summaryrefslogtreecommitdiff
path: root/eaaf_core_utils/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_core_utils/src/main')
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java37
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java59
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java19
-rw-r--r--eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties11
4 files changed, 59 insertions, 67 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java
index b10f8586..83ea7da0 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java
@@ -1,6 +1,6 @@
package at.gv.egiz.eaaf.core.impl.utils;
-import java.io.UnsupportedEncodingException;
+import java.nio.charset.StandardCharsets;
import java.security.Provider;
import java.util.Base64;
@@ -98,10 +98,10 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
}
return Base64.getUrlEncoder()
- .encodeToString(encToken.getCompactSerialization().getBytes("UTF-8"));
+ .encodeToString(encToken.getCompactSerialization().getBytes(StandardCharsets.UTF_8));
- } catch (final JoseException | UnsupportedEncodingException e) {
- throw new EaafException("internal.99", new Object[] { e.getMessage() }, e);
+ } catch (final JoseException e) {
+ throw new EaafException("internal.pendingreqid.02", new Object[] { e.getMessage() }, e);
}
@@ -117,7 +117,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
if (!(StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1)) {
log.warn("PendingRequestId has an unvalid format");
log.debug("PendingRequestId: {}", stringToken);
- throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.01");
}
@@ -125,13 +125,10 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
StringUtils.split(stringToken, TOKEN_SEPARATOR, ENCODED_TOKEN_PARTS);
return tokenElements[1];
- } catch (final UnsupportedEncodingException e) {
- throw new RuntimeException(e);
-
} catch (JoseException e) {
log.warn("Token is NOT a valid String. Msg: {}", e.getMessage());
log.debug("TokenValue: {}", externalPendingReqId);
- throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.05", e);
}
}
@@ -145,7 +142,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
if (!(StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1)) {
log.info("PendingRequestId: {}", stringToken);
- throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.01");
}
@@ -154,15 +151,13 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
final String internalPendingReqId = tokenElements[1];
final DateTime timeStamp = TOKEN_TEXTUAL_DATE_FORMAT.parseDateTime(tokenElements[0]);
-
-
log.trace("Checking valid period ... ");
final DateTime now = DateTime.now();
if (timeStamp.withFieldAdded(DurationFieldType.seconds(), maxPendingRequestIdLifeTime)
.isBefore(now)) {
log.info("Token exceeds the valid period. Token: {} | Now: {}", timeStamp, now);
throw new PendingReqIdValidationException(internalPendingReqId,
- "PendingRequestId exceeds the valid period");
+ "internal.pendingreqid.06");
}
log.debug("Token valid-period check successful");
@@ -172,25 +167,22 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
} catch (JoseException e) {
log.warn("Token is NOT a valid encrypt. Msg: {}", e.getMessage());
log.debug("TokenValue: {}", externalPendingReqId);
- throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid encrypted", e);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.04", e);
} catch (final IllegalArgumentException e) {
log.warn("Token is NOT a valid String. Msg: {}", e.getMessage());
log.debug("TokenValue: {}", externalPendingReqId);
- throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e);
-
- } catch (final UnsupportedEncodingException e) {
- throw new RuntimeException(e);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.05", e);
}
}
@Nonnull
private String getDecryptedExternalPendingRequestId(String externalPendingReqId)
- throws JoseException, PendingReqIdValidationException, UnsupportedEncodingException {
+ throws JoseException, PendingReqIdValidationException {
if (StringUtils.isEmpty(externalPendingReqId)) {
log.info("PendingReqId is 'null' or empty");
- throw new PendingReqIdValidationException(null, "PendingReqId is 'null' or empty");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.00");
}
@@ -199,8 +191,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
if (externalPendingReqIdBytes.length > maxPendingReqIdSize) {
log.warn("pendingReqId size exceeds {}", maxPendingReqIdSize);
- throw new PendingReqIdValidationException(null,
- "pendingReqId exceeds max.size: " + maxPendingReqIdSize);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.03");
}
@@ -223,7 +214,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
}
- encToken.setCompactSerialization(new String(externalPendingReqIdBytes, "UTF-8"));
+ encToken.setCompactSerialization(new String(externalPendingReqIdBytes, StandardCharsets.UTF_8));
return encToken.getPayload();
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
index ad6471d5..8ec5f3a8 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
@@ -1,6 +1,6 @@
package at.gv.egiz.eaaf.core.impl.utils;
-import java.io.UnsupportedEncodingException;
+import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
@@ -80,33 +80,22 @@ public class SecurePendingRequestIdGenerationStrategy
@Override
public String generateExternalPendingRequestId() throws EaafException {
- try {
- final String toSign = buildInternalToken(Random.nextLongRandom(), DateTime.now());
- final StringBuilder externalPendingRequestId = new StringBuilder();
- externalPendingRequestId.append(toSign);
- externalPendingRequestId.append(TOKEN_SEPARATOR);
- externalPendingRequestId.append(Base64.getEncoder().encodeToString(calculateHmac(toSign)));
- return Base64.getUrlEncoder()
- .encodeToString(externalPendingRequestId.toString().getBytes("UTF-8"));
-
- } catch (final UnsupportedEncodingException e) {
- throw new EaafException("internal.99", new Object[] { e.getMessage() }, e);
-
- }
+ final String toSign = buildInternalToken(Random.nextLongRandom(), DateTime.now());
+ final StringBuilder externalPendingRequestId = new StringBuilder();
+ externalPendingRequestId.append(toSign);
+ externalPendingRequestId.append(TOKEN_SEPARATOR);
+ externalPendingRequestId.append(Base64.getEncoder().encodeToString(calculateHmac(toSign)));
+ return Base64.getUrlEncoder()
+ .encodeToString(externalPendingRequestId.toString().getBytes(StandardCharsets.UTF_8));
}
@Override
public String getPendingRequestIdWithOutChecks(final String externalPendingReqId)
throws PendingReqIdValidationException {
- try {
- final String[] tokenElements = extractTokens(externalPendingReqId);
- return tokenElements[1];
-
- } catch (final UnsupportedEncodingException e) {
- throw new RuntimeException(e);
-
- }
+ final String[] tokenElements = extractTokens(externalPendingReqId);
+ return tokenElements[1];
+
}
@Override
@@ -123,8 +112,7 @@ public class SecurePendingRequestIdGenerationStrategy
if (!Arrays.equals(tokenDigest, refDigist)) {
log.warn("Digest of Token does NOT match");
log.debug("Token: {} | Ref: {}", tokenDigest, refDigist);
- throw new PendingReqIdValidationException(null,
- "Digest of pendingRequestId does NOT match");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.04");
}
log.debug("PendingRequestId HMAC digest check successful");
@@ -135,8 +123,7 @@ public class SecurePendingRequestIdGenerationStrategy
.isBefore(now)) {
log.warn("Token exceeds the valid period");
log.debug("Token: {} | Now: {}", timeStamp, now);
- throw new PendingReqIdValidationException(internalPendingReqId,
- "PendingRequestId exceeds the valid period");
+ throw new PendingReqIdValidationException(internalPendingReqId, "internal.pendingreqid.06");
}
log.debug("Token valid-period check successful");
@@ -146,20 +133,17 @@ public class SecurePendingRequestIdGenerationStrategy
} catch (final IllegalArgumentException | EaafIllegalStateException e) {
log.warn("Token is NOT a valid String. Msg: {}", e.getMessage());
log.debug("TokenValue: {}", externalPendingReqId);
- throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e);
-
- } catch (final UnsupportedEncodingException e) {
- throw new RuntimeException(e);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.06", e);
}
}
@NonNull
private String[] extractTokens(@Nullable final String externalPendingReqId)
- throws PendingReqIdValidationException, UnsupportedEncodingException {
+ throws PendingReqIdValidationException {
if (StringUtils.isEmpty(externalPendingReqId)) {
log.info("PendingReqId is 'null' or empty");
- throw new PendingReqIdValidationException(null, "PendingReqId is 'null' or empty");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.00");
}
@@ -168,12 +152,11 @@ public class SecurePendingRequestIdGenerationStrategy
if (externalPendingReqIdBytes.length > maxPendingReqIdSize) {
log.warn("pendingReqId size exceeds {}", maxPendingReqIdSize);
- throw new PendingReqIdValidationException(null,
- "pendingReqId exceeds max.size: " + maxPendingReqIdSize);
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.03");
}
- final String stringToken = new String(externalPendingReqIdBytes, "UTF-8");
+ final String stringToken = new String(externalPendingReqIdBytes, StandardCharsets.UTF_8);
if (StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1) {
final String[] tokenElements =
StringUtils.split(stringToken, TOKEN_SEPARATOR, ENCODED_TOKEN_PARTS);
@@ -182,7 +165,7 @@ public class SecurePendingRequestIdGenerationStrategy
} else {
log.warn("PendingRequestId has an unvalid format");
log.debug("PendingRequestId: {}", stringToken);
- throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format");
+ throw new PendingReqIdValidationException(null, "internal.pendingreqid.01");
}
@@ -243,9 +226,9 @@ public class SecurePendingRequestIdGenerationStrategy
try {
final Mac mac = Mac.getInstance(digistAlgorithm);
mac.init(key);
- return mac.doFinal(toSign.getBytes("UTF-8"));
+ return mac.doFinal(toSign.getBytes(StandardCharsets.UTF_8));
- } catch (UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeyException e) {
+ } catch (NoSuchAlgorithmException | InvalidKeyException e) {
log.error("Can NOT generate secure pendingRequestId", e);
throw new EaafIllegalStateException(
new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e);
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
index 4c1601c0..d1613d16 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
@@ -21,7 +21,10 @@ package at.gv.egiz.eaaf.core.impl.utils;
import java.util.UUID;
+import javax.annotation.Nullable;
+
import at.gv.egiz.eaaf.core.api.IRequest;
+import lombok.extern.slf4j.Slf4j;
/**
* Transaction Identifier Utils.
@@ -29,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
* @author tlenz
*
*/
+@Slf4j
public class TransactionIdUtils {
/**
@@ -58,11 +62,16 @@ public class TransactionIdUtils {
*
* @param pendingRequest Http request object
*/
- public static void setAllLoggingVariables(final IRequest pendingRequest) {
- setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
- setSessionId(pendingRequest.getUniqueSessionIdentifier());
- setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier());
-
+ public static void setAllLoggingVariables(@Nullable final IRequest pendingRequest) {
+ if (pendingRequest != null) {
+ setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
+ setSessionId(pendingRequest.getUniqueSessionIdentifier());
+ setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier());
+
+ } else {
+ log.warn("Can NOT set MDC variables from pendingRequest because it is 'null'");
+
+ }
}
/**
diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
index 5b398bb0..79f82af8 100644
--- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
+++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
@@ -20,4 +20,13 @@ internal.key.01=Can not use key from Keystore: {0} Reason: {1}
internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set
internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set
internal.httpclient.02=HttpClient:{0} uses KeyStore:{1}, but 'keyPassword' is NOT set
-internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1} \ No newline at end of file
+internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1}
+
+internal.pendingreqid.00=Process Token is 'null' or 'empty'
+internal.pendingreqid.01=Process Token is NOT valid because it has an invalid format
+internal.pendingreqid.02=Can not create process Token
+internal.pendingreqid.03=Process Token is NOT valid because it reached maximum size
+internal.pendingreqid.04=Process Token is NOT valid because it is cryptographically invalid
+internal.pendingreqid.05=Process Token is NOT valid because it has an invalid encoding
+internal.pendingreqid.06=Process Token is NOT valid because it exceeds the valid period
+