a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSRegistrationRequestServlet.java,v 1.4 2008/06/25 05:47:03 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.services.registration;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.LogUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSNameRegistrationRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.FSMsgException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSSignatureUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSServiceManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLResponderException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Handles registration request received from remote provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class FSRegistrationRequestServlet extends HttpServlet {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Initializes the servlet.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param config the <code>ServletConfig</code> object that contains
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * configutation information for this servlet.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception ServletException if an exception occurs that interrupts
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the servlet's normal operation.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered FSRegistrationRequestServlet Init");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Invoked to set some commonly used registration URLs based on hosted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedConfig hosted provider's extended meta
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias hosted provider's meta alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster COMMON_ERROR_PAGE = FSServiceUtils.getErrorPageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("COMMON_ERROR_PAGE : " + COMMON_ERROR_PAGE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Handles the HTTP GET request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object that contains the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * request the client has made of the servlet.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object that contains
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the response the servlet sends to the client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception ServletException if an input or output error is detected when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the servlet handles the GET request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if the request for the GET could not be handled
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Handles the HTTP POST request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object that contains the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * request the client has made of the servlet.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object that contains
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the response the servlet sends to the client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception ServletException if an input or output error is detected when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the servlet handles the POST request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if the request for the POST could not be handled
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Handles registration request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the application
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object that contains the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * request the client has made of the servlet.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object that contains
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the response the servlet sends to the client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if the request could not be handled
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Alias processing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String providerAlias = FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerAlias == null || providerAlias.length() < 1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Unable to retrieve alias, Hosted "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Provider. Cannot process request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Cannot retrieve hosted descriptor. " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Cannot process request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ProviderDescriptorType hostedProviderDesc = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedProviderRole = metaManager.getProviderRoleByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedProviderRole.equalsIgnoreCase(IFSConstants.IDP))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getIDPDescriptor(realm, hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedProviderRole.equalsIgnoreCase(IFSConstants.SP))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getSPDescriptor(realm, hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getSPDescriptorConfig(realm, hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to find Hosted Provider. not process request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster setRegistrationURL(hostedConfig, providerAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSNameRegistrationRequest.parseURLEncodedRequest(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Called when a registration request is received from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * a remote provider. Initiates registration request processing.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HTTPServletRequest</code> object received via a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * HTTP Redirect
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HTTPServletResponse</code> object to send the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * response back to user agent
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedProviderDesc the provider for whom request is received
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedConfig hosted provider's extended meta
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedProviderRole hosted provider's role
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm under which the provider resides
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedEntityId hosted provider's entity ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerAlias hosted provider's meta alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param regisRequest the federation registration request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Entered FSRegistrationRequestServlet::doRequestProcessing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String remoteEntityId = regisRequest.getProviderId();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isIDP = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retURL = remoteDesc.getRegisterNameIdentifierServiceReturnURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSRegistrationRequestServlet.doRequest " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Processing: Can not retrieve remote provider data."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_PROVIDER, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean bVerify = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Calling verifyRegistrationSignature");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Cannot retrieve provider descriptor.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_PROVIDER,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSRegistrationRequestServlet::processRegistrationRequest "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Signature on registration request is invalid" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Cannot proceed federation registration");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_SIGNATURE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSRegistrationRequestServlet::processRegistrationRequest" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Signature on registration request is invalid" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Cannot proceed federation registration");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_SIGNATURE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Check if trusted provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster regisHandler.setRemoteEntityId(remoteEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster regisHandler.setHostedEntityId(hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster regisHandler.setHostedProviderRole(hostedProviderRole);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Unable to get registration " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "handler. User account Not valid");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Remote provider not in trusted list");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSRegistrationRequestServlet::doRequestProcesing " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Signature on registration request is invalid" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Cannot proceed name registration");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_SIGNATURE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Verifies the Registration request signature received from the remote end.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> containing the signed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * registration request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param remoteDescriptor remote provider who signed the request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param remoteEntityId remote provider's entity id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param isIDP whether the remote provider is an IDP or not
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if the signature is verified;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>false</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException, FSException if an error occurred during
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the process
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Entered FSRegistrationRequestServlet::verifyRegistrationSignature");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Verify the signature on the request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster X509Certificate cert = KeyUtil.getVerificationCert(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSRegistrationRequestServlet.verifyRegistrationSignature:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "couldn't obtain this site's cert .");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString(IFSConstants.NO_CERT));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSignatureUtil.verifyRequestSignature(request, cert);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Registration request is not properly signed");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Registration request is properly signed");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster} // FSRegistrationRequestServlet