diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src')
2 files changed, 60 insertions, 64 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java index 34a097bd..a377a4c0 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java @@ -2,9 +2,7 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks; import java.io.IOException; import java.io.StringWriter; -import java.security.cert.X509Certificate; import java.util.HashMap; -import java.util.List; import java.util.Map; import java.util.UUID; @@ -59,12 +57,12 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask JsonNode sl20ReqObj = null; try { //get SL2.0 command or result from HTTP request - Map<String, String> reqParams = getParameters(request); + final Map<String, String> reqParams = getParameters(request); sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); if (StringUtils.isEmpty(sl20Result)) { //Workaround for SIC Handy-Signature, because it sends result in InputStream - String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8"); + final String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8"); if (StringUtils.isNotEmpty(isReqInput)) { log.info("Use SIC Handy-Signature work-around!"); sl20Result = isReqInput.substring("slcommand=".length()); @@ -83,7 +81,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask try { sl20ReqObj = new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result)); - } catch (JsonParseException e) { + } catch (final JsonParseException e) { log.warn("SL2.0 command or result is NOT valid JSON.", e); log.debug("SL2.0 msg: " + sl20Result); throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); @@ -91,8 +89,8 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask } //validate reqId with inResponseTo - String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); - String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); + final String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + final String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { log.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); @@ -100,7 +98,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask //validate signature - VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( + final VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( sl20ReqObj, joseTools, authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); @@ -115,21 +113,18 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask } } - /*TODO validate certificate by using MOA-SPSS - * currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore - */ - List<X509Certificate> sigCertChain = payLoadContainer.getCertChain(); + payLoadContainer.getCertChain(); //extract payloaf - JsonNode payLoad = payLoadContainer.getPayload(); + final JsonNode payLoad = payLoadContainer.getPayload(); //handle SL2.0 response payLoad handleResponsePayLoad(payLoad); - } catch (EAAFAuthenticationException e) { + } catch (final EAAFAuthenticationException e) { log.warn("SL2.0 processing error:", e); if (sl20Result != null) log.debug("Received SL2.0 result: " + sl20Result); @@ -137,7 +132,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); - } catch (Exception e) { + } catch (final Exception e) { log.warn("ERROR:", e); log.warn("SL2.0 Authentication FAILED with a generic error.", e); if (sl20Result != null) @@ -158,7 +153,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask } - } catch (Exception e) { + } catch (final Exception e) { //write internal server errror 500 according to SL2.0 specification, chapter https transport binding log.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e); if (sl20Result != null) @@ -166,7 +161,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask try { response.sendError(500, "Internal Server Error."); - } catch (IOException e1) { + } catch (final IOException e1) { log.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e); } @@ -183,8 +178,8 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask protected abstract String getResumeEndPoint(); private void buildErrorResponse(HttpServletRequest request, HttpServletResponse response, String errorCode, String errorMsg) throws Exception { - ObjectNode error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg); - ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest( + final ObjectNode error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg); + final ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest( UUID.randomUUID().toString(), null, error , @@ -192,7 +187,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask log.debug("Client request containts 'native client' header ... "); log.trace("SL20 response to VDA: " + respContainer); - StringWriter writer = new StringWriter(); + final StringWriter writer = new StringWriter(); writer.write(respContainer.toString()); final byte[] content = writer.toString().getBytes("UTF-8"); response.setStatus(HttpServletResponse.SC_OK); @@ -204,30 +199,30 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonNode sl20ReqObj) throws IOException, SL20Exception { //create response - Map<String, String> reqParameters = new HashMap<String, String>(); + final Map<String, String> reqParameters = new HashMap<String, String>(); reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); - ObjectNode callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + final ObjectNode callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), getResumeEndPoint(), null), SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, false, reqParameters); - ObjectNode callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + final ObjectNode callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); //build first redirect command for app - ObjectNode redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + final ObjectNode redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( generateICPRedirectURLForDebugging(), callCommand, null, true); - ObjectNode redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + final ObjectNode redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); //build second redirect command for IDP - ObjectNode redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), getResumeEndPoint(), null), + final ObjectNode redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), getResumeEndPoint(), pendingReq.getPendingRequestId()), redirectOneCommand, null, true); - ObjectNode redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + final ObjectNode redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); //build generic SL2.0 response container - String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); - ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest( + final String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); + final ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest( UUID.randomUUID().toString(), transactionId, redirectTwoCommand, @@ -239,7 +234,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask || true) { log.debug("Client request containts 'native client' header ... "); log.trace("SL20 response to VDA: " + respContainer); - StringWriter writer = new StringWriter(); + final StringWriter writer = new StringWriter(); writer.write(respContainer.toString()); final byte[] content = writer.toString().getBytes("UTF-8"); response.setStatus(HttpServletResponse.SC_OK); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java index 827b5970..524c9e80 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java @@ -1,6 +1,5 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; -import java.io.InputStreamReader; import java.util.ArrayList; import java.util.Base64; import java.util.HashMap; @@ -13,6 +12,7 @@ import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.utils.URIBuilder; +import org.apache.http.util.EntityUtils; import org.apache.log4j.Logger; import org.jose4j.base64url.Base64Url; @@ -39,17 +39,17 @@ public class SL20JSONExtractorUtils { */ public static String getStringValue(JsonNode input, String keyID, boolean isRequired) throws SLCommandoParserException { try { - JsonNode internal = getAndCheck(input, keyID, isRequired); + final JsonNode internal = getAndCheck(input, keyID, isRequired); if (internal != null) return internal.asText(); else return null; - } catch (SLCommandoParserException e) { + } catch (final SLCommandoParserException e) { throw e; - } catch (Exception e) { + } catch (final Exception e) { throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); } @@ -66,17 +66,17 @@ public class SL20JSONExtractorUtils { */ public static boolean getBooleanValue(ObjectNode input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException { try { - JsonNode internal = getAndCheck(input, keyID, isRequired); + final JsonNode internal = getAndCheck(input, keyID, isRequired); if (internal != null) return internal.asBoolean(); else return defaultValue; - } catch (SLCommandoParserException e) { + } catch (final SLCommandoParserException e) { throw e; - } catch (Exception e) { + } catch (final Exception e) { throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); } @@ -93,17 +93,17 @@ public class SL20JSONExtractorUtils { */ public static JsonNode getJSONObjectValue(JsonNode input, String keyID, boolean isRequired) throws SLCommandoParserException { try { - JsonNode internal = getAndCheck(input, keyID, isRequired); + final JsonNode internal = getAndCheck(input, keyID, isRequired); if (internal != null) return internal; else return null; - } catch (SLCommandoParserException e) { + } catch (final SLCommandoParserException e) { throw e; - } catch (Exception e) { + } catch (final Exception e) { throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); } @@ -117,12 +117,12 @@ public class SL20JSONExtractorUtils { * @throws SLCommandoParserException */ public static List<String> getListOfStringElements(JsonNode input) throws SLCommandoParserException { - List<String> result = new ArrayList<String>(); + final List<String> result = new ArrayList<String>(); if (input != null) { if (input.isArray()) { - Iterator<JsonNode> arrayIterator = input.iterator(); + final Iterator<JsonNode> arrayIterator = input.iterator(); while(arrayIterator.hasNext()) { - JsonNode next = arrayIterator.next(); + final JsonNode next = arrayIterator.next(); if (next.isTextual()) result.add(next.asText()); } @@ -150,7 +150,7 @@ public class SL20JSONExtractorUtils { * @throws SLCommandoParserException */ public static Map<String, String> getMapOfStringElements(JsonNode input, String keyID, boolean isRequired) throws SLCommandoParserException { - JsonNode internal = getAndCheck(input, keyID, isRequired); + final JsonNode internal = getAndCheck(input, keyID, isRequired); return getMapOfStringElements(internal); } @@ -163,20 +163,20 @@ public class SL20JSONExtractorUtils { * @throws SLCommandoParserException */ public static Map<String, String> getMapOfStringElements(JsonNode input) throws SLCommandoParserException { - Map<String, String> result = new HashMap<String, String>(); + final Map<String, String> result = new HashMap<String, String>(); if (input != null) { if (input.isArray()) { - Iterator<JsonNode> arrayIterator = input.iterator(); + final Iterator<JsonNode> arrayIterator = input.iterator(); while(arrayIterator.hasNext()) { - JsonNode next = arrayIterator.next(); - Iterator<Entry<String, JsonNode>> entry = next.fields(); + final JsonNode next = arrayIterator.next(); + final Iterator<Entry<String, JsonNode>> entry = next.fields(); entitySetToMap(result, entry); } } else if (input.isObject()) { - Iterator<Entry<String, JsonNode>> objectKeys = input.fields(); + final Iterator<Entry<String, JsonNode>> objectKeys = input.fields(); entitySetToMap(result, objectKeys); } else @@ -189,7 +189,7 @@ public class SL20JSONExtractorUtils { private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonNode>> entry) { while (entry.hasNext()) { - Entry<String, JsonNode> el = entry.next(); + final Entry<String, JsonNode> el = entry.next(); if (result.containsKey(el.getKey())) log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); @@ -201,8 +201,8 @@ public class SL20JSONExtractorUtils { public static JsonNode extractSL20Result(JsonNode command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { - JsonNode result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); - JsonNode encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + final JsonNode result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); + final JsonNode encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); if (result == null && encryptedResult == null) throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); @@ -214,18 +214,18 @@ public class SL20JSONExtractorUtils { try { return decrypter.decryptPayload(encryptedResult.asText()); - } catch (Exception e) { + } catch (final Exception e) { log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); if (!mustBeEncrypted) { log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); //dummy code try { - String[] signedPayload = encryptedResult.toString().split("\\."); - JsonNode payLoad = mapper.getMapper().readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); + final String[] signedPayload = encryptedResult.toString().split("\\."); + final JsonNode payLoad = mapper.getMapper().readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); return payLoad; - } catch (Exception e1) { + } catch (final Exception e1) { log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); throw new SL20Exception(e.getMessage(), null, e); @@ -255,8 +255,8 @@ public class SL20JSONExtractorUtils { */ public static VerificationResult extractSL20PayLoad(JsonNode container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception { - JsonNode sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); - JsonNode sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); + final JsonNode sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); + final JsonNode sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); if (mustBeSigned && joseTools == null) throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); @@ -291,11 +291,11 @@ public class SL20JSONExtractorUtils { try { JsonNode sl20Resp = null; if (httpResp.getStatusLine().getStatusCode() == 307) { - Header[] locationHeader = httpResp.getHeaders("Location"); + final Header[] locationHeader = httpResp.getHeaders("Location"); if (locationHeader == null) throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); - String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); + final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); sl20Resp = mapper.getMapper().readTree(Base64Url.encode((sl20RespString.getBytes()))); } else if (httpResp.getStatusLine().getStatusCode() == 200) { @@ -317,7 +317,7 @@ public class SL20JSONExtractorUtils { log.info("Find JSON object in http response"); return sl20Resp; - } catch (Exception e) { + } catch (final Exception e) { throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); } @@ -325,7 +325,8 @@ public class SL20JSONExtractorUtils { private static JsonNode parseSL20ResultFromResponse(HttpEntity resp) throws Exception { if (resp != null && resp.getContent() != null) { - JsonNode sl20Resp = mapper.getMapper().readTree(new InputStreamReader(resp.getContent())); + final String rawSL20Resp = EntityUtils.toString(resp); + final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp); //TODO: check sl20Resp type like && sl20Resp.isJsonObject() if (sl20Resp != null) { @@ -342,7 +343,7 @@ public class SL20JSONExtractorUtils { private static JsonNode getAndCheck(JsonNode input, String keyID, boolean isRequired) throws SLCommandoParserException { - JsonNode internal = input.get(keyID); + final JsonNode internal = input.get(keyID); if (internal == null && isRequired) throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); |