diff options
| author | Thomas <thomas.lenz@egiz.gv.at> | 2019-12-04 22:54:51 +0100 | 
|---|---|---|
| committer | Thomas <thomas.lenz@egiz.gv.at> | 2019-12-04 22:54:51 +0100 | 
| commit | 95b21a826e5d81fdeabcf4673a9e87047edaec9d (patch) | |
| tree | d8d55da492dd86041c31d68651afa21c80313362 /eaaf_modules/eaaf_module_auth_sl20/src | |
| parent | 759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f (diff) | |
| download | EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.tar.gz EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.tar.bz2 EAAF-Components-95b21a826e5d81fdeabcf4673a9e87047edaec9d.zip | |
to some more code quality tasks
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src')
9 files changed, 55 insertions, 45 deletions
| diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java index 4009796f..1a88c43b 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java @@ -81,8 +81,7 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule      if (authConfig.getBasicConfigurationBoolean(getGeneralConfigPropertyNameEnableModule(),          getGeneralConfigPropertyNameEnableModuleDefault())) { -      if (spConfig != null -          && StringUtils +      if (StringUtils                .isNotEmpty(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))            && Boolean                .valueOf(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index 251b516f..518f0d24 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -92,7 +92,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl        final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualEidDUrl).build());        final List<NameValuePair> parameters = new ArrayList<>();        parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, -          Base64Url.encode(sl20Req.toString().getBytes()))); +          Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))));        httpReq.setEntity(new UrlEncodedFormEntity(parameters));        // build http GET request @@ -105,7 +105,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl        httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE,            SL20Constants.HTTP_HEADER_VALUE_NATIVE); -      log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes())); +      log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes("UTF-8")));        // request VDA        final HttpResponse httpResp = httpClientFactory.getHttpClient(false).execute(httpReq); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java index 39cfce05..516a33b9 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java @@ -138,7 +138,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask                .extractSL20PayLoad(sl20ReqObj, joseTools, authConfig.getBasicConfigurationBoolean(                    Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); -          if ((payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { +          if (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned()) {              if (authConfig.getBasicConfigurationBoolean(                  Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {                log.info("SL20 result from VDA was not valid signed"); @@ -151,10 +151,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask              }            } - -          payLoadContainer.getCertChain(); - - +                      // extract payloaf            final JsonNode payLoad = payLoadContainer.getPayload(); @@ -193,7 +190,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask            // buildResponse(request, response, sl20ReqObj, aTrustErrorWorkAround);            buildResponse(request, response, sl20ReqObj);          } else { -          buildErrorResponse(request, response, "2000", "General transport Binding error"); +          buildErrorResponse(response, "2000", "General transport Binding error");          }        } @@ -225,8 +222,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask    protected abstract String getResumeEndPoint(); -  private void buildErrorResponse(final HttpServletRequest request, -      final HttpServletResponse response, final String errorCode, final String errorMsg) +  private void buildErrorResponse(final HttpServletResponse response, final String errorCode, final String errorMsg)        throws Exception {      final ObjectNode error = SL20JsonBuilderUtils.createErrorCommandResult(errorCode, errorMsg);      final ObjectNode errorCommand = SL20JsonBuilderUtils diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java index caa2e8d8..9d444802 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java @@ -21,7 +21,7 @@ public interface IJoseTools {     * @param payLoad Payload to sign     * @throws SlCommandoBuildException In case of a signature creation error     */ -  public String createSignature(String payLoad) throws SlCommandoBuildException; +  String createSignature(String payLoad) throws SlCommandoBuildException;    /**     * Validates a signed SL2.0 message. @@ -31,7 +31,7 @@ public interface IJoseTools {     * @throws SL20Exception In case of a signature validation error     */    @Nonnull -  public VerificationResult validateSignature(@Nonnull String serializedContent) +  VerificationResult validateSignature(@Nonnull String serializedContent)        throws SL20Exception;    /** @@ -45,7 +45,7 @@ public interface IJoseTools {     * @throws IOException In case of a general IO error     */    @Nonnull -  public VerificationResult validateSignature(@Nonnull String serializedContent, +  VerificationResult validateSignature(@Nonnull String serializedContent,        @Nonnull List<X509Certificate> trustedCerts, @Nonnull AlgorithmConstraints constraints)        throws JoseException, IOException; @@ -61,7 +61,7 @@ public interface IJoseTools {     * @throws KeyStoreException In case of TrustStore error     */    @Nonnull -  public VerificationResult validateSignature(@Nonnull String serializedContent, +  VerificationResult validateSignature(@Nonnull String serializedContent,        @Nonnull KeyStore trustStore, @Nonnull AlgorithmConstraints algconstraints)        throws JoseException, IOException, KeyStoreException; @@ -70,7 +70,7 @@ public interface IJoseTools {     *     * @return     */ -  public X509Certificate getEncryptionCertificate(); +  X509Certificate getEncryptionCertificate();    /**     * Decrypt a serialized JWE token. @@ -79,6 +79,6 @@ public interface IJoseTools {     * @return decrypted payload     * @throws SL20Exception In case of a decryption error     */ -  public JsonNode decryptPayload(String compactSerialization) throws SL20Exception; +  JsonNode decryptPayload(String compactSerialization) throws SL20Exception;  } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 28106377..6ec56825 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -133,6 +133,9 @@ public class JsonSecurityUtils implements IJoseTools {          log.info("NO SL2.0 authentication security configuration. Initialization was skipped");        } +    } catch (RuntimeException e) { +        throw e;   +         } catch (final Exception e) {        log.error("SL2.0 security constrains initialization FAILED.", e); @@ -304,11 +307,11 @@ public class JsonSecurityUtils implements IJoseTools {          final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts);          if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { -          log.info("Certificate from JOSE header does NOT match encryption certificate"); -          log.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); +        	log.info("Certificate from JOSE header does NOT match encryption certificate");            try { -            log.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); +        	   +            log.debug("JOSE certificate: {}", Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));            } catch (final CertificateEncodingException e) {              e.printStackTrace();            } @@ -441,7 +444,8 @@ public class JsonSecurityUtils implements IJoseTools {          if (cert != null && cert instanceof X509Certificate) {            result.add((X509Certificate) cert);          } else { -          log.info("Can not process entry: " + el + ". Reason: " + cert.toString()); +          log.info("Can not process entry: {}. Reason: {}", el,   +            cert != null ? cert.getType() : "cert is null");          }        } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index 5a8be243..d3726546 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -1,6 +1,7 @@  package at.gv.egiz.eaaf.modules.auth.sl20.utils;  import java.util.Arrays; +import java.util.Collections;  import java.util.List;  import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; @@ -43,9 +44,9 @@ public class SL20Constants {    public static final String JSON_ALGORITHM_SIGNING_PS512 =        AlgorithmIdentifiers.RSA_PSS_USING_SHA512; -  public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Arrays.asList( +  public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays.asList(        JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256, -      JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512); +      JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512));    public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP =        KeyManagementAlgorithmIdentifiers.RSA_OAEP; @@ -53,7 +54,7 @@ public class SL20Constants {        KeyManagementAlgorithmIdentifiers.RSA_OAEP_256;    public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = -      Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256); +		  Collections.unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256));    public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 =        ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; @@ -64,9 +65,9 @@ public class SL20Constants {    public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM =        ContentEncryptionAlgorithmIdentifiers.AES_256_GCM; -  public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Arrays.asList( +  public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections.unmodifiableList(Arrays.asList(        JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, -      JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM); +      JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM));    // ********************************************************************************************* diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java index be306b69..6a8b96d4 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java @@ -53,7 +53,7 @@ public class SL20HttpBindingUtils {        log.debug("Client request containts is no native client ... ");        final URIBuilder clientRedirectUri = new URIBuilder(redirectUrl);        clientRedirectUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, -          Base64Url.encode(sl20Forward.toString().getBytes())); +          Base64Url.encode(sl20Forward.toString().getBytes("UTF-8")));        httpResp.setStatus(httpCodeRedirect);        httpResp.setHeader("Location", clientRedirectUri.build().toString()); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java index f505f28d..82a8cf26 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java @@ -1,5 +1,6 @@  package at.gv.egiz.eaaf.modules.auth.sl20.utils; +import java.io.UnsupportedEncodingException;  import java.security.cert.CertificateEncodingException;  import java.security.cert.X509Certificate;  import java.util.Arrays; @@ -65,13 +66,17 @@ public class SL20JsonBuilderUtils {        final JsonSecurityUtils encrypter) throws SlCommandoBuildException {      // TODO: add real implementation      // create header and footer -    final String dummyHeader = createJsonEncryptionHeader(encrypter).toString(); +    final String dummyHeader = createJsonEncryptionHeader().toString();      final String payLoad = result.toString(); -    final String dummyFooter = createJsonSignedFooter(encrypter); +    final String dummyFooter = createJsonSignedFooter(); -    return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." -        + Base64.getUrlEncoder().encodeToString(payLoad.getBytes()) + "." -        + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); +    try { +		return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." +		    + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "." +		    + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); +	} catch (UnsupportedEncodingException e) { +		throw new SlCommandoBuildException("No UTF-8 encoding", e); +	}    } @@ -116,12 +121,17 @@ public class SL20JsonBuilderUtils {      // TODO: add real implementation      // create header and footer -    final String dummyHeader = createJsonSignedHeader(signer).toString(); -    final String dummyFooter = createJsonSignedFooter(signer); +    final String dummyHeader = createJsonSignedHeader().toString(); +    final String dummyFooter = createJsonSignedFooter(); -    return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." -        + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes()) + "." -        + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); +    try { +		return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." +		    + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "." +		    + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); +		 +	} catch (UnsupportedEncodingException e) { +		throw new SlCommandoBuildException("No UTF-8 encoding", e); +	}    } @@ -560,7 +570,7 @@ public class SL20JsonBuilderUtils {    // TODO!!!! -  private static ObjectNode createJsonSignedHeader(final JsonSecurityUtils signer) +  private static ObjectNode createJsonSignedHeader()        throws SlCommandoBuildException {      final ObjectNode header = mapper.getMapper().createObjectNode();      addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, @@ -574,7 +584,7 @@ public class SL20JsonBuilderUtils {    }    // TODO!!!! -  private static ObjectNode createJsonEncryptionHeader(final JsonSecurityUtils signer) +  private static ObjectNode createJsonEncryptionHeader()        throws SlCommandoBuildException {      final ObjectNode header = mapper.getMapper().createObjectNode();      addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, @@ -590,7 +600,7 @@ public class SL20JsonBuilderUtils {    }    // TODO!!!! -  private static String createJsonSignedFooter(final JsonSecurityUtils signer) { +  private static String createJsonSignedFooter() {      return "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7\n"          + "  AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n"          + "  BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n" diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index f4b5a724..d4e1490d 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -245,7 +245,7 @@ public class SL20JsonExtractorUtils {            try {              final String[] signedPayload = encryptedResult.toString().split("\\.");              final JsonNode payLoad = mapper.getMapper() -                .readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); +                .readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1]), "UTF-8"));              return payLoad;            } catch (final Exception e1) { @@ -338,9 +338,9 @@ public class SL20JsonExtractorUtils {          }          sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); -      } else if ((httpResp.getStatusLine().getStatusCode() == 500) -          || (httpResp.getStatusLine().getStatusCode() == 401) -          || (httpResp.getStatusLine().getStatusCode() == 400)) { +      } else if (httpResp.getStatusLine().getStatusCode() == 500 +          || httpResp.getStatusLine().getStatusCode() == 401 +          || httpResp.getStatusLine().getStatusCode() == 400) {          log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()              + ". Search for error message"); | 
