diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java')
| -rw-r--r-- | eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java | 57 |
1 files changed, 26 insertions, 31 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java index 34a097bd..a377a4c0 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java @@ -2,9 +2,7 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks; import java.io.IOException; import java.io.StringWriter; -import java.security.cert.X509Certificate; import java.util.HashMap; -import java.util.List; import java.util.Map; import java.util.UUID; @@ -59,12 +57,12 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask JsonNode sl20ReqObj = null; try { //get SL2.0 command or result from HTTP request - Map<String, String> reqParams = getParameters(request); + final Map<String, String> reqParams = getParameters(request); sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); if (StringUtils.isEmpty(sl20Result)) { //Workaround for SIC Handy-Signature, because it sends result in InputStream - String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8"); + final String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8"); if (StringUtils.isNotEmpty(isReqInput)) { log.info("Use SIC Handy-Signature work-around!"); sl20Result = isReqInput.substring("slcommand=".length()); @@ -83,7 +81,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask try { sl20ReqObj = new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result)); - } catch (JsonParseException e) { + } catch (final JsonParseException e) { log.warn("SL2.0 command or result is NOT valid JSON.", e); log.debug("SL2.0 msg: " + sl20Result); throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); @@ -91,8 +89,8 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask } //validate reqId with inResponseTo - String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); - String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); + final String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + final String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { log.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); @@ -100,7 +98,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask //validate signature - VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( + final VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( sl20ReqObj, joseTools, authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); @@ -115,21 +113,18 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask } } - /*TODO validate certificate by using MOA-SPSS - * currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore - */ - List<X509Certificate> sigCertChain = payLoadContainer.getCertChain(); + payLoadContainer.getCertChain(); //extract payloaf - JsonNode payLoad = payLoadContainer.getPayload(); + final JsonNode payLoad = payLoadContainer.getPayload(); //handle SL2.0 response payLoad handleResponsePayLoad(payLoad); - } catch (EAAFAuthenticationException e) { + } catch (final EAAFAuthenticationException e) { log.warn("SL2.0 processing error:", e); if (sl20Result != null) log.debug("Received SL2.0 result: " + sl20Result); @@ -137,7 +132,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); - } catch (Exception e) { + } catch (final Exception e) { log.warn("ERROR:", e); log.warn("SL2.0 Authentication FAILED with a generic error.", e); if (sl20Result != null) @@ -158,7 +153,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask } - } catch (Exception e) { + } catch (final Exception e) { //write internal server errror 500 according to SL2.0 specification, chapter https transport binding log.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e); if (sl20Result != null) @@ -166,7 +161,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask try { response.sendError(500, "Internal Server Error."); - } catch (IOException e1) { + } catch (final IOException e1) { log.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e); } @@ -183,8 +178,8 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask protected abstract String getResumeEndPoint(); private void buildErrorResponse(HttpServletRequest request, HttpServletResponse response, String errorCode, String errorMsg) throws Exception { - ObjectNode error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg); - ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest( + final ObjectNode error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg); + final ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest( UUID.randomUUID().toString(), null, error , @@ -192,7 +187,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask log.debug("Client request containts 'native client' header ... "); log.trace("SL20 response to VDA: " + respContainer); - StringWriter writer = new StringWriter(); + final StringWriter writer = new StringWriter(); writer.write(respContainer.toString()); final byte[] content = writer.toString().getBytes("UTF-8"); response.setStatus(HttpServletResponse.SC_OK); @@ -204,30 +199,30 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonNode sl20ReqObj) throws IOException, SL20Exception { //create response - Map<String, String> reqParameters = new HashMap<String, String>(); + final Map<String, String> reqParameters = new HashMap<String, String>(); reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); - ObjectNode callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + final ObjectNode callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), getResumeEndPoint(), null), SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, false, reqParameters); - ObjectNode callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + final ObjectNode callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); //build first redirect command for app - ObjectNode redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + final ObjectNode redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( generateICPRedirectURLForDebugging(), callCommand, null, true); - ObjectNode redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + final ObjectNode redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); //build second redirect command for IDP - ObjectNode redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), getResumeEndPoint(), null), + final ObjectNode redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), getResumeEndPoint(), pendingReq.getPendingRequestId()), redirectOneCommand, null, true); - ObjectNode redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + final ObjectNode redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); //build generic SL2.0 response container - String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); - ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest( + final String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); + final ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest( UUID.randomUUID().toString(), transactionId, redirectTwoCommand, @@ -239,7 +234,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask || true) { log.debug("Client request containts 'native client' header ... "); log.trace("SL20 response to VDA: " + respContainer); - StringWriter writer = new StringWriter(); + final StringWriter writer = new StringWriter(); writer.write(respContainer.toString()); final byte[] content = writer.toString().getBytes("UTF-8"); response.setStatus(HttpServletResponse.SC_OK); |