diff options
| author | Thomas <thomas.lenz@egiz.gv.at> | 2019-12-05 09:52:48 +0100 |
|---|---|---|
| committer | Thomas <thomas.lenz@egiz.gv.at> | 2019-12-05 09:52:48 +0100 |
| commit | 3fada6cef21c9b16467177d866df778203b51b4d (patch) | |
| tree | 8fe8ed37b6ee9fe35a1e035ceba6c68808328415 /eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils | |
| parent | 95b21a826e5d81fdeabcf4673a9e87047edaec9d (diff) | |
| download | EAAF-Components-3fada6cef21c9b16467177d866df778203b51b4d.tar.gz EAAF-Components-3fada6cef21c9b16467177d866df778203b51b4d.tar.bz2 EAAF-Components-3fada6cef21c9b16467177d866df778203b51b4d.zip | |
some code code-style modifications
active code-quality checks!
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils')
7 files changed, 344 insertions, 475 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java index 9d444802..6ee53a9d 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java @@ -5,14 +5,18 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.cert.X509Certificate; import java.util.List; + import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.lang.JoseException; + import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + public interface IJoseTools { /** @@ -31,39 +35,36 @@ public interface IJoseTools { * @throws SL20Exception In case of a signature validation error */ @Nonnull - VerificationResult validateSignature(@Nonnull String serializedContent) - throws SL20Exception; + VerificationResult validateSignature(@Nonnull String serializedContent) throws SL20Exception; /** * Validate a JWS signature. * * @param serializedContent JWS in serialized form - * @param trustedCerts trusted X509 certificates - * @param constraints signature verification constraints + * @param trustedCerts trusted X509 certificates + * @param constraints signature verification constraints * @return Signature-verification result * @throws JoseException In case of a signature verification error - * @throws IOException In case of a general IO error + * @throws IOException In case of a general IO error */ @Nonnull - VerificationResult validateSignature(@Nonnull String serializedContent, - @Nonnull List<X509Certificate> trustedCerts, @Nonnull AlgorithmConstraints constraints) - throws JoseException, IOException; + VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull List<X509Certificate> trustedCerts, + @Nonnull AlgorithmConstraints constraints) throws JoseException, IOException; /** * Validate a JWS signature. * * @param serializedContent JWS in serialized form - * @param trustStore with trusted X509 certificates - * @param algconstraints signature verification constraints + * @param trustStore with trusted X509 certificates + * @param algconstraints signature verification constraints * @return Signature-verification result - * @throws JoseException In case of a signature verification error - * @throws IOException In case of a general IO error + * @throws JoseException In case of a signature verification error + * @throws IOException In case of a general IO error * @throws KeyStoreException In case of TrustStore error */ @Nonnull - VerificationResult validateSignature(@Nonnull String serializedContent, - @Nonnull KeyStore trustStore, @Nonnull AlgorithmConstraints algconstraints) - throws JoseException, IOException, KeyStoreException; + VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull KeyStore trustStore, + @Nonnull AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException; /** * Get the encryption certificate for SL2.0 End-to-End encryption. diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java index f38203d2..2387a9f2 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java @@ -35,7 +35,7 @@ public class JsonMapper implements IJsonMapper { /** * The constructor. - * + * * @param prettyPrint enables or disables the default pretty printer */ public JsonMapper(@NonNull final boolean prettyPrint) { @@ -54,10 +54,9 @@ public class JsonMapper implements IJsonMapper { } - /* * (non-Javadoc) - * + * * @at.gv.egiz.eaaf.core.api.utils.IJsonMapper#getMapper() */ public ObjectMapper getMapper() { @@ -65,10 +64,9 @@ public class JsonMapper implements IJsonMapper { } - /* * (non-Javadoc) - * + * * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#serialize(java.lang.Object) */ @Override @@ -86,12 +84,12 @@ public class JsonMapper implements IJsonMapper { /* * (non-Javadoc) - * - * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#deserialize(java.lang.String, java.lang.Class) + * + * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#deserialize(java.lang.String, + * java.lang.Class) */ @Override - public <T> Object deserialize(final String value, final Class<T> clazz) - throws EaafJsonMapperException { + public <T> Object deserialize(final String value, final Class<T> clazz) throws EaafJsonMapperException { try { if (clazz != null) { if (clazz.isAssignableFrom(TypeReference.class)) { @@ -115,8 +113,7 @@ public class JsonMapper implements IJsonMapper { } @Override - public <T> Object deserialize(final InputStream is, final Class<T> clazz) - throws EaafJsonMapperException { + public <T> Object deserialize(final InputStream is, final Class<T> clazz) throws EaafJsonMapperException { try { if (clazz != null) { if (clazz.isAssignableFrom(TypeReference.class)) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 6ec56825..0d2c1815 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -70,8 +70,7 @@ public class JsonSecurityUtils implements IJoseTools { log.info("Initialize SL2.0 authentication security constrains ... "); try { if (getKeyStoreFilePath() != null) { - final KeyStore keyStore = - KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); // load signing key signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); @@ -88,11 +87,9 @@ public class JsonSecurityUtils implements IJoseTools { // load encryption key try { - encPrivKey = - keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); + encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); if (encPrivKey != null) { - final Certificate[] certChainEncryption = - keyStore.getCertificateChain(getEncryptionKeyAlias()); + final Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); encCertChain = new X509Certificate[certChainEncryption.length]; for (int i = 0; i < certChainEncryption.length; i++) { if (certChainEncryption[i] instanceof X509Certificate) { @@ -106,8 +103,8 @@ public class JsonSecurityUtils implements IJoseTools { } } catch (final Exception e) { - log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " - + e.getMessage(), e); + log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), + e); } @@ -117,13 +114,13 @@ public class JsonSecurityUtils implements IJoseTools { // some short validation if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { log.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[] {"Can NOT open private key for signing"}); + throw new SL20Exception("sl20.03", new Object[] { "Can NOT open private key for signing" }); } if (signCertChain == null || signCertChain.length == 0) { log.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[] {"NO certificate for SL2.0 signing"}); + throw new SL20Exception("sl20.03", new Object[] { "NO certificate for SL2.0 signing" }); } @@ -133,9 +130,9 @@ public class JsonSecurityUtils implements IJoseTools { log.info("NO SL2.0 authentication security configuration. Initialization was skipped"); } - } catch (RuntimeException e) { - throw e; - + } catch (final RuntimeException e) { + throw e; + } catch (final Exception e) { log.error("SL2.0 security constrains initialization FAILED.", e); @@ -173,9 +170,8 @@ public class JsonSecurityUtils implements IJoseTools { } @Override - public VerificationResult validateSignature(final String serializedContent, - final KeyStore trustStore, final AlgorithmConstraints algconstraints) - throws JoseException, IOException, KeyStoreException { + public VerificationResult validateSignature(final String serializedContent, final KeyStore trustStore, + final AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException { final List<X509Certificate> trustedCertificates = readCertsFromKeyStore(trustStore); return validateSignature(serializedContent, trustedCertificates, algconstraints); @@ -184,8 +180,8 @@ public class JsonSecurityUtils implements IJoseTools { @Override @NonNull public VerificationResult validateSignature(@Nonnull final String serializedContent, - @Nonnull final List<X509Certificate> trustedCerts, - @Nonnull final AlgorithmConstraints constraints) throws JoseException, IOException { + @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints) + throws JoseException, IOException { final JsonWebSignature jws = new JsonWebSignature(); // set payload jws.setCompactSerialization(serializedContent); @@ -219,20 +215,16 @@ public class JsonSecurityUtils implements IJoseTools { } else if (StringUtils.isNotEmpty(x5t256)) { log.debug("Found x5t256 fingerprint in JOSE header .... "); - final X509VerificationKeyResolver x509VerificationKeyResolver = - new X509VerificationKeyResolver(trustedCerts); - selectedKey = - x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); + final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); } else { - throw new JoseException( - "JWS contains NO signature certificate or NO certificate fingerprint"); + throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint"); } if (selectedKey == null) { - throw new JoseException( - "Can NOT select verification key for JWS. Signature verification FAILED"); + throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED"); } @@ -240,23 +232,19 @@ public class JsonSecurityUtils implements IJoseTools { jws.setKey(selectedKey); // load payLoad - return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, - jws.verifySignature()); - + return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature()); } @Override @Nonnull - public VerificationResult validateSignature(@Nonnull final String serializedContent) - throws SL20Exception { + public VerificationResult validateSignature(@Nonnull final String serializedContent) throws SL20Exception { try { final AlgorithmConstraints algConstraints = new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()])); - final VerificationResult result = - validateSignature(serializedContent, trustedCerts, algConstraints); + final VerificationResult result = validateSignature(serializedContent, trustedCerts, algConstraints); if (!result.isValidSigned()) { log.info("JWS signature invalide. Stopping authentication process ..."); @@ -270,7 +258,7 @@ public class JsonSecurityUtils implements IJoseTools { } catch (JoseException | JsonParseException e) { log.warn("SL2.0 commando signature validation FAILED", e); - throw new SL20SecurityException(new Object[] {e.getMessage()}, e); + throw new SL20SecurityException(new Object[] { e.getMessage() }, e); } catch (final IOException e) { log.warn("Decrypted SL2.0 result can not be parsed.", e); @@ -280,24 +268,22 @@ public class JsonSecurityUtils implements IJoseTools { } - @Override public JsonNode decryptPayload(final String compactSerialization) throws SL20Exception { try { final JsonWebEncryption receiverJwe = new JsonWebEncryption(); // set security constrains - receiverJwe.setAlgorithmConstraints(new AlgorithmConstraints(ConstraintType.WHITELIST, - SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION + receiverJwe.setAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.size()]))); - receiverJwe.setContentEncryptionAlgorithmConstraints(new AlgorithmConstraints( - ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION + receiverJwe.setContentEncryptionAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.size()]))); // set payload receiverJwe.setCompactSerialization(compactSerialization); - // validate key from header against key from config final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); @@ -307,16 +293,16 @@ public class JsonSecurityUtils implements IJoseTools { final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { - log.info("Certificate from JOSE header does NOT match encryption certificate"); + log.info("Certificate from JOSE header does NOT match encryption certificate"); try { - + log.debug("JOSE certificate: {}", Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); } catch (final CertificateEncodingException e) { e.printStackTrace(); } throw new SL20Exception("sl20.05", - new Object[] {"Certificate from JOSE header does NOT match encryption certificate"}); + new Object[] { "Certificate from JOSE header does NOT match encryption certificate" }); } } else if (StringUtils.isNotEmpty(x5t256)) { @@ -326,13 +312,12 @@ public class JsonSecurityUtils implements IJoseTools { log.info("X5t256 from JOSE header does NOT match encryption certificate"); log.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); throw new SL20Exception("sl20.05", - new Object[] {"X5t256 from JOSE header does NOT match encryption certificate"}); + new Object[] { "X5t256 from JOSE header does NOT match encryption certificate" }); } } else { - log.info( - "Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + log.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); throw new SlCommandoParserException( "Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); @@ -341,13 +326,12 @@ public class JsonSecurityUtils implements IJoseTools { // set key receiverJwe.setKey(encPrivKey); - // decrypt payload return mapper.getMapper().readTree(receiverJwe.getPlaintextString()); } catch (final JoseException e) { log.warn("SL2.0 result decryption FAILED", e); - throw new SL20SecurityException(new Object[] {e.getMessage()}, e); + throw new SL20SecurityException(new Object[] { e.getMessage() }, e); } catch (final JsonParseException e) { log.warn("Decrypted SL2.0 result is NOT a valid JSON.", e); @@ -360,8 +344,6 @@ public class JsonSecurityUtils implements IJoseTools { } - - @Override public X509Certificate getEncryptionCertificate() { // TODO: maybe update after SL2.0 update on encryption certificate parts @@ -373,14 +355,12 @@ public class JsonSecurityUtils implements IJoseTools { } private String getKeyStoreFilePath() throws EaafConfigurationException, MalformedURLException { - return FileUtils.makeAbsoluteUrl( - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), + return FileUtils.makeAbsoluteUrl(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), authConfig.getConfigurationRootDirectory()); } private String getKeyStorePassword() { - String value = - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD); if (value != null) { value = value.trim(); } @@ -390,8 +370,7 @@ public class JsonSecurityUtils implements IJoseTools { } private String getSigningKeyAlias() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); if (value != null) { value = value.trim(); } @@ -400,8 +379,7 @@ public class JsonSecurityUtils implements IJoseTools { } private String getSigningKeyPassword() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); if (value != null) { value = value.trim(); } @@ -410,8 +388,8 @@ public class JsonSecurityUtils implements IJoseTools { } private String getEncryptionKeyAlias() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS) + .trim(); if (value != null) { value = value.trim(); } @@ -420,8 +398,7 @@ public class JsonSecurityUtils implements IJoseTools { } private String getEncryptionKeyPassword() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD) + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD) .trim(); if (value != null) { value = value.trim(); @@ -431,8 +408,7 @@ public class JsonSecurityUtils implements IJoseTools { } @Nonnull - private List<X509Certificate> readCertsFromKeyStore(@Nonnull final KeyStore keyStore) - throws KeyStoreException { + private List<X509Certificate> readCertsFromKeyStore(@Nonnull final KeyStore keyStore) throws KeyStoreException { final List<X509Certificate> result = new ArrayList<>(); final Enumeration<String> aliases = keyStore.aliases(); @@ -444,8 +420,7 @@ public class JsonSecurityUtils implements IJoseTools { if (cert != null && cert instanceof X509Certificate) { result.add((X509Certificate) cert); } else { - log.info("Can not process entry: {}. Reason: {}", el, - cert != null ? cert.getType() : "cert is null"); + log.info("Can not process entry: {}. Reason: {}", el, cert != null ? cert.getType() : "cert is null"); } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index d3726546..d1793b0e 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -24,7 +24,6 @@ public class SL20Constants { public static final String HTTP_HEADER_SL20_RESP = "X-SL20Operation"; - // ******************************************************************************************* // JSON signing and encryption headers public static final String JSON_ALGORITHM = "alg"; @@ -39,22 +38,19 @@ public class SL20Constants { AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256; public static final String JSON_ALGORITHM_SIGNING_ES512 = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512; - public static final String JSON_ALGORITHM_SIGNING_PS256 = - AlgorithmIdentifiers.RSA_PSS_USING_SHA256; - public static final String JSON_ALGORITHM_SIGNING_PS512 = - AlgorithmIdentifiers.RSA_PSS_USING_SHA512; + public static final String JSON_ALGORITHM_SIGNING_PS256 = AlgorithmIdentifiers.RSA_PSS_USING_SHA256; + public static final String JSON_ALGORITHM_SIGNING_PS512 = AlgorithmIdentifiers.RSA_PSS_USING_SHA512; - public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays.asList( - JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256, - JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512)); + public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList( + Arrays.asList(JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256, + JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512)); - public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = - KeyManagementAlgorithmIdentifiers.RSA_OAEP; + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = KeyManagementAlgorithmIdentifiers.RSA_OAEP; public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 = KeyManagementAlgorithmIdentifiers.RSA_OAEP_256; - public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = - Collections.unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); + public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Collections + .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; @@ -65,10 +61,10 @@ public class SL20Constants { public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = ContentEncryptionAlgorithmIdentifiers.AES_256_GCM; - public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections.unmodifiableList(Arrays.asList( - JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, - JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM)); - + public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections + .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, + JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, + JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM)); // ********************************************************************************************* // Object identifier for generic transport container @@ -96,12 +92,12 @@ public class SL20Constants { @Deprecated public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID"; public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEIDCONSENT = "qualifiedEIDConsent"; - // public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig"; + // public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = + // "qualifiedSig"; public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate"; public static final String SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES = "createCAdES"; - public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey"; public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert"; @@ -124,13 +120,11 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT = "IPCRedirect"; // Call command - public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = - SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD = "method"; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET = "get"; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_POST = "post"; - public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = - "includeTransactionID"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = "includeTransactionID"; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER = "reqParams"; // error command @@ -144,8 +138,7 @@ public class SL20Constants { @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; @Deprecated - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = - "MANDATE-REFERENCE-VALUE"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID"; @Deprecated @@ -176,11 +169,9 @@ public class SL20Constants { // public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = // SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; - // getCertificate public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_KEYID = "keyId"; - public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_JWKCENC = @@ -191,13 +182,10 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType"; - public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = - "padesComatibility"; - public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = - "excludedByteRange"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL = "cadesLevel"; - public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_JWKCENC = @@ -211,19 +199,15 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A"; - - // create binding key command public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_SN = "SN"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH = "keyLength"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG = "keyAlg"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES = "policies"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST = "x5cVdaTrust"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = - "reqUserPassword"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = "reqUserPassword"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; @@ -231,23 +215,18 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_SECPR256R1 = "secp256r1"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_LIFETIME = "lifeTime"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = - "useSecureElement"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = "useSecureElement"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_KEYTIMEOUT = "keyTimeout"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = - "needUserAuth"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = "needUserAuth"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID = "appID"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR = "csr"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = - "attCert"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = "attCert"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD = "encodedPass"; - // store binding certificate command public static final String SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE = "x5c"; - public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS = "success"; public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE = "OK"; @@ -268,14 +247,12 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE = "nonce"; public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA = "displayData"; public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL = "displayUrl"; - public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE = SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE; // QR-Code authentication public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_QRCODE = "qrCode"; - public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java index 6a8b96d4..1d7c9646 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java @@ -3,15 +3,18 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; import java.io.IOException; import java.io.StringWriter; import java.net.URISyntaxException; + import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import org.apache.http.client.utils.URIBuilder; import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.MediaType; + import com.fasterxml.jackson.databind.JsonNode; public class SL20HttpBindingUtils { @@ -20,26 +23,24 @@ public class SL20HttpBindingUtils { /** * Write SL2.0 response into http-response object * - * @param httpReq Current http request - * @param httpResp Current http response - * @param sl20Forward SL2.0 command that should be written to response - * @param redirectUrl SL2.0 redirect URL in case of SL2.0 redirect command and no native client - * (see SL2.0 specification) - * @param httpCodeRedirect http redirect-code in case of SL2.0 redirect command and no native - * client (see SL2.0 specification) - * @throws IOException In case of an IO error + * @param httpReq Current http request + * @param httpResp Current http response + * @param sl20Forward SL2.0 command that should be written to response + * @param redirectUrl SL2.0 redirect URL in case of SL2.0 redirect command + * and no native client (see SL2.0 specification) + * @param httpCodeRedirect http redirect-code in case of SL2.0 redirect command + * and no native client (see SL2.0 specification) + * @throws IOException In case of an IO error * @throws URISyntaxException In case of a wrong URL */ public static void writeIntoResponse(@Nonnull final HttpServletRequest httpReq, @Nonnull final HttpServletResponse httpResp, @Nonnull final JsonNode sl20Forward, - @Nullable final String redirectUrl, @Nonnull final int httpCodeRedirect) - throws IOException, URISyntaxException { + @Nullable final String redirectUrl, @Nonnull final int httpCodeRedirect) throws IOException, URISyntaxException { // forward SL2.0 command httpResp.addIntHeader(SL20Constants.HTTP_HEADER_SL20_RESP, SL20Constants.CURRENT_SL20_VERSION); - if (httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null - && httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) - .equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + if (httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && httpReq + .getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { log.debug("Client request containts 'native client' header ... "); final StringWriter writer = new StringWriter(); writer.write(sl20Forward.toString()); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java index 82a8cf26..eb17781b 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java @@ -8,11 +8,13 @@ import java.util.Base64; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import at.gv.egiz.eaaf.modules.auth.sl20.Constants; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; +import at.gv.egiz.eaaf.modules.auth.sl20.Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + public class SL20JsonBuilderUtils { private static JsonMapper mapper = new JsonMapper(); @@ -20,13 +22,12 @@ public class SL20JsonBuilderUtils { /** * Create command request. * - * @param name Commando name + * @param name Commando name * @param params Commando parameters * @return JSON Object * @throws SlCommandoBuildException In case of a build error */ - public static ObjectNode createCommand(final String name, final ObjectNode params) - throws SlCommandoBuildException { + public static ObjectNode createCommand(final String name, final ObjectNode params) throws SlCommandoBuildException { final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); @@ -38,14 +39,14 @@ public class SL20JsonBuilderUtils { /** * Create signed command request. * - * @param name Commando name + * @param name Commando name * @param params commando parameter * @param signer JWS signer implementation * @return Serialized JWS * @throws SlCommandoBuildException In case of a build error */ - public static String createSignedCommand(final String name, final ObjectNode params, - final IJoseTools signer) throws SlCommandoBuildException { + public static String createSignedCommand(final String name, final ObjectNode params, final IJoseTools signer) + throws SlCommandoBuildException { final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addSingleJsonElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); @@ -53,17 +54,16 @@ public class SL20JsonBuilderUtils { } - /** * Create encrypted command result. * - * @param result JSON to encrypt + * @param result JSON to encrypt * @param encrypter JWE encrypter implementation * @return Serialized JWE * @throws SlCommandoBuildException In case of a processing error */ - public static String createEncryptedCommandoResult(final ObjectNode result, - final JsonSecurityUtils encrypter) throws SlCommandoBuildException { + public static String createEncryptedCommandoResult(final ObjectNode result, final JsonSecurityUtils encrypter) + throws SlCommandoBuildException { // TODO: add real implementation // create header and footer final String dummyHeader = createJsonEncryptionHeader().toString(); @@ -71,21 +71,20 @@ public class SL20JsonBuilderUtils { final String dummyFooter = createJsonSignedFooter(); try { - return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); - } catch (UnsupportedEncodingException e) { - throw new SlCommandoBuildException("No UTF-8 encoding", e); - } + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); + } catch (final UnsupportedEncodingException e) { + throw new SlCommandoBuildException("No UTF-8 encoding", e); + } } - /** * Create command result. * - * @param name Commando name - * @param result commande result + * @param name Commando name + * @param result commande result * @param encryptedResult encrypted commando result * @return Result json * @throws SlCommandoBuildException In case of an error @@ -103,16 +102,15 @@ public class SL20JsonBuilderUtils { /** * Create signed command result. * - * @param name commando name - * @param result commando result + * @param name commando name + * @param result commando result * @param encryptedResult encrypted commando result * @return JWS in serialized form * @throws SlCommandoBuildException in case of an error - + * */ public static String createSignedCommandResponse(final String name, final ObjectNode result, - final String encryptedResult, final JsonSecurityUtils signer) - throws SlCommandoBuildException { + final String encryptedResult, final JsonSecurityUtils signer) throws SlCommandoBuildException { final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addOnlyOnceOfTwo(command, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, @@ -125,36 +123,34 @@ public class SL20JsonBuilderUtils { final String dummyFooter = createJsonSignedFooter(); try { - return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); - - } catch (UnsupportedEncodingException e) { - throw new SlCommandoBuildException("No UTF-8 encoding", e); - } + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); + + } catch (final UnsupportedEncodingException e) { + throw new SlCommandoBuildException("No UTF-8 encoding", e); + } } /** * Create parameters for Redirect command. * - * @param url redirect URL - * @param command embedded command + * @param url redirect URL + * @param command embedded command * @param signedCommand Signed embedded command - * @param ipcRedirect IPC redirect flag + * @param ipcRedirect IPC redirect flag * @return result JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createRedirectCommandParameters(final String url, - final ObjectNode command, final ObjectNode signedCommand, final Boolean ipcRedirect) - throws SlCommandoBuildException { + public static ObjectNode createRedirectCommandParameters(final String url, final ObjectNode command, + final ObjectNode signedCommand, final Boolean ipcRedirect) throws SlCommandoBuildException { final ObjectNode redirectReqParams = mapper.getMapper().createObjectNode(); addOnlyOnceOfTwo(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, command, signedCommand); - addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, - url, false); - addSingleBooleanElement(redirectReqParams, - SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, ipcRedirect, false); + addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, url, false); + addSingleBooleanElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, + ipcRedirect, false); return redirectReqParams; } @@ -162,26 +158,21 @@ public class SL20JsonBuilderUtils { /** * Create parameters for Call command. * - * @param url http URL for Call command - * @param method http method used by call commando result + * @param url http URL for Call command + * @param method http method used by call commando result * @param includeTransactionId TransactionId - * @param reqParameters Request parameters on CALL command + * @param reqParameters Request parameters on CALL command * @return JSON * @throws SlCommandoBuildException In case of an error */ public static ObjectNode createCallCommandParameters(final String url, final String method, - final Boolean includeTransactionId, final Map<String, String> reqParameters) - throws SlCommandoBuildException { + final Boolean includeTransactionId, final Map<String, String> reqParameters) throws SlCommandoBuildException { final ObjectNode callReqParams = mapper.getMapper().createObjectNode(); - addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, - true); - addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, - method, true); - addSingleBooleanElement(callReqParams, - SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, includeTransactionId, - false); - addArrayOfStringElements(callReqParams, - SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, true); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, method, true); + addSingleBooleanElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, + includeTransactionId, false); + addArrayOfStringElements(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters); return callReqParams; } @@ -190,17 +181,15 @@ public class SL20JsonBuilderUtils { * Create result for Error command. * * @param errorCode Error-Code - * @param errorMsg Error-message + * @param errorMsg Error-message * @return JSON * @throws SlCommandoBuildException In case of an error */ public static ObjectNode createErrorCommandResult(final String errorCode, final String errorMsg) throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, - errorCode, true); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, - errorMsg, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, errorCode, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, errorMsg, true); return result; } @@ -208,20 +197,21 @@ public class SL20JsonBuilderUtils { /** * Create parameters for qualifiedeID command. * - * @param consentTemplateId Identifier of the template that is used for consent visualization - * @param consent Consent that has to be signed by user - * @param dataUrl DataURL for result - * @param x5cEnc Response encryption certificate + * @param consentTemplateId Identifier of the template that is used for consent + * visualization + * @param consent Consent that has to be signed by user + * @param dataUrl DataURL for result + * @param x5cEnc Response encryption certificate * @return JSON - * @throws CertificateEncodingException In case of a encryption certificate encoding problem - * @throws SlCommandoBuildException In case of a generel error + * @throws CertificateEncodingException In case of a encryption certificate + * encoding problem + * @throws SlCommandoBuildException In case of a generel error */ - public static ObjectNode createQualifiedeEidConsent(final String consentTemplateId, - final byte[] consent, final String dataUrl, final X509Certificate x5cEnc) + public static ObjectNode createQualifiedeEidConsent(final String consentTemplateId, final byte[] consent, + final String dataUrl, final X509Certificate x5cEnc) throws CertificateEncodingException, SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID, - consentTemplateId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID, consentTemplateId, true); addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENT, consent, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); @@ -229,28 +219,26 @@ public class SL20JsonBuilderUtils { } - /** * Create parameters for qualifiedeID command. * - * @param authBlockId AuthBlock transformation Id - * @param dataUrl DataURL for result - * @param additionalReqParameters additional parameters - * @param x5cEnc Response encryption certificate + * @param authBlockId AuthBlock transformation Id + * @param dataUrl DataURL for result + * @param additionalReqParameters additional parameters + * @param x5cEnc Response encryption certificate * @return JSON - * @throws CertificateEncodingException In case of a encryption certificate encoding problem - * @throws SlCommandoBuildException In case of a generel error + * @throws CertificateEncodingException In case of a encryption certificate + * encoding problem + * @throws SlCommandoBuildException In case of a generel error */ @Deprecated - public static ObjectNode createQualifiedEidCommandParameters(final String authBlockId, - final String dataUrl, final Map<String, String> additionalReqParameters, - final X509Certificate x5cEnc) throws CertificateEncodingException, SlCommandoBuildException { + public static ObjectNode createQualifiedEidCommandParameters(final String authBlockId, final String dataUrl, + final Map<String, String> additionalReqParameters, final X509Certificate x5cEnc) + throws CertificateEncodingException, SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, - true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); - addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, - additionalReqParameters); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, additionalReqParameters); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); return params; @@ -259,10 +247,10 @@ public class SL20JsonBuilderUtils { /** * Create result for qualifiedeID command. * - * @param idl IdentityLink + * @param idl IdentityLink * @param authBlock AuthBlock - * @param ccsUrl VDA URL - * @param loa LoA + * @param ccsUrl VDA URL + * @param loa LoA * @return JSON * @throws SlCommandoBuildException In case of an error */ @@ -270,57 +258,45 @@ public class SL20JsonBuilderUtils { final String ccsUrl, final String loa) throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idl, true); - addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, - true); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsUrl, - true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsUrl, true); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, loa, true); return result; } - /** * Create Binding-Key command parameters. * - * @param kontoId KontoId - * @param subjectName SubjectName - * @param keySize KeySize - * @param keyAlg Key-algorithm - * @param policies Key policy - * @param dataUrl DataURL - * @param x5cVdaTrust trusted certificate from VDA + * @param kontoId KontoId + * @param subjectName SubjectName + * @param keySize KeySize + * @param keyAlg Key-algorithm + * @param policies Key policy + * @param dataUrl DataURL + * @param x5cVdaTrust trusted certificate from VDA * @param reqUserPassword User passwort initialize request - * @param x5cEnc Result encryption certificate + * @param x5cEnc Result encryption certificate * @return JSON - * @throws SlCommandoBuildException in case of an errr + * @throws SlCommandoBuildException in case of an errr * @throws CertificateEncodingException In case of a certificate error */ - public static ObjectNode createBindingKeyCommandParams(final String kontoId, - final String subjectName, final int keySize, final String keyAlg, - final Map<String, String> policies, final String dataUrl, final X509Certificate x5cVdaTrust, - final Boolean reqUserPassword, final X509Certificate x5cEnc) + public static ObjectNode createBindingKeyCommandParams(final String kontoId, final String subjectName, + final int keySize, final String keyAlg, final Map<String, String> policies, final String dataUrl, + final X509Certificate x5cVdaTrust, final Boolean reqUserPassword, final X509Certificate x5cEnc) throws SlCommandoBuildException, CertificateEncodingException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, - true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, - true); - addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, - keySize, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, - true); - addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, - policies); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, - true); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, - x5cVdaTrust, false); - addSingleBooleanElement(params, - SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, reqUserPassword, + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, true); + addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, keySize, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, true); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, policies); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, x5cVdaTrust, false); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, - x5cEnc, false); + addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, + reqUserPassword, false); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, x5cEnc, false); return params; } @@ -328,27 +304,24 @@ public class SL20JsonBuilderUtils { /** * Create Binding-Key command result. * - * @param appId AppId - * @param csr CSR - * @param attCert Key-Attestation certificate + * @param appId AppId + * @param csr CSR + * @param attCert Key-Attestation certificate * @param password user's password * @return JSON - * @throws SlCommandoBuildException In case of an error - * @throws CertificateEncodingException In case of a certificate processing error + * @throws SlCommandoBuildException In case of an error + * @throws CertificateEncodingException In case of a certificate processing + * error */ public static ObjectNode createBindingKeyCommandResult(final String appId, final byte[] csr, final X509Certificate attCert, final byte[] password) throws SlCommandoBuildException, CertificateEncodingException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, - appId, true); - addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, - true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, appId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, true); addSingleCertificateElement(result, - SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, - false); - addSingleByteElement(result, - SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false); + SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, false); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false); return result; } @@ -356,19 +329,18 @@ public class SL20JsonBuilderUtils { /** * Create Store Binding-Certificate command parameters. * - * @param cert Certificate + * @param cert Certificate * @param dataUrl DATA URL * @return JSON - * @throws CertificateEncodingException In case of a certificate processing error - * @throws SlCommandoBuildException In case of a error + * @throws CertificateEncodingException In case of a certificate processing + * error + * @throws SlCommandoBuildException In case of a error */ - public static ObjectNode createStoreBindingCertCommandParams(final X509Certificate cert, - final String dataUrl) throws CertificateEncodingException, SlCommandoBuildException { + public static ObjectNode createStoreBindingCertCommandParams(final X509Certificate cert, final String dataUrl) + throws CertificateEncodingException, SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, - cert, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, - true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, cert, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, true); return params; } @@ -379,8 +351,7 @@ public class SL20JsonBuilderUtils { * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createStoreBindingCertCommandSuccessResult() - throws SlCommandoBuildException { + public static ObjectNode createStoreBindingCertCommandSuccessResult() throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE, true); @@ -388,27 +359,23 @@ public class SL20JsonBuilderUtils { } - /** * Create idAndPassword command parameters. * - * @param keyAlg key algorithm + * @param keyAlg key algorithm * @param dataUrl DATA Url - * @param x5cEnc result encryption certificate + * @param x5cEnc result encryption certificate * @return JSON - * @throws SlCommandoBuildException In case of an error - * @throws CertificateEncodingException In case of a certificate processing error + * @throws SlCommandoBuildException In case of an error + * @throws CertificateEncodingException In case of a certificate processing + * error */ - public static ObjectNode createIdAndPasswordCommandParameters(final String keyAlg, - final String dataUrl, final X509Certificate x5cEnc) - throws SlCommandoBuildException, CertificateEncodingException { + public static ObjectNode createIdAndPasswordCommandParameters(final String keyAlg, final String dataUrl, + final X509Certificate x5cEnc) throws SlCommandoBuildException, CertificateEncodingException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, - keyAlg, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, - dataUrl, true); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, - x5cEnc, false); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, keyAlg, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, x5cEnc, false); return params; } @@ -416,18 +383,17 @@ public class SL20JsonBuilderUtils { /** * Create idAndPassword command result. * - * @param kontoId User's Id + * @param kontoId User's Id * @param password User's password * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createIdAndPasswordCommandResult(final String kontoId, - final byte[] password) throws SlCommandoBuildException { + public static ObjectNode createIdAndPasswordCommandResult(final String kontoId, final byte[] password) + throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, - SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); - addSingleByteElement(result, - SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, + true); return result; } @@ -435,25 +401,20 @@ public class SL20JsonBuilderUtils { /** * Create JWS Token Authentication command. * - * @param nonce nonce that should be signed - * @param dataUrl Data URL + * @param nonce nonce that should be signed + * @param dataUrl Data URL * @param displayData Data that should be displayed * @param displayUrl URL to data that should be displayed * @return JSON * @throws SlCommandoBuildException In case of an error */ public static ObjectNode createJwsTokenAuthCommandParams(final String nonce, final String dataUrl, - final List<String> displayData, final List<String> displayUrl) - throws SlCommandoBuildException { + final List<String> displayData, final List<String> displayUrl) throws SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, - true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, - true); - addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, - displayData); - addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, - displayUrl); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, true); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, displayData); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, displayUrl); return params; } @@ -465,22 +426,19 @@ public class SL20JsonBuilderUtils { * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createJwsTokenAuthCommandResult(final String nonce) - throws SlCommandoBuildException { + public static ObjectNode createJwsTokenAuthCommandResult(final String nonce) throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, - nonce, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, nonce, true); return result; } - /** * Create Generic Request Container. * - * @param reqId RequestId + * @param reqId RequestId * @param transactionId TransactionId - * @param payLoad unsigned payload + * @param payLoad unsigned payload * @param signedPayload Signed payload * @return JSON * @throws SlCommandoBuildException In case of an error @@ -488,12 +446,10 @@ public class SL20JsonBuilderUtils { public static ObjectNode createGenericRequest(final String reqId, final String transactionId, final ObjectNode payLoad, final String signedPayload) throws SlCommandoBuildException { final ObjectNode req = mapper.getMapper().createObjectNode(); - addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, - true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); - addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, - signedPayload); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, signedPayload); return req; } @@ -501,32 +457,29 @@ public class SL20JsonBuilderUtils { /** * Create Generic Response Container. * - * @param respId Response Id - * @param inResponseTo RequestId to this response + * @param respId Response Id + * @param inResponseTo RequestId to this response * @param transactionId transactionId - * @param payLoad Unsigned payload + * @param payLoad Unsigned payload * @param signedPayload Signed payload * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static final ObjectNode createGenericResponse(final String respId, - final String inResponseTo, final String transactionId, final ObjectNode payLoad, - final String signedPayload) throws SlCommandoBuildException { + public static final ObjectNode createGenericResponse(final String respId, final String inResponseTo, + final String transactionId, final ObjectNode payLoad, final String signedPayload) + throws SlCommandoBuildException { final ObjectNode req = mapper.getMapper().createObjectNode(); - addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, - true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true); addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, false); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); - addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, - signedPayload); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, signedPayload); return req; } - private static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, - final String secondKeyId, final ObjectNode first, final ObjectNode second) - throws SlCommandoBuildException { + private static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, final String secondKeyId, + final ObjectNode first, final ObjectNode second) throws SlCommandoBuildException { if (first == null && second == null) { throw new SlCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); } else if (first != null && second != null) { @@ -542,18 +495,18 @@ public class SL20JsonBuilderUtils { /** * Add one element of two possible elements <br> - * This method adds either the first element or the second element to parent JSON, but never both. + * This method adds either the first element or the second element to parent + * JSON, but never both. * - * @param parent Parent JSON element - * @param firstKeyId first element Id + * @param parent Parent JSON element + * @param firstKeyId first element Id * @param secondKeyId second element Id - * @param first first element - * @param second second element + * @param first first element + * @param second second element * @throws SlCommandoBuildException In case of an error. */ - public static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, - final String secondKeyId, final ObjectNode first, final String second) - throws SlCommandoBuildException { + public static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, final String secondKeyId, + final ObjectNode first, final String second) throws SlCommandoBuildException { if (first == null && (second == null || second.isEmpty())) { throw new SlCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); } else if (first != null && second != null) { @@ -567,34 +520,25 @@ public class SL20JsonBuilderUtils { } } - - // TODO!!!! - private static ObjectNode createJsonSignedHeader() - throws SlCommandoBuildException { + private static ObjectNode createJsonSignedHeader() throws SlCommandoBuildException { final ObjectNode header = mapper.getMapper().createObjectNode(); - addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, - SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); - addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, - SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); - addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, - Arrays.asList(Constants.DUMMY_SIGNING_CERT)); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); + addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, Arrays.asList(Constants.DUMMY_SIGNING_CERT)); return header; } // TODO!!!! - private static ObjectNode createJsonEncryptionHeader() - throws SlCommandoBuildException { + private static ObjectNode createJsonEncryptionHeader() throws SlCommandoBuildException { final ObjectNode header = mapper.getMapper().createObjectNode(); - addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, - SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); addSingleStringElement(header, SL20Constants.JSON_ENCRYPTION_PAYLOAD, SL20Constants.JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, true); - addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, - SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, true); - addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, - Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, + true); + addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true); return header; } @@ -605,14 +549,11 @@ public class SL20JsonBuilderUtils { + " AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n" + " BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n" + " 0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv\n" - + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" - + " p0igcN_IoypGlUPQGe77Rw"; + + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" + " p0igcN_IoypGlUPQGe77Rw"; } - - - private static void addArrayOfStrings(final ObjectNode parent, final String keyId, - final List<String> values) throws SlCommandoBuildException { + private static void addArrayOfStrings(final ObjectNode parent, final String keyId, final List<String> values) + throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (values != null) { final ArrayNode callReqParamsArray = mapper.getMapper().createArrayNode(); @@ -624,7 +565,6 @@ public class SL20JsonBuilderUtils { } } - private static void addArrayOfStringElements(final ObjectNode parent, final String keyId, final Map<String, String> keyValuePairs) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); @@ -652,10 +592,8 @@ public class SL20JsonBuilderUtils { } - - - private static void addSingleByteElement(final ObjectNode parent, final String keyId, - final byte[] value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleByteElement(final ObjectNode parent, final String keyId, final byte[] value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -666,8 +604,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleBooleanElement(final ObjectNode parent, final String keyId, - final Boolean value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleBooleanElement(final ObjectNode parent, final String keyId, final Boolean value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -678,8 +616,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleNumberElement(final ObjectNode parent, final String keyId, - final Integer value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleNumberElement(final ObjectNode parent, final String keyId, final Integer value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -690,8 +628,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleStringElement(final ObjectNode parent, final String keyId, - final String value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleStringElement(final ObjectNode parent, final String keyId, final String value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && (value == null || value.isEmpty())) { @@ -702,8 +640,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleIntegerElement(final ObjectNode parent, final String keyId, - final Integer value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleIntegerElement(final ObjectNode parent, final String keyId, final Integer value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -714,8 +652,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleJsonElement(final ObjectNode parent, final String keyId, - final ObjectNode element, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleJsonElement(final ObjectNode parent, final String keyId, final ObjectNode element, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && element == null) { @@ -726,8 +664,6 @@ public class SL20JsonBuilderUtils { } - - private static void validateParentAndKey(final ObjectNode parent, final String keyId) throws SlCommandoBuildException { if (parent == null) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index d4e1490d..eb6de461 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -7,9 +7,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; + import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; @@ -18,25 +16,29 @@ import org.apache.http.util.EntityUtils; import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; + import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ObjectNode; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; + public class SL20JsonExtractorUtils { private static final Logger log = LoggerFactory.getLogger(SL20JsonExtractorUtils.class); private static JsonMapper mapper = new JsonMapper(); - /** * Extract String value from JSON. * - * @param input JSON - * @param keyID Element identifier + * @param input JSON + * @param keyID Element identifier * @param isRequired true, if the element must not null * @return Value of this element * @throws SlCommandoParserException In case an error */ - public static String getStringValue(final JsonNode input, final String keyID, - final boolean isRequired) throws SlCommandoParserException { + public static String getStringValue(final JsonNode input, final String keyID, final boolean isRequired) + throws SlCommandoParserException { try { final JsonNode internal = getAndCheck(input, keyID, isRequired); @@ -58,14 +60,14 @@ public class SL20JsonExtractorUtils { /** * Extract Boolean value from JSON. * - * @param input JSON - * @param keyID Element identifier + * @param input JSON + * @param keyID Element identifier * @param isRequired true, if the element must not null * @return Boolean * @throws SlCommandoParserException In case of an error */ - public static boolean getBooleanValue(final ObjectNode input, final String keyID, - final boolean isRequired, final boolean defaultValue) throws SlCommandoParserException { + public static boolean getBooleanValue(final ObjectNode input, final String keyID, final boolean isRequired, + final boolean defaultValue) throws SlCommandoParserException { try { final JsonNode internal = getAndCheck(input, keyID, isRequired); @@ -87,14 +89,14 @@ public class SL20JsonExtractorUtils { /** * Extract JSONObject value from JSON. * - * @param input JSON - * @param keyID Element identifier + * @param input JSON + * @param keyID Element identifier * @param isRequired true, if the element must not null * @return JSON node * @throws SlCommandoParserException In case of an error */ - public static JsonNode getJsonObjectValue(final JsonNode input, final String keyID, - final boolean isRequired) throws SlCommandoParserException { + public static JsonNode getJsonObjectValue(final JsonNode input, final String keyID, final boolean isRequired) + throws SlCommandoParserException { try { final JsonNode internal = getAndCheck(input, keyID, isRequired); @@ -120,8 +122,7 @@ public class SL20JsonExtractorUtils { * @return List of Elements in this node * @throws SlCommandoParserException In case of an error */ - public static List<String> getListOfStringElements(final JsonNode input) - throws SlCommandoParserException { + public static List<String> getListOfStringElements(final JsonNode input) throws SlCommandoParserException { final List<String> result = new ArrayList<>(); if (input != null) { if (input.isArray()) { @@ -149,8 +150,8 @@ public class SL20JsonExtractorUtils { /** * Extract Map of Key/Value pairs from a JSON Element. * - * @param input parent JSON object - * @param keyID KeyId of the child that should be parsed + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed * @param isRequired true, if the element must not null * @return Map of element pairs * @throws SlCommandoParserException In case of an error @@ -169,8 +170,7 @@ public class SL20JsonExtractorUtils { * @return Map of element pairs * @throws SlCommandoParserException in case of an error */ - public static Map<String, String> getMapOfStringElements(final JsonNode input) - throws SlCommandoParserException { + public static Map<String, String> getMapOfStringElements(final JsonNode input) throws SlCommandoParserException { final Map<String, String> result = new HashMap<>(); if (input != null) { @@ -196,13 +196,11 @@ public class SL20JsonExtractorUtils { return result; } - private static void entitySetToMap(final Map<String, String> result, - final Iterator<Entry<String, JsonNode>> entry) { + private static void entitySetToMap(final Map<String, String> result, final Iterator<Entry<String, JsonNode>> entry) { while (entry.hasNext()) { final Entry<String, JsonNode> el = entry.next(); if (result.containsKey(el.getKey())) { - log.info("Attr. Map already contains Element with Key: " + el.getKey() - + ". Overwrite element ... "); + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); } result.put(el.getKey(), el.getValue().asText()); @@ -211,12 +209,11 @@ public class SL20JsonExtractorUtils { } - /** * Extract Security-Layer 2.0 result from response object. * - * @param command SL2.0 command - * @param decrypter JWS decrypter implementation + * @param command SL2.0 command + * @param decrypter JWS decrypter implementation * @param mustBeEncrypted if <code>true</code>, the result must be encrypted * @return decrypted JSON * @throws SL20Exception In case of an error @@ -224,8 +221,7 @@ public class SL20JsonExtractorUtils { public static JsonNode extractSL20Result(final JsonNode command, final IJoseTools decrypter, final boolean mustBeEncrypted) throws SL20Exception { final JsonNode result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); - final JsonNode encryptedResult = - command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + final JsonNode encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); if (result == null && encryptedResult == null) { throw new SlCommandoParserException("NO result OR encryptedResult FOUND."); @@ -238,8 +234,7 @@ public class SL20JsonExtractorUtils { } catch (final Exception e) { log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); if (!mustBeEncrypted) { - log.warn( - "Decrypted results are disabled by configuration. Parse result in plain if it is possible"); + log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); // dummy code try { @@ -267,7 +262,6 @@ public class SL20JsonExtractorUtils { throw new SlCommandoParserException("Internal build error"); } - } /** @@ -278,8 +272,8 @@ public class SL20JsonExtractorUtils { * @return Signature verification result that contains the payLoad * @throws SlCommandoParserException In case of an error */ - public static VerificationResult extractSL20PayLoad(final JsonNode container, - final IJoseTools joseTools, final boolean mustBeSigned) throws SL20Exception { + public static VerificationResult extractSL20PayLoad(final JsonNode container, final IJoseTools joseTools, + final boolean mustBeSigned) throws SL20Exception { final JsonNode sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); final JsonNode sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); @@ -301,10 +295,8 @@ public class SL20JsonExtractorUtils { throw new SlCommandoParserException("Internal build error"); } - } - /** * Extract generic transport container from httpResponse. * @@ -312,19 +304,16 @@ public class SL20JsonExtractorUtils { * @return JSON with SL2.0 response * @throws SlCommandoParserException In case of an error */ - public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) - throws SlCommandoParserException { + public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) throws SlCommandoParserException { try { JsonNode sl20Resp = null; - if (httpResp.getStatusLine().getStatusCode() == 303 - || httpResp.getStatusLine().getStatusCode() == 307) { + if (httpResp.getStatusLine().getStatusCode() == 303 || httpResp.getStatusLine().getStatusCode() == 307) { final Header[] locationHeader = httpResp.getHeaders("Location"); if (locationHeader == null) { throw new SlCommandoParserException("Find Redirect statuscode but not Location header"); } - final String sl20RespString = - new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); + final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); sl20Resp = mapper.getMapper().readTree(Base64Url.decode(sl20RespString)); } else if (httpResp.getStatusLine().getStatusCode() == 200) { @@ -333,16 +322,15 @@ public class SL20JsonExtractorUtils { } if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) { - throw new SlCommandoParserException("SL20 response with a wrong ContentType: " - + httpResp.getEntity().getContentType().getValue()); + throw new SlCommandoParserException( + "SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); } sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - } else if (httpResp.getStatusLine().getStatusCode() == 500 - || httpResp.getStatusLine().getStatusCode() == 401 + } else if (httpResp.getStatusLine().getStatusCode() == 500 || httpResp.getStatusLine().getStatusCode() == 401 || httpResp.getStatusLine().getStatusCode() == 400) { - log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() - + ". Search for error message"); + log.info( + "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + ". Search for error message"); try { sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); @@ -354,8 +342,6 @@ public class SL20JsonExtractorUtils { } - - } else { throw new SlCommandoParserException( "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); @@ -365,8 +351,7 @@ public class SL20JsonExtractorUtils { return sl20Resp; } catch (final Exception e) { - throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), - e); + throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); } } @@ -384,21 +369,18 @@ public class SL20JsonExtractorUtils { throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object"); } - } else { throw new SlCommandoParserException("Can NOT find content in http response"); } } - - private static JsonNode getAndCheck(final JsonNode input, final String keyID, - final boolean isRequired) throws SlCommandoParserException { + private static JsonNode getAndCheck(final JsonNode input, final String keyID, final boolean isRequired) + throws SlCommandoParserException { final JsonNode internal = input.get(keyID); if (internal == null && isRequired) { - throw new SlCommandoParserException( - "REQUIRED Element with keyId: " + keyID + " does not exist"); + throw new SlCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); } return internal; |