93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay<%--

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay/*

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay *

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * Copyright (c) 2013 ForgeRock AS All rights reserved.

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay *

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * The contents of this file are subject to the terms

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * of the Common Development and Distribution License

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * (the License). You may not use this file except in

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * compliance with the License.

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay *

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * You can obtain a copy of the License at

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * http://forgerock.org/license/CDDLv1.0.html

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * See the License for the specific language governing

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * permission and limitations under the License.

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay *

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * When distributing Covered Code, include this CDDL

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * Header Notice in each file and include the License file

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * at http://forgerock.org/license/CDDLv1.0.html

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * If applicable, add the following below the CDDL Header,

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * with the fields enclosed by brackets [] replaced by

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * your own identifying information:

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay * "Portions copyright [year] [name of copyright owner]"

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay */

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay--%>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay<%@ page pageEncoding="UTF-8" %>

756d4b8bce5a58e5bd8fe686688b6c42d2e7052bPhill Cunnington<%@ page import="org.forgerock.openam.openidconnect.CheckSessionImpl" %>

756d4b8bce5a58e5bd8fe686688b6c42d2e7052bPhill Cunnington<%@ page import="org.forgerock.openidconnect.CheckSession" %>

3547063d010b485922e56e2fe43f2f3cde2e710aJason Lemay<%@ page import="org.owasp.esapi.ESAPI" %>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay<%

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay CheckSession checkSession = new CheckSessionImpl();

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay String cookieName = checkSession.getCookieName();

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay String clientSessionURI = checkSession.getClientSessionURI(request);

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay Boolean validSession = checkSession.getValidSession(request);

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay%>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay<!DOCTYPE html>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay<html>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay<head>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay <title></title>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay</head>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay<body>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay<script src="../../js/sha256.js"></script>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay<script type="text/javascript">

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay window.addEventListener("message", receiveMessage, false);

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay var client_id;

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay function receiveMessage(e){

3547063d010b485922e56e2fe43f2f3cde2e710aJason Lemay data = e.data.split(' ');

3547063d010b485922e56e2fe43f2f3cde2e710aJason Lemay client_id = data[0];

3547063d010b485922e56e2fe43f2f3cde2e710aJason Lemay var clientURI = "<%=ESAPI.encoder().encodeForJavaScript(clientSessionURI)%>";

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay if (e.origin !== clientURI){

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay return;

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay }

3547063d010b485922e56e2fe43f2f3cde2e710aJason Lemay var session_state = data[1];

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay var opbs = getBrowserState();

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay var ss = CryptoJS.SHA256(client_id + e.origin + opbs);

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay if (session_state == ss) {

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay stat = 'unchanged';

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay } else {

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay stat = 'changed';

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay }

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay e.source.postMessage(stat, e.origin);

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay }

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay function getBrowserState(){

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay var validSession = "<%=validSession%>";

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay if (!validSession){

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay return "";

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay }

3547063d010b485922e56e2fe43f2f3cde2e710aJason Lemay var cookieName = "<%=ESAPI.encoder().encodeForJavaScript(cookieName)%>" + "=";

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay var cookies = document.cookie+";";

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay var cookieStart = cookies.indexOf(cookieName);

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay if (cookieStart != -1) {

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay var end = cookies.indexOf(";", cookieStart);

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay return unescape(cookies.substring(cookieStart + cookieName.length, end));

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay }

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay return "";

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay }

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay</script>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay</body>

93ec516f9f64e9474816cd56a19b6d297796e83bJason Lemay</html>