summaryrefslogtreecommitdiff
path: root/eaaf_modules
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-10 14:20:56 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-10 14:20:56 +0100
commitb49e72d172d9671898a79842b6cd3db7a7304937 (patch)
tree776a77377384a3679efacaf5d9f02f286f994140 /eaaf_modules
parent83697944c66fff1b5ee47850b46fd970907a9757 (diff)
parent0964aa4dfbf5543fff4e023290beefaeed31f3c5 (diff)
downloadEAAF-Components-b49e72d172d9671898a79842b6cd3db7a7304937.tar.gz
EAAF-Components-b49e72d172d9671898a79842b6cd3db7a7304937.tar.bz2
EAAF-Components-b49e72d172d9671898a79842b6cd3db7a7304937.zip
Merge branch 'nightlyBuild' of gitlab.iaik.tugraz.at:egiz/eaaf_components into nightlyBuild
Diffstat (limited to 'eaaf_modules')
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java49
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java124
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java84
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java34
4 files changed, 180 insertions, 111 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
index 56084d94..9a041028 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java
@@ -12,6 +12,19 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.message.BasicNameValuePair;
+import org.jose4j.base64url.Base64Url;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.i18n.LocaleContextHolder;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -30,22 +43,9 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants.VdaAuthMethod;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;
+import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils.Sl20ResponseHolder;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils;
import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.http.HttpResponse;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.message.BasicNameValuePair;
-import org.jose4j.base64url.Base64Url;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.i18n.LocaleContextHolder;
-
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -113,12 +113,21 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
Base64Url.encode(sl20Req.toString().getBytes(StandardCharsets.UTF_8)));
// request VDA
- final HttpResponse httpResp = httpClientFactory.getHttpClient(false).execute(httpReq);
-
+ final Sl20ResponseHolder httpResp = httpClientFactory.getHttpClient(false).execute(
+ httpReq, SL20HttpBindingUtils.sl20ResponseHandler());
+
+ //check on error on http channel
+ if (httpResp.getError() != null) {
+ log.info("Basic SL2.0 response processing has an error. HTTP-StatusCode: {} ErrorMsg: {}",
+ httpResp.getResponseStatus().getStatusCode(), httpResp.getError().getMessage());
+ throw httpResp.getError();
+
+ }
+
// parse response
log.info("Receive response from VDA ... ");
- final JsonNode sl20Resp = SL20JsonExtractorUtils.getSL20ContainerFromResponse(httpResp);
- final VerificationResult respPayloadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false);
+ final VerificationResult respPayloadContainer =
+ SL20JsonExtractorUtils.extractSL20PayLoad(httpResp.getResponseBody(), null, false);
if (respPayloadContainer.isValidSigned() == null) {
log.debug("Receive unsigned payLoad from VDA");
@@ -139,7 +148,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false);
// create forward SL2.0 command
- final ObjectNode sl20Forward = sl20Resp.deepCopy();
+ final ObjectNode sl20Forward = httpResp.getResponseBody().deepCopy();
SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD,
command.deepCopy(), signedCommand);
@@ -223,7 +232,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl
final Locale locale = LocaleContextHolder.getLocale();
final String language = locale.getLanguage();
if (StringUtils.isNotEmpty(language)) {
- log.trace("Find i18n context. Inject locale: {} into VDA request", locale.getLanguage());
+ log.trace("Find i18n context). Inject locale: {} into VDA request", locale.getLanguage());
parameters.add(new BasicNameValuePair(
SL20Constants.PARAM_SL20_REQ_AUTH_VDA_LOCALE,
language.toUpperCase(locale)));
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
index 1d7c9646..d07c0e66 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
@@ -3,23 +3,129 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URISyntaxException;
+import java.text.MessageFormat;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.http.Header;
+import org.apache.http.HttpEntity;
+import org.apache.http.ParseException;
+import org.apache.http.StatusLine;
+import org.apache.http.client.ResponseHandler;
import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.util.EntityUtils;
import org.jose4j.base64url.Base64Url;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import com.fasterxml.jackson.databind.JsonNode;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+import lombok.Data;
+import lombok.Getter;
+
public class SL20HttpBindingUtils {
private static final Logger log = LoggerFactory.getLogger(SL20HttpBindingUtils.class);
+ private static JsonMapper mapper = new JsonMapper();
+
+ @Data
+ @Getter
+ public static class Sl20ResponseHolder {
+ private final JsonNode responseBody;
+ private final StatusLine responseStatus;
+ private SlCommandoParserException error;
+
+ }
+
+ /**
+ * Security-Layer 2.0 specific response-handler for Apache HTTP client.
+ *
+ * @return {@link Sl20ResponseHolder}
+ */
+ public static ResponseHandler<Sl20ResponseHolder> sl20ResponseHandler() {
+ return response -> {
+ try {
+ final int httpStatusCode = response.getStatusLine().getStatusCode();
+ if (httpStatusCode == HttpStatus.OK.value()) {
+ if (response.getEntity().getContentType() == null) {
+ throw new SlCommandoParserException("SL20 response contains NO ContentType");
+
+ }
+
+ if (!response.getEntity().getContentType().getValue().startsWith("application/json")) {
+ throw new SlCommandoParserException(
+ "SL20 response with a wrong ContentType: " + response.getEntity().getContentType().getValue());
+
+ }
+
+ //parse OK response from body
+ return new Sl20ResponseHolder(parseSL20ResultFromResponse(response.getEntity()),
+ response.getStatusLine());
+
+ } else if (httpStatusCode == HttpStatus.SEE_OTHER.value()
+ || httpStatusCode == HttpStatus.TEMPORARY_REDIRECT.value()) {
+ final Header[] locationHeader = response.getHeaders("Location");
+ if (locationHeader == null) {
+ throw new SlCommandoParserException("Find Redirect statuscode but not Location header");
+
+ }
+
+ final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
+ return new Sl20ResponseHolder(mapper.getMapper().readTree(Base64Url.decode(sl20RespString)),
+ response.getStatusLine());
+
+ } else if (
+ httpStatusCode == HttpStatus.INTERNAL_SERVER_ERROR.value()
+ || httpStatusCode == HttpStatus.UNAUTHORIZED.value()
+ || httpStatusCode == HttpStatus.BAD_REQUEST.value()) {
+ log.info("SL20 response with http-code: {}. Search for error message", httpStatusCode);
+
+ String bodyMsg = "_EMPTY_";
+ try {
+ //extract JSON body from defined http error-codes
+ bodyMsg = EntityUtils.toString(response.getEntity());
+ log.info("SL20 response with http-code: {0} and errorMsg: {1}", httpStatusCode, bodyMsg);
+ Sl20ResponseHolder holder = new Sl20ResponseHolder(
+ mapper.getMapper().readTree(bodyMsg), response.getStatusLine());
+ return holder;
+
+ } catch (final IOException | ParseException e) {
+ log.warn("SL20 response contains no valid JSON", e);
+ throw new SlCommandoParserException(MessageFormat.format(
+ "SL20 response with http-code: {0} with body: {1} and generic response-processing error: {2}",
+ httpStatusCode, bodyMsg, e.getMessage()));
+
+ }
+
+ } else {
+ //all other HTTP StatusCodes
+ throw new SlCommandoParserException(MessageFormat.format(
+ "SL20 response with http-code: {0} and errorMsg: {1}",
+ httpStatusCode, EntityUtils.toString(response.getEntity())));
+
+ }
+
+ } catch (SlCommandoParserException e) {
+ Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine());
+ holder.setError(e);
+ return holder;
+
+ } catch (final Exception e) {
+ Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine());
+ holder.setError(
+ new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e));
+ return holder;
+
+ }
+ };
+ }
+
/**
* Write SL2.0 response into http-response object
*
@@ -59,6 +165,24 @@ public class SL20HttpBindingUtils {
httpResp.setHeader("Location", clientRedirectUri.build().toString());
}
+ }
+
+ private static JsonNode parseSL20ResultFromResponse(final HttpEntity resp) throws Exception {
+ if (resp != null && resp.getContent() != null) {
+ final String rawSL20Resp = EntityUtils.toString(resp);
+ final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp);
+
+ // TODO: check sl20Resp type like && sl20Resp.isJsonObject()
+ if (sl20Resp != null) {
+ return sl20Resp;
+
+ } else {
+ throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object");
+ }
+
+ } else {
+ throw new SlCommandoParserException("Can NOT find content in http response");
+ }
}
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
index 40ea0430..bed25c0c 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java
@@ -8,12 +8,6 @@ import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import org.apache.http.Header;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.util.EntityUtils;
-import org.jose4j.base64url.Base64Url;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -299,84 +293,6 @@ public class SL20JsonExtractorUtils {
}
- /**
- * Extract generic transport container from httpResponse.
- *
- * @param httpResp Http response object
- * @return JSON with SL2.0 response
- * @throws SlCommandoParserException In case of an error
- */
- public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) throws SlCommandoParserException {
- try {
- JsonNode sl20Resp = null;
- if (httpResp.getStatusLine().getStatusCode() == 303 || httpResp.getStatusLine().getStatusCode() == 307) {
- final Header[] locationHeader = httpResp.getHeaders("Location");
- if (locationHeader == null) {
- throw new SlCommandoParserException("Find Redirect statuscode but not Location header");
- }
-
- final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
- sl20Resp = mapper.getMapper().readTree(Base64Url.decode(sl20RespString));
-
- } else if (httpResp.getStatusLine().getStatusCode() == 200) {
- if (httpResp.getEntity().getContentType() == null) {
- throw new SlCommandoParserException("SL20 response contains NO ContentType");
- }
-
- if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) {
- throw new SlCommandoParserException(
- "SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());
- }
- sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
-
- } else if (httpResp.getStatusLine().getStatusCode() == 500 || httpResp.getStatusLine().getStatusCode() == 401
- || httpResp.getStatusLine().getStatusCode() == 400) {
- log.info(
- "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + ". Search for error message");
-
- try {
- sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
-
- } catch (final Exception e) {
- log.warn("SL20 response contains no valid JSON", e);
- throw new SlCommandoParserException("SL20 response with http-code: "
- + httpResp.getStatusLine().getStatusCode() + " AND NO valid JSON errormsg", e);
-
- }
-
- } else {
- throw new SlCommandoParserException(
- "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode());
- }
-
- log.info("Find JSON object in http response");
- return sl20Resp;
-
- } catch (final Exception e) {
- throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e);
-
- }
- }
-
- private static JsonNode parseSL20ResultFromResponse(final HttpEntity resp) throws Exception {
- if (resp != null && resp.getContent() != null) {
- final String rawSL20Resp = EntityUtils.toString(resp);
- final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp);
-
- // TODO: check sl20Resp type like && sl20Resp.isJsonObject()
- if (sl20Resp != null) {
- return sl20Resp;
-
- } else {
- throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object");
- }
-
- } else {
- throw new SlCommandoParserException("Can NOT find content in http response");
- }
-
- }
-
private static JsonNode getAndCheck(final JsonNode input, final String keyID, final boolean isRequired)
throws SlCommandoParserException {
final JsonNode internal = input.get(keyID);
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
index 11881cbf..b9219ee4 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
@@ -1,20 +1,24 @@
package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;
+import java.security.Provider;
+import java.security.Security;
+
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.w3c.dom.Document;
+
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.w3c.dom.Document;
-
public abstract class AbstractSignatureService {
private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);
@@ -45,7 +49,7 @@ public abstract class AbstractSignatureService {
protected final void setUpContexts(final String transactionID) throws ConfigurationException {
final TransactionContextManager txMgr = TransactionContextManager.getInstance();
final LoggingContextManager logMgr = LoggingContextManager.getInstance();
-
+
if (txMgr.getTransactionContext() == null) {
log.debug("Set not MOA-Sig transaction context");
final TransactionContext ctx =
@@ -54,16 +58,32 @@ public abstract class AbstractSignatureService {
}
+ //set Logging context into MOA-Sig
if (logMgr.getLoggingContext() == null) {
final LoggingContext ctx = new LoggingContext(transactionID);
logMgr.setLoggingContext(ctx);
}
- //new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig());
+ //dump Java Security-Providers
+ if (log.isTraceEnabled()) {
+ log.trace("Set-Up verifier Bean: {}", this);
+ dumpSecProviders("MOA-Sig Context-Set-Up");
+
+ }
+
+ new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig());
}
+ private static void dumpSecProviders(String message) {
+ log.trace("Security Providers: {}", message);
+ for (final Provider provider : Security.getProviders()) {
+ log.trace(" - {} - {}", provider.getName(), provider.getVersion());
+
+ }
+ }
+
/**
* Tear down thread-local context information.
*/