summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-03 11:00:52 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-03 11:00:52 +0100
commit1f332c4d81d2ba2c883a94ed5b0810d6fc7356dd (patch)
tree8d9968ab0588f9b8349b718770228662634aae99
parentfe8337c891820daf6d16b3fb5ded6106544a8f75 (diff)
parent9e74c91aad92cfc5f08b9a6bfacfbdc77a150442 (diff)
downloadEAAF-Components-1f332c4d81d2ba2c883a94ed5b0810d6fc7356dd.tar.gz
EAAF-Components-1f332c4d81d2ba2c883a94ed5b0810d6fc7356dd.tar.bz2
EAAF-Components-1f332c4d81d2ba2c883a94ed5b0810d6fc7356dd.zip
Merge branch 'nightlyBuild' into 'master'1.1.10
Nightly build See merge request egiz/eaaf_components!4
-rw-r--r--eaaf_core/pom.xml2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java9
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java56
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java37
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java4
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java33
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java31
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java4
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java54
-rw-r--r--eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder4
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java64
-rw-r--r--eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java60
-rw-r--r--eaaf_core_api/pom.xml2
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java13
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java2
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java12
-rw-r--r--eaaf_core_utils/pom.xml2
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java14
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java168
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java23
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java43
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java59
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java19
-rw-r--r--eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties11
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java63
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/pom.xml2
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java49
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java124
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java84
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/pom.xml2
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jarbin0 -> 627372 bytes
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom9
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java34
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/pom.xml2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/pom.xml2
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/pom.xml2
-rw-r--r--eaaf_modules/pom.xml2
-rw-r--r--pom.xml4
38 files changed, 727 insertions, 378 deletions
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml
index d41b9b4b..a0f28f7c 100644
--- a/eaaf_core/pom.xml
+++ b/eaaf_core/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
</parent>
<groupId>at.gv.egiz.eaaf</groupId>
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
index 48c9d1bd..86c50be0 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
@@ -69,10 +69,17 @@ public class RequestStorage implements IRequestStorage {
// search invalid pending-request for errorHandling
IRequest invalidPendingRequest = null;
- try {
+ try {
if (StringUtils.isNotEmpty(e.getInvalidInternalPendingReqId())) {
+ log.debug("Searching for expired pendingRequest with Id: {} ... ", e.getInvalidInternalPendingReqId());
invalidPendingRequest =
transactionStorage.get(e.getInvalidInternalPendingReqId(), IRequest.class);
+ log.debug("{} expired pendingReq. Set it into Exception ...",
+ invalidPendingRequest != null ? "Find" : "Find NO ");
+
+ } else {
+ log.debug("Get no internal pendingRequestId. Expired pendingRequest can not be set");
+
}
} catch (final EaafException e1) {
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 98149957..50bf76db 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -29,6 +29,17 @@ import javax.naming.ConfigurationException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.lang.NonNull;
+import org.springframework.lang.Nullable;
+import org.springframework.stereotype.Service;
+
import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.IRequestStorage;
@@ -59,6 +70,7 @@ import at.gv.egiz.eaaf.core.exceptions.GuiBuildException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration;
import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
@@ -67,17 +79,6 @@ import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;
-import org.apache.commons.lang3.ArrayUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.text.StringEscapeUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.lang.NonNull;
-import org.springframework.lang.Nullable;
-import org.springframework.stereotype.Service;
-
@Service
public class ProtocolAuthenticationService implements IProtocolAuthenticationService {
private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class);
@@ -379,21 +380,32 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
*
* @param loggedException Exception to log
*/
- protected void logExceptionToTechnicalLog(final Throwable loggedException) {
- if (!(loggedException instanceof EaafException
- || loggedException instanceof ProcessExecutionException)) {
+ protected void logExceptionToTechnicalLog(final Throwable loggedException) {
+ // In case of a TaskExecutionException, which is only a container for process-errors,
+ // extract internal exception
+ Throwable toLog;
+ if (loggedException instanceof TaskExecutionException
+ && ((TaskExecutionException)loggedException).getOriginalException() != null) {
+ toLog = ((TaskExecutionException)loggedException).getOriginalException();
+
+ } else {
+ toLog = loggedException;
+
+ }
+
+ // Log exception
+ if (!(toLog instanceof EaafException)) {
log.error(TECH_LOG_MSG, IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC,
- loggedException.getMessage(), loggedException);
+ toLog.getMessage(), toLog);
- } else {
- if (loggedException instanceof EaafException
- && logOnInfoLevel.contains(((EaafException) loggedException).getErrorId())) {
- log.info(TECH_LOG_MSG, ((EaafException) loggedException).getErrorId(),
- loggedException.getMessage(), loggedException);
+ } else {
+ if (logOnInfoLevel.contains(((EaafException) toLog).getErrorId())) {
+ log.info(TECH_LOG_MSG, ((EaafException) toLog).getErrorId(),
+ toLog.getMessage(), toLog);
} else {
- log.warn(TECH_LOG_MSG, ((EaafException) loggedException).getErrorId(),
- loggedException.getMessage(), loggedException);
+ log.warn(TECH_LOG_MSG, ((EaafException) toLog).getErrorId(),
+ toLog.getMessage(), toLog);
}
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java
new file mode 100644
index 00000000..08911ac7
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java
@@ -0,0 +1,37 @@
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class PiiTransactionIdAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions {
+
+ @Override
+ public String getName() {
+ return EID_PII_TRANSACTION_ID_NAME;
+
+ }
+
+ @Override
+ public <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+ String piiTransactionId = authData.getGenericData(EID_PII_TRANSACTION_ID_NAME, String.class);
+ log.trace("{} piiTransactionId: {} as attribute",
+ piiTransactionId != null ? "Set" : "Notset", log.isTraceEnabled() ? piiTransactionId : "********");
+ return g.buildStringAttribute(EID_PII_TRANSACTION_ID_FRIENDLY_NAME, EID_PII_TRANSACTION_ID_NAME,
+ piiTransactionId);
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_PII_TRANSACTION_ID_FRIENDLY_NAME, EID_PII_TRANSACTION_ID_NAME);
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java
index 44ff4e50..924e2a9f 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java
@@ -30,7 +30,7 @@ public class SpUsesMandates implements IAttributeBuilder, ExtendedPvpAttributeDe
@Override
public String getName() {
- return SP_USESMANDATES_NAME;
+ return SP_USED_MANDATE_PROFILES_NAME;
}
@Override
@@ -44,7 +44,7 @@ public class SpUsesMandates implements IAttributeBuilder, ExtendedPvpAttributeDe
@Override
public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) {
- return g.buildEmptyAttribute(SP_USESMANDATES_FRIENDLY_NAME, SP_USESMANDATES_NAME);
+ return g.buildEmptyAttribute(SP_USED_MANDATE_PROFILES_FRIENDLY_NAME, SP_USED_MANDATE_PROFILES_NAME);
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java
new file mode 100644
index 00000000..17b830dc
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java
@@ -0,0 +1,33 @@
+package at.gv.egiz.eaaf.core.impl.idp.builder.attributes;
+
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
+
+public class TransactionIdAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions {
+
+ @Override
+ public String getName() {
+ return EID_TRANSACTION_ID_NAME;
+
+ }
+
+ @Override
+ public <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+ return g.buildStringAttribute(EID_TRANSACTION_ID_FRIENDLY_NAME, EID_TRANSACTION_ID_NAME,
+ TransactionIdUtils.getTransactionId());
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_TRANSACTION_ID_FRIENDLY_NAME, EID_TRANSACTION_ID_NAME);
+
+ }
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
index 58c8c0a9..0479a8c5 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
@@ -26,6 +26,14 @@ import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.util.SerializationUtils;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+
import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.IStatusMessenger;
@@ -35,20 +43,12 @@ import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-
-import org.apache.commons.text.StringEscapeUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.util.SerializationUtils;
-import org.springframework.web.bind.annotation.ExceptionHandler;
/**
* Basic application controller that implements core error-handling.
@@ -74,6 +74,9 @@ public abstract class AbstractController {
@Autowired
protected IRevisionLogger revisionsLogger;
+ @Autowired
+ protected IPendingRequestIdGenerationStrategy reqIdGenerationStrategy;
+
/**
* EAAF framework exception handler.
*
@@ -168,7 +171,9 @@ public abstract class AbstractController {
}
// put exception into transaction store for redirect
- final String errorKey = Random.nextLongRandom();
+ final String errorToken = reqIdGenerationStrategy.generateExternalPendingRequestId();
+ final String errorKey = reqIdGenerationStrategy.getPendingRequestIdWithOutChecks(errorToken);
+
if (errorToHandle.getFirst() != null) {
revisionsLogger.logEvent(errorToHandle.getFirst(), EventConstants.TRANSACTION_ERROR);
@@ -176,7 +181,7 @@ public abstract class AbstractController {
final byte[] serializedError = SerializationUtils.serialize(
new ExceptionContainer(errorToHandle.getFirst(), errorToHandle.getSecond()));
- log.trace("Put 'ExceptionContainer' into cache ... ");
+ log.debug("Put 'ExceptionContainer' into cache with id: {}... ", errorKey);
transactionStorage.put(errorKey, serializedError, -1);
} else {
@@ -184,12 +189,12 @@ public abstract class AbstractController {
final byte[] serializedError = SerializationUtils.serialize(
new ExceptionContainer(null, errorToHandle.getSecond()));
- log.trace("Put 'ExceptionContainer' into cache ... ");
+ log.trace("Put 'ExceptionContainer' into cache with id: {}... ",errorKey);
transactionStorage.put(errorKey, serializedError, -1);
}
- return errorKey;
+ return errorToken;
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java
index 098bca4c..2ce728c1 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java
@@ -36,6 +36,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException;
+import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
/**
@@ -85,6 +86,9 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
// wake up next task
processEngine.signal(pendingReq);
+ } catch (PendingReqIdValidationException e) {
+ handleError(null, e, req, resp, e.getInvalidPendingReq());
+
} catch (final Exception ex) {
handleError(null, ex, req, resp, pendingReq);
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
index 3fc31673..4ff41836 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
@@ -24,14 +24,6 @@ import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egiz.components.eventlog.api.EventConstants;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.IRequestStorage;
-import at.gv.egiz.eaaf.core.api.IStatusMessenger;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.data.ExceptionContainer;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-
import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -41,6 +33,16 @@ import org.springframework.util.SerializationUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.components.eventlog.api.EventConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExceptionContainer;
+import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
+
/**
* Protocol finialization end-point.
*
@@ -55,6 +57,7 @@ public class ProtocolFinalizationController extends AbstractController {
@Autowired(required = true)
IRequestStorage requestStorage;
+ @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy;
/**
* End-Point to handle errors.
@@ -68,25 +71,37 @@ public class ProtocolFinalizationController extends AbstractController {
public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp)
throws EaafException, IOException {
// receive an authentication error
- final String errorid =
+ final String errorToken =
StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));
- if (errorid != null) {
+ if (errorToken != null) {
IRequest pendingReq = null;
- try {
+ try {
+ String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken);
+ log.debug("Searching exception with internal error-token: {}", errorId);
+
// load stored exception from database
final byte[] containerSerialized =
- transactionStorage.get(errorid, byte[].class);
+ transactionStorage.get(errorId, byte[].class);
if (containerSerialized != null) {
// remove exception if it was found
- transactionStorage.remove(errorid);
-
+ transactionStorage.remove(errorId);
+ log.trace("Find exception with internal error-token: {}", errorId);
+
+ //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized,
+ // Arrays.asList(
+ // ExceptionContainer.class.getName()
+ // ));
final Object containerObj = SerializationUtils.deserialize(containerSerialized);
+
if (containerObj instanceof ExceptionContainer) {
final ExceptionContainer container = (ExceptionContainer) containerObj;
final Throwable throwable = container.getExceptionThrown();
pendingReq = container.getPendingRequest();
if (pendingReq != null) {
+ //set MDC variables
+ TransactionIdUtils.setAllLoggingVariables(pendingReq);
+
// build protocol-specific error message if possible
protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
@@ -106,6 +121,7 @@ public class ProtocolFinalizationController extends AbstractController {
}
} else {
+ log.info("Find no exception with internal error-token: {}", errorId);
protAuthService.handleErrorNoRedirect(
new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null),
req, resp, false);
@@ -124,6 +140,9 @@ public class ProtocolFinalizationController extends AbstractController {
pendingReq.getUniqueTransactionIdentifier());
}
+
+ //remove all Logger variables
+ TransactionIdUtils.removeAllLoggingVariables();
}
@@ -162,9 +181,14 @@ public class ProtocolFinalizationController extends AbstractController {
req, resp, false);
} else {
+ //set MDC variables
+ TransactionIdUtils.setAllLoggingVariables(pendingReq);
+
+ //perform protocol finalization steps
protAuthService.finalizeAuthentication(req, resp, pendingReq);
+
}
-
+
}
}
diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 30f1cb57..f57c3787 100644
--- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -12,4 +12,6 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityLinkBuilder
at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidEidTokenBuilder
at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidSignerCertificate
at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler
-at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidCcsUrl \ No newline at end of file
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidCcsUrl
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.TransactionIdAttributeBuilder
+at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PiiTransactionIdAttributeBuilder
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java
new file mode 100644
index 00000000..82ac0abf
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java
@@ -0,0 +1,64 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth.attributes;
+
+import java.util.UUID;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PiiTransactionIdAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
+
+/**
+ * Attribute builder to generate an attribute that holds the unique TransactionId for this process.
+ * <br>
+ * The attribute-value is read from {@link TransactionIdUtils} with method <code>getTransactionId()</code>
+ *
+ * @author tlenz
+ *
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class PiiTransactionIdAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+ private final IAttributeBuilder attrBuilder = new PiiTransactionIdAttributeBuilder();
+
+ @Test
+ public void attributeName() {
+ Assert.assertEquals("Wrong attribute name",
+ "urn:eidgvat:attributes.piiTransactionId", attrBuilder.getName());
+
+ }
+
+ @Test
+ public void checkEmptyAttribute() {
+ String value = attrBuilder.buildEmpty(gen);
+ Assert.assertNull("Attr. not null", value);
+
+ }
+
+ @Test
+ public void noPiiTransactionId() throws AttributeBuilderException, Exception {
+ String value = attrBuilder.build(spConfig, buildAuthData(), gen);
+ Assert.assertNull("Attr. not null", value);
+
+ }
+
+ @Test
+ public void withPiiTransactionId() throws AttributeBuilderException, Exception {
+ String piiTransId = UUID.randomUUID().toString();
+ IAuthData authData = buildAuthData();
+ ((AuthenticationData)authData).setGenericData("urn:eidgvat:attributes.piiTransactionId", piiTransId);
+
+ String value = attrBuilder.build(spConfig, authData, gen);
+ Assert.assertEquals("piiTransactionId", piiTransId, value);
+
+ }
+
+}
diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java
new file mode 100644
index 00000000..d82bdf5c
--- /dev/null
+++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java
@@ -0,0 +1,60 @@
+package at.gv.egiz.eaaf.core.impl.idp.auth.attributes;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.TransactionIdAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
+
+/**
+ * Attribute builder to generate an attribute that holds the unique TransactionId for this process.
+ * <br>
+ * The attribute-value is read from {@link TransactionIdUtils} with method <code>getTransactionId()</code>
+ *
+ * @author tlenz
+ *
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_eaaf_core.xml")
+public class TransactionIdAttributeBuilderTest extends AbstractAttributeBuilderTest {
+
+ private final IAttributeBuilder attrBuilder = new TransactionIdAttributeBuilder();
+
+ @Test
+ public void attributeName() {
+ Assert.assertEquals("Wrong attribute name",
+ "urn:eidgvat:attributes.transactionId", attrBuilder.getName());
+
+ }
+
+ @Test
+ public void checkEmptyAttribute() {
+ String value = attrBuilder.buildEmpty(gen);
+ Assert.assertNull("Attr. not null", value);
+
+ }
+
+ @Test
+ public void noTransactionId() throws AttributeBuilderException, Exception {
+ String value = attrBuilder.build(spConfig, buildAuthData(), gen);
+ Assert.assertNull("Attr. not null", value);
+
+ }
+
+ @Test
+ public void withTransactionId() throws AttributeBuilderException, Exception {
+ TransactionIdUtils.setTransactionId();
+ String transId = TransactionIdUtils.getTransactionId();
+ Assert.assertNull("Inputdata is null", transId);
+
+ String value = attrBuilder.build(spConfig, buildAuthData(), gen);
+ Assert.assertEquals("TransactionId", transId, value);
+
+ }
+
+}
diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml
index 9f2030a4..1d0efc07 100644
--- a/eaaf_core_api/pom.xml
+++ b/eaaf_core_api/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
</parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_core_api</artifactId>
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
index cf411af8..37db2fa4 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java
@@ -21,6 +21,9 @@ package at.gv.egiz.eaaf.core.api.data;
public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions {
+ String EIDAS_CONNECTOR_UNIQUEID_NAME = "urn:eidgvat:attributes.eidas.uniqueId";
+ String EIDAS_CONNECTOR_UNIQUEID_FRIENDLY_NAME = "EidasNode-UniqueId";
+
String SP_UNIQUEID_NAME = "urn:eidgvat:attributes.ServiceProviderUniqueId";
String SP_UNIQUEID_FRIENDLY_NAME = "ServiceProvider-UniqueId";
@@ -30,8 +33,8 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions
String SP_COUNTRYCODE_NAME = "urn:eidgvat:attributes.ServiceProviderCountryCode";
String SP_COUNTRYCODE_FRIENDLY_NAME = "ServiceProvider-CountryCode";
- String SP_USESMANDATES_NAME = "urn:eidgvat:attributes.ServiceProviderMandateProfiles";
- String SP_USESMANDATES_FRIENDLY_NAME = "ServiceProvider-MandateProfiles";
+ String SP_USED_MANDATE_PROFILES_NAME = "urn:eidgvat:attributes.ServiceProviderMandateProfiles";
+ String SP_USED_MANDATE_PROFILES_FRIENDLY_NAME = "ServiceProvider-MandateProfiles";
/* Attributes for E-ID */
String EID_ENCRYPTED_SOURCEID_NAME = "urn:eidgvat:attributes.vsz.value";
@@ -46,6 +49,12 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions
String EID_AUTHBLOCK_SIGNED_NAME = "urn:eidgvat:attributes.authblock.signed";
String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock";
+ String EID_TRANSACTION_ID_NAME = "urn:eidgvat:attributes.transactionId";
+ String EID_TRANSACTION_ID_FRIENDLY_NAME = "transactionId";
+
+ String EID_PII_TRANSACTION_ID_NAME = "urn:eidgvat:attributes.piiTransactionId";
+ String EID_PII_TRANSACTION_ID_FRIENDLY_NAME = "piiTransactionId";
+
String EID_MIS_MANDATE_NAME = "urn:eidgvat:attributes.mis.mandate";
String EID_MIS_MANDATE_FRIENDLY_NAME = "mandate";
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
index 62aa8852..6626d24d 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
@@ -30,7 +30,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
*
*/
public interface IAuthData {
-
+
/**
* BaseId transfer policy.
*
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java
index ddc051b0..e7c968b5 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java
@@ -15,10 +15,10 @@ public class PendingReqIdValidationException extends EaafException {
* Pending-Request Id validation error.
*
* @param internalPendingReqId Internal Pending-Request Id
- * @param reason error-message
+ * @param errorId Detailed Id of the error
*/
- public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String reason) {
- super("process.99", new Object[] { internalPendingReqId, reason });
+ public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String errorId) {
+ super(errorId, new Object[] { internalPendingReqId});
this.invalidInternalPendingReqId = internalPendingReqId;
}
@@ -27,12 +27,12 @@ public class PendingReqIdValidationException extends EaafException {
* Pending-Request Id validation error.
*
* @param internalPendingReqId Internal Pending-Request Id
- * @param reason error-message
+ * @param errorId Detailed Id of the error
* @param e error
*/
- public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String reason,
+ public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String errorId,
final Throwable e) {
- super("process.99", new Object[] { internalPendingReqId, reason }, e);
+ super(errorId, new Object[] { internalPendingReqId, errorId }, e);
this.invalidInternalPendingReqId = internalPendingReqId;
}
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index e37259a0..afeb69ae 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
</parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_core_utils</artifactId>
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 955648c6..1c6e6e76 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -27,6 +27,11 @@ import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -37,12 +42,6 @@ import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricK
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -246,7 +245,8 @@ public class EaafKeyStoreFactory {
clientUsername, clientPassword, hsmFacadeHost, port);
if (rawProvider instanceof Provider) {
- Security.insertProviderAt((Provider) rawProvider, 0);
+ Security.addProvider((Provider) rawProvider);
+
isHsmFacadeInitialized = true;
log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
EaafKeyStoreFactory.class.getSimpleName());
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
index 647c0636..07522b56 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
@@ -4,6 +4,8 @@ import java.security.KeyStore;
import java.security.Provider;
import java.util.HashMap;
import java.util.Map;
+import java.util.Map.Entry;
+import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
@@ -23,6 +25,7 @@ import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
+import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
@@ -33,10 +36,12 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultRedirectStrategy;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.Scheduled;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -65,10 +70,10 @@ public class HttpClientFactory implements IHttpClientFactory {
public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION =
"client.http.connection.timeout.connection";
public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST =
- "client.http.connection.timeout.request";
- public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT =
+ "client.http.connection.timeout.request";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT =
"client.http.connection.retry.count";
- public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST =
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST =
"client.http.connection.retry.post";
public static final String PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL =
"client.http.ssl.hostnameverifier.trustall";
@@ -97,9 +102,14 @@ public class HttpClientFactory implements IHttpClientFactory {
public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100";
public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT = "3";
public static final String DEFAUTL_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST = String.valueOf(false);
+
+ public static final int DEFAULT_CLEANUP_RUNNER_TIME = 30000;
+ public static final int DEFAULT_CLEANUP_IDLE_TIME = 60;
+
private String defaultConfigurationId = null;
- private final Map<String, HttpClientBuilder> availableBuilders = new HashMap<>();
+ private final Map<String, Pair<HttpClientBuilder, HttpClientConnectionManager>>
+ availableBuilders = new HashMap<>();
/*
* (non-Javadoc)
@@ -114,7 +124,7 @@ public class HttpClientFactory implements IHttpClientFactory {
@Override
public CloseableHttpClient getHttpClient(final boolean followRedirects) {
- return availableBuilders.get(defaultConfigurationId).setRedirectStrategy(
+ return availableBuilders.get(defaultConfigurationId).getFirst().setRedirectStrategy(
buildRedirectStrategy(followRedirects)).build();
}
@@ -124,30 +134,31 @@ public class HttpClientFactory implements IHttpClientFactory {
log.trace("Build http client for: {}", config.getFriendlyName());
HttpClientBuilder builder = null;
if (availableBuilders.containsKey(config.getUuid())) {
- builder = availableBuilders.get(config.getUuid());
+ builder = availableBuilders.get(config.getUuid()).getFirst();
} else {
log.debug("Initialize new http-client builder for: {}", config.getFriendlyName());
- //validate configuration object
+ // validate configuration object
config.validate();
builder = HttpClients.custom();
-
- //inject request configuration
+
+ // inject request configuration
builder.setDefaultRequestConfig(buildDefaultRequestConfig());
injectInternalRetryHandler(builder, config);
-
- //inject basic authentication infos
+
+ // inject basic authentication infos
injectBasicAuthenticationIfRequired(builder, config);
- //inject authentication if required
+ // inject authentication if required
final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(config);
// set pool connection if required
- injectDefaultConnectionPoolIfRequired(builder, sslConnectionFactory);
+ HttpClientConnectionManager connectionManager
+ = injectConnectionManager(builder, sslConnectionFactory);
- availableBuilders.put(config.getUuid(), builder);
+ availableBuilders.put(config.getUuid(), Pair.newInstance(builder, connectionManager));
}
@@ -156,27 +167,45 @@ public class HttpClientFactory implements IHttpClientFactory {
}
- private void injectInternalRetryHandler(HttpClientBuilder builder, HttpClientConfiguration config) {
+ /**
+ * Worker that closes expired connections or connections that in idle
+ * for more than DEFAULT_CLEANUP_IDLE_TIME seconds.
+ *
+ */
+ @Scheduled(fixedDelay = DEFAULT_CLEANUP_RUNNER_TIME)
+ private void httpConnectionPoolCleaner() {
+ log.trace("Starting http connection-pool eviction policy ... ");
+ for (final Entry<String, Pair<HttpClientBuilder, HttpClientConnectionManager>> el
+ : availableBuilders.entrySet()) {
+ log.trace("Checking connections of http-client: {}", el.getKey());
+ el.getValue().getSecond().closeExpiredConnections();
+ el.getValue().getSecond().closeIdleConnections(DEFAULT_CLEANUP_IDLE_TIME, TimeUnit.SECONDS);
+
+ }
+
+ }
+
+ private void injectInternalRetryHandler(HttpClientBuilder builder, HttpClientConfiguration config) {
if (config.getHttpErrorRetryCount() > 0) {
- log.info("Set HTTP error-retry to {} for http-client: {}",
+ log.info("Set HTTP error-retry to {} for http-client: {}",
config.getHttpErrorRetryCount(), config.getFriendlyName());
builder.setRetryHandler(new EaafHttpRequestRetryHandler(
- config.getHttpErrorRetryCount(),
- config.isHttpErrorRetryPost()));
-
+ config.getHttpErrorRetryCount(),
+ config.isHttpErrorRetryPost()));
+
if (config.getServiceUnavailStrategy() != null) {
log.debug("HttpClient configuration: {} set custom ServiceUnavailableRetryStrategy: {}",
config.getFriendlyName(), config.getServiceUnavailStrategy().getClass().getName());
builder.setServiceUnavailableRetryStrategy(config.getServiceUnavailStrategy());
-
+
}
-
+
} else {
log.info("Disable HTTP error-retry for http-client: {}", config.getFriendlyName());
builder.disableAutomaticRetries();
-
+
}
-
+
}
@PostConstruct
@@ -190,8 +219,8 @@ public class HttpClientFactory implements IHttpClientFactory {
// set default request configuration
defaultHttpClientBuilder.setDefaultRequestConfig(buildDefaultRequestConfig());
injectInternalRetryHandler(defaultHttpClientBuilder, defaultHttpClientConfig);
-
- //inject http basic authentication
+
+ // inject http basic authentication
injectBasicAuthenticationIfRequired(defaultHttpClientBuilder, defaultHttpClientConfig);
// inject authentication if required
@@ -199,11 +228,13 @@ public class HttpClientFactory implements IHttpClientFactory {
getSslContext(defaultHttpClientConfig);
// set pool connection if required
- injectDefaultConnectionPoolIfRequired(defaultHttpClientBuilder, sslConnectionFactory);
+ HttpClientConnectionManager connectionManager
+ = injectConnectionManager(defaultHttpClientBuilder, sslConnectionFactory);
- //set default http client builder
+ // set default http client builder
defaultConfigurationId = defaultHttpClientConfig.getUuid();
- availableBuilders.put(defaultConfigurationId, defaultHttpClientBuilder);
+ availableBuilders.put(defaultConfigurationId,
+ Pair.newInstance(defaultHttpClientBuilder, connectionManager));
}
@@ -239,13 +270,12 @@ public class HttpClientFactory implements IHttpClientFactory {
PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false));
config.setHttpErrorRetryCount(Integer.parseInt(basicConfig.getBasicConfiguration(
- PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT,
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT)));
config.setHttpErrorRetryPost(Boolean.parseBoolean(basicConfig.getBasicConfiguration(
- PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST,
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST,
DEFAUTL_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST)));
-
-
+
// validate configuration object
config.validate();
@@ -280,7 +310,8 @@ public class HttpClientFactory implements IHttpClientFactory {
SSLContext sslContext = null;
if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) {
log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType());
- final Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig());
+ final Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig
+ .getKeyStoreConfig());
log.trace("Injecting SSL client-authentication into http client ... ");
sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore,
@@ -290,7 +321,7 @@ public class HttpClientFactory implements IHttpClientFactory {
} else {
log.trace("Initializing default SSL Context ... ");
sslContext = SSLContexts.createDefault();
-
+
}
// set hostname verifier
@@ -308,48 +339,37 @@ public class HttpClientFactory implements IHttpClientFactory {
}
- private void injectDefaultConnectionPoolIfRequired(
+ @Nonnull
+ private HttpClientConnectionManager injectConnectionManager(
HttpClientBuilder builder, final LayeredConnectionSocketFactory sslConnectionFactory) {
if (basicConfig.getBasicConfigurationBoolean(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE,
true)) {
- PoolingHttpClientConnectionManager pool;
-
- // set socketFactoryRegistry if SSLConnectionFactory is Set
- if (sslConnectionFactory != null) {
- final Registry<ConnectionSocketFactory> socketFactoryRegistry =
- RegistryBuilder.<ConnectionSocketFactory>create()
- .register("http", PlainConnectionSocketFactory.getSocketFactory())
- .register("https", sslConnectionFactory).build();
- log.trace("Inject SSLSocketFactory into pooled connection");
- pool = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
-
- } else {
- pool = new PoolingHttpClientConnectionManager();
-
- }
-
- pool.setDefaultMaxPerRoute(Integer.parseInt(
+ PoolingHttpClientConnectionManager connectionPool
+ = new PoolingHttpClientConnectionManager(getDefaultRegistry(sslConnectionFactory));
+ connectionPool.setDefaultMaxPerRoute(Integer.parseInt(
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE)));
- pool.setMaxTotal(Integer.parseInt(
+ connectionPool.setMaxTotal(Integer.parseInt(
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL)));
-
- pool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt(
+ connectionPool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt(
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET))
* 1000).build());
+ builder.setConnectionManager(connectionPool);
+ log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}",
+ connectionPool.getMaxTotal(), connectionPool.getDefaultMaxPerRoute());
+ return connectionPool;
+
+ } else {
+ log.debug("Building http-client without Connection-Pool ... ");
+ final BasicHttpClientConnectionManager basicPool = new BasicHttpClientConnectionManager(
+ getDefaultRegistry(sslConnectionFactory));
+ builder.setConnectionManager(basicPool);
+ return basicPool;
- builder.setConnectionManager(pool);
- log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(),
- pool.getDefaultMaxPerRoute());
-
- } else if (sslConnectionFactory != null) {
- log.trace("Inject SSLSocketFactory without connection pool");
- builder.setSSLSocketFactory(sslConnectionFactory);
-
}
-
+
}
private RequestConfig buildDefaultRequestConfig() {
@@ -392,5 +412,25 @@ public class HttpClientFactory implements IHttpClientFactory {
return redirectStrategy;
}
+
+ private static Registry<ConnectionSocketFactory> getDefaultRegistry(
+ final LayeredConnectionSocketFactory sslConnectionFactory) {
+ final RegistryBuilder<ConnectionSocketFactory> builder =
+ RegistryBuilder.<ConnectionSocketFactory>create()
+ .register("http", PlainConnectionSocketFactory.getSocketFactory());
+
+ if (sslConnectionFactory != null) {
+ log.trace("Inject own SSLSocketFactory into pooled connection");
+ builder.register("https", sslConnectionFactory);
+
+ } else {
+ log.trace("Inject default SSLSocketFactory into pooled connection");
+ builder.register("https", SSLConnectionSocketFactory.getSocketFactory());
+
+ }
+
+ return builder.build();
+
+ }
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
index 81ebe1fe..10555822 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
@@ -18,6 +18,7 @@
package at.gv.egiz.eaaf.core.impl.http;
+import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -31,10 +32,15 @@ import javax.net.ssl.SSLContext;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
+import org.apache.http.HttpResponse;
+import org.apache.http.StatusLine;
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.ResponseHandler;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
+import org.apache.http.util.EntityUtils;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -47,6 +53,23 @@ public class HttpUtils {
private static final String ERROR_03 = "internal.httpclient.03";
+
+ /**
+ * Simple Http response-handler that only give http status-code as result.
+ *
+ * @return Status-Code of http response
+ */
+ public static ResponseHandler<StatusLine> simpleStatusCodeResponseHandler() {
+ return new ResponseHandler<StatusLine>() {
+ @Override
+ public StatusLine handleResponse(HttpResponse response) throws ClientProtocolException, IOException {
+ EntityUtils.consumeQuietly(response.getEntity());
+ return response.getStatusLine();
+
+ }
+ };
+ }
+
/**
* Helper method to retrieve server URL including context path.
*
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java
index ebfe7500..83ea7da0 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java
@@ -1,6 +1,6 @@
package at.gv.egiz.eaaf.core.impl.utils;
-import java.io.UnsupportedEncodingException;
+import java.nio.charset.StandardCharsets;
import java.security.Provider;
import java.util.Base64;
@@ -98,10 +98,10 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
}
return Base64.getUrlEncoder()
- .encodeToString(encToken.getCompactSerialization().getBytes("UTF-8"));
+ .encodeToString(encToken.getCompactSerialization().getBytes(StandardCharsets.UTF_8));
- } catch (final JoseException | UnsupportedEncodingException e) {
- throw new EaafException("internal.99", new Object[] { e.getMessage() }, e);
+ } catch (final JoseException e) {
+ throw new EaafException("internal.pendingreqid.02", new Object[] { e.getMessage() }, e);
}
@@ -117,7 +117,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
if (!(StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1)) {
log.warn("PendingRequestId has an unvalid format");
log.debug("PendingRequestId: {}", stringToken);
- throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.01");
}
@@ -125,13 +125,10 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
StringUtils.split(stringToken, TOKEN_SEPARATOR, ENCODED_TOKEN_PARTS);
return tokenElements[1];
- } catch (final UnsupportedEncodingException e) {
- throw new RuntimeException(e);
-
} catch (JoseException e) {
log.warn("Token is NOT a valid String. Msg: {}", e.getMessage());
log.debug("TokenValue: {}", externalPendingReqId);
- throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.05", e);
}
}
@@ -144,9 +141,8 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
log.debug("Token decryption successful");
if (!(StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1)) {
- log.warn("PendingRequestId has an unvalid format");
- log.debug("PendingRequestId: {}", stringToken);
- throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format");
+ log.info("PendingRequestId: {}", stringToken);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.01");
}
@@ -155,16 +151,13 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
final String internalPendingReqId = tokenElements[1];
final DateTime timeStamp = TOKEN_TEXTUAL_DATE_FORMAT.parseDateTime(tokenElements[0]);
-
-
log.trace("Checking valid period ... ");
final DateTime now = DateTime.now();
if (timeStamp.withFieldAdded(DurationFieldType.seconds(), maxPendingRequestIdLifeTime)
.isBefore(now)) {
- log.warn("Token exceeds the valid period");
- log.debug("Token: {} | Now: {}", timeStamp, now);
+ log.info("Token exceeds the valid period. Token: {} | Now: {}", timeStamp, now);
throw new PendingReqIdValidationException(internalPendingReqId,
- "PendingRequestId exceeds the valid period");
+ "internal.pendingreqid.06");
}
log.debug("Token valid-period check successful");
@@ -174,25 +167,22 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
} catch (JoseException e) {
log.warn("Token is NOT a valid encrypt. Msg: {}", e.getMessage());
log.debug("TokenValue: {}", externalPendingReqId);
- throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid encrypted", e);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.04", e);
} catch (final IllegalArgumentException e) {
log.warn("Token is NOT a valid String. Msg: {}", e.getMessage());
log.debug("TokenValue: {}", externalPendingReqId);
- throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e);
-
- } catch (final UnsupportedEncodingException e) {
- throw new RuntimeException(e);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.05", e);
}
}
@Nonnull
private String getDecryptedExternalPendingRequestId(String externalPendingReqId)
- throws JoseException, PendingReqIdValidationException, UnsupportedEncodingException {
+ throws JoseException, PendingReqIdValidationException {
if (StringUtils.isEmpty(externalPendingReqId)) {
log.info("PendingReqId is 'null' or empty");
- throw new PendingReqIdValidationException(null, "PendingReqId is 'null' or empty");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.00");
}
@@ -201,8 +191,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
if (externalPendingReqIdBytes.length > maxPendingReqIdSize) {
log.warn("pendingReqId size exceeds {}", maxPendingReqIdSize);
- throw new PendingReqIdValidationException(null,
- "pendingReqId exceeds max.size: " + maxPendingReqIdSize);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.03");
}
@@ -225,7 +214,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
}
- encToken.setCompactSerialization(new String(externalPendingReqIdBytes, "UTF-8"));
+ encToken.setCompactSerialization(new String(externalPendingReqIdBytes, StandardCharsets.UTF_8));
return encToken.getPayload();
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
index ad6471d5..8ec5f3a8 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
@@ -1,6 +1,6 @@
package at.gv.egiz.eaaf.core.impl.utils;
-import java.io.UnsupportedEncodingException;
+import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
@@ -80,33 +80,22 @@ public class SecurePendingRequestIdGenerationStrategy
@Override
public String generateExternalPendingRequestId() throws EaafException {
- try {
- final String toSign = buildInternalToken(Random.nextLongRandom(), DateTime.now());
- final StringBuilder externalPendingRequestId = new StringBuilder();
- externalPendingRequestId.append(toSign);
- externalPendingRequestId.append(TOKEN_SEPARATOR);
- externalPendingRequestId.append(Base64.getEncoder().encodeToString(calculateHmac(toSign)));
- return Base64.getUrlEncoder()
- .encodeToString(externalPendingRequestId.toString().getBytes("UTF-8"));
-
- } catch (final UnsupportedEncodingException e) {
- throw new EaafException("internal.99", new Object[] { e.getMessage() }, e);
-
- }
+ final String toSign = buildInternalToken(Random.nextLongRandom(), DateTime.now());
+ final StringBuilder externalPendingRequestId = new StringBuilder();
+ externalPendingRequestId.append(toSign);
+ externalPendingRequestId.append(TOKEN_SEPARATOR);
+ externalPendingRequestId.append(Base64.getEncoder().encodeToString(calculateHmac(toSign)));
+ return Base64.getUrlEncoder()
+ .encodeToString(externalPendingRequestId.toString().getBytes(StandardCharsets.UTF_8));
}
@Override
public String getPendingRequestIdWithOutChecks(final String externalPendingReqId)
throws PendingReqIdValidationException {
- try {
- final String[] tokenElements = extractTokens(externalPendingReqId);
- return tokenElements[1];
-
- } catch (final UnsupportedEncodingException e) {
- throw new RuntimeException(e);
-
- }
+ final String[] tokenElements = extractTokens(externalPendingReqId);
+ return tokenElements[1];
+
}
@Override
@@ -123,8 +112,7 @@ public class SecurePendingRequestIdGenerationStrategy
if (!Arrays.equals(tokenDigest, refDigist)) {
log.warn("Digest of Token does NOT match");
log.debug("Token: {} | Ref: {}", tokenDigest, refDigist);
- throw new PendingReqIdValidationException(null,
- "Digest of pendingRequestId does NOT match");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.04");
}
log.debug("PendingRequestId HMAC digest check successful");
@@ -135,8 +123,7 @@ public class SecurePendingRequestIdGenerationStrategy
.isBefore(now)) {
log.warn("Token exceeds the valid period");
log.debug("Token: {} | Now: {}", timeStamp, now);
- throw new PendingReqIdValidationException(internalPendingReqId,
- "PendingRequestId exceeds the valid period");
+ throw new PendingReqIdValidationException(internalPendingReqId, "internal.pendingreqid.06");
}
log.debug("Token valid-period check successful");
@@ -146,20 +133,17 @@ public class SecurePendingRequestIdGenerationStrategy
} catch (final IllegalArgumentException | EaafIllegalStateException e) {
log.warn("Token is NOT a valid String. Msg: {}", e.getMessage());
log.debug("TokenValue: {}", externalPendingReqId);
- throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e);
-
- } catch (final UnsupportedEncodingException e) {
- throw new RuntimeException(e);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.06", e);
}
}
@NonNull
private String[] extractTokens(@Nullable final String externalPendingReqId)
- throws PendingReqIdValidationException, UnsupportedEncodingException {
+ throws PendingReqIdValidationException {
if (StringUtils.isEmpty(externalPendingReqId)) {
log.info("PendingReqId is 'null' or empty");
- throw new PendingReqIdValidationException(null, "PendingReqId is 'null' or empty");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.00");
}
@@ -168,12 +152,11 @@ public class SecurePendingRequestIdGenerationStrategy
if (externalPendingReqIdBytes.length > maxPendingReqIdSize) {
log.warn("pendingReqId size exceeds {}", maxPendingReqIdSize);
- throw new PendingReqIdValidationException(null,
- "pendingReqId exceeds max.size: " + maxPendingReqIdSize);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.03");
}
- final String stringToken = new String(externalPendingReqIdBytes, "UTF-8");
+ final String stringToken = new String(externalPendingReqIdBytes, StandardCharsets.UTF_8);
if (StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1) {
final String[] tokenElements =
StringUtils.split(stringToken, TOKEN_SEPARATOR, ENCODED_TOKEN_PARTS);
@@ -182,7 +165,7 @@ public class SecurePendingRequestIdGenerationStrategy
} else {
log.warn("PendingRequestId has an unvalid format");
log.debug("PendingRequestId: {}", stringToken);
- throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.01");
}
@@ -243,9 +226,9 @@ public class SecurePendingRequestIdGenerationStrategy
try {
final Mac mac = Mac.getInstance(digistAlgorithm);
mac.init(key);
- return mac.doFinal(toSign.getBytes("UTF-8"));
+ return mac.doFinal(toSign.getBytes(StandardCharsets.UTF_8));
- } catch (UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeyException e) {
+ } catch (NoSuchAlgorithmException | InvalidKeyException e) {
log.error("Can NOT generate secure pendingRequestId", e);
throw new EaafIllegalStateException(
new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e);
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
index 4c1601c0..d1613d16 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
@@ -21,7 +21,10 @@ package at.gv.egiz.eaaf.core.impl.utils;
import java.util.UUID;
+import javax.annotation.Nullable;
+
import at.gv.egiz.eaaf.core.api.IRequest;
+import lombok.extern.slf4j.Slf4j;
/**
* Transaction Identifier Utils.
@@ -29,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
* @author tlenz
*
*/
+@Slf4j
public class TransactionIdUtils {
/**
@@ -58,11 +62,16 @@ public class TransactionIdUtils {
*
* @param pendingRequest Http request object
*/
- public static void setAllLoggingVariables(final IRequest pendingRequest) {
- setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
- setSessionId(pendingRequest.getUniqueSessionIdentifier());
- setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier());
-
+ public static void setAllLoggingVariables(@Nullable final IRequest pendingRequest) {
+ if (pendingRequest != null) {
+ setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
+ setSessionId(pendingRequest.getUniqueSessionIdentifier());
+ setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier());
+
+ } else {
+ log.warn("Can NOT set MDC variables from pendingRequest because it is 'null'");
+
+ }
}
/**
diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
index 5b398bb0..79f82af8 100644
--- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
+++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
@@ -20,4 +20,13 @@ internal.key.01=Can not use key from Keystore: {0} Reason: {1}
internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set
internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set
internal.httpclient.02=HttpClient:{0} uses KeyStore:{1}, but 'keyPassword' is NOT set
-internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1} \ No newline at end of file
+internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1}
+
+internal.pendingreqid.00=Process Token is 'null' or 'empty'
+internal.pendingreqid.01=Process Token is NOT valid because it has an invalid format
+internal.pendingreqid.02=Can not create process Token
+internal.pendingreqid.03=Process Token is NOT valid because it reached maximum size
+internal.pendingreqid.04=Process Token is NOT valid because it is cryptographically invalid
+internal.pendingreqid.05=Process Token is NOT valid because it has an invalid encoding
+internal.pendingreqid.06=Process Token is NOT valid because it exceeds the valid period
+
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java
index 34f4a3b1..8b437dcf 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java
@@ -71,10 +71,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, PendingReqId is 'null' or empty]",
- e.getMessage());
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.00", e.getErrorId());
}
}
@@ -88,10 +85,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, PendingReqId is 'null' or empty]",
- e.getMessage());
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.00", e.getErrorId());
}
}
@@ -105,11 +99,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, "
- + "PendingReqId is NOT a valid String]",
- e.getMessage());
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.05", e.getErrorId());
}
}
@@ -124,11 +114,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, "
- + "pendingReqId exceeds max.size: 1024]",
- e.getMessage());
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.03", e.getErrorId());
}
}
@@ -150,11 +136,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, "
- + "PendingReqId has an unvalid format]",
- e.getMessage());
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId());
}
}
@@ -177,11 +159,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, "
- + "PendingReqId has an unvalid format]",
- e.getMessage());
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId());
}
}
@@ -204,11 +182,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, "
- + "PendingReqId is NOT a valid String]",
- e.getMessage());
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.05", e.getErrorId());
}
}
@@ -231,8 +205,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNotNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertTrue("Wrong errorMsg", e.getMessage().contains("PendingRequestId exceeds the valid period"));
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.06", e.getErrorId());
}
}
@@ -254,11 +227,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, "
- + "PendingReqId has an unvalid format]",
- e.getMessage());
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId());
}
}
@@ -281,12 +250,8 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, "
- + "PendingReqId has an unvalid format]",
- e.getMessage());
-
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId());
+
}
}
@@ -399,11 +364,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest {
} catch (PendingReqIdValidationException e) {
Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId());
Assert.assertNull("internal pendingReq", e.getInvalidPendingReq());
- Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId());
- Assert.assertEquals("Wrong errorMsg",
- "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, "
- + "PendingReqId is NOT a valid encrypted]",
- e.getMessage());
+ Assert.assertEquals("Wrong errorId", "internal.pendingreqid.04", e.getErrorId());
}
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index 6ee799dc..d056e7d1 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
</parent>
<artifactId>eaaf_module_auth_sl20</artifactId>
<name>Generic SL2.0 authentication</name>
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index 56084d94..9a041028 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -12,6 +12,19 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.message.BasicNameValuePair;
+import org.jose4j.base64url.Base64Url;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.i18n.LocaleContextHolder;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -30,22 +43,9 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants.VdaAuthMethod;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;
+import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils.Sl20ResponseHolder;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpResponse;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.message.BasicNameValuePair;
-import org.jose4j.base64url.Base64Url;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.i18n.LocaleContextHolder;
-
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -113,12 +113,21 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
Base64Url.encode(sl20Req.toString().getBytes(StandardCharsets.UTF_8)));
// request VDA
- final HttpResponse httpResp = httpClientFactory.getHttpClient(false).execute(httpReq);
-
+ final Sl20ResponseHolder httpResp = httpClientFactory.getHttpClient(false).execute(
+ httpReq, SL20HttpBindingUtils.sl20ResponseHandler());
+
+ //check on error on http channel
+ if (httpResp.getError() != null) {
+ log.info("Basic SL2.0 response processing has an error. HTTP-StatusCode: {} ErrorMsg: {}",
+ httpResp.getResponseStatus().getStatusCode(), httpResp.getError().getMessage());
+ throw httpResp.getError();
+
+ }
+
// parse response
log.info("Receive response from VDA ... ");
- final JsonNode sl20Resp = SL20JsonExtractorUtils.getSL20ContainerFromResponse(httpResp);
- final VerificationResult respPayloadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false);
+ final VerificationResult respPayloadContainer =
+ SL20JsonExtractorUtils.extractSL20PayLoad(httpResp.getResponseBody(), null, false);
if (respPayloadContainer.isValidSigned() == null) {
log.debug("Receive unsigned payLoad from VDA");
@@ -139,7 +148,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false);
// create forward SL2.0 command
- final ObjectNode sl20Forward = sl20Resp.deepCopy();
+ final ObjectNode sl20Forward = httpResp.getResponseBody().deepCopy();
SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD,
command.deepCopy(), signedCommand);
@@ -223,7 +232,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
final Locale locale = LocaleContextHolder.getLocale();
final String language = locale.getLanguage();
if (StringUtils.isNotEmpty(language)) {
- log.trace("Find i18n context. Inject locale: {} into VDA request", locale.getLanguage());
+ log.trace("Find i18n context). Inject locale: {} into VDA request", locale.getLanguage());
parameters.add(new BasicNameValuePair(
SL20Constants.PARAM_SL20_REQ_AUTH_VDA_LOCALE,
language.toUpperCase(locale)));
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
index 1d7c9646..d07c0e66 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
@@ -3,23 +3,129 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URISyntaxException;
+import java.text.MessageFormat;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.http.Header;
+import org.apache.http.HttpEntity;
+import org.apache.http.ParseException;
+import org.apache.http.StatusLine;
+import org.apache.http.client.ResponseHandler;
import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.util.EntityUtils;
import org.jose4j.base64url.Base64Url;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import com.fasterxml.jackson.databind.JsonNode;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+import lombok.Data;
+import lombok.Getter;
+
public class SL20HttpBindingUtils {
private static final Logger log = LoggerFactory.getLogger(SL20HttpBindingUtils.class);
+ private static JsonMapper mapper = new JsonMapper();
+
+ @Data
+ @Getter
+ public static class Sl20ResponseHolder {
+ private final JsonNode responseBody;
+ private final StatusLine responseStatus;
+ private SlCommandoParserException error;
+
+ }
+
+ /**
+ * Security-Layer 2.0 specific response-handler for Apache HTTP client.
+ *
+ * @return {@link Sl20ResponseHolder}
+ */
+ public static ResponseHandler<Sl20ResponseHolder> sl20ResponseHandler() {
+ return response -> {
+ try {
+ final int httpStatusCode = response.getStatusLine().getStatusCode();
+ if (httpStatusCode == HttpStatus.OK.value()) {
+ if (response.getEntity().getContentType() == null) {
+ throw new SlCommandoParserException("SL20 response contains NO ContentType");
+
+ }
+
+ if (!response.getEntity().getContentType().getValue().startsWith("application/json")) {
+ throw new SlCommandoParserException(
+ "SL20 response with a wrong ContentType: " + response.getEntity().getContentType().getValue());
+
+ }
+
+ //parse OK response from body
+ return new Sl20ResponseHolder(parseSL20ResultFromResponse(response.getEntity()),
+ response.getStatusLine());
+
+ } else if (httpStatusCode == HttpStatus.SEE_OTHER.value()
+ || httpStatusCode == HttpStatus.TEMPORARY_REDIRECT.value()) {
+ final Header[] locationHeader = response.getHeaders("Location");
+ if (locationHeader == null) {
+ throw new SlCommandoParserException("Find Redirect statuscode but not Location header");
+
+ }
+
+ final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
+ return new Sl20ResponseHolder(mapper.getMapper().readTree(Base64Url.decode(sl20RespString)),
+ response.getStatusLine());
+
+ } else if (
+ httpStatusCode == HttpStatus.INTERNAL_SERVER_ERROR.value()
+ || httpStatusCode == HttpStatus.UNAUTHORIZED.value()
+ || httpStatusCode == HttpStatus.BAD_REQUEST.value()) {
+ log.info("SL20 response with http-code: {}. Search for error message", httpStatusCode);
+
+ String bodyMsg = "_EMPTY_";
+ try {
+ //extract JSON body from defined http error-codes
+ bodyMsg = EntityUtils.toString(response.getEntity());
+ log.info("SL20 response with http-code: {0} and errorMsg: {1}", httpStatusCode, bodyMsg);
+ Sl20ResponseHolder holder = new Sl20ResponseHolder(
+ mapper.getMapper().readTree(bodyMsg), response.getStatusLine());
+ return holder;
+
+ } catch (final IOException | ParseException e) {
+ log.warn("SL20 response contains no valid JSON", e);
+ throw new SlCommandoParserException(MessageFormat.format(
+ "SL20 response with http-code: {0} with body: {1} and generic response-processing error: {2}",
+ httpStatusCode, bodyMsg, e.getMessage()));
+
+ }
+
+ } else {
+ //all other HTTP StatusCodes
+ throw new SlCommandoParserException(MessageFormat.format(
+ "SL20 response with http-code: {0} and errorMsg: {1}",
+ httpStatusCode, EntityUtils.toString(response.getEntity())));
+
+ }
+
+ } catch (SlCommandoParserException e) {
+ Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine());
+ holder.setError(e);
+ return holder;
+
+ } catch (final Exception e) {
+ Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine());
+ holder.setError(
+ new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e));
+ return holder;
+
+ }
+ };
+ }
+
/**
* Write SL2.0 response into http-response object
*
@@ -59,6 +165,24 @@ public class SL20HttpBindingUtils {
httpResp.setHeader("Location", clientRedirectUri.build().toString());
}
+ }
+
+ private static JsonNode parseSL20ResultFromResponse(final HttpEntity resp) throws Exception {
+ if (resp != null && resp.getContent() != null) {
+ final String rawSL20Resp = EntityUtils.toString(resp);
+ final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp);
+
+ // TODO: check sl20Resp type like && sl20Resp.isJsonObject()
+ if (sl20Resp != null) {
+ return sl20Resp;
+
+ } else {
+ throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object");
+ }
+
+ } else {
+ throw new SlCommandoParserException("Can NOT find content in http response");
+ }
}
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
index 40ea0430..bed25c0c 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
@@ -8,12 +8,6 @@ import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import org.apache.http.Header;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.util.EntityUtils;
-import org.jose4j.base64url.Base64Url;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -299,84 +293,6 @@ public class SL20JsonExtractorUtils {
}
- /**
- * Extract generic transport container from httpResponse.
- *
- * @param httpResp Http response object
- * @return JSON with SL2.0 response
- * @throws SlCommandoParserException In case of an error
- */
- public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) throws SlCommandoParserException {
- try {
- JsonNode sl20Resp = null;
- if (httpResp.getStatusLine().getStatusCode() == 303 || httpResp.getStatusLine().getStatusCode() == 307) {
- final Header[] locationHeader = httpResp.getHeaders("Location");
- if (locationHeader == null) {
- throw new SlCommandoParserException("Find Redirect statuscode but not Location header");
- }
-
- final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
- sl20Resp = mapper.getMapper().readTree(Base64Url.decode(sl20RespString));
-
- } else if (httpResp.getStatusLine().getStatusCode() == 200) {
- if (httpResp.getEntity().getContentType() == null) {
- throw new SlCommandoParserException("SL20 response contains NO ContentType");
- }
-
- if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) {
- throw new SlCommandoParserException(
- "SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());
- }
- sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
-
- } else if (httpResp.getStatusLine().getStatusCode() == 500 || httpResp.getStatusLine().getStatusCode() == 401
- || httpResp.getStatusLine().getStatusCode() == 400) {
- log.info(
- "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + ". Search for error message");
-
- try {
- sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
-
- } catch (final Exception e) {
- log.warn("SL20 response contains no valid JSON", e);
- throw new SlCommandoParserException("SL20 response with http-code: "
- + httpResp.getStatusLine().getStatusCode() + " AND NO valid JSON errormsg", e);
-
- }
-
- } else {
- throw new SlCommandoParserException(
- "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode());
- }
-
- log.info("Find JSON object in http response");
- return sl20Resp;
-
- } catch (final Exception e) {
- throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e);
-
- }
- }
-
- private static JsonNode parseSL20ResultFromResponse(final HttpEntity resp) throws Exception {
- if (resp != null && resp.getContent() != null) {
- final String rawSL20Resp = EntityUtils.toString(resp);
- final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp);
-
- // TODO: check sl20Resp type like && sl20Resp.isJsonObject()
- if (sl20Resp != null) {
- return sl20Resp;
-
- } else {
- throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object");
- }
-
- } else {
- throw new SlCommandoParserException("Can NOT find content in http response");
- }
-
- }
-
private static JsonNode getAndCheck(final JsonNode input, final String keyID, final boolean isRequired)
throws SlCommandoParserException {
final JsonNode internal = input.get(keyID);
diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml
index f7603d6d..61e7e6a2 100644
--- a/eaaf_modules/eaaf_module_moa-sig/pom.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
</parent>
<artifactId>eaaf_module_moa-sig</artifactId>
<name>MOA-Sig signature verification module</name>
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jar
new file mode 100644
index 00000000..b7979e51
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jar
Binary files differ
diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom
new file mode 100644
index 00000000..b947fb59
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_pki_module</artifactId>
+ <version>2.02_moa</version>
+ <description>POM was created from install:install-file</description>
+</project>
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
index 11881cbf..b9219ee4 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
@@ -1,20 +1,24 @@
package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;
+import java.security.Provider;
+import java.security.Security;
+
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.w3c.dom.Document;
+
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.w3c.dom.Document;
-
public abstract class AbstractSignatureService {
private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);
@@ -45,7 +49,7 @@ public abstract class AbstractSignatureService {
protected final void setUpContexts(final String transactionID) throws ConfigurationException {
final TransactionContextManager txMgr = TransactionContextManager.getInstance();
final LoggingContextManager logMgr = LoggingContextManager.getInstance();
-
+
if (txMgr.getTransactionContext() == null) {
log.debug("Set not MOA-Sig transaction context");
final TransactionContext ctx =
@@ -54,16 +58,32 @@ public abstract class AbstractSignatureService {
}
+ //set Logging context into MOA-Sig
if (logMgr.getLoggingContext() == null) {
final LoggingContext ctx = new LoggingContext(transactionID);
logMgr.setLoggingContext(ctx);
}
- //new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig());
+ //dump Java Security-Providers
+ if (log.isTraceEnabled()) {
+ log.trace("Set-Up verifier Bean: {}", this);
+ dumpSecProviders("MOA-Sig Context-Set-Up");
+
+ }
+
+ new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig());
}
+ private static void dumpSecProviders(String message) {
+ log.trace("Security Providers: {}", message);
+ for (final Provider provider : Security.getProviders()) {
+ log.trace(" - {} - {}", provider.getName(), provider.getVersion());
+
+ }
+ }
+
/**
* Tear down thread-local context information.
*/
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
index 3a4f7f75..6dbb3c59 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
</parent>
<artifactId>eaaf_module_pvp2_core</artifactId>
<name>eaaf_module_pvp2_core</name>
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
index 302f461a..4cf17565 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
</parent>
<artifactId>eaaf_module_pvp2_idp</artifactId>
<name>eaaf_module_pvp2_idp</name>
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index 08ee26e0..e179be0e 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_modules</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
</parent>
<artifactId>eaaf_module_pvp2_sp</artifactId>
<name>eaaf_module_pvp2_sp</name>
diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml
index 7f20dfba..15f8b140 100644
--- a/eaaf_modules/pom.xml
+++ b/eaaf_modules/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
</parent>
<groupId>at.gv.egiz.eaaf</groupId>
diff --git a/pom.xml b/pom.xml
index 57e53754..79eb4e3c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.9.1</version>
+ <version>1.1.10</version>
<packaging>pom</packaging>
<name>EGIZ EAAF components</name>
@@ -36,7 +36,7 @@
<iaik.prod.iaik_jce_full.version>5.61_moa</iaik.prod.iaik_jce_full.version>
<iaik.prod.iaik_jsse.version>4.4</iaik.prod.iaik_jsse.version>
<iaik.prod.iaik_moa.version>2.06</iaik.prod.iaik_moa.version>
- <iaik.prod.iaik_pki_module.version>2.01_moa</iaik.prod.iaik_pki_module.version>
+ <iaik.prod.iaik_pki_module.version>2.02_moa</iaik.prod.iaik_pki_module.version>
<iaik.prod.iaik_sva.version>1.0.3_moa</iaik.prod.iaik_sva.version>
<iaik.prod.iaik_tsp.version>2.32_eval</iaik.prod.iaik_tsp.version>
<iaik.prod.iaik_util.version>0.23</iaik.prod.iaik_util.version>