/**
* Copyright 2012 Universitat Pompeu Fabra.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*
*/
package org.onexus.ui.authentication.persona;
import org.apache.wicket.Component;
import org.apache.wicket.Session;
import org.apache.wicket.ajax.AbstractDefaultAjaxBehavior;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.markup.head.IHeaderResponse;
import org.apache.wicket.markup.head.OnDomReadyHeaderItem;
import org.apache.wicket.request.Request;
import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.util.io.IOUtils;
import org.apache.wicket.util.string.StringValue;
import org.apache.wicket.util.template.PackageTextTemplate;
import org.apache.wicket.util.template.TextTemplate;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.HashMap;
import java.util.Map;
/**
* The behavior that should be attached to the "Sign In" button. It cares about loading the
* authentication window and notifying the caller via {@link #onSuccess(org.apache.wicket.ajax.AjaxRequestTarget)} or
* {@link #onFailure(org.apache.wicket.ajax.AjaxRequestTarget, String)}
*/
public abstract class VerifyBehavior extends AbstractDefaultAjaxBehavior {
private static final long serialVersionUID = 1L;
@Override
public void renderHead(final Component component, final IHeaderResponse response) {
component.setOutputMarkupId(true);
super.renderHead(component, response);
final Map<String, Object> variables = new HashMap<String, Object>();
variables.put("componentId", component.getMarkupId());
variables.put("callbackUrl", getCallbackUrl());
final TextTemplate verifyTemplate = new PackageTextTemplate(VerifyBehavior.class,
"verify.js.tmpl");
String asString = verifyTemplate.asString(variables);
response.render(OnDomReadyHeaderItem.forScript(asString));
}
@Override
protected void respond(AjaxRequestTarget target) {
RequestCycle cycle = RequestCycle.get();
Request request = cycle.getRequest();
StringValue assertionParam = request.getQueryParameters().getParameterValue("assertion");
StringValue audienceParam = request.getQueryParameters().getParameterValue("audience");
if (!assertionParam.isEmpty() && !audienceParam.isEmpty()) {
String failureReason = verify(assertionParam.toString(), audienceParam.toString());
if (failureReason == null) {
onSuccess(target);
} else {
onFailure(target, failureReason);
}
}
}
private String verify(final String assertion, final String audience) {
String failureReason = null;
try {
URL verifyUrl = new URL("https://verifier.login.persona.org/verify");
URLConnection urlConnection = verifyUrl.openConnection();
urlConnection.setDoOutput(true);
OutputStream outputStream = urlConnection.getOutputStream();
String postParams = "assertion=" + assertion + "&audience=" + audience;
outputStream.write(postParams.getBytes());
outputStream.close();
String response = IOUtils.toString(urlConnection.getInputStream(), "UTF-8");
BrowserId browserId = BrowserId.of(response);
if (browserId != null) {
if (BrowserId.Status.OK.equals(browserId.getStatus())) {
SessionHelper.logIn(Session.get(), browserId);
} else {
failureReason = browserId.getReason();
}
}
} catch (IOException e) {
failureReason = e.getMessage();
}
return failureReason;
}
protected abstract void onSuccess(AjaxRequestTarget target);
protected abstract void onFailure(AjaxRequestTarget target, String failureReason);
}