST_ID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (requestID == null || requestID.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    "FSIntersiteTransferService.findRequestID:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "No requestID in the query string");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return requestID;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private String signAndReturnQueryString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String queryString,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String certAlias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "signAndReturnQueryString: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if(queryString == null || queryString.length() == 0){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + FSUtils.bundle.getString("nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "signAndReturnQueryString: certAlias: " + certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if(queryString == null || queryString.length() == 0){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + FSUtils.bundle.getString("nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSSignatureManager manager = FSSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String sigAlg = IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if(manager.getKeyProvider().getPrivateKey(certAlias).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            getAlgorithm().equals(IFSConstants.KEY_ALG_RSA))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "private key algorithm is: RSA");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            sigAlg = IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } else if(manager.getKeyProvider().getPrivateKey(certAlias).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            getAlgorithm().equals(IFSConstants.KEY_ALG_DSA))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "private key algorithm is: DSA");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            sigAlg = IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "private key algorithm is not supported");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        byte[] signature = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if(sigAlg == null || sigAlg.length() == 0){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            sigAlg = IFSConstants.DEF_SIG_ALGO_JCA;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if(queryString.charAt(queryString.length()-1) != '&'){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            queryString = queryString + "&";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String algoId = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if(sigAlg.equals(IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            algoId = IFSConstants.ALGO_ID_SIGNATURE_DSA;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } else if (sigAlg.equals(IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            algoId = IFSConstants.ALGO_ID_SIGNATURE_RSA;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "Invalid signature algorithim");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        queryString =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            queryString + "SigAlg=" + URLEncDec.encode(algoId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "Querystring to be signed: " + queryString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            signature = manager.signBuffer(queryString, certAlias, sigAlg);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } catch(FSSignatureException se){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "signAndReturnQueryString: FSSignatureException occured "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "while signing query string: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + se.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if(signature == null){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "signAndReturnQueryString: Signature generated is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String encodedSig = Base64.encode(signature);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        queryString = queryString + "&" + "Signature="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + URLEncDec.encode(encodedSig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "signAndReturnQueryString:Signed Querystring: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + queryString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        return queryString;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Generates <code>AuthnRequest</code> and sends it to <code>IDP</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request <code>HttpServletRequest</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @exception ServletException,IOException if error occurred
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void doGet(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    ) throws ServletException, IOException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSUtils.debug.message("FSIntersiteTransferService.doGet: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster         * Check to see if there is a need to set lb cookie.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster         * This is for the use case that AuthnRequest is not created by the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster         * preLogin process and lb cookie wasn't set there.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster         */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            IDPDescriptorType idpDescriptor = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String metaAlias =  request.getParameter(IFSConstants.META_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (metaAlias == null || metaAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                metaAlias = FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if ((request == null) ||(response == null)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String qs = request.getQueryString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "QueryString Received from CommonDomain: " + qs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String requestID = findRequestID(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (requestID == null){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                //throw error page
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "RequestID found: " + requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSSessionManager sessionMgr = FSSessionManager.getInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSAuthnRequest authnRequest = sessionMgr.getAuthnRequest(requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (authnRequest == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + FSUtils.bundle.getString("invalidRequestId"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                String[] data = { FSUtils.bundle.getString("invalidRequestId")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                LogUtil.error(Level.INFO,"INVALID_AUTHN_REQUEST",data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.bundle.getString("invalidRequestId"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String resourceUrl = authnRequest.getRelayState();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String baseURL = FSServiceUtils.getBaseURL(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                metaAlias, resourceUrl, null, request, baseURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster           String idpID = FSUtils.findPreferredIDP(realm, request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (idpID == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + "No Preffered IDP found in this Common Domain. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + "Try to find PrefferedIDP in other common domains");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + "RequestID :" + requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                redirectToCommonDomain(request, response, requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                idpDescriptor = metaManager.getIDPDescriptor(realm, idpID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (idpDescriptor == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + FSUtils.bundle.getString("noTrust"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    String[] data = { idpID };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    LogUtil.error(Level.INFO,"PROVIDER_NOT_TRUSTED",data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        FSUtils.bundle.getString("noTrust"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                HttpSession session = request.getSession(true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                session.removeAttribute(IFSConstants.SESSION_COTSET_ATTR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "Preffered IDP found:" + idpID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            sessionMgr.setIDPEntityID(requestID, idpID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            // Set the authn request version here
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            int minorVersion = FSServiceUtils.getMinorVersion(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                 idpDescriptor.getProtocolSupportEnumeration());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            authnRequest.setMinorVersion(minorVersion);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            authnRequest.getAuthnContext().setMinorVersion(minorVersion);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            SPDescriptorType hostDesc =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                metaManager.getSPDescriptor(realm, hostEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            BaseConfigType hostConfig =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                metaManager.getSPDescriptorConfig(realm, hostEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (IDFFMetaUtils.getBooleanAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    hostConfig, IFSConstants.ENABLE_AFFILIATION))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                Set affiliations =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    metaManager.getAffiliateEntity(realm, idpID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (affiliations != null && !affiliations.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    AffiliationDescriptorType affiliateDescriptor =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        (AffiliationDescriptorType)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            affiliations.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    authnRequest.setAffiliationID(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        affiliateDescriptor.getAffiliationID());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                IDFFMetaUtils.getBooleanAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    hostConfig, IFSConstants.ENABLE_IDP_PROXY))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSScoping scoping = new FSScoping();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                scoping.setProxyCount(Integer.parseInt(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        hostConfig, IFSConstants.IDP_PROXY_COUNT)));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                List proxyIDPs = IDFFMetaUtils.getAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    hostConfig, IFSConstants.IDP_PROXY_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (proxyIDPs != null && !proxyIDPs.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    Iterator iter = proxyIDPs.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    ArrayList list = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    while(iter.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        IDPEntry entry =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            new IDPEntry((String)iter.next(),null, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        list.add(entry);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    IDPEntries entries = new IDPEntries(list);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSIDPList idpList = new FSIDPList(entries, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    scoping.setIDPList(idpList);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                authnRequest.setScoping(scoping);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "AuthnRequest:" + authnRequest.toXMLString(true, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (authnRequest.getProtocolProfile().equals(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            IFSConstants.SSO_PROF_BROWSER_ART) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                authnRequest.getProtocolProfile().equals(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            IFSConstants.SSO_PROF_BROWSER_POST))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                handleBrowserArtifactPOSTIST(request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                            response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                            authnRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                            idpDescriptor,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                            hostDesc,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                            hostConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } else if(authnRequest.getProtocolProfile().equals(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                IFSConstants.SSO_PROF_WML_POST)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                handleWMLIST(request, response, authnRequest, idpDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "Unknown Protocol Profile");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            LogUtil.error(Level.INFO,LogUtil.INVALID_AUTHN_REQUEST,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.bundle.getString("invalidAuthnRequest"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } catch(Exception e){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService.doGet: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.bundle.getString("Exception"));
0fdab8904a8fe223f6934b878769fe45e7651c60Andrew Forrest                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } catch(IOException ioe){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + FSUtils.bundle.getString("sendFailed")+ioe.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Generates <code>AuthnRequest</code> and sends it to <code>IDP</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request <code>HttpServletRequest</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @exception ServletException,IOException if error occurred
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void doPost(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    ) throws javax.servlet.ServletException, java.io.IOException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        doGet(request, response);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private void handleBrowserArtifactPOSTIST(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSAuthnRequest authnRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        IDPDescriptorType idpDescriptor,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        SPDescriptorType hostDesc,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        BaseConfigType hostConfig
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            "FSIntersiteTransferService.handleBrowserArtifactPOSTIST: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if ((request == null) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                (response == null) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                (authnRequest == null) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                (idpDescriptor == null))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String targetURL = idpDescriptor.getSingleSignOnServiceURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (targetURL == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "Destination URL to send AuthnRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + targetURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            // Call SP adapter in case of browser GET
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                authnRequest.getProviderId(), hostConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (spAdapter != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.debug.message("FSIntersiteTransferService, " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        "GET, call spAdapter.preSSOFederationRequest");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    spAdapter.preSSOFederationRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        authnRequest.getProviderId(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        idpDescriptor.getId(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        request, response, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    // log run time exception in Adapter
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    // implementation, continue
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.debug.error("FSIntersiteTransferService,"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + "GET SPAdapter.preSSOFederationRequest:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            StringBuffer tmp = new StringBuffer(1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String queryString = authnRequest.toURLEncodedQueryString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (queryString == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + FSUtils.bundle.getString("invalidRequest"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                String[] data = { FSUtils.bundle.getString("invalidRequest") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                LogUtil.error(Level.INFO,LogUtil.INVALID_AUTHN_REQUEST,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.bundle.getString("invalidRequest"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            //signAuthnRequest If specified
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String certAlias =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    hostConfig, IFSConstants.SIGNING_CERT_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            boolean authnRequestSigned = hostDesc.isAuthnRequestsSigned();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSServiceUtils.isSigningOn()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (authnRequestSigned) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    queryString = signAndReturnQueryString(queryString,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                  certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    if (queryString == null){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            + "AuthnRequest signing failed");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        FSUtils.bundle.getString("signFailed"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster           if (targetURL.indexOf("?") != -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                tmp.append(targetURL).append("&").append(queryString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                tmp.append(targetURL).append("?").append(queryString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String[] data =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                { targetURL };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            LogUtil.access(Level.FINER, "REDIRECT_TO",data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String redirecto = tmp.toString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (redirecto.length() > IFSConstants.URL_MAX_LENGTH) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + "handleBrowserArtifactPOSTIST: Redirection URL"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + " length exceeding the URL MAX length restriction. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        + "Switching to form post");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (authnRequestSigned) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    authnRequest.signXML(certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                sendAuthnRequestPost(response, targetURL, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            response.setStatus(response.SC_MOVED_TEMPORARILY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            response.setHeader("Location", redirecto);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "Sending AuthnRequest by http-redirect to: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + targetURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            response.sendRedirect(redirecto);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } catch(Exception ex){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "handleBrowserArtifactPOSTIST:" , ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.bundle.getString("Exception"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } catch(IOException ioe){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + FSUtils.bundle.getString("sendFailed") , ioe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private void handleWMLIST(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSAuthnRequest authnRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        IDPDescriptorType idpDescriptor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                "FSIntersiteTransferService.handleWMLIST: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if ((request == null) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                (response == null) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                (authnRequest == null) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                (idpDescriptor == null))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.error("FSIntersiteTransferService.handleWMLIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String targetURL = idpDescriptor.getSingleSignOnServiceURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (targetURL == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    "FSIntersiteTransferService.handleWMLIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "Destination URL to send AuthnRequest: " + targetURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String[] data = { targetURL };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            LogUtil.access(Level.INFO,LogUtil.REDIRECT_TO, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            sendWMLB64Post(response, targetURL, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } catch(Exception ex) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService.handleWMLIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + FSUtils.bundle.getString("Exception"), ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    FSUtils.bundle.getString("Exception"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } catch(IOException ioe){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.error("FSIntersiteTransferService.handleWMLIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + FSUtils.bundle.getString("sendFailed"), ioe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private boolean sendWMLB64Post(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String destination,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSAuthnRequest authnRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            "FSIntersiteTransferService:sendWMLB64Post: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            response.setContentType("text/vnd.wap.wml");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            PrintWriter out = response.getWriter();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.1//EN\""
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + " \"http://www.wapforum.org/DTD/wml_1.1.xml\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<wml>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<card id=\"request\" title=\"SP Request\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<onevent type=\"onenterforward\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<go method=\"post\" href=\"" + destination + "\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<postfield name=\""
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + IFSConstants.POST_AUTHN_REQUEST_PARAM
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "\" " + "value=\""
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + authnRequest.toBASE64EncodedString() + "\"/>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("</go>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("</onevent>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<onevent type=\"onenterbackward\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<prev/>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("</onevent>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<p>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("Contacting IdP. Please wait....");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("</p>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("</card>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("</wml>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.close();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    "FSIntersiteTransferService:sendWMLB64Post: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "Base64 Encoded AuthnRequest at the Sender: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + authnRequest.toBASE64EncodedString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    "FSIntersiteTransferService:sendWMLB64Post: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "AuthnRequest sent successfully to: " + destination);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } catch(Exception ex){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error("FSIntersiteTransferService:sendWMLB64Post:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    protected void sendAuthnRequestPost(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String destination,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSAuthnRequest authnRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            "FSIntersiteTransferService.sendAuthnRequestPost: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            response.setContentType("text/html");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            PrintWriter out = response.getWriter();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<HTML>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<BODY Onload=\"document.Request.submit()\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<FORM NAME=\"Request\" METHOD=\"POST\" ACTION=\""
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + destination + "\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("<INPUT TYPE=\"HIDDEN\" NAME=\""
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + IFSConstants.POST_AUTHN_REQUEST_PARAM
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + "\" " + "VALUE=\""
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + authnRequest.toBASE64EncodedString() + "\"/>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("</FORM>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.println("</BODY></HTML>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            out.close();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                FSUtils.debug.message(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    "FSIntersiteTransferService:sendAuthnRequestPost: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "Base64 Encoded AuthnRequest at the Sender: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + authnRequest.toBASE64EncodedString()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "\nFSIntersiteTransferService:sendAuthnRequestPost: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + "AuthnRequest sent successfully to: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    + destination);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } catch(Exception ex){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            FSUtils.debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                "FSIntersiteTransferService:sendAuthnRequestPost:", ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}