feat(core): refactor to openSAML 5 for Java 17

author: Thomas <> 2023-08-31 20:37:42 +0200
committer: Thomas <> 2023-08-31 20:37:42 +0200
commit: e915685e22c7c084f7fd0c4870ff20d3f0194a91 (patch)
tree: 638deef490a63799ff48ca826ff8702b2efbee2a /eaaf_modules/eaaf_module_auth_sl20
parent: 5acc09000c59c93510567e88cb701919122dc5b2 (diff)
download: EAAF-Components-e915685e22c7c084f7fd0c4870ff20d3f0194a91.tar.gz
EAAF-Components-e915685e22c7c084f7fd0c4870ff20d3f0194a91.tar.bz2
EAAF-Components-e915685e22c7c084f7fd0c4870ff20d3f0194a91.zip
9 files changed, 74 insertions, 48 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/checks/spotbugs-exclude.xml b/eaaf_modules/eaaf_module_auth_sl20/checks/spotbugs-exclude.xml
new file mode 100644
index 00000000..c3a419a2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_auth_sl20/checks/spotbugs-exclude.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+    <Match>
+	  <OR>
+        <Class name="at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult" />
+        <Class name="at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils" />
+        <Class name="at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils$Sl20ResponseHolder" />
+      </OR>      
+      <OR>
+    	<Bug pattern="EI_EXPOSE_REP" />
+    	<Bug pattern="EI_EXPOSE_REP2" />
+      </OR>
+    </Match>
+    <Match>
+	  <OR>
+        <Class name="at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonMapper" />
+      </OR>      
+      <OR>
+    	<Bug pattern="MS_EXPOSE_REP" />
+      </OR>
+    </Match>          
+</FindBugsFilter>
diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
index 556f3aea..8ec445bc 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml
+++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml
@@ -106,6 +106,15 @@
           </filesets>
         </configuration>
       </plugin>
+      <plugin>
+        <groupId>com.github.spotbugs</groupId>
+        <artifactId>spotbugs-maven-plugin</artifactId>
+        <version>${spotbugs-maven-plugin.version}</version>
+        <configuration>
+          <failOnError>true</failOnError>
+          <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile>
+        </configuration>
+      </plugin>              
     </plugins>
   </build>
 
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java
index d561a0bc..d7d2c90b 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java
@@ -3,8 +3,6 @@ package at.gv.egiz.eaaf.modules.auth.sl20;
 import java.util.Arrays;
 import java.util.List;
 
-import javax.annotation.PostConstruct;
-
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -17,6 +15,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
+import jakarta.annotation.PostConstruct;
 
 /**
  * AuthModule to select a Securtiy-Layer 2.0 based authentication process.
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index 9dcfbe75..7e895d89 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -11,16 +11,13 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.time.StopWatch;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.message.BasicNameValuePair;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.entity.UrlEncodedFormEntity;
+import org.apache.hc.core5.http.NameValuePair;
+import org.apache.hc.core5.http.message.BasicNameValuePair;
+import org.apache.hc.core5.net.URIBuilder;
 import org.jose4j.base64url.Base64Url;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.i18n.LocaleContextHolder;
@@ -48,6 +45,8 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;
 import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils.Sl20ResponseHolder;
 import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils;
 import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java
index 79d9f8d6..dd3e9ea7 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java
@@ -3,10 +3,7 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks;
 import java.io.IOException;
 import java.util.Map;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload2.core.FileUploadException;
 import org.apache.commons.lang3.StringUtils;
 import org.jose4j.base64url.Base64Url;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -36,6 +33,8 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonMapper;
 import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
 import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
 import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20ResponseUtils;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 668ce09a..5e7f926f 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -7,11 +7,11 @@ import java.security.KeyStoreException;
 import java.security.Provider;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.List;
 
 import javax.annotation.Nonnull;
-import javax.annotation.PostConstruct;
 
 import org.apache.commons.lang3.StringUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -26,7 +26,6 @@ import org.jose4j.lang.JoseException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.lang.NonNull;
 import org.springframework.stereotype.Service;
-import org.springframework.util.Base64Utils;
 
 import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -49,6 +48,7 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
 import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
 import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
 import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+import jakarta.annotation.PostConstruct;
 import lombok.extern.slf4j.Slf4j;
 
 @Service
@@ -243,10 +243,9 @@ public class JsonSecurityUtils implements IJoseTools {
 
         if (!sortedX5cCerts.get(0).equals(encryptionCred.getSecond()[0])) {
           log.info("Certificate from JOSE header does NOT match encryption certificate");
-
           try {
-
-            log.debug("JOSE certificate: {}", Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
+            log.debug("JOSE certificate: {}", Base64.getEncoder().encodeToString(
+                sortedX5cCerts.get(0).getEncoded()));
           } catch (final CertificateEncodingException e) {
             e.printStackTrace();
           }
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
index e75410f7..b98b2980 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java
@@ -48,9 +48,9 @@ public class SL20Constants {
      */
     public static VdaAuthMethod fromString(@Nonnull final String s) {
       try {
-        return VdaAuthMethod.valueOf(s.toUpperCase());
+        return s != null ? VdaAuthMethod.valueOf(s.toUpperCase()) : VdaAuthMethod.ANY;
 
-      } catch (IllegalArgumentException | NullPointerException e) {
+      } catch (IllegalArgumentException e) {
         return VdaAuthMethod.ANY;
 
       }
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
index c45245b1..f9ca7cf8 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
@@ -7,26 +7,26 @@ import java.text.MessageFormat;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.http.Header;
-import org.apache.http.HttpEntity;
-import org.apache.http.ParseException;
-import org.apache.http.StatusLine;
-import org.apache.http.client.ResponseHandler;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.entity.ContentType;
-import org.apache.http.util.EntityUtils;
+
+import org.apache.hc.core5.http.ContentType;
+import org.apache.hc.core5.http.Header;
+import org.apache.hc.core5.http.HttpEntity;
+import org.apache.hc.core5.http.io.HttpClientResponseHandler;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
+import org.apache.hc.core5.http.message.StatusLine;
+import org.apache.hc.core5.net.URIBuilder;
 import org.jose4j.base64url.Base64Url;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 
+import com.fasterxml.jackson.core.JacksonException;
 import com.fasterxml.jackson.databind.JsonNode;
 
 import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.Data;
 import lombok.Getter;
 
@@ -48,20 +48,20 @@ public class SL20HttpBindingUtils {
    * 
    * @return {@link Sl20ResponseHolder}
    */
-  public static ResponseHandler<Sl20ResponseHolder> sl20ResponseHandler() {
+  public static HttpClientResponseHandler<Sl20ResponseHolder> sl20ResponseHandler() {
     return response -> {
       try {
-        final int httpStatusCode = response.getStatusLine().getStatusCode();
+        final int httpStatusCode = response.getCode();
         if (httpStatusCode == HttpStatus.OK.value()) {
           if (response.getEntity().getContentType() == null) {
             throw new SlCommandoParserException("SL20 response contains NO ContentType");
             
           }
           
-          final ContentType contentType = ContentType.getOrDefault(response.getEntity());          
+          final ContentType contentType = ContentType.parse(response.getEntity().getContentType());
           if (!ContentType.APPLICATION_JSON.getMimeType().equals(contentType.getMimeType())) {
             log.error("SL20 response with statuscode: {} has wrong http ContentType: {}", 
-                response.getStatusLine(), contentType);
+                response.getCode(), contentType);
             throw new SlCommandoParserException(
                 "SL20 response with a wrong http ContentType: " + contentType);
             
@@ -69,7 +69,7 @@ public class SL20HttpBindingUtils {
           
           //parse OK response from body
           return new Sl20ResponseHolder(parseSL20ResultFromResponse(response.getEntity()),
-              response.getStatusLine());                    
+              new StatusLine(response));
         
         } else if (httpStatusCode == HttpStatus.SEE_OTHER.value() 
             || httpStatusCode == HttpStatus.TEMPORARY_REDIRECT.value()) {
@@ -81,24 +81,24 @@ public class SL20HttpBindingUtils {
 
           final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
           return new Sl20ResponseHolder(JsonMapper.getMapper().readTree(Base64Url.decode(sl20RespString)), 
-              response.getStatusLine()); 
+              new StatusLine(response));
                              
         } else if (
             httpStatusCode == HttpStatus.INTERNAL_SERVER_ERROR.value() 
             || httpStatusCode == HttpStatus.UNAUTHORIZED.value()
             || httpStatusCode == HttpStatus.BAD_REQUEST.value()) {
           log.info("SL20 response with http-code: {}. Search for error message", httpStatusCode);                    
-          
+
           String bodyMsg = "_EMPTY_";
           try {
             //extract JSON body from defined http error-codes
             bodyMsg = EntityUtils.toString(response.getEntity());            
             log.info("SL20 response with http-code: {} and errorMsg: {}", httpStatusCode, bodyMsg);
             Sl20ResponseHolder holder = new Sl20ResponseHolder(
-                JsonMapper.getMapper().readTree(bodyMsg), response.getStatusLine());
+                JsonMapper.getMapper().readTree(bodyMsg), new StatusLine(response));
             return holder; 
             
-          } catch (final IOException | ParseException e) {
+          } catch (final JacksonException e) {
             log.warn("SL20 response contains no valid JSON. Body msg: {}", bodyMsg, e);            
             throw new SlCommandoParserException(MessageFormat.format(
                 "SL20 response with http-code: {} and generic response-processing error: {}", 
@@ -115,12 +115,12 @@ public class SL20HttpBindingUtils {
         }
       
       } catch (SlCommandoParserException e) {
-        Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine());
+        Sl20ResponseHolder holder = new Sl20ResponseHolder(null, new StatusLine(response));
         holder.setError(e);
         return holder;
         
       } catch (final Exception e) {        
-        Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine());
+        Sl20ResponseHolder holder = new Sl20ResponseHolder(null, new StatusLine(response));
         holder.setError(
             new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e));
         return holder;
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java
index c3826087..af292964 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java
@@ -8,12 +8,9 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.lang3.StringUtils;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.entity.ContentType;
+import org.apache.hc.core5.http.ContentType;
+import org.apache.hc.core5.net.URIBuilder;
 
 import com.fasterxml.jackson.databind.node.ObjectNode;
 
@@ -22,6 +19,8 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
 import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
author	Thomas <>	2023-08-31 20:37:42 +0200
committer	Thomas <>	2023-08-31 20:37:42 +0200
commit	e915685e22c7c084f7fd0c4870ff20d3f0194a91 (patch)
tree	638deef490a63799ff48ca826ff8702b2efbee2a /eaaf_modules/eaaf_module_auth_sl20
parent	5acc09000c59c93510567e88cb701919122dc5b2 (diff)
download	EAAF-Components-e915685e22c7c084f7fd0c4870ff20d3f0194a91.tar.gz EAAF-Components-e915685e22c7c084f7fd0c4870ff20d3f0194a91.tar.bz2 EAAF-Components-e915685e22c7c084f7fd0c4870ff20d3f0194a91.zip