AkxZh4hL

1public void doGet(HttpServletRequest request, HttpServletResponse response) throws Exception {
2try {
3    pre_process(request);
4} catch (Exception e) {
5    PrintWriter out = response.getWriter();
6    out.println(“<html><body>” + e.getMessage() + “</body></html>”);
7    return;
8}
9if (!is_whitlisted(request)) {
10    String url = request.getParameter("url");
11    if (url != null && url.contains(“CompanyXYZ.com”)){ 
12        response.sendRedirect(url); 
13    }
14    return;
15}
16authenticate_caller(request);
17authenticate_message(request);
18adjust_response_cookies(request, response);  
19String plain_response = provide_response_body(request);       
20response.getWriter().println(encrypt_response(plain_response));
21}
22  private void adjust_response_cookies(HttpServletRequest request, HttpServletResponse response) throws Exception {
23String keywords = request.getParameter(“keywords”);
24Cookie cookie = new Cookie("last_keywords", keywords); 
25logger.info("search keywords:" + keywords);
26response.addCookie(cookie);
27}
28
29
30private String provide_response_body(HttpServletRequest request) throws Exception {
31String search_request = get_raw_xml_body(request);
32DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); 
33DocumentBuilder builder = factory.newDocumentBuilder(); 
34Document xml_doc = builder.parse(search_request);
35int retries = 0;
36do {
37     try {      
38        return perform_search(xml_doc);
39    } catch(Exception e) {   
40    }
41   } while(retries++ < Integer.parseInt(request.getParameter("retries")));    
42return "nothing";
43}
44private void pre_process(HttpServletRequest request) throws Exception {
45ScriptEngineManager seMgr = new ScriptEngineManager();
46ScriptEngine se = seMgr.getEngineByExtension("js");
47userOps = request.getParameter("overridePreProcess") != null ? request.getParameter("OverridePreProcess") : DEFAULT_PRE_PROCESS;
48scriptEngine.eval(userOps);
49        }
50 private boolean is_whitlisted(HttpServletRequest request) throws Exception {
51String remote_address = servletRequest.getRemoteAddr();
52String xff = servletRequest.getHeader("X-Forwarded-For");
53if (xff != null) {
54    remote_address = xff;
55     }
56return WHITELISTED_IPS.conatins(remote_address);
57         }
58   private String encrypt_response(String plain_response) throws Exception {
59byte[] iv = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; 
60SecretKey key = KeyGenerator.getInstance("DES").generateKey(); 
61Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); 
62IvParameterSpec ips = new IvParameterSpec(iv); 
63cipher.init(Cipher.ENCRYPT_MODE, key, ips); 
64byte[] result = cipher.doFinal(input); 
65return to_base64(key) + to_base64(result);
66   }
67 private void authenticate_caller(HttpServletRequest request) throws Exception {
68try
69{ 
70    X509Certificate cert = (X509Certificate)(request.getAttribute("javax.servlet.request.X509Certificate")[0]);
71    Connection conn = getConnection();
72    PreparedStatement statement = conn.prepareStatement("select * from user where userDN='" + cert.getSubjectDN().getName() + "'");
73    ResultSet result = statement.executeQuery();
74    if (!result.next()) {
75        throw new UnauthorizedAccessException("caller authentication failed!");
76    }
77 } catch (Exception e) {
78      logger.warn(e.getMessage());
79  }
80 }
81 private void authenticate_message(HttpServletRequest request) throws Exception {
82String message = get_raw_xml_body(request);
83String signature = request.getParameter("signature");
84String salt = request.getParameter("salt"); 
85MessageDigest md = MessageDigest.getInstance("MD5"); 
86String calculated_signature = to_base64(md.digest(salt + message));
87if (signature != null && calculated_signature != signature) { 
88      throw new UnauthorizedAccessException("message authentication failed!");
89}
90}