3. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 7/10/2017 1:01:42 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

3.1 Files compared

#	Location	File	Last Modified
1	C:\AraxisMergeCompare\Pri_un\IV-ehmp_cif\AwivClientWebApp\main\src\java\gov\va\med\imaging\awiv\web	ExternalSiteServlet.java	Thu Jun 29 17:22:53 2017 UTC
2	C:\AraxisMergeCompare\Pri_re\IV-ehmp_cif\AwivClientWebApp\main\src\java\gov\va\med\imaging\awiv\web	ExternalSiteServlet.java	Fri Jul 7 16:34:17 2017 UTC

3.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	3	294
Changed	2	4
Inserted	0	0
Removed	0	0

3.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

3.4 Active regular expressions

No regular expressions were active.

3.5 Comparison detail

	1	/**
	2	*
	3	Package: MAG - Vis tA Imaging
	4	WARNING: Per VHA D irective 2 004-038, t his routin e should n ot be modi fied.
	5	Date Cre ated: Feb 1, 2012
	6	Site Nam e: Washin gton OI Fi eld Office , Silver S pring, MD
	7	Developer: R E DACTED
	8	Descript ion:
	9
	10	;; +-------- ---------- ---------- ---------- ---------- ---------- ---------- +
	11	;; Property of the US Government .
	12	;; No permis sion to co py or redi stribute t his softwa re is give n.
	13	;; Use of un released v ersions of this soft ware requi res the us er
	14	;; to execu te a writt en test ag reement wi th the Vis tA Imaging
	15	;; Developm ent Office of the De partment o f Veterans Affairs,
	16	;; telephon e (301) 73 4-0100.
	17	;;
	18	;; The Food and Drug A dministrat ion classi fies this software a s
	19	;; a Class I I medical device. A s such, it may not b e changed
	20	;; in any wa y. Modifi cations to this soft ware may r esult in a n
	21	;; adulterat ed medical device un der 21CFR8 20, the us e of which
	22	;; is consid ered to be a violati on of US F ederal Sta tutes.
	23	;; +-------- ---------- ---------- ---------- ---------- ---------- ---------- +
	24
	25	*/
	26	package go v.va.med.i maging.awi v.web;
	27
	28	import gov .va.med.im aging.encr yption.Aes Encryption ;
	29	import gov .va.med.im aging.tomc at.vistare alm.VistaR ealmPrinci pal.Authen ticationCr edentialsT ype;
	30	import gov .va.med.im aging.tomc at.vistare alm.encryp tion.Encry ptionToken ;
	31	import gov .va.med.im aging.tomc at.vistare alm.VistaR ealmSecuri tyContext;
	32	import gov .va.med.im aging.tran sactioncon text.Clien tPrincipal ;
	33	import gov .va.med.im aging.tran sactioncon text.Trans actionCont ext;
	34	import gov .va.med.im aging.tran sactioncon text.Trans actionCont extFactory ;
	35
	36	import jav a.io.IOExc eption;
	37	import jav a.util.Arr ayList;
	38	import jav a.util.Has hMap;
	39
	40	import jav ax.servlet .ServletEx ception;
	41	import jav ax.servlet .http.Cook ie;
	42	import jav ax.servlet .http.Http Servlet;
	43	import jav ax.servlet .http.Http ServletReq uest;
	44	import jav ax.servlet .http.Http ServletRes ponse;
	45
	46	/**
	47	* @author R E DACTED
	48	*
	49	*/
	50	public cla ss Externa lSiteServl et
	51	extends Ht tpServlet
	52	{
	53	pr ivate stat ic final l ong serial VersionUID = -663799 6228946923 231L;
	54
	55	/* (non-Java doc)
	56	* @see java x.servlet. http.HttpS ervlet#doP ost(javax. servlet.ht tp.HttpSer vletReques t, javax.s ervlet.htt p.HttpServ letRespons e)
	57	* /
	58	@O verride
	59	pr otected vo id doPost( HttpServle tRequest r equest, Ht tpServletR esponse re sponse)
	60	th rows Servl etExceptio n, IOExcep tion
	61	{
	62
	63	/*
	64	* a wivParamet ers.append ("&F{" + c ontext.get FullName() + "}");
	65	aw ivParamete rs.append( "&G{" + co ntext.getD uz() + "}" );
	66	aw ivParamete rs.append( "&H{" + co ntext.getS sn() + "}" );
	67	aw ivParamete rs.append( "&I{" + co ntext.getS iteName() + "}");
	68	aw ivParamete rs.append( "&J{" + co ntext.getS iteNumber( ) + "}");
	69	awiv Parameters .append("& K{" + cont ext.getBro kerSecurit yToken() + "}"); // place hold er saved f or BSE tok en
	70	awiv Parameters .append("& C{" + pati entIcn + " }");
	71	*/
	72	try
	73	{
	74	String encrypted Parameters = request .getParame ter("input ");
	75	String decrypted Parameters = AesEncr yption.dec odeByteArr ay(encrypt edParamete rs);
	76
	77	String patientIc n = getPar ameter("C" , decrypte dParameter s);
	78	String duz = get Parameter( "G", decry ptedParame ters);
	79	String fullname = getParam eter("F", decryptedP arameters) ;
	80	String ssn = get Parameter( "H", decry ptedParame ters);
	81	String sitename = getParam eter("I", decryptedP arameters) ;
	82	String sitenumbe r = getPar ameter("J" , decrypte dParameter s);
	83	String bseToken = getParam eter("K", decryptedP arameters) ;
	84
	85	valida teRequired Field("duz ", duz);
	86	valida teRequired Field("ful lname", fu llname);
	87	valida teRequired Field("ssn ", ssn);
	88	valida teRequired Field("sit ename", si tename);
	89	valida teRequired Field("sit enumber", sitenumber );
	90	//vali dateRequir edField("b seToken", bseToken);
	91
	92	Client Principal principal = new Clie ntPrincipa l(
	93	sitenumber , true,Aut henticatio nCredentia lsType.Pas sword,
	94	null, null ,
	95	duz, fulln ame, ssn, sitenumber , sitename ,
	96	new ArrayL ist<String >(),
	97	new HashMa p<String, Object>()
	98	);
	99	princi pal.setAut henticated ByVista(fa lse); // n o credenti als in thi s case
	100	VistaR ealmSecuri tyContext. set(princi pal);
	101
	102	Transa ctionConte xt transac tionContex t = Transa ctionConte xtFactory. get();
	103	transa ctionConte xt.setBrok erSecurity Applicatio nName("VIS TA IMAGING VIX");
	104	transa ctionConte xt.setBrok erSecurity Token(bseT oken);
	105
	106	Cookie cookie = new Cookie ("user", E ncryptionT oken.encry ptUserCred entials()) ;
	107	cookie .setPath(" /Awiv");
	108	//cook ie.setSecu re(true);
	109	cookie .setMaxAge (-1); // d on't persi st between sessions
	110	respon se.addCook ie(cookie) ;
	111
	112	if(pat ientIcn != null && p atientIcn. length() > 0)
	113	{
	114	Cookie p atientCook ie = new C ookie("pat ient", pat ientIcn);
	115	patientC ookie.setM axAge(-1);
	116	patientC ookie.setP ath("/Awiv ");
	117	response .addCookie (patientCo okie);
	118	}
	119
	120	String url = "Aw iv.html";
	121	respon se.sendRed irect(url) ;
	122	}
	123	catc h(Exceptio n ex)
	124	{
	125	throw new Servle tException (ex);
	126	}
	127	}
	128
	129	pr ivate void validateR equiredFie ld(String fieldName, String fi eldValue)
	130	th rows Servl etExceptio n
	131	{
	132	if(f ieldValue == null \|\| fieldValu e.length() <= 0)
	133	throw new Servle tException ("Required field '" + fieldNam e + "' is missing an d is requi red.");
	134	}
	135
	136	pr ivate Stri ng getPara meter(Stri ng paramet er, String input)
	137	{
	138	Stri ng beginin gSearchStr ing = "&" + paramete r + "{";
	139	Stri ng endSear chString = "}";
	140
	141	if(i nput == nu ll)
	142	return null;
	143	int loc = inpu t.indexOf( beginingSe archString );
	144	if(l oc < 0)
	145	return null;
	146	int endLoc = i nput.index Of(endSear chString, loc + 3);
	147	retu rn input.s ubstring(l oc + 3, en dLoc);
	148	}
	149	}