/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.airavata.credential.store.servlet;
import edu.uiuc.ncsa.myproxy.oa4mp.client.OA4MPResponse;
import edu.uiuc.ncsa.myproxy.oa4mp.client.servlet.ClientServlet;
import edu.uiuc.ncsa.security.servlet.JSPUtil;
import org.apache.airavata.credential.store.store.CredentialStoreException;
import org.apache.airavata.credential.store.util.ConfigurationReader;
import org.apache.airavata.credential.store.util.CredentialStoreConstants;
import org.apache.airavata.credential.store.util.PrivateKeyStore;
import org.apache.airavata.credential.store.util.TokenGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import static edu.uiuc.ncsa.myproxy.oa4mp.client.ClientEnvironment.CALLBACK_URI_KEY;
/**
* When portal initiate a request to get credentials it will hit this servlet.
*/
public class CredentialStoreStartServlet extends ClientServlet {
private static ConfigurationReader configurationReader = null;
private static Logger log = LoggerFactory.getLogger(CredentialStoreStartServlet.class);
protected String decorateURI(URI inputURI, Map<String, String> parameters) {
if (parameters.isEmpty()) {
return inputURI.toString();
}
String stringUri = inputURI.toString();
StringBuilder stringBuilder = new StringBuilder(stringUri);
boolean isFirst = true;
for (Map.Entry<String, String> entry : parameters.entrySet()) {
if (isFirst) {
stringBuilder.append("?");
isFirst = false;
} else {
stringBuilder.append("&");
}
stringBuilder.append(entry.getKey()).append("=").append(entry.getValue());
}
return stringBuilder.toString();
}
public void init() throws ServletException {
super.init();
try {
if (configurationReader == null) {
configurationReader = new ConfigurationReader();
}
} catch (CredentialStoreException e) {
throw new ServletException(e);
}
}
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String gatewayName
= request.getParameter(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER);
String portalUserName
= request.getParameter(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER);
String contactEmail
= request.getParameter(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER);
String associatedToken = TokenGenerator.generateToken(gatewayName, portalUserName);
if (gatewayName == null) {
JSPUtil.handleException(new RuntimeException("Please specify a gateway name."), request, response,
configurationReader.getErrorUrl());
return;
}
if (portalUserName == null) {
JSPUtil.handleException(new RuntimeException("Please specify a portal user name."), request, response,
configurationReader.getErrorUrl());
return;
}
if (contactEmail == null) {
JSPUtil.handleException(new RuntimeException("Please specify a contact email address for community"
+ " user account."), request, response, configurationReader.getErrorUrl());
return;
}
log.info("1.a. Starting transaction");
OA4MPResponse gtwResp;
Map<String, String> queryParameters = new HashMap<String, String>();
queryParameters.put(CredentialStoreConstants.GATEWAY_NAME_QUERY_PARAMETER, gatewayName);
queryParameters.put(CredentialStoreConstants.PORTAL_USER_QUERY_PARAMETER, portalUserName);
queryParameters.put(CredentialStoreConstants.PORTAL_USER_EMAIL_QUERY_PARAMETER, contactEmail);
queryParameters.put(CredentialStoreConstants.PORTAL_TOKEN_ID_ASSIGNED, associatedToken);
Map<String, String> additionalParameters = new HashMap<String, String>();
String modifiedCallbackUri = decorateURI(getOA4MPService().getEnvironment().getCallback(), queryParameters);
info("The modified callback URI - " + modifiedCallbackUri);
additionalParameters.put(getEnvironment().getConstants().get(CALLBACK_URI_KEY), modifiedCallbackUri);
try {
gtwResp = getOA4MPService().requestCert(additionalParameters);
// Private key in store
PrivateKeyStore privateKeyStore = PrivateKeyStore.getPrivateKeyStore();
privateKeyStore.addKey(associatedToken, gtwResp.getPrivateKey());
} catch (Throwable t) {
JSPUtil.handleException(t, request, response, configurationReader.getErrorUrl());
return;
}
log.info("1.b. Got response. Creating page with redirect for " + gtwResp.getRedirect().getHost());
// Normally, we'd just do a redirect, but we will put up a page and show the redirect to the user.
// The client response contains the generated private key as well
// In a real application, the private key would be stored. This, however, exceeds the scope of this
// sample application -- all we need to do to complete the process is send along the redirect url.
request.setAttribute(REDIR, REDIR);
request.setAttribute("redirectUrl", gtwResp.getRedirect().toString());
request.setAttribute(ACTION_KEY, ACTION_KEY);
request.setAttribute("action", ACTION_REDIRECT_VALUE);
log.info("1.b. Showing redirect page.");
JSPUtil.fwd(request, response, configurationReader.getPortalRedirectUrl());
}
}