summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_auth_sl20
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2019-05-17 12:21:00 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2019-05-17 12:21:00 +0200
commit75fe6d2b738245a3fbe6432b1e542beead5dcbf2 (patch)
treeee5b6693fc6f8354cde28a9f4ee67e9f450e4c1e /eaaf_modules/eaaf_module_auth_sl20
parenta9a7014cc6e06792d03890ad956d1222e245b8f1 (diff)
downloadEAAF-Components-75fe6d2b738245a3fbe6432b1e542beead5dcbf2.tar.gz
EAAF-Components-75fe6d2b738245a3fbe6432b1e542beead5dcbf2.tar.bz2
EAAF-Components-75fe6d2b738245a3fbe6432b1e542beead5dcbf2.zip
refactor EAAF core to split API and Implementation
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20')
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java56
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java14
2 files changed, 37 insertions, 33 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
index 337002c5..3890aaac 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java
@@ -1,9 +1,7 @@
package at.gv.egiz.eaaf.modules.auth.sl20.tasks;
import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -25,13 +23,11 @@ import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
import at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -42,7 +38,6 @@ import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SLCommandoBuildException;
import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SLCommandoParserException;
-import at.gv.egiz.eaaf.modules.auth.sl20.utils.IJOSETools;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JSONBuilderUtils;
@@ -51,8 +46,6 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JSONExtractorUtils;
public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServletTask {
private static final Logger log = LoggerFactory.getLogger(AbstractCreateQualeIDRequestTask.class);
- @Autowired(required=true) private IJOSETools joseTools;
- @Autowired(required=true) private IConfiguration basicConfig;
@Autowired(required=true) private HttpClientFactory httpClientFactory;
@Override
@@ -65,28 +58,29 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl
try {
//get service-provider configuration
- ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration();
+ final ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration();
//get basic configuration parameters
- String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext);
+ final String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext);
if (StringUtils.isEmpty(vdaQualeIDUrl)) {
log.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")");
throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});
}
+ log.debug("Use {} as VDA end-point") ;
revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_ENDPOINT_URL, vdaQualeIDUrl);
//create SL2.0 command for qualified eID
- String signedQualeIDCommand = buildSignedQualifiedEIDCommand();
+ final String signedQualeIDCommand = buildSignedQualifiedEIDCommand();
//build request container
- String qualeIDReqId = Random.nextProcessReferenceValue();
- ObjectNode sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);
+ final String qualeIDReqId = Random.nextProcessReferenceValue();
+ final ObjectNode sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);
//build http POST request
- HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());
- List<NameValuePair> parameters = new ArrayList<NameValuePair>();;
+ final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());
+ final List<NameValuePair> parameters = new ArrayList<NameValuePair>();;
parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())));
httpReq.setEntity(new UrlEncodedFormEntity(parameters ));
@@ -101,29 +95,29 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl
log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes()));
//request VDA
- HttpResponse httpResp = httpClientFactory.getHttpClient().execute(httpReq);
+ final HttpResponse httpResp = httpClientFactory.getHttpClient().execute(httpReq);
//parse response
log.info("Receive response from VDA ... ");
- JsonNode sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp);
- VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false);
+ final JsonNode sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp);
+ final VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false);
if (respPayloadContainer.isValidSigned() == null) {
log.debug("Receive unsigned payLoad from VDA");
}
- JsonNode respPayload = respPayloadContainer.getPayload();
+ final JsonNode respPayload = respPayloadContainer.getPayload();
if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText()
.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) {
log.debug("Find 'redirect' command in VDA response ... ");
- JsonNode params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true);
- String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true);
- JsonNode command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false);
- String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false);
+ final JsonNode params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true);
+ final String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true);
+ final JsonNode command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false);
+ final String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false);
//create forward SL2.0 command
- ObjectNode sl20Forward = sl20Resp.deepCopy();
+ final ObjectNode sl20Forward = sl20Resp.deepCopy();
SL20JSONBuilderUtils.addOnlyOnceOfTwo(sl20Forward,
SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD,
command.deepCopy(), signedCommand);
@@ -143,8 +137,8 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl
if (result == null)
result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false);
- String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true);
- String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true);
+ final String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true);
+ final String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true);
log.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg);
throw new SL20Exception("sl20.08", new Object[]{errorCode, errorMsg});
@@ -156,10 +150,10 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl
}
- } catch (EAAFAuthenticationException e) {
+ } catch (final EAAFAuthenticationException e) {
throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e);
- } catch (Exception e) {
+ } catch (final Exception e) {
log.warn("SL2.0 Authentication FAILED with a generic error.", e);
throw new TaskExecutionException(pendingReq, e.getMessage(), e);
@@ -187,9 +181,9 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl
//TODO: fully remove if not required any more
//String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);
- String spSpecificVDAEndpoints = null;
+ final String spSpecificVDAEndpoints = null;
- Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+ final Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
if (StringUtils.isNotEmpty(spSpecificVDAEndpoints)) {
endPointMap.putAll(KeyValueUtils.convertListToMap(
KeyValueUtils.getListOfCSVValues(
@@ -201,9 +195,9 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl
log.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... ");
//selection based on request Header
- String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
+ final String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
if (StringUtils.isNotEmpty(sl20VDATypeHeader)) {
- String vdaURL = endPointMap.get(sl20VDATypeHeader);
+ final String vdaURL = endPointMap.get(sl20VDATypeHeader);
if (StringUtils.isNotEmpty(vdaURL))
return vdaURL.trim();
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java
index 524c9e80..a5e5a3dc 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java
@@ -307,8 +307,18 @@ public class SL20JSONExtractorUtils {
(httpResp.getStatusLine().getStatusCode() == 401) ||
(httpResp.getStatusLine().getStatusCode() == 400) ) {
log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()
- + ". Search for error message");
- sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
+ + ". Search for error message");
+
+ try {
+ sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
+
+ } catch (final Exception e) {
+ log.warn("SL20 response contains no valid JSON", e);
+ throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()
+ + " AND NO valid JSON errormsg", e);
+
+ }
+
} else