diff options
72 files changed, 1677 insertions, 561 deletions
diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml index 2993110d..a1eee06e 100644 --- a/eaaf_core/pom.xml +++ b/eaaf_core/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java index 48c9d1bd..86c50be0 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java @@ -69,10 +69,17 @@ public class RequestStorage implements IRequestStorage { // search invalid pending-request for errorHandling IRequest invalidPendingRequest = null; - try { + try { if (StringUtils.isNotEmpty(e.getInvalidInternalPendingReqId())) { + log.debug("Searching for expired pendingRequest with Id: {} ... ", e.getInvalidInternalPendingReqId()); invalidPendingRequest = transactionStorage.get(e.getInvalidInternalPendingReqId(), IRequest.class); + log.debug("{} expired pendingReq. Set it into Exception ...", + invalidPendingRequest != null ? "Find" : "Find NO "); + + } else { + log.debug("Get no internal pendingRequestId. Expired pendingRequest can not be set"); + } } catch (final EaafException e1) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 72fa1faf..50bf76db 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -22,13 +22,24 @@ package at.gv.egiz.eaaf.core.impl.idp.auth.services; import java.io.IOException; import java.io.PrintWriter; import java.io.StringWriter; -import java.util.Arrays; -import java.util.List; +import java.util.HashSet; +import javax.annotation.PostConstruct; import javax.naming.ConfigurationException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.lang.NonNull; +import org.springframework.lang.Nullable; +import org.springframework.stereotype.Service; + import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; @@ -41,6 +52,7 @@ import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; @@ -58,30 +70,22 @@ import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.http.HttpUtils; import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; -import org.apache.commons.lang3.ArrayUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.commons.text.StringEscapeUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.lang.NonNull; -import org.springframework.lang.Nullable; -import org.springframework.stereotype.Service; - @Service public class ProtocolAuthenticationService implements IProtocolAuthenticationService { private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class); - private static final List<String> ERROR_LOGGER_ON_INFO_LEVEL = - Arrays.asList(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_USERSTOP); + private static final String CONFIG_PROP_LOGGER_ON_INFO_LEVEL = + "core.logging.level.info.errorcodes"; + private static final String TECH_LOG_MSG = "errorCode={} Message={}"; @Autowired(required = true) private ApplicationContext applicationContext; @@ -97,6 +101,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer private IRequestStorage requestStorage; @Autowired(required = true) IPendingRequestIdGenerationStrategy pendingReqIdGenerationStrategy; + @Autowired private IConfiguration basicConfig; @Autowired(required = false) private ISsoManager ssoManager; @@ -107,6 +112,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer private IGuiFormBuilder guiBuilder; + private final HashSet<String> logOnInfoLevel = new HashSet<>(); + /* * (non-Javadoc) * @@ -170,7 +177,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Override public void finalizeAuthentication(final HttpServletRequest req, final HttpServletResponse resp, final IRequest pendingReq) throws EaafException, IOException { - log.debug("Finalize PendingRequest with ID " + pendingReq.getPendingRequestId()); + log.debug("Finalize PendingRequest with ID={} ", pendingReq.getPendingRequestId()); try { // check if pending-request has 'abortedByUser' flag set @@ -204,7 +211,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } } catch (final Exception e) { - log.error("Finalize authentication protocol FAILED.", e); + log.info("Finalize authentication protocol FAILED. Reason: {}", e.getMessage()); buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); } finally { @@ -227,7 +234,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { log.error( "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - throw new Exception( + throw new ClassCastException( "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); } @@ -246,8 +253,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer revisionsLogger.logEvent(protocolRequest, EventConstants.TRANSACTION_ERROR, protocolRequest.getUniqueTransactionIdentifier()); - return; - } else { handleErrorNoRedirect(throwable, req, resp, true); @@ -302,31 +307,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectUrl); - log.debug("REDIRECT TO: " + redirectUrl); + log.debug("REDIRECT TO: {}", redirectUrl); } } - private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest first, String errorId) { - if (first != null && first.isProcessInIframe()) { - return guiConfigFactory.getDefaultIFrameParentHopGui(first, - "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, - errorId); - - } - - return null; - } - - private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) { - String redirectUrl = null; - redirectUrl = ServletUtils.getBaseUrl(req); - redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" - + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey; - return redirectUrl; - - } - public void setGuiBuilder(final IGuiFormBuilder guiBuilder) { this.guiBuilder = guiBuilder; } @@ -391,6 +376,51 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } /** + * Write a Exception to the MOA-ID-Auth internal technical log. + * + * @param loggedException Exception to log + */ + protected void logExceptionToTechnicalLog(final Throwable loggedException) { + // In case of a TaskExecutionException, which is only a container for process-errors, + // extract internal exception + Throwable toLog; + if (loggedException instanceof TaskExecutionException + && ((TaskExecutionException)loggedException).getOriginalException() != null) { + toLog = ((TaskExecutionException)loggedException).getOriginalException(); + + } else { + toLog = loggedException; + + } + + // Log exception + if (!(toLog instanceof EaafException)) { + log.error(TECH_LOG_MSG, IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, + toLog.getMessage(), toLog); + + } else { + if (logOnInfoLevel.contains(((EaafException) toLog).getErrorId())) { + log.info(TECH_LOG_MSG, ((EaafException) toLog).getErrorId(), + toLog.getMessage(), toLog); + + } else { + log.warn(TECH_LOG_MSG, ((EaafException) toLog).getErrorId(), + toLog.getMessage(), toLog); + + } + } + } + + @PostConstruct + private void initializer() { + log.trace("Initializing {} ...", ProtocolAuthenticationService.class.getName()); + logOnInfoLevel.addAll(KeyValueUtils.getListOfCsvValues( + basicConfig.getBasicConfiguration(CONFIG_PROP_LOGGER_ON_INFO_LEVEL))); + log.info("Set errorCodes={} to LogLevel:INFO", String.join(",", logOnInfoLevel)); + + } + + /** * Executes the requested protocol action. * * @param httpReq HttpServletRequest @@ -411,7 +441,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer if (clazz == null || !IAction.class.isAssignableFrom(clazz)) { log.error( "Requested protocol-action processing Class is NULL or does not implement the IAction interface."); - throw new Exception( + throw new ClassCastException( "Requested protocol-action processing Class is NULL or does not implement the IAction interface."); } @@ -422,50 +452,16 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } catch (final ClassNotFoundException e) { log.error( "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); - throw new Exception( - "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + throw new ClassNotFoundException( + "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.", e); } } - /** - * Write a Exception to the MOA-ID-Auth internal technical log. - * - * @param loggedException Exception to log - */ - protected void logExceptionToTechnicalLog(final Throwable loggedException) { - if (!(loggedException instanceof EaafException - || loggedException instanceof ProcessExecutionException)) { - log.error("Receive an internal error: Message=" + loggedException.getMessage(), - loggedException); - - } else { - if (loggedException instanceof EaafAuthenticationException && ERROR_LOGGER_ON_INFO_LEVEL - .contains(((EaafAuthenticationException) loggedException).getErrorId())) { - if (log.isDebugEnabled() || log.isTraceEnabled()) { - log.info(loggedException.getMessage(), loggedException); - - } else { - log.info(loggedException.getMessage()); - - } - - } else { - if (log.isDebugEnabled() || log.isTraceEnabled()) { - log.warn(loggedException.getMessage(), loggedException); - - } else { - log.warn(loggedException.getMessage()); - - } - } - } - } - private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq, @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode, @Nullable final Object[] params, - @NonNull final Exception error) throws IOException, EaafException { + @NonNull final Exception error) throws EaafException { try { final IGuiBuilderConfiguration config = @@ -543,13 +539,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } // write error message - // writeBadRequestErrorResponse(req, resp, (EAAFException) e); writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e), null, e); } else if (e instanceof InvalidProtocolRequestException) { // send error response - // writeBadRequestErrorResponse(req, resp, (EAAFException) e); writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e), null, e); @@ -572,4 +566,24 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } + private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest first, String errorId) { + if (first != null && first.isProcessInIframe()) { + return guiConfigFactory.getDefaultIFrameParentHopGui(first, + "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, + errorId); + + } + + return null; + } + + private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) { + String redirectUrl = null; + redirectUrl = ServletUtils.getBaseUrl(req); + redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" + + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey; + return redirectUrl; + + } + } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java new file mode 100644 index 00000000..08911ac7 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java @@ -0,0 +1,37 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class PiiTransactionIdAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { + + @Override + public String getName() { + return EID_PII_TRANSACTION_ID_NAME; + + } + + @Override + public <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + String piiTransactionId = authData.getGenericData(EID_PII_TRANSACTION_ID_NAME, String.class); + log.trace("{} piiTransactionId: {} as attribute", + piiTransactionId != null ? "Set" : "Notset", log.isTraceEnabled() ? piiTransactionId : "********"); + return g.buildStringAttribute(EID_PII_TRANSACTION_ID_FRIENDLY_NAME, EID_PII_TRANSACTION_ID_NAME, + piiTransactionId); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_PII_TRANSACTION_ID_FRIENDLY_NAME, EID_PII_TRANSACTION_ID_NAME); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java index 44ff4e50..924e2a9f 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java @@ -30,7 +30,7 @@ public class SpUsesMandates implements IAttributeBuilder, ExtendedPvpAttributeDe @Override public String getName() { - return SP_USESMANDATES_NAME; + return SP_USED_MANDATE_PROFILES_NAME; } @Override @@ -44,7 +44,7 @@ public class SpUsesMandates implements IAttributeBuilder, ExtendedPvpAttributeDe @Override public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(SP_USESMANDATES_FRIENDLY_NAME, SP_USESMANDATES_NAME); + return g.buildEmptyAttribute(SP_USED_MANDATE_PROFILES_FRIENDLY_NAME, SP_USED_MANDATE_PROFILES_NAME); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java new file mode 100644 index 00000000..17b830dc --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java @@ -0,0 +1,33 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; + +public class TransactionIdAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { + + @Override + public String getName() { + return EID_TRANSACTION_ID_NAME; + + } + + @Override + public <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + return g.buildStringAttribute(EID_TRANSACTION_ID_FRIENDLY_NAME, EID_TRANSACTION_ID_NAME, + TransactionIdUtils.getTransactionId()); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_TRANSACTION_ID_FRIENDLY_NAME, EID_TRANSACTION_ID_NAME); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java index e9687833..0479a8c5 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java @@ -26,6 +26,14 @@ import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.util.SerializationUtils; +import org.springframework.web.bind.annotation.ExceptionHandler; + import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IStatusMessenger; @@ -35,19 +43,12 @@ import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.utils.Random; - -import org.apache.commons.text.StringEscapeUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.web.bind.annotation.ExceptionHandler; /** * Basic application controller that implements core error-handling. @@ -73,6 +74,9 @@ public abstract class AbstractController { @Autowired protected IRevisionLogger revisionsLogger; + @Autowired + protected IPendingRequestIdGenerationStrategy reqIdGenerationStrategy; + /** * EAAF framework exception handler. * @@ -167,18 +171,30 @@ public abstract class AbstractController { } // put exception into transaction store for redirect - final String errorKey = Random.nextLongRandom(); + final String errorToken = reqIdGenerationStrategy.generateExternalPendingRequestId(); + final String errorKey = reqIdGenerationStrategy.getPendingRequestIdWithOutChecks(errorToken); + if (errorToHandle.getFirst() != null) { revisionsLogger.logEvent(errorToHandle.getFirst(), EventConstants.TRANSACTION_ERROR); - transactionStorage.put(errorKey, new ExceptionContainer(errorToHandle.getFirst(), errorToHandle - .getSecond()), -1); + + log.trace("Serializing {} ... ", ExceptionContainer.class.getName()); + final byte[] serializedError = SerializationUtils.serialize( + new ExceptionContainer(errorToHandle.getFirst(), errorToHandle.getSecond())); + + log.debug("Put 'ExceptionContainer' into cache with id: {}... ", errorKey); + transactionStorage.put(errorKey, serializedError, -1); } else { - transactionStorage.put(errorKey, new ExceptionContainer(null, errorToHandle.getSecond()), -1); + log.trace("Serializing {} ... ", ExceptionContainer.class.getName()); + final byte[] serializedError = SerializationUtils.serialize( + new ExceptionContainer(null, errorToHandle.getSecond())); + + log.trace("Put 'ExceptionContainer' into cache with id: {}... ",errorKey); + transactionStorage.put(errorKey, serializedError, -1); } - return errorKey; + return errorToken; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java index 098bca4c..2ce728c1 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java @@ -36,6 +36,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; /** @@ -85,6 +86,9 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont // wake up next task processEngine.signal(pendingReq); + } catch (PendingReqIdValidationException e) { + handleError(null, e, req, resp, e.getInvalidPendingReq()); + } catch (final Exception ex) { handleError(null, ex, req, resp, pendingReq); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 17da63f5..4ff41836 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -29,6 +29,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; +import org.springframework.util.SerializationUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -38,7 +39,9 @@ import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; /** * Protocol finialization end-point. @@ -54,6 +57,7 @@ public class ProtocolFinalizationController extends AbstractController { @Autowired(required = true) IRequestStorage requestStorage; + @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; /** * End-Point to handle errors. @@ -67,35 +71,57 @@ public class ProtocolFinalizationController extends AbstractController { public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { // receive an authentication error - final String errorid = + final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); - if (errorid != null) { + if (errorToken != null) { IRequest pendingReq = null; - try { + try { + String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); + log.debug("Searching exception with internal error-token: {}", errorId); + // load stored exception from database - final ExceptionContainer container = - transactionStorage.get(errorid, ExceptionContainer.class); - if (container != null) { + final byte[] containerSerialized = + transactionStorage.get(errorId, byte[].class); + if (containerSerialized != null) { // remove exception if it was found - transactionStorage.remove(errorid); - - final Throwable throwable = container.getExceptionThrown(); - pendingReq = container.getPendingRequest(); - - if (pendingReq != null) { - // build protocol-specific error message if possible - protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); - - // remove active user-session - transactionStorage.remove(pendingReq.getPendingRequestId()); - - return; + transactionStorage.remove(errorId); + log.trace("Find exception with internal error-token: {}", errorId); + + //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized, + // Arrays.asList( + // ExceptionContainer.class.getName() + // )); + final Object containerObj = SerializationUtils.deserialize(containerSerialized); + + if (containerObj instanceof ExceptionContainer) { + final ExceptionContainer container = (ExceptionContainer) containerObj; + final Throwable throwable = container.getExceptionThrown(); + pendingReq = container.getPendingRequest(); + + if (pendingReq != null) { + //set MDC variables + TransactionIdUtils.setAllLoggingVariables(pendingReq); + + // build protocol-specific error message if possible + protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); + + // remove active user-session + transactionStorage.remove(pendingReq.getPendingRequestId()); + + } else { + protAuthService.handleErrorNoRedirect(throwable, req, resp, true); + + } } else { - protAuthService.handleErrorNoRedirect(throwable, req, resp, true); + protAuthService.handleErrorNoRedirect( + new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null), + req, resp, false); } + } else { + log.info("Find no exception with internal error-token: {}", errorId); protAuthService.handleErrorNoRedirect( new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, resp, false); @@ -114,6 +140,9 @@ public class ProtocolFinalizationController extends AbstractController { pendingReq.getUniqueTransactionIdentifier()); } + + //remove all Logger variables + TransactionIdUtils.removeAllLoggingVariables(); } @@ -152,9 +181,14 @@ public class ProtocolFinalizationController extends AbstractController { req, resp, false); } else { + //set MDC variables + TransactionIdUtils.setAllLoggingVariables(pendingReq); + + //perform protocol finalization steps protAuthService.finalizeAuthentication(req, resp, pendingReq); + } - + } } diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 30f1cb57..f57c3787 100644 --- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -12,4 +12,6 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityLinkBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidEidTokenBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidSignerCertificate at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler -at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidCcsUrl
\ No newline at end of file +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidCcsUrl +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.TransactionIdAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PiiTransactionIdAttributeBuilder diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java new file mode 100644 index 00000000..82ac0abf --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java @@ -0,0 +1,64 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import java.util.UUID; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PiiTransactionIdAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; + +/** + * Attribute builder to generate an attribute that holds the unique TransactionId for this process. + * <br> + * The attribute-value is read from {@link TransactionIdUtils} with method <code>getTransactionId()</code> + * + * @author tlenz + * + */ +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class PiiTransactionIdAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilder = new PiiTransactionIdAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.piiTransactionId", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void noPiiTransactionId() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withPiiTransactionId() throws AttributeBuilderException, Exception { + String piiTransId = UUID.randomUUID().toString(); + IAuthData authData = buildAuthData(); + ((AuthenticationData)authData).setGenericData("urn:eidgvat:attributes.piiTransactionId", piiTransId); + + String value = attrBuilder.build(spConfig, authData, gen); + Assert.assertEquals("piiTransactionId", piiTransId, value); + + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java new file mode 100644 index 00000000..d82bdf5c --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java @@ -0,0 +1,60 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.TransactionIdAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; + +/** + * Attribute builder to generate an attribute that holds the unique TransactionId for this process. + * <br> + * The attribute-value is read from {@link TransactionIdUtils} with method <code>getTransactionId()</code> + * + * @author tlenz + * + */ +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class TransactionIdAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilder = new TransactionIdAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.transactionId", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void noTransactionId() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withTransactionId() throws AttributeBuilderException, Exception { + TransactionIdUtils.setTransactionId(); + String transId = TransactionIdUtils.getTransactionId(); + Assert.assertNull("Inputdata is null", transId); + + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertEquals("TransactionId", transId, value); + + } + +} diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml index 92a8b38c..1db5069c 100644 --- a/eaaf_core_api/pom.xml +++ b/eaaf_core_api/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_api</artifactId> diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java index 727c360c..37db2fa4 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java @@ -21,6 +21,9 @@ package at.gv.egiz.eaaf.core.api.data; public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions { + String EIDAS_CONNECTOR_UNIQUEID_NAME = "urn:eidgvat:attributes.eidas.uniqueId"; + String EIDAS_CONNECTOR_UNIQUEID_FRIENDLY_NAME = "EidasNode-UniqueId"; + String SP_UNIQUEID_NAME = "urn:eidgvat:attributes.ServiceProviderUniqueId"; String SP_UNIQUEID_FRIENDLY_NAME = "ServiceProvider-UniqueId"; @@ -30,8 +33,8 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions String SP_COUNTRYCODE_NAME = "urn:eidgvat:attributes.ServiceProviderCountryCode"; String SP_COUNTRYCODE_FRIENDLY_NAME = "ServiceProvider-CountryCode"; - String SP_USESMANDATES_NAME = "urn:eidgvat:attributes.ServiceProviderMandateProfiles"; - String SP_USESMANDATES_FRIENDLY_NAME = "ServiceProvider-MandateProfiles"; + String SP_USED_MANDATE_PROFILES_NAME = "urn:eidgvat:attributes.ServiceProviderMandateProfiles"; + String SP_USED_MANDATE_PROFILES_FRIENDLY_NAME = "ServiceProvider-MandateProfiles"; /* Attributes for E-ID */ String EID_ENCRYPTED_SOURCEID_NAME = "urn:eidgvat:attributes.vsz.value"; @@ -43,9 +46,15 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions String EID_EIDBIND_NAME = "urn:eidgvat:attributes.eidbind"; String EID_EIDBIND_FRIENDLY_NAME = "eidBind"; - String EID_CONSENT_SIGNED_NAME = "urn:eidgvat:attributes.consent.signed"; - String EID_CONSENT_SIGNED_FRIENDLY_NAME = "userConsent"; + String EID_AUTHBLOCK_SIGNED_NAME = "urn:eidgvat:attributes.authblock.signed"; + String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock"; + String EID_TRANSACTION_ID_NAME = "urn:eidgvat:attributes.transactionId"; + String EID_TRANSACTION_ID_FRIENDLY_NAME = "transactionId"; + + String EID_PII_TRANSACTION_ID_NAME = "urn:eidgvat:attributes.piiTransactionId"; + String EID_PII_TRANSACTION_ID_FRIENDLY_NAME = "piiTransactionId"; + String EID_MIS_MANDATE_NAME = "urn:eidgvat:attributes.mis.mandate"; String EID_MIS_MANDATE_FRIENDLY_NAME = "mandate"; diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java index 62aa8852..6626d24d 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java @@ -30,7 +30,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; * */ public interface IAuthData { - + /** * BaseId transfer policy. * diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java index d1d68c2d..2c0fe55f 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java @@ -96,16 +96,16 @@ public interface IProtocolAuthenticationService { /** * Forward the process to error-handler in case of an error. - * + * * @param errorToHandle Error to handle * @param errorKey ErrorId for error-handler * @param req HTTP response * @param resp HTTP response * @throws GuiBuildException In case of an GUI generation error */ - void forwardToErrorHandler(Pair<IRequest, Throwable> errorToHandle, String errorKey, + void forwardToErrorHandler(Pair<IRequest, Throwable> errorToHandle, String errorKey, HttpServletRequest req, HttpServletResponse resp) throws GuiBuildException; - - - + + + } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java index ddc051b0..e7c968b5 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java @@ -15,10 +15,10 @@ public class PendingReqIdValidationException extends EaafException { * Pending-Request Id validation error. * * @param internalPendingReqId Internal Pending-Request Id - * @param reason error-message + * @param errorId Detailed Id of the error */ - public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String reason) { - super("process.99", new Object[] { internalPendingReqId, reason }); + public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String errorId) { + super(errorId, new Object[] { internalPendingReqId}); this.invalidInternalPendingReqId = internalPendingReqId; } @@ -27,12 +27,12 @@ public class PendingReqIdValidationException extends EaafException { * Pending-Request Id validation error. * * @param internalPendingReqId Internal Pending-Request Id - * @param reason error-message + * @param errorId Detailed Id of the error * @param e error */ - public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String reason, + public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String errorId, final Throwable e) { - super("process.99", new Object[] { internalPendingReqId, reason }, e); + super(errorId, new Object[] { internalPendingReqId, errorId }, e); this.invalidInternalPendingReqId = internalPendingReqId; } diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index ad59049b..947faf4b 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_utils</artifactId> diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index 955648c6..1c6e6e76 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -27,6 +27,11 @@ import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; @@ -37,12 +42,6 @@ import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricK import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; - import lombok.extern.slf4j.Slf4j; @Slf4j @@ -246,7 +245,8 @@ public class EaafKeyStoreFactory { clientUsername, clientPassword, hsmFacadeHost, port); if (rawProvider instanceof Provider) { - Security.insertProviderAt((Provider) rawProvider, 0); + Security.addProvider((Provider) rawProvider); + isHsmFacadeInitialized = true; log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", EaafKeyStoreFactory.class.getSimpleName()); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java index 647c0636..07522b56 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java @@ -4,6 +4,8 @@ import java.security.KeyStore; import java.security.Provider; import java.util.HashMap; import java.util.Map; +import java.util.Map.Entry; +import java.util.concurrent.TimeUnit; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; @@ -23,6 +25,7 @@ import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; import org.apache.http.config.SocketConfig; +import org.apache.http.conn.HttpClientConnectionManager; import org.apache.http.conn.socket.ConnectionSocketFactory; import org.apache.http.conn.socket.LayeredConnectionSocketFactory; import org.apache.http.conn.socket.PlainConnectionSocketFactory; @@ -33,10 +36,12 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.DefaultRedirectStrategy; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; +import org.apache.http.impl.conn.BasicHttpClientConnectionManager; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.protocol.HttpContext; import org.apache.http.ssl.SSLContexts; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.scheduling.annotation.Scheduled; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; @@ -65,10 +70,10 @@ public class HttpClientFactory implements IHttpClientFactory { public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION = "client.http.connection.timeout.connection"; public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = - "client.http.connection.timeout.request"; - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT = + "client.http.connection.timeout.request"; + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT = "client.http.connection.retry.count"; - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST = + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST = "client.http.connection.retry.post"; public static final String PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL = "client.http.ssl.hostnameverifier.trustall"; @@ -97,9 +102,14 @@ public class HttpClientFactory implements IHttpClientFactory { public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100"; public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT = "3"; public static final String DEFAUTL_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST = String.valueOf(false); + + public static final int DEFAULT_CLEANUP_RUNNER_TIME = 30000; + public static final int DEFAULT_CLEANUP_IDLE_TIME = 60; + private String defaultConfigurationId = null; - private final Map<String, HttpClientBuilder> availableBuilders = new HashMap<>(); + private final Map<String, Pair<HttpClientBuilder, HttpClientConnectionManager>> + availableBuilders = new HashMap<>(); /* * (non-Javadoc) @@ -114,7 +124,7 @@ public class HttpClientFactory implements IHttpClientFactory { @Override public CloseableHttpClient getHttpClient(final boolean followRedirects) { - return availableBuilders.get(defaultConfigurationId).setRedirectStrategy( + return availableBuilders.get(defaultConfigurationId).getFirst().setRedirectStrategy( buildRedirectStrategy(followRedirects)).build(); } @@ -124,30 +134,31 @@ public class HttpClientFactory implements IHttpClientFactory { log.trace("Build http client for: {}", config.getFriendlyName()); HttpClientBuilder builder = null; if (availableBuilders.containsKey(config.getUuid())) { - builder = availableBuilders.get(config.getUuid()); + builder = availableBuilders.get(config.getUuid()).getFirst(); } else { log.debug("Initialize new http-client builder for: {}", config.getFriendlyName()); - //validate configuration object + // validate configuration object config.validate(); builder = HttpClients.custom(); - - //inject request configuration + + // inject request configuration builder.setDefaultRequestConfig(buildDefaultRequestConfig()); injectInternalRetryHandler(builder, config); - - //inject basic authentication infos + + // inject basic authentication infos injectBasicAuthenticationIfRequired(builder, config); - //inject authentication if required + // inject authentication if required final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(config); // set pool connection if required - injectDefaultConnectionPoolIfRequired(builder, sslConnectionFactory); + HttpClientConnectionManager connectionManager + = injectConnectionManager(builder, sslConnectionFactory); - availableBuilders.put(config.getUuid(), builder); + availableBuilders.put(config.getUuid(), Pair.newInstance(builder, connectionManager)); } @@ -156,27 +167,45 @@ public class HttpClientFactory implements IHttpClientFactory { } - private void injectInternalRetryHandler(HttpClientBuilder builder, HttpClientConfiguration config) { + /** + * Worker that closes expired connections or connections that in idle + * for more than DEFAULT_CLEANUP_IDLE_TIME seconds. + * + */ + @Scheduled(fixedDelay = DEFAULT_CLEANUP_RUNNER_TIME) + private void httpConnectionPoolCleaner() { + log.trace("Starting http connection-pool eviction policy ... "); + for (final Entry<String, Pair<HttpClientBuilder, HttpClientConnectionManager>> el + : availableBuilders.entrySet()) { + log.trace("Checking connections of http-client: {}", el.getKey()); + el.getValue().getSecond().closeExpiredConnections(); + el.getValue().getSecond().closeIdleConnections(DEFAULT_CLEANUP_IDLE_TIME, TimeUnit.SECONDS); + + } + + } + + private void injectInternalRetryHandler(HttpClientBuilder builder, HttpClientConfiguration config) { if (config.getHttpErrorRetryCount() > 0) { - log.info("Set HTTP error-retry to {} for http-client: {}", + log.info("Set HTTP error-retry to {} for http-client: {}", config.getHttpErrorRetryCount(), config.getFriendlyName()); builder.setRetryHandler(new EaafHttpRequestRetryHandler( - config.getHttpErrorRetryCount(), - config.isHttpErrorRetryPost())); - + config.getHttpErrorRetryCount(), + config.isHttpErrorRetryPost())); + if (config.getServiceUnavailStrategy() != null) { log.debug("HttpClient configuration: {} set custom ServiceUnavailableRetryStrategy: {}", config.getFriendlyName(), config.getServiceUnavailStrategy().getClass().getName()); builder.setServiceUnavailableRetryStrategy(config.getServiceUnavailStrategy()); - + } - + } else { log.info("Disable HTTP error-retry for http-client: {}", config.getFriendlyName()); builder.disableAutomaticRetries(); - + } - + } @PostConstruct @@ -190,8 +219,8 @@ public class HttpClientFactory implements IHttpClientFactory { // set default request configuration defaultHttpClientBuilder.setDefaultRequestConfig(buildDefaultRequestConfig()); injectInternalRetryHandler(defaultHttpClientBuilder, defaultHttpClientConfig); - - //inject http basic authentication + + // inject http basic authentication injectBasicAuthenticationIfRequired(defaultHttpClientBuilder, defaultHttpClientConfig); // inject authentication if required @@ -199,11 +228,13 @@ public class HttpClientFactory implements IHttpClientFactory { getSslContext(defaultHttpClientConfig); // set pool connection if required - injectDefaultConnectionPoolIfRequired(defaultHttpClientBuilder, sslConnectionFactory); + HttpClientConnectionManager connectionManager + = injectConnectionManager(defaultHttpClientBuilder, sslConnectionFactory); - //set default http client builder + // set default http client builder defaultConfigurationId = defaultHttpClientConfig.getUuid(); - availableBuilders.put(defaultConfigurationId, defaultHttpClientBuilder); + availableBuilders.put(defaultConfigurationId, + Pair.newInstance(defaultHttpClientBuilder, connectionManager)); } @@ -239,13 +270,12 @@ public class HttpClientFactory implements IHttpClientFactory { PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)); config.setHttpErrorRetryCount(Integer.parseInt(basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT, + PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT))); config.setHttpErrorRetryPost(Boolean.parseBoolean(basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST, + PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST, DEFAUTL_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST))); - - + // validate configuration object config.validate(); @@ -280,7 +310,8 @@ public class HttpClientFactory implements IHttpClientFactory { SSLContext sslContext = null; if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) { log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType()); - final Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig()); + final Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig + .getKeyStoreConfig()); log.trace("Injecting SSL client-authentication into http client ... "); sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore, @@ -290,7 +321,7 @@ public class HttpClientFactory implements IHttpClientFactory { } else { log.trace("Initializing default SSL Context ... "); sslContext = SSLContexts.createDefault(); - + } // set hostname verifier @@ -308,48 +339,37 @@ public class HttpClientFactory implements IHttpClientFactory { } - private void injectDefaultConnectionPoolIfRequired( + @Nonnull + private HttpClientConnectionManager injectConnectionManager( HttpClientBuilder builder, final LayeredConnectionSocketFactory sslConnectionFactory) { if (basicConfig.getBasicConfigurationBoolean(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE, true)) { - PoolingHttpClientConnectionManager pool; - - // set socketFactoryRegistry if SSLConnectionFactory is Set - if (sslConnectionFactory != null) { - final Registry<ConnectionSocketFactory> socketFactoryRegistry = - RegistryBuilder.<ConnectionSocketFactory>create() - .register("http", PlainConnectionSocketFactory.getSocketFactory()) - .register("https", sslConnectionFactory).build(); - log.trace("Inject SSLSocketFactory into pooled connection"); - pool = new PoolingHttpClientConnectionManager(socketFactoryRegistry); - - } else { - pool = new PoolingHttpClientConnectionManager(); - - } - - pool.setDefaultMaxPerRoute(Integer.parseInt( + PoolingHttpClientConnectionManager connectionPool + = new PoolingHttpClientConnectionManager(getDefaultRegistry(sslConnectionFactory)); + connectionPool.setDefaultMaxPerRoute(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE))); - pool.setMaxTotal(Integer.parseInt( + connectionPool.setMaxTotal(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL))); - - pool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt( + connectionPool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) * 1000).build()); + builder.setConnectionManager(connectionPool); + log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", + connectionPool.getMaxTotal(), connectionPool.getDefaultMaxPerRoute()); + return connectionPool; + + } else { + log.debug("Building http-client without Connection-Pool ... "); + final BasicHttpClientConnectionManager basicPool = new BasicHttpClientConnectionManager( + getDefaultRegistry(sslConnectionFactory)); + builder.setConnectionManager(basicPool); + return basicPool; - builder.setConnectionManager(pool); - log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(), - pool.getDefaultMaxPerRoute()); - - } else if (sslConnectionFactory != null) { - log.trace("Inject SSLSocketFactory without connection pool"); - builder.setSSLSocketFactory(sslConnectionFactory); - } - + } private RequestConfig buildDefaultRequestConfig() { @@ -392,5 +412,25 @@ public class HttpClientFactory implements IHttpClientFactory { return redirectStrategy; } + + private static Registry<ConnectionSocketFactory> getDefaultRegistry( + final LayeredConnectionSocketFactory sslConnectionFactory) { + final RegistryBuilder<ConnectionSocketFactory> builder = + RegistryBuilder.<ConnectionSocketFactory>create() + .register("http", PlainConnectionSocketFactory.getSocketFactory()); + + if (sslConnectionFactory != null) { + log.trace("Inject own SSLSocketFactory into pooled connection"); + builder.register("https", sslConnectionFactory); + + } else { + log.trace("Inject default SSLSocketFactory into pooled connection"); + builder.register("https", SSLConnectionSocketFactory.getSocketFactory()); + + } + + return builder.build(); + + } } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java index 81ebe1fe..10555822 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java @@ -18,6 +18,7 @@ package at.gv.egiz.eaaf.core.impl.http; +import java.io.IOException; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -31,10 +32,15 @@ import javax.net.ssl.SSLContext; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; +import org.apache.http.HttpResponse; +import org.apache.http.StatusLine; +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.ResponseHandler; import org.apache.http.conn.ssl.TrustAllStrategy; import org.apache.http.ssl.SSLContextBuilder; import org.apache.http.ssl.SSLContexts; import org.apache.http.ssl.TrustStrategy; +import org.apache.http.util.EntityUtils; import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; @@ -47,6 +53,23 @@ public class HttpUtils { private static final String ERROR_03 = "internal.httpclient.03"; + + /** + * Simple Http response-handler that only give http status-code as result. + * + * @return Status-Code of http response + */ + public static ResponseHandler<StatusLine> simpleStatusCodeResponseHandler() { + return new ResponseHandler<StatusLine>() { + @Override + public StatusLine handleResponse(HttpResponse response) throws ClientProtocolException, IOException { + EntityUtils.consumeQuietly(response.getEntity()); + return response.getStatusLine(); + + } + }; + } + /** * Helper method to retrieve server URL including context path. * diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/pvp/PvpRProfileHttpHeaders.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/pvp/PvpRProfileHttpHeaders.java new file mode 100644 index 00000000..cd6d7404 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/pvp/PvpRProfileHttpHeaders.java @@ -0,0 +1,86 @@ +package at.gv.egiz.eaaf.core.impl.http.pvp; + +/** + * PVP2 R-Profile HTTP-Header definitions. + * + * @author tlenz + * + */ +public class PvpRProfileHttpHeaders { + + //PVP 1.x headers + public static final String PVP_1X_VALUE_VERSION_PREFIX = "1."; + + public static final String PVP_1X_PREFIX = "X-"; + public static final String PVP_1X_VERSION_NAME = "Version"; + public static final String PVP_1X_USERID_NAME = "AUTHENTICATE-UserID"; + public static final String PVP_1X_GID_NAME = "AUTHENTICATE-GVGID"; + public static final String PVP_1X_PARTICIPANT_ID_NAME = "AUTHENTICATE-PARTICIPANTID"; + public static final String PVP_1X_GV_OU_ID_NAME = "AUTHENTICATE-GVOUID"; + public static final String PVP_1X_OU_NAME = "AUTHENTICATE-OU"; + public static final String PVP_1X_FUNCTION_NAME = "AUTHENTICATE-GVFUNCTION"; + public static final String PVP_1X_SECCLASS_NAME = "AUTHENTICATE-gvSecClass"; + public static final String PVP_1X_CN_NAME = "AUTHENTICATE-cn"; + public static final String PVP_1X_COST_CENTER_ID_NAME = "ACCOUNTING-CostCenterId"; + public static final String PVP_1X_INVOICE_RECPT_ID_NAME = "ACCOUNTING-InvoiceRecptId"; + public static final String PVP_1X_ROLES_NAME = "AUTHORIZE-ROLES"; + public static final String PVP_1X_GV_OU_OKZ_NAME = "AUTHENTICATE-GVOUOKZ"; + public static final String PVP_1X_VERSION = PVP_1X_PREFIX + PVP_1X_VERSION_NAME; + public static final String PVP_1X_USERID = PVP_1X_PREFIX + PVP_1X_USERID_NAME; + public static final String PVP_1X_GID = PVP_1X_PREFIX + PVP_1X_GID_NAME; + public static final String PVP_1X_PARTICIPANT_ID = PVP_1X_PREFIX + PVP_1X_PARTICIPANT_ID_NAME; + public static final String PVP_1X_GV_OU_ID = PVP_1X_PREFIX + PVP_1X_GV_OU_ID_NAME; + public static final String PVP_1X_OU = PVP_1X_PREFIX + PVP_1X_OU_NAME; + public static final String PVP_1X_FUNCTION = PVP_1X_PREFIX + PVP_1X_FUNCTION_NAME; + public static final String PVP_1X_SECCLASS = PVP_1X_PREFIX + PVP_1X_SECCLASS_NAME; + public static final String PVP_1X_CN = PVP_1X_PREFIX + PVP_1X_CN_NAME; + public static final String PVP_1X_COST_CENTER_ID = PVP_1X_PREFIX + PVP_1X_COST_CENTER_ID_NAME; + public static final String PVP_1X_INVOICE_RECPT_ID = PVP_1X_PREFIX + PVP_1X_INVOICE_RECPT_ID_NAME; + public static final String PVP_1X_ROLES = PVP_1X_PREFIX + PVP_1X_ROLES_NAME; + public static final String PVP_1X_GV_OU_OKZ = PVP_1X_PREFIX + PVP_1X_GV_OU_OKZ_NAME; + + + //PVP 2.x headers + public static final String PVP_2X_VALUE_VERSION_PREFIX = "2."; + + public static final String PVP_2X_VERSION = "X-PVP-VERSION"; + public static final String PVP_2X_USERID = "X-PVP-USERID"; + public static final String PVP_2X_GID = "X-PVP-GID"; + public static final String PVP_2X_PARTICIPANT_ID = "X-PVP-PARTICIPANT-ID"; + public static final String PVP_2X_GV_OU_ID = "X-PVP-OU-GV-OU-ID"; + public static final String PVP_2X_OU = "X-PVP-OU"; + public static final String PVP_2X_FUNCTION = "X-PVP-FUNCTION"; + public static final String PVP_2X_SECCLASS = "X-PVP-SECCLASS"; + public static final String PVP_2X_PRINCIPAL_NAME = "X-PVP-PRINCIPAL-NAME"; + public static final String PVP_2X_BINDING = "X-PVP-BINDING"; + public static final String PVP_2X_OU_OKZ = "X-PVP-OU-OKZ"; + public static final String PVP_2X_COST_CENTER_ID = "X-PVP-COST-CENTER-ID"; + public static final String PVP_2X_INVOICE_RECPT_ID = "X-PVP-INVOICE-RECPT-ID"; + public static final String PVP_2X_ROLES = "X-PVP-ROLES"; + + public static final String PVP_ERROR_440_CODE = "440"; + public static final String PVP_ERROR_440_MSG = "Mandatory PVP-Header {0} fehlt"; + public static final String PVP_ERROR_441_CODE = "441"; + public static final String PVP_ERROR_441_MSG = "Werte in X-PVP-ROLES haben ungültiges Format"; + public static final String PVP_ERROR_442_CODE = "442"; + public static final String PVP_ERROR_442_MSG = "Kein zulässiges Recht in X-PVP-ROLES"; + public static final String PVP_ERROR_443_CODE = "443"; + public static final String PVP_ERROR_443_MSG = "Die UserId ist am Anwendungsportal gesperrt"; + public static final String PVP_ERROR_444_CODE = "444"; + public static final String PVP_ERROR_444_MSG = + "Stammportal ist für Anfragen des angegebenen Participants nicht berechtigt"; + public static final String PVP_ERROR_445_CODE = "445"; + public static final String PVP_ERROR_445_MSG = "Participant am Anwendungsportal nicht registriert"; + public static final String PVP_ERROR_490_CODE = "490"; + public static final String PVP_ERROR_490_MSG = "Zertifikatsüberprüfung fehlgeschlagen. Grund: {0}"; + public static final String PVP_ERROR_493_CODE = "493"; + public static final String PVP_ERROR_493_MSG = "Keine Berechtigung für diese Anwendung im Stammportal"; + public static final String PVP_ERROR_494_CODE = "494"; + public static final String PVP_ERROR_494_MSG = "Die Authentifizierung des Stammportals ist fehlgeschlagen"; + public static final String PVP_ERROR_511_CODE = "511"; + public static final String PVP_ERROR_511_MSG = "PVP Version nicht unterstützt"; + + private PvpRProfileHttpHeaders() { + + } +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java index ebfe7500..83ea7da0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java @@ -1,6 +1,6 @@ package at.gv.egiz.eaaf.core.impl.utils; -import java.io.UnsupportedEncodingException; +import java.nio.charset.StandardCharsets; import java.security.Provider; import java.util.Base64; @@ -98,10 +98,10 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy } return Base64.getUrlEncoder() - .encodeToString(encToken.getCompactSerialization().getBytes("UTF-8")); + .encodeToString(encToken.getCompactSerialization().getBytes(StandardCharsets.UTF_8)); - } catch (final JoseException | UnsupportedEncodingException e) { - throw new EaafException("internal.99", new Object[] { e.getMessage() }, e); + } catch (final JoseException e) { + throw new EaafException("internal.pendingreqid.02", new Object[] { e.getMessage() }, e); } @@ -117,7 +117,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy if (!(StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1)) { log.warn("PendingRequestId has an unvalid format"); log.debug("PendingRequestId: {}", stringToken); - throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format"); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.01"); } @@ -125,13 +125,10 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy StringUtils.split(stringToken, TOKEN_SEPARATOR, ENCODED_TOKEN_PARTS); return tokenElements[1]; - } catch (final UnsupportedEncodingException e) { - throw new RuntimeException(e); - } catch (JoseException e) { log.warn("Token is NOT a valid String. Msg: {}", e.getMessage()); log.debug("TokenValue: {}", externalPendingReqId); - throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.05", e); } } @@ -144,9 +141,8 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy log.debug("Token decryption successful"); if (!(StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1)) { - log.warn("PendingRequestId has an unvalid format"); - log.debug("PendingRequestId: {}", stringToken); - throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format"); + log.info("PendingRequestId: {}", stringToken); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.01"); } @@ -155,16 +151,13 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy final String internalPendingReqId = tokenElements[1]; final DateTime timeStamp = TOKEN_TEXTUAL_DATE_FORMAT.parseDateTime(tokenElements[0]); - - log.trace("Checking valid period ... "); final DateTime now = DateTime.now(); if (timeStamp.withFieldAdded(DurationFieldType.seconds(), maxPendingRequestIdLifeTime) .isBefore(now)) { - log.warn("Token exceeds the valid period"); - log.debug("Token: {} | Now: {}", timeStamp, now); + log.info("Token exceeds the valid period. Token: {} | Now: {}", timeStamp, now); throw new PendingReqIdValidationException(internalPendingReqId, - "PendingRequestId exceeds the valid period"); + "internal.pendingreqid.06"); } log.debug("Token valid-period check successful"); @@ -174,25 +167,22 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy } catch (JoseException e) { log.warn("Token is NOT a valid encrypt. Msg: {}", e.getMessage()); log.debug("TokenValue: {}", externalPendingReqId); - throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid encrypted", e); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.04", e); } catch (final IllegalArgumentException e) { log.warn("Token is NOT a valid String. Msg: {}", e.getMessage()); log.debug("TokenValue: {}", externalPendingReqId); - throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e); - - } catch (final UnsupportedEncodingException e) { - throw new RuntimeException(e); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.05", e); } } @Nonnull private String getDecryptedExternalPendingRequestId(String externalPendingReqId) - throws JoseException, PendingReqIdValidationException, UnsupportedEncodingException { + throws JoseException, PendingReqIdValidationException { if (StringUtils.isEmpty(externalPendingReqId)) { log.info("PendingReqId is 'null' or empty"); - throw new PendingReqIdValidationException(null, "PendingReqId is 'null' or empty"); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.00"); } @@ -201,8 +191,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy if (externalPendingReqIdBytes.length > maxPendingReqIdSize) { log.warn("pendingReqId size exceeds {}", maxPendingReqIdSize); - throw new PendingReqIdValidationException(null, - "pendingReqId exceeds max.size: " + maxPendingReqIdSize); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.03"); } @@ -225,7 +214,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy } - encToken.setCompactSerialization(new String(externalPendingReqIdBytes, "UTF-8")); + encToken.setCompactSerialization(new String(externalPendingReqIdBytes, StandardCharsets.UTF_8)); return encToken.getPayload(); } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java index ad6471d5..8ec5f3a8 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java @@ -1,6 +1,6 @@ package at.gv.egiz.eaaf.core.impl.utils; -import java.io.UnsupportedEncodingException; +import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.util.Arrays; @@ -80,33 +80,22 @@ public class SecurePendingRequestIdGenerationStrategy @Override public String generateExternalPendingRequestId() throws EaafException { - try { - final String toSign = buildInternalToken(Random.nextLongRandom(), DateTime.now()); - final StringBuilder externalPendingRequestId = new StringBuilder(); - externalPendingRequestId.append(toSign); - externalPendingRequestId.append(TOKEN_SEPARATOR); - externalPendingRequestId.append(Base64.getEncoder().encodeToString(calculateHmac(toSign))); - return Base64.getUrlEncoder() - .encodeToString(externalPendingRequestId.toString().getBytes("UTF-8")); - - } catch (final UnsupportedEncodingException e) { - throw new EaafException("internal.99", new Object[] { e.getMessage() }, e); - - } + final String toSign = buildInternalToken(Random.nextLongRandom(), DateTime.now()); + final StringBuilder externalPendingRequestId = new StringBuilder(); + externalPendingRequestId.append(toSign); + externalPendingRequestId.append(TOKEN_SEPARATOR); + externalPendingRequestId.append(Base64.getEncoder().encodeToString(calculateHmac(toSign))); + return Base64.getUrlEncoder() + .encodeToString(externalPendingRequestId.toString().getBytes(StandardCharsets.UTF_8)); } @Override public String getPendingRequestIdWithOutChecks(final String externalPendingReqId) throws PendingReqIdValidationException { - try { - final String[] tokenElements = extractTokens(externalPendingReqId); - return tokenElements[1]; - - } catch (final UnsupportedEncodingException e) { - throw new RuntimeException(e); - - } + final String[] tokenElements = extractTokens(externalPendingReqId); + return tokenElements[1]; + } @Override @@ -123,8 +112,7 @@ public class SecurePendingRequestIdGenerationStrategy if (!Arrays.equals(tokenDigest, refDigist)) { log.warn("Digest of Token does NOT match"); log.debug("Token: {} | Ref: {}", tokenDigest, refDigist); - throw new PendingReqIdValidationException(null, - "Digest of pendingRequestId does NOT match"); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.04"); } log.debug("PendingRequestId HMAC digest check successful"); @@ -135,8 +123,7 @@ public class SecurePendingRequestIdGenerationStrategy .isBefore(now)) { log.warn("Token exceeds the valid period"); log.debug("Token: {} | Now: {}", timeStamp, now); - throw new PendingReqIdValidationException(internalPendingReqId, - "PendingRequestId exceeds the valid period"); + throw new PendingReqIdValidationException(internalPendingReqId, "internal.pendingreqid.06"); } log.debug("Token valid-period check successful"); @@ -146,20 +133,17 @@ public class SecurePendingRequestIdGenerationStrategy } catch (final IllegalArgumentException | EaafIllegalStateException e) { log.warn("Token is NOT a valid String. Msg: {}", e.getMessage()); log.debug("TokenValue: {}", externalPendingReqId); - throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e); - - } catch (final UnsupportedEncodingException e) { - throw new RuntimeException(e); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.06", e); } } @NonNull private String[] extractTokens(@Nullable final String externalPendingReqId) - throws PendingReqIdValidationException, UnsupportedEncodingException { + throws PendingReqIdValidationException { if (StringUtils.isEmpty(externalPendingReqId)) { log.info("PendingReqId is 'null' or empty"); - throw new PendingReqIdValidationException(null, "PendingReqId is 'null' or empty"); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.00"); } @@ -168,12 +152,11 @@ public class SecurePendingRequestIdGenerationStrategy if (externalPendingReqIdBytes.length > maxPendingReqIdSize) { log.warn("pendingReqId size exceeds {}", maxPendingReqIdSize); - throw new PendingReqIdValidationException(null, - "pendingReqId exceeds max.size: " + maxPendingReqIdSize); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.03"); } - final String stringToken = new String(externalPendingReqIdBytes, "UTF-8"); + final String stringToken = new String(externalPendingReqIdBytes, StandardCharsets.UTF_8); if (StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1) { final String[] tokenElements = StringUtils.split(stringToken, TOKEN_SEPARATOR, ENCODED_TOKEN_PARTS); @@ -182,7 +165,7 @@ public class SecurePendingRequestIdGenerationStrategy } else { log.warn("PendingRequestId has an unvalid format"); log.debug("PendingRequestId: {}", stringToken); - throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format"); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.01"); } @@ -243,9 +226,9 @@ public class SecurePendingRequestIdGenerationStrategy try { final Mac mac = Mac.getInstance(digistAlgorithm); mac.init(key); - return mac.doFinal(toSign.getBytes("UTF-8")); + return mac.doFinal(toSign.getBytes(StandardCharsets.UTF_8)); - } catch (UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeyException e) { + } catch (NoSuchAlgorithmException | InvalidKeyException e) { log.error("Can NOT generate secure pendingRequestId", e); throw new EaafIllegalStateException( new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java index 4c1601c0..d1613d16 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java @@ -21,7 +21,10 @@ package at.gv.egiz.eaaf.core.impl.utils; import java.util.UUID; +import javax.annotation.Nullable; + import at.gv.egiz.eaaf.core.api.IRequest; +import lombok.extern.slf4j.Slf4j; /** * Transaction Identifier Utils. @@ -29,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; * @author tlenz * */ +@Slf4j public class TransactionIdUtils { /** @@ -58,11 +62,16 @@ public class TransactionIdUtils { * * @param pendingRequest Http request object */ - public static void setAllLoggingVariables(final IRequest pendingRequest) { - setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); - setSessionId(pendingRequest.getUniqueSessionIdentifier()); - setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier()); - + public static void setAllLoggingVariables(@Nullable final IRequest pendingRequest) { + if (pendingRequest != null) { + setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); + setSessionId(pendingRequest.getUniqueSessionIdentifier()); + setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier()); + + } else { + log.warn("Can NOT set MDC variables from pendingRequest because it is 'null'"); + + } } /** diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties index 5b398bb0..79f82af8 100644 --- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties +++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties @@ -20,4 +20,13 @@ internal.key.01=Can not use key from Keystore: {0} Reason: {1} internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set internal.httpclient.02=HttpClient:{0} uses KeyStore:{1}, but 'keyPassword' is NOT set -internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1}
\ No newline at end of file +internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1} + +internal.pendingreqid.00=Process Token is 'null' or 'empty' +internal.pendingreqid.01=Process Token is NOT valid because it has an invalid format +internal.pendingreqid.02=Can not create process Token +internal.pendingreqid.03=Process Token is NOT valid because it reached maximum size +internal.pendingreqid.04=Process Token is NOT valid because it is cryptographically invalid +internal.pendingreqid.05=Process Token is NOT valid because it has an invalid encoding +internal.pendingreqid.06=Process Token is NOT valid because it exceeds the valid period + diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java index 42e24c74..09a9543a 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java @@ -73,10 +73,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, PendingReqId is 'null' or empty]", - e.getMessage()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.00", e.getErrorId()); } } @@ -90,10 +87,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, PendingReqId is 'null' or empty]", - e.getMessage()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.00", e.getErrorId()); } } @@ -107,11 +101,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " - + "PendingReqId is NOT a valid String]", - e.getMessage()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.05", e.getErrorId()); } } @@ -126,11 +116,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " - + "pendingReqId exceeds max.size: 1024]", - e.getMessage()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.03", e.getErrorId()); } } @@ -152,11 +138,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " - + "PendingReqId has an unvalid format]", - e.getMessage()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); } } @@ -179,11 +161,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " - + "PendingReqId has an unvalid format]", - e.getMessage()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); } } @@ -206,11 +184,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " - + "PendingReqId is NOT a valid String]", - e.getMessage()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.05", e.getErrorId()); } } @@ -233,8 +207,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNotNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertTrue("Wrong errorMsg", e.getMessage().contains("PendingRequestId exceeds the valid period")); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.06", e.getErrorId()); } } @@ -256,11 +229,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " - + "PendingReqId has an unvalid format]", - e.getMessage()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); } } @@ -283,12 +252,8 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " - + "PendingReqId has an unvalid format]", - e.getMessage()); - + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); + } } @@ -401,11 +366,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { } catch (PendingReqIdValidationException e) { Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); - Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); - Assert.assertEquals("Wrong errorMsg", - "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " - + "PendingReqId is NOT a valid encrypted]", - e.getMessage()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.04", e.getErrorId()); } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml index a7ea1df0..cccb91ad 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml +++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> </parent> <artifactId>eaaf_module_auth_sl20</artifactId> <name>Generic SL2.0 authentication</name> @@ -79,6 +79,16 @@ <artifactId>provider</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_jce_full</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_eccelerate</artifactId> + <scope>test</scope> + </dependency> </dependencies> @@ -146,4 +156,17 @@ </plugins> </build> + <repositories> + <repository> + <id>MOA_Sig_local</id> + <name>MOA-Sig Dependencies</name> + <releases> + <enabled>true</enabled> + <checksumPolicy>ignore</checksumPolicy> + </releases> + <layout>default</layout> + <url>file://${basedir}/../eaaf_module_moa-sig/repository</url> + </repository> + </repositories> + </project>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index 5be5a61f..63bf7897 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -2,6 +2,7 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks; import java.io.Serializable; import java.net.ConnectException; +import java.nio.charset.StandardCharsets; import java.security.cert.CertificateEncodingException; import java.util.ArrayList; import java.util.List; @@ -11,6 +12,19 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; +import org.apache.http.NameValuePair; +import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.message.BasicNameValuePair; +import org.jose4j.base64url.Base64Url; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.i18n.LocaleContextHolder; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ObjectNode; + import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -29,22 +43,9 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants.VdaAuthMethod; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils; +import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils.Sl20ResponseHolder; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; - -import org.apache.commons.lang3.StringUtils; -import org.apache.http.HttpResponse; -import org.apache.http.NameValuePair; -import org.apache.http.client.entity.UrlEncodedFormEntity; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.message.BasicNameValuePair; -import org.jose4j.base64url.Base64Url; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.i18n.LocaleContextHolder; - -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.ObjectNode; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -91,38 +92,42 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // build request container final String qualEidReqId = Random.nextProcessReferenceValue(); - final ObjectNode sl20Req = SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, null, null, - signedQualEidCommand); + final ObjectNode sl20Req = SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, + pendingReq.getUniqueTransactionIdentifier(), null, signedQualEidCommand); // build http POST request final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualEidDUrl).build()); final List<NameValuePair> parameters = new ArrayList<>(); parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, - Base64Url.encode(sl20Req.toString().getBytes("UTF-8")))); + Base64Url.encode(sl20Req.toString().getBytes(StandardCharsets.UTF_8)))); //inject additional request parameters injectAdditionalSL20RequestParams(parameters, executionContext, request); httpReq.setEntity(new UrlEncodedFormEntity(parameters)); - // build http GET request - // URIBuilder sl20ReqUri = new URIBuilder(vdaQualeIDUrl); - // sl20ReqUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, - // Base64Url.encode(sl20Req.toString().getBytes())); - // HttpGet httpReq = new HttpGet(sl20ReqUri.build()); - // set native client header httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); - log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))); + log.trace("Request VDA via SL20 with: {}", + Base64Url.encode(sl20Req.toString().getBytes(StandardCharsets.UTF_8))); // request VDA - final HttpResponse httpResp = httpClientFactory.getHttpClient(false).execute(httpReq); - + final Sl20ResponseHolder httpResp = httpClientFactory.getHttpClient(false).execute( + httpReq, SL20HttpBindingUtils.sl20ResponseHandler()); + + //check on error on http channel + if (httpResp.getError() != null) { + log.info("Basic SL2.0 response processing has an error. HTTP-StatusCode: {} ErrorMsg: {}", + httpResp.getResponseStatus().getStatusCode(), httpResp.getError().getMessage()); + throw httpResp.getError(); + + } + // parse response log.info("Receive response from VDA ... "); - final JsonNode sl20Resp = SL20JsonExtractorUtils.getSL20ContainerFromResponse(httpResp); - final VerificationResult respPayloadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); + final VerificationResult respPayloadContainer = + SL20JsonExtractorUtils.extractSL20PayLoad(httpResp.getResponseBody(), null, false); if (respPayloadContainer.isValidSigned() == null) { log.debug("Receive unsigned payLoad from VDA"); @@ -143,7 +148,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false); // create forward SL2.0 command - final ObjectNode sl20Forward = sl20Resp.deepCopy(); + final ObjectNode sl20Forward = httpResp.getResponseBody().deepCopy(); SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, command.deepCopy(), signedCommand); @@ -227,7 +232,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl final Locale locale = LocaleContextHolder.getLocale(); final String language = locale.getLanguage(); if (StringUtils.isNotEmpty(language)) { - log.trace("Find i18n context. Inject locale: {} into VDA request", locale.getLanguage()); + log.trace("Find i18n context). Inject locale: {} into VDA request", locale.getLanguage()); parameters.add(new BasicNameValuePair( SL20Constants.PARAM_SL20_REQ_AUTH_VDA_LOCALE, language.toUpperCase(locale))); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java index 4786ff39..7591b3bd 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java @@ -6,15 +6,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang3.StringUtils; -import org.jose4j.base64url.Base64Url; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonNode; - import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; @@ -36,6 +27,15 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20ResponseUtils; +import org.apache.commons.lang3.StringUtils; +import org.jose4j.base64url.Base64Url; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.databind.JsonNode; + public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask { private static final Logger log = LoggerFactory.getLogger(AbstractReceiveQualEidTask.class); @@ -117,7 +117,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask log.debug("VDA provides an optional sessionId. Inject it to internal error-holder "); ex.setVdaSessionId(vdaSessionId); - } + } throw ex; } else { @@ -161,7 +161,6 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } } catch (final EaafAuthenticationException e) { - log.warn("SL2.0 processing error:", e); if (sl20Result != null) { log.debug("Received SL2.0 result: " + sl20Result); } @@ -170,8 +169,8 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); } catch (final Exception e) { - log.warn("ERROR:", e); - log.warn("SL2.0 Authentication FAILED with a generic error.", e); + + if (sl20Result != null) { log.debug("Received SL2.0 result: " + sl20Result); } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java index d8c39931..5b221bbe 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java @@ -2,12 +2,19 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; import java.io.IOException; import java.security.Key; +import java.security.KeyFactory; import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; import java.security.Provider; +import java.security.PublicKey; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPrivateKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; import java.util.Collections; import java.util.List; import java.util.Map; @@ -15,13 +22,8 @@ import java.util.Map.Entry; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exception.EaafKeyUsageException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.utils.X509Utils; - import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jose4j.jca.ProviderContext; import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.jws.AlgorithmIdentifiers; @@ -32,6 +34,11 @@ import org.jose4j.keys.resolvers.X509VerificationKeyResolver; import org.jose4j.lang.JoseException; import org.springframework.util.Base64Utils; +import at.gv.egiz.eaaf.core.exception.EaafKeyUsageException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; import lombok.AllArgsConstructor; import lombok.Getter; import lombok.extern.slf4j.Slf4j; @@ -45,6 +52,8 @@ import lombok.extern.slf4j.Slf4j; @Slf4j public class JoseUtils { + private static final Provider provider = new BouncyCastleProvider(); + /** * Create a JWS signature. * @@ -161,7 +170,10 @@ public class JoseUtils { // set signing information final Pair<Key, X509Certificate[]> signingCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), keyAlias, keyPassword, true, friendlyNameForLogging); - jws.setKey(signingCred.getFirst()); + + // set verification key + jws.setKey(convertToBcKeyIfRequired(signingCred.getFirst())); + jws.setAlgorithmHeaderValue(getKeyOperationAlgorithmFromCredential( jws.getKey(), rsaAlgToUse, eccAlgToUse, friendlyNameForLogging)); @@ -169,11 +181,16 @@ public class JoseUtils { if (keyStore.getSecond() != null) { log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); final ProviderContext providerCtx = new ProviderContext(); - providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( - keyStore.getSecond().getName()); + providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(keyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); jws.setProviderContext(providerCtx); - } + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jws.setProviderContext(providerCtx); + + } if (addFullCertChain) { jws.setCertificateChainHeaderValue(signingCred.getSecond()); @@ -216,6 +233,8 @@ public class JoseUtils { log.trace("Sorting received X509 certificates ... "); final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (trustedCerts.contains(sortedX5cCerts.get(0))) { selectedKey = sortedX5cCerts.get(0).getPublicKey(); @@ -247,10 +266,15 @@ public class JoseUtils { throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED"); } - + + //set BouncyCastleProvider as default provider + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jws.setProviderContext(providerCtx); + // set verification key - jws.setKey(selectedKey); - + jws.setKey(convertToBcKeyIfRequired(selectedKey)); + // load payLoad return new JwsResult( jws.verifySignature(), @@ -260,6 +284,48 @@ public class JoseUtils { } + + /** + * Convert an ECC public-key into BouncyCastle implementation. + * + * <p> IAIK JCE / Eccelerate ECC Keys are not compatible to JWS impl.</p> + * @param input Key + * @return input Key, or BC ECC-Key in case of a ECC Key + */ + public static Key convertToBcKeyIfRequired(Key input) { + try { + if (input instanceof ECPublicKey + && "iaik.security.ec.common.ECPublicKey".equals(input.getClass().getName())) { + + //convert Key to BouncyCastle KeyImplemenation because there is an + //incompatibility with IAIK EC Keys and JWS signature-verfification implementation + PublicKey publicKey = KeyFactory.getInstance( + input.getAlgorithm(), provider).generatePublic( + new X509EncodedKeySpec(input.getEncoded())); + return publicKey; + + } else if (input instanceof ECPrivateKey + && "iaik.security.ec.common.ECPrivateKey".equals(input.getClass().getName())) { + //convert Key to BouncyCastle KeyImplemenation because there is an + //incompatibility with IAIK EC Keys and JWS signature-creation implementation + Key privateKey = KeyFactory.getInstance( + input.getAlgorithm(), provider).generatePrivate( + new PKCS8EncodedKeySpec(input.getEncoded())); + + return privateKey; + + } + + } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { + log.warn("Can NOT convert {} to {}. The verification may FAIL.", + input.getClass().getName(), PublicKey.class.getName(), e); + + } + + return input; + + } + /** * Select signature algorithm for a given credential. * diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 10cfeafa..58e3e41c 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -13,25 +13,8 @@ import java.util.List; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.utils.X509Utils; -import at.gv.egiz.eaaf.modules.auth.sl20.Constants; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; -import at.gv.egiz.eaaf.modules.auth.sl20.utils.JoseUtils.JwsResult; - import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jose4j.jca.ProviderContext; import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; @@ -50,6 +33,24 @@ import org.springframework.util.Base64Utils; import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; +import at.gv.egiz.eaaf.modules.auth.sl20.Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; +import at.gv.egiz.eaaf.modules.auth.sl20.utils.JoseUtils.JwsResult; + @Service public class JsonSecurityUtils implements IJoseTools { private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class); @@ -223,10 +224,15 @@ public class JsonSecurityUtils implements IJoseTools { if (keyStore.getSecond() != null) { log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); final ProviderContext providerCtx = new ProviderContext(); - providerCtx.getSuppliedKeyProviderContext().setGeneralProvider( - keyStore.getSecond().getName()); + providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(keyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); receiverJwe.setProviderContext(providerCtx); + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + receiverJwe.setProviderContext(providerCtx); + } // validate key from header against key from config @@ -269,7 +275,7 @@ public class JsonSecurityUtils implements IJoseTools { } // set key - receiverJwe.setKey(encryptionCred.getFirst()); + receiverJwe.setKey(JoseUtils.convertToBcKeyIfRequired(encryptionCred.getFirst())); // decrypt payload return mapper.getMapper().readTree(receiverJwe.getPlaintextString()); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java index 1d7c9646..d07c0e66 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java @@ -3,23 +3,129 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; import java.io.IOException; import java.io.StringWriter; import java.net.URISyntaxException; +import java.text.MessageFormat; import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.http.Header; +import org.apache.http.HttpEntity; +import org.apache.http.ParseException; +import org.apache.http.StatusLine; +import org.apache.http.client.ResponseHandler; import org.apache.http.client.utils.URIBuilder; +import org.apache.http.util.EntityUtils; import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; +import lombok.Data; +import lombok.Getter; + public class SL20HttpBindingUtils { private static final Logger log = LoggerFactory.getLogger(SL20HttpBindingUtils.class); + private static JsonMapper mapper = new JsonMapper(); + + @Data + @Getter + public static class Sl20ResponseHolder { + private final JsonNode responseBody; + private final StatusLine responseStatus; + private SlCommandoParserException error; + + } + + /** + * Security-Layer 2.0 specific response-handler for Apache HTTP client. + * + * @return {@link Sl20ResponseHolder} + */ + public static ResponseHandler<Sl20ResponseHolder> sl20ResponseHandler() { + return response -> { + try { + final int httpStatusCode = response.getStatusLine().getStatusCode(); + if (httpStatusCode == HttpStatus.OK.value()) { + if (response.getEntity().getContentType() == null) { + throw new SlCommandoParserException("SL20 response contains NO ContentType"); + + } + + if (!response.getEntity().getContentType().getValue().startsWith("application/json")) { + throw new SlCommandoParserException( + "SL20 response with a wrong ContentType: " + response.getEntity().getContentType().getValue()); + + } + + //parse OK response from body + return new Sl20ResponseHolder(parseSL20ResultFromResponse(response.getEntity()), + response.getStatusLine()); + + } else if (httpStatusCode == HttpStatus.SEE_OTHER.value() + || httpStatusCode == HttpStatus.TEMPORARY_REDIRECT.value()) { + final Header[] locationHeader = response.getHeaders("Location"); + if (locationHeader == null) { + throw new SlCommandoParserException("Find Redirect statuscode but not Location header"); + + } + + final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); + return new Sl20ResponseHolder(mapper.getMapper().readTree(Base64Url.decode(sl20RespString)), + response.getStatusLine()); + + } else if ( + httpStatusCode == HttpStatus.INTERNAL_SERVER_ERROR.value() + || httpStatusCode == HttpStatus.UNAUTHORIZED.value() + || httpStatusCode == HttpStatus.BAD_REQUEST.value()) { + log.info("SL20 response with http-code: {}. Search for error message", httpStatusCode); + + String bodyMsg = "_EMPTY_"; + try { + //extract JSON body from defined http error-codes + bodyMsg = EntityUtils.toString(response.getEntity()); + log.info("SL20 response with http-code: {0} and errorMsg: {1}", httpStatusCode, bodyMsg); + Sl20ResponseHolder holder = new Sl20ResponseHolder( + mapper.getMapper().readTree(bodyMsg), response.getStatusLine()); + return holder; + + } catch (final IOException | ParseException e) { + log.warn("SL20 response contains no valid JSON", e); + throw new SlCommandoParserException(MessageFormat.format( + "SL20 response with http-code: {0} with body: {1} and generic response-processing error: {2}", + httpStatusCode, bodyMsg, e.getMessage())); + + } + + } else { + //all other HTTP StatusCodes + throw new SlCommandoParserException(MessageFormat.format( + "SL20 response with http-code: {0} and errorMsg: {1}", + httpStatusCode, EntityUtils.toString(response.getEntity()))); + + } + + } catch (SlCommandoParserException e) { + Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine()); + holder.setError(e); + return holder; + + } catch (final Exception e) { + Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine()); + holder.setError( + new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e)); + return holder; + + } + }; + } + /** * Write SL2.0 response into http-response object * @@ -59,6 +165,24 @@ public class SL20HttpBindingUtils { httpResp.setHeader("Location", clientRedirectUri.build().toString()); } + } + + private static JsonNode parseSL20ResultFromResponse(final HttpEntity resp) throws Exception { + if (resp != null && resp.getContent() != null) { + final String rawSL20Resp = EntityUtils.toString(resp); + final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp); + + // TODO: check sl20Resp type like && sl20Resp.isJsonObject() + if (sl20Resp != null) { + return sl20Resp; + + } else { + throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object"); + } + + } else { + throw new SlCommandoParserException("Can NOT find content in http response"); + } } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index 40ea0430..bed25c0c 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -8,12 +8,6 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; -import org.apache.http.Header; -import org.apache.http.HttpEntity; -import org.apache.http.HttpResponse; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.util.EntityUtils; -import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -299,84 +293,6 @@ public class SL20JsonExtractorUtils { } - /** - * Extract generic transport container from httpResponse. - * - * @param httpResp Http response object - * @return JSON with SL2.0 response - * @throws SlCommandoParserException In case of an error - */ - public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) throws SlCommandoParserException { - try { - JsonNode sl20Resp = null; - if (httpResp.getStatusLine().getStatusCode() == 303 || httpResp.getStatusLine().getStatusCode() == 307) { - final Header[] locationHeader = httpResp.getHeaders("Location"); - if (locationHeader == null) { - throw new SlCommandoParserException("Find Redirect statuscode but not Location header"); - } - - final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); - sl20Resp = mapper.getMapper().readTree(Base64Url.decode(sl20RespString)); - - } else if (httpResp.getStatusLine().getStatusCode() == 200) { - if (httpResp.getEntity().getContentType() == null) { - throw new SlCommandoParserException("SL20 response contains NO ContentType"); - } - - if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) { - throw new SlCommandoParserException( - "SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); - } - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - } else if (httpResp.getStatusLine().getStatusCode() == 500 || httpResp.getStatusLine().getStatusCode() == 401 - || httpResp.getStatusLine().getStatusCode() == 400) { - log.info( - "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + ". Search for error message"); - - try { - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - } catch (final Exception e) { - log.warn("SL20 response contains no valid JSON", e); - throw new SlCommandoParserException("SL20 response with http-code: " - + httpResp.getStatusLine().getStatusCode() + " AND NO valid JSON errormsg", e); - - } - - } else { - throw new SlCommandoParserException( - "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); - } - - log.info("Find JSON object in http response"); - return sl20Resp; - - } catch (final Exception e) { - throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); - - } - } - - private static JsonNode parseSL20ResultFromResponse(final HttpEntity resp) throws Exception { - if (resp != null && resp.getContent() != null) { - final String rawSL20Resp = EntityUtils.toString(resp); - final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp); - - // TODO: check sl20Resp type like && sl20Resp.isJsonObject() - if (sl20Resp != null) { - return sl20Resp; - - } else { - throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object"); - } - - } else { - throw new SlCommandoParserException("Can NOT find content in http response"); - } - - } - private static JsonNode getAndCheck(final JsonNode input, final String keyID, final boolean isRequired) throws SlCommandoParserException { final JsonNode internal = input.get(keyID); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java index 917ef1e0..6550b026 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java @@ -9,15 +9,6 @@ import java.security.Security; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; - import org.apache.commons.lang3.RandomStringUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jose4j.base64url.Base64Url; @@ -28,6 +19,7 @@ import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; import org.jose4j.jwe.JsonWebEncryption; import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; import org.jose4j.lang.JoseException; +import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; @@ -38,6 +30,17 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml") public abstract class AbstractJsonSecurityUtilsTest { @@ -46,12 +49,27 @@ public abstract class AbstractJsonSecurityUtilsTest { @Autowired protected IJoseTools joseTools; @Autowired protected EaafKeyStoreFactory keyStoreFactory; + /** + *jUnit test class initializer. + */ @BeforeClass public static void classInitializer() { - Security.addProvider(new BouncyCastleProvider()); + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + Security.addProvider(new BouncyCastleProvider()); } + /** + * jUnit test class cleaner. + */ + @AfterClass + public static final void classFinisher() { + Security.removeProvider(IAIK.getInstance().getName()); + Security.removeProvider(ECCelerate.getInstance().getName()); + + } + protected abstract void setRsaSigningKey(); protected abstract void setEcSigningKey(); @@ -78,7 +96,7 @@ public abstract class AbstractJsonSecurityUtilsTest { final JsonWebEncryption jwe = new JsonWebEncryption(); jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW); jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); - jwe.setKey(joseTools.getEncryptionCertificate().getPublicKey()); + jwe.setKey(JoseUtils.convertToBcKeyIfRequired(joseTools.getEncryptionCertificate().getPublicKey())); jwe.setX509CertSha256ThumbprintHeaderValue(joseTools.getEncryptionCertificate()); jwe.setPayload(payLoad); @@ -88,8 +106,14 @@ public abstract class AbstractJsonSecurityUtilsTest { final ProviderContext providerCtx = new ProviderContext(); providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( rsaEncKeyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); jwe.setProviderContext(providerCtx); + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jwe.setProviderContext(providerCtx); + } final String encData = jwe.getCompactSerialization(); @@ -141,7 +165,7 @@ public abstract class AbstractJsonSecurityUtilsTest { final JsonWebEncryption jwe = new JsonWebEncryption(); jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW); jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); - jwe.setKey(key.getSecond()[0].getPublicKey()); + jwe.setKey(JoseUtils.convertToBcKeyIfRequired(key.getSecond()[0].getPublicKey())); jwe.setPayload(payLoad); // set special provider if required @@ -149,8 +173,14 @@ public abstract class AbstractJsonSecurityUtilsTest { final ProviderContext providerCtx = new ProviderContext(); providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( rsaEncKeyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); jwe.setProviderContext(providerCtx); + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jwe.setProviderContext(providerCtx); + } final String encData = jwe.getCompactSerialization(); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java new file mode 100644 index 00000000..b5a7639e --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java @@ -0,0 +1,83 @@ +package at.gv.egiz.eaaf.modules.auth.sl20.utils; + +import java.io.IOException; +import java.security.NoSuchProviderException; +import java.security.Security; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.io.IOUtils; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.lang.JoseException; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.modules.auth.sl20.utils.JoseUtils.JwsResult; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +@RunWith(BlockJUnit4ClassRunner.class) +public class JoseUtilsTest { + + private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList( + Arrays.asList( + AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512, + AlgorithmIdentifiers.RSA_PSS_USING_SHA256, + AlgorithmIdentifiers.RSA_PSS_USING_SHA512)); + + /** + *jUnit test class initializer. + */ + @BeforeClass + public static final void classInitializer() { + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + + } + + /** + * jUnit test class cleaner. + */ + @AfterClass + public static final void classFinisher() { + Security.removeProvider(IAIK.getInstance().getName()); + Security.removeProvider(ECCelerate.getInstance().getName()); + + } + + @Test + public void testBindingAuthBlock() throws JoseException, IOException, CertificateException, NoSuchProviderException { + + final String serializedContent = IOUtils.toString(JoseUtils.class.getResourceAsStream( + "/data/bindingAuth1.jws"), "UTF-8"); + + final iaik.x509.X509Certificate trustedCert = new iaik.x509.X509Certificate(JoseUtils.class + .getResourceAsStream("/data/bindingAuth1.crt")); + + final List<X509Certificate> trustedCerts = Arrays.asList(trustedCert); + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, + BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING + .toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); + + final JwsResult result = JoseUtils.validateSignature(serializedContent, trustedCerts, constraints); + + Assert.assertNotNull("JWS verify result", result); + Assert.assertTrue("JWS not valid", result.isValid()); + Assert.assertNotNull("JWS payload", result.getPayLoad()); + Assert.assertNotNull("JWS Headers", result.getFullJoseHeader()); + Assert.assertNotNull("JWS Signercerts", result.getX5cCerts()); + Assert.assertEquals("Signercerts size", 1, result.getX5cCerts().size()); + Assert.assertArrayEquals("Signercerts", trustedCert.getEncoded(), result.getX5cCerts().get(0).getEncoded()); + + } +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.crt new file mode 100644 index 00000000..11c17e71 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIBXzCCAQWgAwIBAgIIPuBGtvo16nUwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRHVtbXlQa2lTZXJ2aWNlMB4XDTIwMTAwNzEyMTAyMVoXDTIxMTAwNzEyMTAyMVowUTEpMCcGA1UEAwwgNWMzM2Q3MjdlY2YzZTAyYTE2NmYzYWI2NWZiYTEzOGExFDASBgNVBAoMC0VJRC1ERVYtUEtJMQ4wDAYDVQQLDAVULUVudjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABACA6RBPYIX3i0+TqYq2gb3XAD0B1/tee3/lP8sPc+tt6GFDN0Vsos77VojhRQnGRndmoWi9OW7KS5uQe+5++W8wCgYIKoZIzj0EAwIDSAAwRQIhAO7NlM4YfnapZ9Vam/LF/5ASPGbN4SK0fK4bhGHQw8yIAiB77JHkZIaDtgCcv7CSPf/mvldSf5ViPelhuZBPSLRUsQ== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.jws b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.jws new file mode 100644 index 00000000..6ba84d97 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.jws @@ -0,0 +1 @@ +eyJ4NWMiOlsiTUlJQlh6Q0NBUVdnQXdJQkFnSUlQdUJHdHZvMTZuVXdDZ1lJS29aSXpqMEVBd0l3R2pFWU1CWUdBMVVFQXd3UFJIVnRiWGxRYTJsVFpYSjJhV05sTUI0WERUSXdNVEF3TnpFeU1UQXlNVm9YRFRJeE1UQXdOekV5TVRBeU1Wb3dVVEVwTUNjR0ExVUVBd3dnTldNek0yUTNNamRsWTJZelpUQXlZVEUyTm1ZellXSTJOV1ppWVRFek9HRXhGREFTQmdOVkJBb01DMFZKUkMxRVJWWXRVRXRKTVE0d0RBWURWUVFMREFWVUxVVnVkakJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCQUNBNlJCUFlJWDNpMCtUcVlxMmdiM1hBRDBCMVwvdGVlM1wvbFA4c1BjK3R0NkdGRE4wVnNvczc3Vm9qaFJRbkdSbmRtb1dpOU9XN0tTNXVRZSs1KytXOHdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWhBTzdObE00WWZuYXBaOVZhbVwvTEZcLzVBU1BHYk40U0swZks0YmhHSFF3OHlJQWlCNzdKSGtaSWFEdGdDY3Y3Q1NQZlwvbXZsZFNmNVZpUGVsaHVaQlBTTFJVc1E9PSJdLCJ0eXAiOiJiaW5kaW5nQXV0aCIsImFsZyI6IkVTMjU2In0.MzIxZmVmYTQtODVkOC00YmE5LWE0MmUtYWY4MzM3YTEyNTA1.diiXXegwv3Gu6ezJRxf7F5BnRxNhTnBXJ0D5RX4OqDxs2QvfzSPA4mOkUed18_56aILMBLVL-XIMszNILfp7OA
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml index f70e763f..c158c497 100644 --- a/eaaf_modules/eaaf_module_moa-sig/pom.xml +++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> </parent> <artifactId>eaaf_module_moa-sig</artifactId> <name>MOA-Sig signature verification module</name> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.jar Binary files differnew file mode 100644 index 00000000..065eadc0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.pom b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.pom new file mode 100644 index 00000000..d5e7b657 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.pom @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.spss.common</groupId> + <artifactId>common</artifactId> + <version>3.1.3</version> + <dependencies> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>1.7.30</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.12.0</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + <version>2.7.1</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + <version>2.10.6</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>jaxen</groupId> + <artifactId>jaxen</artifactId> + <version>1.2.0</version> + <scope>compile</scope> + </dependency> + </dependencies> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.jar Binary files differnew file mode 100644 index 00000000..06f21d25 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.pom b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.pom new file mode 100644 index 00000000..77ca744c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.pom @@ -0,0 +1,88 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.spss.server</groupId> + <artifactId>moa-sig-lib</artifactId> + <version>3.1.3</version> + <dependencies> + <dependency> + <groupId>MOA.spss</groupId> + <artifactId>common</artifactId> + <version>3.1.3</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>1.2.17</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>1.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>2.7</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.14</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.axis</groupId> + <artifactId>axis-jaxrpc</artifactId> + <version>1.4</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.xerial</groupId> + <artifactId>sqlite-jdbc</artifactId> + <version>3.32.3.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>javax.xml.bind</groupId> + <artifactId>jaxb-api</artifactId> + <version>2.3.1</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-core</artifactId> + <version>2.3.0.1</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-impl</artifactId> + <version>2.3.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.postgresql</groupId> + <artifactId>postgresql</artifactId> + <version>42.2.15.jre7</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>3.11</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient-cache</artifactId> + <version>4.5.12</version> + <scope>compile</scope> + </dependency> + </dependencies> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.jar Binary files differnew file mode 100644 index 00000000..e1321ac1 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.pom b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.pom new file mode 100644 index 00000000..354fbfca --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.pom @@ -0,0 +1,186 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.spss</groupId> + <artifactId>tsl_lib</artifactId> + <version>2.0.3</version> + <name>MOA-Sig TLS-library</name> + + <developers> + <developer> + <id>tlenz</id> + <name>Thomas Lenz</name> + <organization>IAIK</organization> + <email>thomas.lenz@iaik.tugraz.at</email> + <timezone>+1</timezone> + <roles> + <role>developer</role> + </roles> + </developer> + </developers> + + <organization> + <name>EGIZ - E-Government Innovationszentrum - Austria</name> + <url>http://www.egiz.gv.at/</url> + </organization> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + + <org.projectlombok.lombok.version>1.18.12</org.projectlombok.lombok.version> + </properties> + + <repositories> + <repository> + <id>MOA</id> + <name>MOA Dependencies</name> + <releases> + <enabled>true</enabled> + <checksumPolicy>ignore</checksumPolicy> + </releases> + <layout>default</layout> + <url>file://${basedir}/repository</url> + </repository> + </repositories> + + <build> + <resources> + <resource> + <directory>${project.build.directory}/xjc</directory> + </resource> + <resource> + <directory>src/main/resources</directory> + <excludes> + <exclude>**/jaxb</exclude> + </excludes> + </resource> + </resources> + + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>3.5.1</version> + <configuration> + <compilerArguments> + <verbose /> + </compilerArguments> + <source>1.7</source> + <target>1.7</target> + </configuration> + </plugin> + + <!-- if maven should be used to build jaxb classes --> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>jaxb2-maven-plugin</artifactId> + <version>2.5.0</version> + <executions> + <execution> + <id>xjc</id> + <goals> + <goal>xjc</goal> + </goals> + <phase>generate-sources</phase> + </execution> + </executions> + <configuration> + <sources> + <source>${project.basedir}/src/main/resources/spec/jaxb/ts_119612v020101_sie_xsd.xsd</source> + </sources> + <xjbSources> + <xjbSource>${project.basedir}/src/main/resources/spec/jaxb/ts_119612v020101_sie_xsd.binding.xml</xjbSource> + </xjbSources> + <outputDirectory>${project.build.directory}/xjc</outputDirectory> + </configuration> + </plugin> + </plugins> + </build> + + <dependencies> + + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_pki_module</artifactId> + <version>2.01_moa</version> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_jce_full</artifactId> + <version>5.61_moa</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_xsect</artifactId> + <version>2.14_moa</version> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_moa</artifactId> + <version>2.06</version> + </dependency> + + + <dependency> + <groupId>org.xerial</groupId> + <artifactId>sqlite-jdbc</artifactId> + <version>3.32.3.2</version> + </dependency> + + <dependency> + <groupId>javax.xml.bind</groupId> + <artifactId>jaxb-api</artifactId> + <version>2.3.1</version> + </dependency> + + + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.11.0</version> + </dependency> + + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>1.7.30</version> + </dependency> + + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>3.11</version> + </dependency> + + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>2.7</version> + </dependency> + + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient-cache</artifactId> + <version>4.5.12</version> + </dependency> + + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.2.3</version> + <scope>test</scope> + </dependency> + + <dependency> + <groupId>org.projectlombok</groupId> + <artifactId>lombok</artifactId> + <version>${org.projectlombok.lombok.version}</version> + <scope>provided</scope> + </dependency> + + </dependencies> + +</project>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.jar Binary files differnew file mode 100644 index 00000000..300c215c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.pom new file mode 100644 index 00000000..de0ec131 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_cpades</artifactId> + <version>2.4_moa</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.jar Binary files differnew file mode 100644 index 00000000..e30b629e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.pom new file mode 100644 index 00000000..45bf20e7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_eccelerate</artifactId> + <version>6.02</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.jar Binary files differnew file mode 100644 index 00000000..94f2de55 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.pom new file mode 100644 index 00000000..681a6ef3 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_eccelerate_addon</artifactId> + <version>6.02</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.jar Binary files differnew file mode 100644 index 00000000..32d7aec0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.pom new file mode 100644 index 00000000..13b0b357 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_eccelerate_cms</artifactId> + <version>6.02</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.jar Binary files differnew file mode 100644 index 00000000..78b79e97 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.pom new file mode 100644 index 00000000..97989c62 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_jce_full</artifactId> + <version>5.61_moa</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jar Binary files differnew file mode 100644 index 00000000..b7979e51 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom new file mode 100644 index 00000000..b947fb59 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_pki_module</artifactId> + <version>2.02_moa</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.jar Binary files differnew file mode 100644 index 00000000..aa3c229c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.pom new file mode 100644 index 00000000..1fb2f424 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_xsect</artifactId> + <version>2.14_moa</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java index 7c009b68..e4577cae 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java @@ -2,6 +2,7 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.api; import java.util.Date; import java.util.List; +import java.util.Map; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; @@ -115,4 +116,31 @@ public interface ISignatureVerificationService { List<String> verifyTransformsInfoProfileID, String signatureLocationXpath, Date signingDate) throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature. <br> + * <br> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that + * should be used for + * signature-verification + * @param signatureLocationXpath Xpath that points to location of + * Signature element + * @param signingDate Signature timestamp + * @param supplementContent Map that contains supplement profile content; keyed by references. Each entry + * in this map becomes a Content/Base64Content child in the SupplementProfile + * node. + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID, final List<String> verifyTransformsInfoProfileID, + final String signatureLocationXpath, Date signingDate, + final Map<String, byte[]> supplementContent) throws MoaSigServiceException; } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java index c7efc677..b9219ee4 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java @@ -1,5 +1,8 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; +import java.security.Provider; +import java.security.Security; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -10,7 +13,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.w3c.dom.Document; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; @@ -47,25 +49,41 @@ public abstract class AbstractSignatureService { protected final void setUpContexts(final String transactionID) throws ConfigurationException { final TransactionContextManager txMgr = TransactionContextManager.getInstance(); final LoggingContextManager logMgr = LoggingContextManager.getInstance(); - + if (txMgr.getTransactionContext() == null) { log.debug("Set not MOA-Sig transaction context"); final TransactionContext ctx = - new TransactionContext(transactionID, null, ConfigurationProvider.getInstance()); + new TransactionContext(transactionID, null, moaSigConfig.getMoaSigConfig()); txMgr.setTransactionContext(ctx); } + //set Logging context into MOA-Sig if (logMgr.getLoggingContext() == null) { final LoggingContext ctx = new LoggingContext(transactionID); logMgr.setLoggingContext(ctx); } - new IaikConfigurator().configure(ConfigurationProvider.getInstance()); + //dump Java Security-Providers + if (log.isTraceEnabled()) { + log.trace("Set-Up verifier Bean: {}", this); + dumpSecProviders("MOA-Sig Context-Set-Up"); + + } + + new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig()); } + private static void dumpSecProviders(String message) { + log.trace("Security Providers: {}", message); + for (final Provider provider : Security.getProviders()) { + log.trace(" - {} - {}", provider.getName(), provider.getVersion()); + + } + } + /** * Tear down thread-local context information. */ diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java index ae8c2c97..ce98c92b 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java @@ -7,7 +7,6 @@ import java.security.Security; import java.util.Iterator; import java.util.Map.Entry; -import javax.annotation.Nonnull; import javax.annotation.PostConstruct; import org.slf4j.Logger; @@ -18,12 +17,14 @@ import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ISchemaRessourceProvide import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.DOMUtils; import iaik.asn1.structures.AlgorithmID; import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; +import lombok.Getter; public class MoaSigInitializer { private static final Logger log = LoggerFactory.getLogger(MoaSigInitializer.class); @@ -31,18 +32,15 @@ public class MoaSigInitializer { @Autowired(required = false) ISchemaRessourceProvider[] schemas; - private Configurator moaSigConfigurator; - /** * Get MOA-Sig configuration object. - * - * @return moa-sig configuration */ - @Nonnull - public Configurator getMoaSigConfigurator() { - return moaSigConfigurator; + @Getter + private Configurator moaSigConfigurator; + + @Getter + private ConfigurationProvider moaSigConfig; - } @PostConstruct private synchronized void initialize() throws MoaSigServiceConfigurationException { @@ -55,16 +53,12 @@ public class MoaSigInitializer { try { LoggingContextManager.getInstance().setLoggingContext(new LoggingContext("startup")); log.debug("MOA-Sig library initialization process ... "); - Configurator.getInstance().init(); - log.info("MOA-Sig library initialization complete "); + moaSigConfigurator = Configurator.getInstance(); + moaSigConfigurator.init(); - //Security.insertProviderAt(IAIK.getInstance(), 0); + moaSigConfig = ConfigurationProvider.getInstance(); - //final ECCelerate eccProvider = ECCelerate.getInstance(); - //if (Security.getProvider(eccProvider.getName()) != null) { - // Security.removeProvider(eccProvider.getName()); - //} - //Security.addProvider(new ECCelerate()); + log.info("MOA-Sig library initialization complete "); fixJava8_141ProblemWithSslAlgorithms(); @@ -99,8 +93,6 @@ public class MoaSigInitializer { } } - moaSigConfigurator = Configurator.getInstance(); - } catch (final MOAException e) { log.error("MOA-SP initialization FAILED!", e.getWrapped()); throw new MoaSigServiceConfigurationException("service.moasig.04", diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java index 0818a260..9ee6d0aa 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -2,8 +2,10 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; import java.io.ByteArrayInputStream; import java.security.cert.CertificateEncodingException; +import java.util.Collections; import java.util.Date; import java.util.List; +import java.util.Map; import javax.annotation.PostConstruct; @@ -103,7 +105,8 @@ public class SignatureVerificationService extends AbstractSignatureService @Override public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null); + return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, + Collections.EMPTY_MAP); } @@ -119,7 +122,7 @@ public class SignatureVerificationService extends AbstractSignatureService final String trustProfileID, final List<String> verifyTransformsInfoProfileID) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, - DEFAULT_XPATH_SIGNATURE_LOCATION, null); + DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP); } /* @@ -133,27 +136,37 @@ public class SignatureVerificationService extends AbstractSignatureService public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final String signatureLocationXpath) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null); + return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.EMPTY_MAP); } @Override public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, Date signingDate) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, null, - DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate); + DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.EMPTY_MAP); } + @Override public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException { + return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation, + signingDate, Collections.EMPTY_MAP); + } + + @Override + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID, final List<String> verifyTransformsInfoProfileID, + final String xpathSignatureLocation, Date signingDate, final Map<String, byte[]> supplementContent) + throws MoaSigServiceException { try { // setup context setUpContexts(Thread.currentThread().getName()); // build signature-verification request final Element domVerifyXmlSignatureRequest = buildVerifyXmlRequest(signature, trustProfileID, - verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate); + verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate, supplementContent); // send signature-verification to MOA-Sig final VerifyXMLSignatureRequest vsrequest = @@ -262,13 +275,17 @@ public class SignatureVerificationService extends AbstractSignatureService * used for validation * @param xpathSignatureLocation Xpath that points to location of * Signature element - * @param sigValDate Signature timestamp + * @param sigValDate Signature timestamp + * @param supplementContent Map that contains supplement profile content; keyed by references. Each entry + * in this map becomes a Content/Base64Content child in the SupplementProfile + * node. Use this map to specify content of references that the verification + * service cannot resolve. * @return MOA-Sig verification request element * @throws MoaSigServiceBuilderException In case of an error */ private Element buildVerifyXmlRequest(final byte[] signature, final String trustProfileID, final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation, - Date sigValDate) throws MoaSigServiceBuilderException { + Date sigValDate, final Map<String, byte[]> supplementContent) throws MoaSigServiceBuilderException { try { // build empty document final Document requestDoc_ = getNewDocumentBuilder(); @@ -352,6 +369,25 @@ public class SignatureVerificationService extends AbstractSignatureService trustProfileIdElem.appendChild(requestDoc_.createTextNode(trustProfileID)); requestElem_.appendChild(trustProfileIdElem); + // add supplement profile + if (!supplementContent.isEmpty()) { + + final Element supplementProfile = requestDoc_.createElementNS(MOA_NS_URI, "SupplementProfile"); + + for (Map.Entry<String, byte[]> entry: supplementContent.entrySet()) { + String reference = entry.getKey(); + byte[] contentBytes = entry.getValue(); + final Element content = requestDoc_.createElementNS(MOA_NS_URI, "Content"); + content.setAttribute("Reference", reference); + final Element b64content = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + b64content.setTextContent(Base64Utils.encodeToString(contentBytes)); + content.appendChild(b64content); + supplementProfile.appendChild(content); + } + + requestElem_.appendChild(supplementProfile); + } + return requestElem_; } catch (final Throwable t) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index 0a5d17d4..86a66f4e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> </parent> <artifactId>eaaf_module_pvp2_core</artifactId> <name>eaaf_module_pvp2_core</name> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java index 2f058af8..b213425d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java @@ -39,4 +39,11 @@ public interface IPvp2MetadataProvider extends ExtendedRefreshableMetadataResolv @Nullable EntityDescriptor getEntityDescriptor(@Nonnull String entityID) throws ResolverException; + + /** + * Destroy this Metadata resolver, if it supports destroying. + * + */ + void doDestroy(); + } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java index 40448b45..28f5d618 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java @@ -33,13 +33,6 @@ import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.naming.ConfigurationException; -import at.gv.egiz.components.spring.api.IDestroyableObject; -import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; - import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.opensaml.core.criterion.EntityIdCriterion; @@ -50,6 +43,12 @@ import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver; import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import at.gv.egiz.components.spring.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements; import net.shibboleth.utilities.java.support.component.IdentifiedComponent; @@ -464,7 +463,12 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec final AbstractMetadataResolver httpprovider = (AbstractMetadataResolver) resolver; log.debug("Destroy metadata resolver with id: {}", httpprovider.getId()); httpprovider.destroy(); - + + } else if (resolver instanceof IPvp2MetadataProvider) { + final IPvp2MetadataProvider httpprovider = (IPvp2MetadataProvider) resolver; + log.debug("Destroy metadata resolver with id: {}", httpprovider.getId()); + httpprovider.doDestroy(); + } else { log.warn("Metadata resolver: {} can not be destroyed. Reason: unsupported type: {}", resolver.getId(), resolver.getClass().getName()); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java index d2b861dc..4115cc7c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java @@ -1,14 +1,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.metadata; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; - import org.joda.time.DateTime; import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver; import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; +import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver; import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.resolver.CriteriaSet; import net.shibboleth.utilities.java.support.resolver.ResolverException; @@ -112,4 +112,17 @@ public class PvpMetadataResolverAdapter implements IPvp2MetadataProvider, IRefre } } + @Override + public void doDestroy() { + if (internalProvider instanceof AbstractMetadataResolver) { + ((AbstractMetadataResolver) internalProvider).destroy(); + + } else { + log.info("MetadataResolver: {} does not support destroying", + internalProvider.getClass().getName()); + + } + + } + } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java index 3673859a..7ac1d4c5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java @@ -77,4 +77,9 @@ public class DummyMetadataProvider extends AbstractChainingMetadataProvider { } + @Override + public void doDestroy() { + + } + } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml index 27b94a0b..3840c8d9 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> </parent> <artifactId>eaaf_module_pvp2_idp</artifactId> <name>eaaf_module_pvp2_idp</name> diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml index e0cfb26d..f3e9f138 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> </parent> <artifactId>eaaf_module_pvp2_sp</artifactId> <name>eaaf_module_pvp2_sp</name> diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml index 2e504729..5a5aa1f3 100644 --- a/eaaf_modules/pom.xml +++ b/eaaf_modules/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> @@ -6,7 +6,7 @@ <modelVersion>4.0.0</modelVersion> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.8</version> + <version>1.1.11-SNAPSHOT</version> <packaging>pom</packaging> <name>EGIZ EAAF components</name> @@ -23,25 +23,25 @@ <at.gv.egiz.components.eventlog-api.version>0.4</at.gv.egiz.components.eventlog-api.version> <at.gv.egiz.components.egiz-spring-api>0.3.1</at.gv.egiz.components.egiz-spring-api> - <MOA.spss.server.moa-sig-lib.version>3.1.2</MOA.spss.server.moa-sig-lib.version> - <MOA.spss.tsl_lib.version>2.0.2</MOA.spss.tsl_lib.version> + <MOA.spss.server.moa-sig-lib.version>3.1.3</MOA.spss.server.moa-sig-lib.version> + <MOA.spss.tsl_lib.version>2.0.3</MOA.spss.tsl_lib.version> <!-- IAIK libs --> <iaik.prod.iaik_cms.version>5.1</iaik.prod.iaik_cms.version> - <iaik.prod.iaik_cpades.version>2.5.1_moa</iaik.prod.iaik_cpades.version> + <iaik.prod.iaik_cpades.version>2.4_moa</iaik.prod.iaik_cpades.version> <iaik.prod.iaik_cpxlevel.version>0.9_moa</iaik.prod.iaik_cpxlevel.version> - <iaik.prod.iaik_eccelerate.version>5.01</iaik.prod.iaik_eccelerate.version> - <iaik.prod.iaik_eccelerate_addon.version>5.01</iaik.prod.iaik_eccelerate_addon.version> - <iaik.prod.iaik_eccelerate_cms.version>5.01</iaik.prod.iaik_eccelerate_cms.version> - <iaik.prod.iaik_jce_full.version>5.52_moa</iaik.prod.iaik_jce_full.version> + <iaik.prod.iaik_eccelerate.version>6.02</iaik.prod.iaik_eccelerate.version> + <iaik.prod.iaik_eccelerate_addon.version>6.02</iaik.prod.iaik_eccelerate_addon.version> + <iaik.prod.iaik_eccelerate_cms.version>6.02</iaik.prod.iaik_eccelerate_cms.version> + <iaik.prod.iaik_jce_full.version>5.61_moa</iaik.prod.iaik_jce_full.version> <iaik.prod.iaik_jsse.version>4.4</iaik.prod.iaik_jsse.version> <iaik.prod.iaik_moa.version>2.06</iaik.prod.iaik_moa.version> - <iaik.prod.iaik_pki_module.version>2.01_moa</iaik.prod.iaik_pki_module.version> + <iaik.prod.iaik_pki_module.version>2.02_moa</iaik.prod.iaik_pki_module.version> <iaik.prod.iaik_sva.version>1.0.3_moa</iaik.prod.iaik_sva.version> <iaik.prod.iaik_tsp.version>2.32_eval</iaik.prod.iaik_tsp.version> <iaik.prod.iaik_util.version>0.23</iaik.prod.iaik_util.version> <iaik.prod.iaik_xades.version>2.13_moa</iaik.prod.iaik_xades.version> - <iaik.prod.iaik_xsect.version>2.13_moa</iaik.prod.iaik_xsect.version> + <iaik.prod.iaik_xsect.version>2.14_moa</iaik.prod.iaik_xsect.version> <hsm-facade-provider.version>0.5.3-SNAPSHOT</hsm-facade-provider.version> <io.grpc-core.version>1.34.0</io.grpc-core.version> |