diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src')
2 files changed, 37 insertions, 33 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java index 337002c5..3890aaac 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java @@ -1,9 +1,7 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks; import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; import java.util.Map; @@ -25,13 +23,11 @@ import org.springframework.beans.factory.annotation.Autowired; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ObjectNode; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; @@ -42,7 +38,6 @@ import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SLCommandoBuildException; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SLCommandoParserException; -import at.gv.egiz.eaaf.modules.auth.sl20.utils.IJOSETools; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JSONBuilderUtils; @@ -51,8 +46,6 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JSONExtractorUtils; public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServletTask { private static final Logger log = LoggerFactory.getLogger(AbstractCreateQualeIDRequestTask.class); - @Autowired(required=true) private IJOSETools joseTools; - @Autowired(required=true) private IConfiguration basicConfig; @Autowired(required=true) private HttpClientFactory httpClientFactory; @Override @@ -65,28 +58,29 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl try { //get service-provider configuration - ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); + final ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); //get basic configuration parameters - String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext); + final String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext); if (StringUtils.isEmpty(vdaQualeIDUrl)) { log.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); } + log.debug("Use {} as VDA end-point") ; revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_ENDPOINT_URL, vdaQualeIDUrl); //create SL2.0 command for qualified eID - String signedQualeIDCommand = buildSignedQualifiedEIDCommand(); + final String signedQualeIDCommand = buildSignedQualifiedEIDCommand(); //build request container - String qualeIDReqId = Random.nextProcessReferenceValue(); - ObjectNode sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); + final String qualeIDReqId = Random.nextProcessReferenceValue(); + final ObjectNode sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); //build http POST request - HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); - List<NameValuePair> parameters = new ArrayList<NameValuePair>();; + final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); + final List<NameValuePair> parameters = new ArrayList<NameValuePair>();; parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()))); httpReq.setEntity(new UrlEncodedFormEntity(parameters )); @@ -101,29 +95,29 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes())); //request VDA - HttpResponse httpResp = httpClientFactory.getHttpClient().execute(httpReq); + final HttpResponse httpResp = httpClientFactory.getHttpClient().execute(httpReq); //parse response log.info("Receive response from VDA ... "); - JsonNode sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); - VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); + final JsonNode sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); + final VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); if (respPayloadContainer.isValidSigned() == null) { log.debug("Receive unsigned payLoad from VDA"); } - JsonNode respPayload = respPayloadContainer.getPayload(); + final JsonNode respPayload = respPayloadContainer.getPayload(); if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText() .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) { log.debug("Find 'redirect' command in VDA response ... "); - JsonNode params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true); - String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true); - JsonNode command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false); - String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false); + final JsonNode params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true); + final String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true); + final JsonNode command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false); + final String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false); //create forward SL2.0 command - ObjectNode sl20Forward = sl20Resp.deepCopy(); + final ObjectNode sl20Forward = sl20Resp.deepCopy(); SL20JSONBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, command.deepCopy(), signedCommand); @@ -143,8 +137,8 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl if (result == null) result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); - String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); - String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); + final String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); + final String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); log.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg); throw new SL20Exception("sl20.08", new Object[]{errorCode, errorMsg}); @@ -156,10 +150,10 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl } - } catch (EAAFAuthenticationException e) { + } catch (final EAAFAuthenticationException e) { throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); - } catch (Exception e) { + } catch (final Exception e) { log.warn("SL2.0 Authentication FAILED with a generic error.", e); throw new TaskExecutionException(pendingReq, e.getMessage(), e); @@ -187,9 +181,9 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl //TODO: fully remove if not required any more //String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); - String spSpecificVDAEndpoints = null; + final String spSpecificVDAEndpoints = null; - Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + final Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); if (StringUtils.isNotEmpty(spSpecificVDAEndpoints)) { endPointMap.putAll(KeyValueUtils.convertListToMap( KeyValueUtils.getListOfCSVValues( @@ -201,9 +195,9 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl log.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... "); //selection based on request Header - String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + final String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); if (StringUtils.isNotEmpty(sl20VDATypeHeader)) { - String vdaURL = endPointMap.get(sl20VDATypeHeader); + final String vdaURL = endPointMap.get(sl20VDATypeHeader); if (StringUtils.isNotEmpty(vdaURL)) return vdaURL.trim(); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java index 524c9e80..a5e5a3dc 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java @@ -307,8 +307,18 @@ public class SL20JSONExtractorUtils { (httpResp.getStatusLine().getStatusCode() == 401) || (httpResp.getStatusLine().getStatusCode() == 400) ) { log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() - + ". Search for error message"); - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + ". Search for error message"); + + try { + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } catch (final Exception e) { + log.warn("SL20 response contains no valid JSON", e); + throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + + " AND NO valid JSON errormsg", e); + + } + } else |