diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20')
15 files changed, 534 insertions, 705 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java index 1a88c43b..e9932ae8 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java @@ -2,19 +2,21 @@ package at.gv.egiz.eaaf.modules.auth.sl20; import java.util.Arrays; import java.util.List; + import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - /** * AuthModule to select a Securtiy-Layer 2.0 based authentication process. @@ -23,8 +25,7 @@ import org.springframework.beans.factory.annotation.Autowired; * */ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule { - private static final Logger log = - LoggerFactory.getLogger(AbstractSL20AuthenticationModulImpl.class); + private static final Logger log = LoggerFactory.getLogger(AbstractSL20AuthenticationModulImpl.class); private int priority = 3; public static final List<String> VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4"); @@ -56,17 +57,15 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule } - /* * (non-Javadoc) * - * @see - * at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process - * .api.ExecutionContext) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv. + * egovernment.moa.id.process .api.ExecutionContext) */ @Override public String selectProcess(final ExecutionContext context, final IRequest pendingReq) { - final IspConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); + final ISpConfiguration spConfig = pendingReq.getServiceProviderConfiguration(); if (spConfig == null) { log.error("Suspect state. NO SP CONFIGURATION IN CONTEXT!"); @@ -74,17 +73,13 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule } - final String sl20ClientTypeHeader = - (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); - final String sl20VdaTypeHeader = - (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + final String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); + final String sl20VdaTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); if (authConfig.getBasicConfigurationBoolean(getGeneralConfigPropertyNameEnableModule(), getGeneralConfigPropertyNameEnableModuleDefault())) { - if (StringUtils - .isNotEmpty(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule())) - && Boolean - .valueOf(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))) { + if (StringUtils.isNotEmpty(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule())) + && Boolean.valueOf(spConfig.getConfigurationValue(getSpConfigPropertyNameEnableModule()))) { log.debug("SL2.0 is enabled for " + spConfig.getUniqueIdentifier()); log.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + ": " + sl20ClientTypeHeader); log.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE + ": " + sl20VdaTypeHeader); @@ -97,8 +92,7 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule } } else { - log.trace("SL2.0 is NOT enabled with property: {}", - getGeneralConfigPropertyNameEnableModule()); + log.trace("SL2.0 is NOT enabled with property: {}", getGeneralConfigPropertyNameEnableModule()); return null; } @@ -106,22 +100,24 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule } /** - * Get the general configuration-key that holds the enabled key for this authentication module. + * Get the general configuration-key that holds the enabled key for this + * authentication module. * * @return */ public abstract String getGeneralConfigPropertyNameEnableModule(); /** - * Get the default value of the general configuration-key that holds the enabled key for this - * authentication module. + * Get the default value of the general configuration-key that holds the enabled + * key for this authentication module. * * @return */ public abstract boolean getGeneralConfigPropertyNameEnableModuleDefault(); /** - * Get the SP specific configuration-key that holds the enabled key for this authentication module. + * Get the SP specific configuration-key that holds the enabled key for this + * authentication module. * * @return configuration key for SP configuration */ diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java index a8460911..f607f8cb 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java @@ -3,44 +3,38 @@ package at.gv.egiz.eaaf.modules.auth.sl20; public class Constants { public static final String CONFIG_PROP_PREFIX = "modules.sl20"; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = - CONFIG_PROP_PREFIX + ".vda.urls.qualeID."; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID."; - public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = - CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = - CONFIG_PROP_PREFIX + ".security.keystore.path"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = - CONFIG_PROP_PREFIX + ".security.keystore.password"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = - CONFIG_PROP_PREFIX + ".security.sign.alias"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = - CONFIG_PROP_PREFIX + ".security.sign.password"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = - CONFIG_PROP_PREFIX + ".security.encryption.alias"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = - CONFIG_PROP_PREFIX + ".security.encryption.password"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + + ".vda.authblock.transformation.id"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + + ".security.keystore.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = CONFIG_PROP_PREFIX + + ".security.sign.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + + ".security.encryption.alias"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + + ".security.encryption.password"; public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT = "default"; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = - CONFIG_PROP_VDA_ENDPOINT_QUALeID + CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = - CONFIG_PROP_VDA_ENDPOINT_QUALeID + "list"; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_VDA_ENDPOINT_QUALeID + + CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID + "list"; public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; - public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = - CONFIG_PROP_PREFIX + ".security.eID.validation.disable"; - public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION = - CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled"; - public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = - CONFIG_PROP_PREFIX + ".security.eID.encryption.required"; - public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = - CONFIG_PROP_PREFIX + ".security.eID.signed.result.required"; + public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + + ".security.eID.validation.disable"; + public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + + ".security.eID.encryption.enabled"; + public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + + ".security.eID.encryption.required"; + public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = CONFIG_PROP_PREFIX + + ".security.eID.signed.result.required"; - public static final String CONFIG_PROP_IPC_RETURN_URL = - CONFIG_PROP_PREFIX + ".testing.ipc.return.url"; - public static final String CONFIG_PROP_HTTP_REDIRECT_CODE = - CONFIG_PROP_PREFIX + ".testing.redirect.http.code"; + public static final String CONFIG_PROP_IPC_RETURN_URL = CONFIG_PROP_PREFIX + ".testing.ipc.return.url"; + public static final String CONFIG_PROP_HTTP_REDIRECT_CODE = CONFIG_PROP_PREFIX + ".testing.redirect.http.code"; public static final String CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE = "303"; public static final String CONFIG_PROP_SP_ENABLE_SL20_AUTHENTICATION = "auth.sl20.enabled"; @@ -51,25 +45,23 @@ public class Constants { /** * Only dummy data for development!!!!!!. */ - public static final String DUMMY_SIGNING_CERT = - "MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n" - + "BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n" - + "HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n" - + "MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n" - + "cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n" - + "Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n" - + "WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n" - + "WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n" - + "Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n" - + "V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n" - + "LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n" - + "8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n" - + "60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n" - + "3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n" - + "8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n" - + "TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg=="; + public static final String DUMMY_SIGNING_CERT = "MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n" + + "BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n" + + "HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n" + + "MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n" + + "cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n" + + "Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n" + + "WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n" + + "WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n" + + "Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n" + + "V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n" + + "LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n" + + "8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n" + + "60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n" + + "3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n" + + "8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n" + + "TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg=="; - public static final String DUMMY_SIGNING_CERT_FINGERPRINT = - "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW"; + public static final String DUMMY_SIGNING_CERT_FINGERPRINT = "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW"; } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java index 7ca4ea87..bb0c41d7 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java @@ -16,8 +16,15 @@ public class VerificationResult { } - public VerificationResult(final JsonNode string, final List<X509Certificate> certs, final boolean wasValidSigned) { - this.payload = string; + /** + * JWS signature verification-result container. + * + * @param payload JWS payload + * @param certs JWS signercertificate + * @param wasValidSigned true if signature was valid + */ + public VerificationResult(final JsonNode payload, final List<X509Certificate> certs, final boolean wasValidSigned) { + this.payload = payload; this.certs = certs; this.validSigned = wasValidSigned; @@ -35,6 +42,4 @@ public class VerificationResult { return payload; } - - } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java index c751f2c2..62abdeb8 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20SecurityException.java @@ -9,7 +9,7 @@ public class SL20SecurityException extends SL20Exception { } public SL20SecurityException(final String parameter) { - super("sl20.05", new Object[] {parameter}); + super("sl20.05", new Object[] { parameter }); } public SL20SecurityException(final Object[] parameters, final Throwable wrapped) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java index bed1cdb0..361f57b7 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoBuildException.java @@ -4,14 +4,13 @@ public class SlCommandoBuildException extends SL20Exception { private static final long serialVersionUID = 1L; - public SlCommandoBuildException(final String msg) { - super("sl20.01", new Object[] {msg}); + super("sl20.01", new Object[] { msg }); } public SlCommandoBuildException(final String msg, final Throwable e) { - super("sl20.01", new Object[] {msg}, e); + super("sl20.01", new Object[] { msg }, e); } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java index dab42631..4993796a 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SlCommandoParserException.java @@ -4,14 +4,13 @@ public class SlCommandoParserException extends SL20Exception { private static final long serialVersionUID = 1L; - public SlCommandoParserException(final String msg) { - super("sl20.02", new Object[] {msg}); + super("sl20.02", new Object[] { msg }); } public SlCommandoParserException(final String msg, final Throwable e) { - super("sl20.02", new Object[] {msg}, e); + super("sl20.02", new Object[] { msg }, e); } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index 518f0d24..d1887d5c 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -4,10 +4,27 @@ import java.security.cert.CertificateEncodingException; import java.util.ArrayList; import java.util.List; import java.util.Map; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.HttpResponse; +import org.apache.http.NameValuePair; +import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.message.BasicNameValuePair; +import org.jose4j.base64url.Base64Url; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ObjectNode; + import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.api.idp.IspConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -23,21 +40,8 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils; -import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.http.HttpResponse; -import org.apache.http.NameValuePair; -import org.apache.http.client.entity.UrlEncodedFormEntity; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.message.BasicNameValuePair; -import org.jose4j.base64url.Base64Url; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.ObjectNode; +import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServletTask { private static final Logger log = LoggerFactory.getLogger(AbstractCreateQualEidRequestTask.class); @@ -57,7 +61,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl try { // get service-provider configuration - final IspConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); + final ISpConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); if (oaConfig == null) { log.warn("No SP configuration in pendingReq!"); @@ -68,16 +72,14 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // get basic configuration parameters final String vdaQualEidDUrl = extractVdaUrlForSpecificOa(oaConfig, executionContext); if (StringUtils.isEmpty(vdaQualEidDUrl)) { - log.error("NO VDA URL for qualified eID (" - + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); - throw new SL20Exception("sl20.03", new Object[] {"NO VDA URL for qualified eID"}); + log.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); + throw new SL20Exception("sl20.03", new Object[] { "NO VDA URL for qualified eID" }); } log.debug("Use {} as VDA end-point", vdaQualEidDUrl); pendingReq.setRawDataToTransaction( - Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, - vdaQualEidDUrl); + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, vdaQualEidDUrl); revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_ENDPOINT_URL, vdaQualEidDUrl); // create SL2.0 command for qualified eID @@ -85,8 +87,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // build request container final String qualEidReqId = Random.nextProcessReferenceValue(); - final ObjectNode sl20Req = - SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, null, null, signedQualEidCommand); + final ObjectNode sl20Req = SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, null, null, + signedQualEidCommand); // build http POST request final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualEidDUrl).build()); @@ -102,8 +104,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // HttpGet httpReq = new HttpGet(sl20ReqUri.build()); // set native client header - httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, - SL20Constants.HTTP_HEADER_VALUE_NATIVE); + httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))); @@ -113,8 +114,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // parse response log.info("Receive response from VDA ... "); final JsonNode sl20Resp = SL20JsonExtractorUtils.getSL20ContainerFromResponse(httpResp); - final VerificationResult respPayloadContainer = - SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); + final VerificationResult respPayloadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); if (respPayloadContainer.isValidSigned() == null) { log.debug("Receive unsigned payLoad from VDA"); @@ -136,28 +136,27 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // create forward SL2.0 command final ObjectNode sl20Forward = sl20Resp.deepCopy(); - SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, - SL20Constants.SL20_SIGNEDPAYLOAD, command.deepCopy(), signedCommand); + SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + command.deepCopy(), signedCommand); // store pending request - pendingReq.setRawDataToTransaction( - Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, qualEidReqId); + pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + qualEidReqId); requestStoreage.storePendingRequest(pendingReq); // forward SL2.0 command // TODO: maybe add SL2ClientType Header from execution context SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectUrl, - Integer - .parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, - Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE))); + Integer.parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, + Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE))); } else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText() .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { JsonNode result = SL20JsonExtractorUtils.getJsonObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false); if (result == null) { - result = SL20JsonExtractorUtils.getJsonObjectValue(respPayload, - SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); + result = SL20JsonExtractorUtils.getJsonObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, + false); } final String errorCode = SL20JsonExtractorUtils.getStringValue(result, @@ -166,21 +165,18 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); log.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg); - throw new SL20Exception("sl20.08", new Object[] {errorCode, errorMsg}); + throw new SL20Exception("sl20.08", new Object[] { errorCode, errorMsg }); } else { // TODO: update to add error handling - log.warn("Received an unrecognized command: " - + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText()); - throw new SlCommandoParserException( - "Received an unrecognized command: " - + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).toString()); + log.warn( + "Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText()); + throw new SlCommandoParserException("Received an unrecognized command: " + + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).toString()); } - } catch (final EaafAuthenticationException e) { - throw new TaskExecutionException(pendingReq, - "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); } catch (final Exception e) { log.warn("SL2.0 Authentication FAILED with a generic error.", e); @@ -201,18 +197,14 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl * * @return signed JWT token as serialized {@link String} * @throws CertificateEncodingException In case of certificate parsing error - * @throws SL20Exception In case of a SL2.0 error + * @throws SL20Exception In case of a SL2.0 error */ - protected abstract String buildSignedQualifiedEidCommand() - throws CertificateEncodingException, SL20Exception; + protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception; - - private String extractVdaUrlForSpecificOa(final IspConfiguration oaConfig, - final ExecutionContext executionContext) { + private String extractVdaUrlForSpecificOa(final ISpConfiguration oaConfig, final ExecutionContext executionContext) { // load SP specific config for development and testing purposes - final String spSpecificVdaEndpoints = - oaConfig.getConfigurationValue(Constants.CONFIG_PROP_SP_SL20_ENDPOINT_LIST); + final String spSpecificVdaEndpoints = oaConfig.getConfigurationValue(Constants.CONFIG_PROP_SP_SL20_ENDPOINT_LIST); // load general configuration final Map<String, String> endPointMap = authConfigWithSp @@ -220,8 +212,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl endPointMap.put(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT, authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT)); if (StringUtils.isNotEmpty(spSpecificVdaEndpoints)) { - endPointMap.putAll(KeyValueUtils.convertListToMap(KeyValueUtils - .getListOfCsvValues(KeyValueUtils.normalizeCsvValueString(spSpecificVdaEndpoints)))); + endPointMap.putAll(KeyValueUtils.convertListToMap( + KeyValueUtils.getListOfCsvValues(KeyValueUtils.normalizeCsvValueString(spSpecificVdaEndpoints)))); log.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... "); } @@ -229,8 +221,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl log.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... "); // selection based on request Header - final String sl20VdaTypeHeader = - (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + final String sl20VdaTypeHeader = (String) executionContext + .get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); if (StringUtils.isNotEmpty(sl20VdaTypeHeader)) { final String vdaUrl = endPointMap.get(sl20VdaTypeHeader); if (StringUtils.isNotEmpty(vdaUrl)) { @@ -241,7 +233,6 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl } - log.info("NO specific VDA endpoint requested or found. Use default VDA"); return endPointMap.get(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java index 516a33b9..87dd6263 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java @@ -6,9 +6,23 @@ import java.net.URISyntaxException; import java.util.HashMap; import java.util.Map; import java.util.UUID; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.data.EAAFConstants; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.node.ObjectNode; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; @@ -28,17 +42,6 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonMapper; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.entity.ContentType; -import org.jose4j.base64url.Base64Url; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.node.ObjectNode; - public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask { private static final Logger log = LoggerFactory.getLogger(AbstractReceiveQualEidTask.class); @@ -81,81 +84,69 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } log.trace("Received SL2.0 result: " + sl20Result); - revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_DATAURL_IP, - request.getRemoteAddr()); + revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_DATAURL_IP, request.getRemoteAddr()); // parse SL2.0 command/result into JSON try { - sl20ReqObj = - new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result)); + sl20ReqObj = new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result)); } catch (final JsonParseException e) { log.warn("SL2.0 command or result is NOT valid JSON.", e); log.debug("SL2.0 msg: " + sl20Result); - throw new SL20Exception("sl20.02", - new Object[] {"SL2.0 command or result is NOT valid JSON."}, e); + throw new SL20Exception("sl20.02", new Object[] { "SL2.0 command or result is NOT valid JSON." }, e); } // check on errorMessage - final VerificationResult payLoadContainerErrorCheck = - SL20JsonExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, false); + final VerificationResult payLoadContainerErrorCheck = SL20JsonExtractorUtils.extractSL20PayLoad(sl20ReqObj, + joseTools, false); if (SL20JsonExtractorUtils - .getStringValue(payLoadContainerErrorCheck.getPayload(), - SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) + .getStringValue(payLoadContainerErrorCheck.getPayload(), SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { log.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR + " result .... "); - final JsonNode errorResult = SL20JsonExtractorUtils - .extractSL20Result(payLoadContainerErrorCheck.getPayload(), joseTools, false); + final JsonNode errorResult = SL20JsonExtractorUtils.extractSL20Result(payLoadContainerErrorCheck.getPayload(), + joseTools, false); final String errorCode = SL20JsonExtractorUtils.getStringValue(errorResult, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); final String errorMsg = SL20JsonExtractorUtils.getStringValue(errorResult, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, false); - log.info("Receiving errorcode: {} with msg: {} from VDA! Stopping auth-process ... ", - errorCode, errorMsg); + log.info("Receiving errorcode: {} with msg: {} from VDA! Stopping auth-process ... ", errorCode, errorMsg); // aTrustErrorWorkAround = true; - throw new SL20Exception("sl20.08", new Object[] {errorCode, errorMsg}); + throw new SL20Exception("sl20.08", new Object[] { errorCode, errorMsg }); } else { // Receive no error - To request validation // validate reqId with inResponseTo - final String sl20ReqId = pendingReq.getRawData( - Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); - final String inRespTo = - SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); + final String sl20ReqId = pendingReq + .getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + final String inRespTo = SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { - log.info( - "SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + log.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); throw new SL20SecurityException( "SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); } - // validate signature - final VerificationResult payLoadContainer = SL20JsonExtractorUtils - .extractSL20PayLoad(sl20ReqObj, joseTools, authConfig.getBasicConfigurationBoolean( - Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); + final VerificationResult payLoadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, + authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); if (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned()) { - if (authConfig.getBasicConfigurationBoolean( - Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { + if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { log.info("SL20 result from VDA was not valid signed"); - throw new SL20SecurityException(new Object[] {"Signature on SL20 result NOT valid."}); + throw new SL20SecurityException(new Object[] { "Signature on SL20 result NOT valid." }); } else { - log.warn( - "SL20 result from VDA is NOT valid signed, but signatures-verification " + log.warn("SL20 result from VDA is NOT valid signed, but signatures-verification " + "is DISABLED by configuration!"); } } - + // extract payloaf final JsonNode payLoad = payLoadContainer.getPayload(); - // handle SL2.0 response payLoad handleResponsePayLoad(payLoad); @@ -168,8 +159,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } pendingReq.setRawDataToTransaction( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, - new TaskExecutionException(pendingReq, - "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); + new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); } catch (final Exception e) { log.warn("ERROR:", e); @@ -196,7 +186,8 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } } catch (final Exception e) { - // write internal server errror 500 according to SL2.0 specification, chapter https transport + // write internal server errror 500 according to SL2.0 specification, chapter + // https transport // binding log.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e); if (sl20Result != null) { @@ -228,9 +219,8 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask final ObjectNode errorCommand = SL20JsonBuilderUtils .createCommandResponse(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, error, null); - - final ObjectNode respContainer = SL20JsonBuilderUtils - .createGenericResponse(UUID.randomUUID().toString(), null, null, errorCommand, null); + final ObjectNode respContainer = SL20JsonBuilderUtils.createGenericResponse(UUID.randomUUID().toString(), null, + null, errorCommand, null); log.trace("SL20 response to VDA: " + respContainer); final StringWriter writer = new StringWriter(); @@ -247,37 +237,34 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask final JsonNode sl20ReqObj) throws IOException, SL20Exception, URISyntaxException { // create response final Map<String, String> reqParameters = new HashMap<>(); - reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, - pendingReq.getPendingRequestId()); + reqParameters.put(EaafConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); final ObjectNode callReqParams = SL20JsonBuilderUtils.createCallCommandParameters( new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), getResumeEndPoint(), null), SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, false, reqParameters); - final ObjectNode callCommand = SL20JsonBuilderUtils - .createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + final ObjectNode callCommand = SL20JsonBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, + callReqParams); // build first redirect command for app - final ObjectNode redirectOneParams = SL20JsonBuilderUtils.createRedirectCommandParameters( - generateIpcRedirectUrlForDebugging(), callCommand, null, true); + final ObjectNode redirectOneParams = SL20JsonBuilderUtils + .createRedirectCommandParameters(generateIpcRedirectUrlForDebugging(), callCommand, null, true); final ObjectNode redirectOneCommand = SL20JsonBuilderUtils .createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); // build second redirect command for IDP - final ObjectNode redirectTwoParams = SL20JsonBuilderUtils.createRedirectCommandParameters( - new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), getResumeEndPoint(), - pendingReq.getPendingRequestId()), + final ObjectNode redirectTwoParams = SL20JsonBuilderUtils.createRedirectCommandParameters(new DataUrlBuilder() + .buildDataUrl(pendingReq.getAuthUrl(), getResumeEndPoint(), pendingReq.getPendingRequestId()), redirectOneCommand, null, false); final ObjectNode redirectTwoCommand = SL20JsonBuilderUtils .createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); // build generic SL2.0 response container - final String transactionId = - SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); - final ObjectNode respContainer = SL20JsonBuilderUtils.createGenericRequest( - UUID.randomUUID().toString(), transactionId, redirectTwoCommand, null); - - if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null - && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) - .equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + final String transactionId = SL20JsonExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, + false); + final ObjectNode respContainer = SL20JsonBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), + transactionId, redirectTwoCommand, null); + + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request + .getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { log.debug("Client request containts 'native client' header ... "); log.trace("SL20 response to VDA: " + respContainer); final StringWriter writer = new StringWriter(); @@ -288,21 +275,16 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask response.setContentType(ContentType.APPLICATION_JSON.toString()); response.getOutputStream().write(content); - } else { - log.info("SL2.0 DataURL communication needs http header: '" - + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + log.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); log.debug("Client request containts is no native client ... "); - final URIBuilder clientRedirectUri = - new URIBuilder(new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), - getResumeEndPoint(), pendingReq.getPendingRequestId())); - response.setStatus(Integer - .parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, - Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE))); + final URIBuilder clientRedirectUri = new URIBuilder(new DataUrlBuilder().buildDataUrl(pendingReq.getAuthUrl(), + getResumeEndPoint(), pendingReq.getPendingRequestId())); + response.setStatus(Integer.parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, + Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE))); response.setHeader("Location", clientRedirectUri.build().toString()); - // throw new SL20Exception("sl20.06", // new Object[] {"SL2.0 DataURL communication needs http header: '" + // SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); @@ -317,15 +299,12 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask */ private String generateIpcRedirectUrlForDebugging() { - - String ipcRedirectUrlConfig = - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); + String ipcRedirectUrlConfig = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); if (StringUtils.isNotEmpty(ipcRedirectUrlConfig)) { if (ipcRedirectUrlConfig.contains(PATTERN_PENDING_REQ_ID)) { log.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... "); ipcRedirectUrlConfig = ipcRedirectUrlConfig.replaceAll("#PENDINGREQID#", - EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" - + pendingReq.getPendingRequestId()); + EaafConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + pendingReq.getPendingRequestId()); } @@ -336,5 +315,4 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } - } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java index 9d444802..6ee53a9d 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java @@ -5,14 +5,18 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.cert.X509Certificate; import java.util.List; + import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.lang.JoseException; + import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + public interface IJoseTools { /** @@ -31,39 +35,36 @@ public interface IJoseTools { * @throws SL20Exception In case of a signature validation error */ @Nonnull - VerificationResult validateSignature(@Nonnull String serializedContent) - throws SL20Exception; + VerificationResult validateSignature(@Nonnull String serializedContent) throws SL20Exception; /** * Validate a JWS signature. * * @param serializedContent JWS in serialized form - * @param trustedCerts trusted X509 certificates - * @param constraints signature verification constraints + * @param trustedCerts trusted X509 certificates + * @param constraints signature verification constraints * @return Signature-verification result * @throws JoseException In case of a signature verification error - * @throws IOException In case of a general IO error + * @throws IOException In case of a general IO error */ @Nonnull - VerificationResult validateSignature(@Nonnull String serializedContent, - @Nonnull List<X509Certificate> trustedCerts, @Nonnull AlgorithmConstraints constraints) - throws JoseException, IOException; + VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull List<X509Certificate> trustedCerts, + @Nonnull AlgorithmConstraints constraints) throws JoseException, IOException; /** * Validate a JWS signature. * * @param serializedContent JWS in serialized form - * @param trustStore with trusted X509 certificates - * @param algconstraints signature verification constraints + * @param trustStore with trusted X509 certificates + * @param algconstraints signature verification constraints * @return Signature-verification result - * @throws JoseException In case of a signature verification error - * @throws IOException In case of a general IO error + * @throws JoseException In case of a signature verification error + * @throws IOException In case of a general IO error * @throws KeyStoreException In case of TrustStore error */ @Nonnull - VerificationResult validateSignature(@Nonnull String serializedContent, - @Nonnull KeyStore trustStore, @Nonnull AlgorithmConstraints algconstraints) - throws JoseException, IOException, KeyStoreException; + VerificationResult validateSignature(@Nonnull String serializedContent, @Nonnull KeyStore trustStore, + @Nonnull AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException; /** * Get the encryption certificate for SL2.0 End-to-End encryption. diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java index f38203d2..2387a9f2 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java @@ -35,7 +35,7 @@ public class JsonMapper implements IJsonMapper { /** * The constructor. - * + * * @param prettyPrint enables or disables the default pretty printer */ public JsonMapper(@NonNull final boolean prettyPrint) { @@ -54,10 +54,9 @@ public class JsonMapper implements IJsonMapper { } - /* * (non-Javadoc) - * + * * @at.gv.egiz.eaaf.core.api.utils.IJsonMapper#getMapper() */ public ObjectMapper getMapper() { @@ -65,10 +64,9 @@ public class JsonMapper implements IJsonMapper { } - /* * (non-Javadoc) - * + * * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#serialize(java.lang.Object) */ @Override @@ -86,12 +84,12 @@ public class JsonMapper implements IJsonMapper { /* * (non-Javadoc) - * - * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#deserialize(java.lang.String, java.lang.Class) + * + * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#deserialize(java.lang.String, + * java.lang.Class) */ @Override - public <T> Object deserialize(final String value, final Class<T> clazz) - throws EaafJsonMapperException { + public <T> Object deserialize(final String value, final Class<T> clazz) throws EaafJsonMapperException { try { if (clazz != null) { if (clazz.isAssignableFrom(TypeReference.class)) { @@ -115,8 +113,7 @@ public class JsonMapper implements IJsonMapper { } @Override - public <T> Object deserialize(final InputStream is, final Class<T> clazz) - throws EaafJsonMapperException { + public <T> Object deserialize(final InputStream is, final Class<T> clazz) throws EaafJsonMapperException { try { if (clazz != null) { if (clazz.isAssignableFrom(TypeReference.class)) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 6ec56825..0d2c1815 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -70,8 +70,7 @@ public class JsonSecurityUtils implements IJoseTools { log.info("Initialize SL2.0 authentication security constrains ... "); try { if (getKeyStoreFilePath() != null) { - final KeyStore keyStore = - KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); // load signing key signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); @@ -88,11 +87,9 @@ public class JsonSecurityUtils implements IJoseTools { // load encryption key try { - encPrivKey = - keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); + encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); if (encPrivKey != null) { - final Certificate[] certChainEncryption = - keyStore.getCertificateChain(getEncryptionKeyAlias()); + final Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); encCertChain = new X509Certificate[certChainEncryption.length]; for (int i = 0; i < certChainEncryption.length; i++) { if (certChainEncryption[i] instanceof X509Certificate) { @@ -106,8 +103,8 @@ public class JsonSecurityUtils implements IJoseTools { } } catch (final Exception e) { - log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " - + e.getMessage(), e); + log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), + e); } @@ -117,13 +114,13 @@ public class JsonSecurityUtils implements IJoseTools { // some short validation if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { log.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[] {"Can NOT open private key for signing"}); + throw new SL20Exception("sl20.03", new Object[] { "Can NOT open private key for signing" }); } if (signCertChain == null || signCertChain.length == 0) { log.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[] {"NO certificate for SL2.0 signing"}); + throw new SL20Exception("sl20.03", new Object[] { "NO certificate for SL2.0 signing" }); } @@ -133,9 +130,9 @@ public class JsonSecurityUtils implements IJoseTools { log.info("NO SL2.0 authentication security configuration. Initialization was skipped"); } - } catch (RuntimeException e) { - throw e; - + } catch (final RuntimeException e) { + throw e; + } catch (final Exception e) { log.error("SL2.0 security constrains initialization FAILED.", e); @@ -173,9 +170,8 @@ public class JsonSecurityUtils implements IJoseTools { } @Override - public VerificationResult validateSignature(final String serializedContent, - final KeyStore trustStore, final AlgorithmConstraints algconstraints) - throws JoseException, IOException, KeyStoreException { + public VerificationResult validateSignature(final String serializedContent, final KeyStore trustStore, + final AlgorithmConstraints algconstraints) throws JoseException, IOException, KeyStoreException { final List<X509Certificate> trustedCertificates = readCertsFromKeyStore(trustStore); return validateSignature(serializedContent, trustedCertificates, algconstraints); @@ -184,8 +180,8 @@ public class JsonSecurityUtils implements IJoseTools { @Override @NonNull public VerificationResult validateSignature(@Nonnull final String serializedContent, - @Nonnull final List<X509Certificate> trustedCerts, - @Nonnull final AlgorithmConstraints constraints) throws JoseException, IOException { + @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints) + throws JoseException, IOException { final JsonWebSignature jws = new JsonWebSignature(); // set payload jws.setCompactSerialization(serializedContent); @@ -219,20 +215,16 @@ public class JsonSecurityUtils implements IJoseTools { } else if (StringUtils.isNotEmpty(x5t256)) { log.debug("Found x5t256 fingerprint in JOSE header .... "); - final X509VerificationKeyResolver x509VerificationKeyResolver = - new X509VerificationKeyResolver(trustedCerts); - selectedKey = - x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); + final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); } else { - throw new JoseException( - "JWS contains NO signature certificate or NO certificate fingerprint"); + throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint"); } if (selectedKey == null) { - throw new JoseException( - "Can NOT select verification key for JWS. Signature verification FAILED"); + throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED"); } @@ -240,23 +232,19 @@ public class JsonSecurityUtils implements IJoseTools { jws.setKey(selectedKey); // load payLoad - return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, - jws.verifySignature()); - + return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature()); } @Override @Nonnull - public VerificationResult validateSignature(@Nonnull final String serializedContent) - throws SL20Exception { + public VerificationResult validateSignature(@Nonnull final String serializedContent) throws SL20Exception { try { final AlgorithmConstraints algConstraints = new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()])); - final VerificationResult result = - validateSignature(serializedContent, trustedCerts, algConstraints); + final VerificationResult result = validateSignature(serializedContent, trustedCerts, algConstraints); if (!result.isValidSigned()) { log.info("JWS signature invalide. Stopping authentication process ..."); @@ -270,7 +258,7 @@ public class JsonSecurityUtils implements IJoseTools { } catch (JoseException | JsonParseException e) { log.warn("SL2.0 commando signature validation FAILED", e); - throw new SL20SecurityException(new Object[] {e.getMessage()}, e); + throw new SL20SecurityException(new Object[] { e.getMessage() }, e); } catch (final IOException e) { log.warn("Decrypted SL2.0 result can not be parsed.", e); @@ -280,24 +268,22 @@ public class JsonSecurityUtils implements IJoseTools { } - @Override public JsonNode decryptPayload(final String compactSerialization) throws SL20Exception { try { final JsonWebEncryption receiverJwe = new JsonWebEncryption(); // set security constrains - receiverJwe.setAlgorithmConstraints(new AlgorithmConstraints(ConstraintType.WHITELIST, - SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION + receiverJwe.setAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.size()]))); - receiverJwe.setContentEncryptionAlgorithmConstraints(new AlgorithmConstraints( - ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION + receiverJwe.setContentEncryptionAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.size()]))); // set payload receiverJwe.setCompactSerialization(compactSerialization); - // validate key from header against key from config final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); @@ -307,16 +293,16 @@ public class JsonSecurityUtils implements IJoseTools { final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { - log.info("Certificate from JOSE header does NOT match encryption certificate"); + log.info("Certificate from JOSE header does NOT match encryption certificate"); try { - + log.debug("JOSE certificate: {}", Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); } catch (final CertificateEncodingException e) { e.printStackTrace(); } throw new SL20Exception("sl20.05", - new Object[] {"Certificate from JOSE header does NOT match encryption certificate"}); + new Object[] { "Certificate from JOSE header does NOT match encryption certificate" }); } } else if (StringUtils.isNotEmpty(x5t256)) { @@ -326,13 +312,12 @@ public class JsonSecurityUtils implements IJoseTools { log.info("X5t256 from JOSE header does NOT match encryption certificate"); log.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); throw new SL20Exception("sl20.05", - new Object[] {"X5t256 from JOSE header does NOT match encryption certificate"}); + new Object[] { "X5t256 from JOSE header does NOT match encryption certificate" }); } } else { - log.info( - "Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + log.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); throw new SlCommandoParserException( "Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); @@ -341,13 +326,12 @@ public class JsonSecurityUtils implements IJoseTools { // set key receiverJwe.setKey(encPrivKey); - // decrypt payload return mapper.getMapper().readTree(receiverJwe.getPlaintextString()); } catch (final JoseException e) { log.warn("SL2.0 result decryption FAILED", e); - throw new SL20SecurityException(new Object[] {e.getMessage()}, e); + throw new SL20SecurityException(new Object[] { e.getMessage() }, e); } catch (final JsonParseException e) { log.warn("Decrypted SL2.0 result is NOT a valid JSON.", e); @@ -360,8 +344,6 @@ public class JsonSecurityUtils implements IJoseTools { } - - @Override public X509Certificate getEncryptionCertificate() { // TODO: maybe update after SL2.0 update on encryption certificate parts @@ -373,14 +355,12 @@ public class JsonSecurityUtils implements IJoseTools { } private String getKeyStoreFilePath() throws EaafConfigurationException, MalformedURLException { - return FileUtils.makeAbsoluteUrl( - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), + return FileUtils.makeAbsoluteUrl(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), authConfig.getConfigurationRootDirectory()); } private String getKeyStorePassword() { - String value = - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD); if (value != null) { value = value.trim(); } @@ -390,8 +370,7 @@ public class JsonSecurityUtils implements IJoseTools { } private String getSigningKeyAlias() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); if (value != null) { value = value.trim(); } @@ -400,8 +379,7 @@ public class JsonSecurityUtils implements IJoseTools { } private String getSigningKeyPassword() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); if (value != null) { value = value.trim(); } @@ -410,8 +388,8 @@ public class JsonSecurityUtils implements IJoseTools { } private String getEncryptionKeyAlias() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS) + .trim(); if (value != null) { value = value.trim(); } @@ -420,8 +398,7 @@ public class JsonSecurityUtils implements IJoseTools { } private String getEncryptionKeyPassword() { - String value = authConfig - .getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD) + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD) .trim(); if (value != null) { value = value.trim(); @@ -431,8 +408,7 @@ public class JsonSecurityUtils implements IJoseTools { } @Nonnull - private List<X509Certificate> readCertsFromKeyStore(@Nonnull final KeyStore keyStore) - throws KeyStoreException { + private List<X509Certificate> readCertsFromKeyStore(@Nonnull final KeyStore keyStore) throws KeyStoreException { final List<X509Certificate> result = new ArrayList<>(); final Enumeration<String> aliases = keyStore.aliases(); @@ -444,8 +420,7 @@ public class JsonSecurityUtils implements IJoseTools { if (cert != null && cert instanceof X509Certificate) { result.add((X509Certificate) cert); } else { - log.info("Can not process entry: {}. Reason: {}", el, - cert != null ? cert.getType() : "cert is null"); + log.info("Can not process entry: {}. Reason: {}", el, cert != null ? cert.getType() : "cert is null"); } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index d3726546..d1793b0e 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -24,7 +24,6 @@ public class SL20Constants { public static final String HTTP_HEADER_SL20_RESP = "X-SL20Operation"; - // ******************************************************************************************* // JSON signing and encryption headers public static final String JSON_ALGORITHM = "alg"; @@ -39,22 +38,19 @@ public class SL20Constants { AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256; public static final String JSON_ALGORITHM_SIGNING_ES512 = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512; - public static final String JSON_ALGORITHM_SIGNING_PS256 = - AlgorithmIdentifiers.RSA_PSS_USING_SHA256; - public static final String JSON_ALGORITHM_SIGNING_PS512 = - AlgorithmIdentifiers.RSA_PSS_USING_SHA512; + public static final String JSON_ALGORITHM_SIGNING_PS256 = AlgorithmIdentifiers.RSA_PSS_USING_SHA256; + public static final String JSON_ALGORITHM_SIGNING_PS512 = AlgorithmIdentifiers.RSA_PSS_USING_SHA512; - public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays.asList( - JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256, - JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512)); + public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList( + Arrays.asList(JSON_ALGORITHM_SIGNING_RS256, JSON_ALGORITHM_SIGNING_RS512, JSON_ALGORITHM_SIGNING_ES256, + JSON_ALGORITHM_SIGNING_ES512, JSON_ALGORITHM_SIGNING_PS256, JSON_ALGORITHM_SIGNING_PS512)); - public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = - KeyManagementAlgorithmIdentifiers.RSA_OAEP; + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = KeyManagementAlgorithmIdentifiers.RSA_OAEP; public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 = KeyManagementAlgorithmIdentifiers.RSA_OAEP_256; - public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = - Collections.unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); + public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Collections + .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; @@ -65,10 +61,10 @@ public class SL20Constants { public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = ContentEncryptionAlgorithmIdentifiers.AES_256_GCM; - public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections.unmodifiableList(Arrays.asList( - JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, - JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM)); - + public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Collections + .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, + JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, + JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, JSON_ALGORITHM_ENC_PAYLOAD_A256GCM)); // ********************************************************************************************* // Object identifier for generic transport container @@ -96,12 +92,12 @@ public class SL20Constants { @Deprecated public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID"; public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEIDCONSENT = "qualifiedEIDConsent"; - // public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig"; + // public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = + // "qualifiedSig"; public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate"; public static final String SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES = "createCAdES"; - public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey"; public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert"; @@ -124,13 +120,11 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT = "IPCRedirect"; // Call command - public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = - SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD = "method"; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET = "get"; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_POST = "post"; - public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = - "includeTransactionID"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = "includeTransactionID"; public static final String SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER = "reqParams"; // error command @@ -144,8 +138,7 @@ public class SL20Constants { @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; @Deprecated - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = - "MANDATE-REFERENCE-VALUE"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID"; @Deprecated @@ -176,11 +169,9 @@ public class SL20Constants { // public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = // SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; - // getCertificate public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_KEYID = "keyId"; - public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_JWKCENC = @@ -191,13 +182,10 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType"; - public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = - "padesComatibility"; - public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = - "excludedByteRange"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL = "cadesLevel"; - public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_JWKCENC = @@ -211,19 +199,15 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A"; - - // create binding key command public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_SN = "SN"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH = "keyLength"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG = "keyAlg"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES = "policies"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST = "x5cVdaTrust"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = - "reqUserPassword"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = "reqUserPassword"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; @@ -231,23 +215,18 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_SECPR256R1 = "secp256r1"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_LIFETIME = "lifeTime"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = - "useSecureElement"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = "useSecureElement"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_KEYTIMEOUT = "keyTimeout"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = - "needUserAuth"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = "needUserAuth"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID = "appID"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR = "csr"; - public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = - "attCert"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = "attCert"; public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD = "encodedPass"; - // store binding certificate command public static final String SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE = "x5c"; - public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS = "success"; public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE = "OK"; @@ -268,14 +247,12 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE = "nonce"; public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA = "displayData"; public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL = "displayUrl"; - public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE = SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE; // QR-Code authentication public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_QRCODE = "qrCode"; - public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = - SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java index 6a8b96d4..1d7c9646 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java @@ -3,15 +3,18 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; import java.io.IOException; import java.io.StringWriter; import java.net.URISyntaxException; + import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import org.apache.http.client.utils.URIBuilder; import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.MediaType; + import com.fasterxml.jackson.databind.JsonNode; public class SL20HttpBindingUtils { @@ -20,26 +23,24 @@ public class SL20HttpBindingUtils { /** * Write SL2.0 response into http-response object * - * @param httpReq Current http request - * @param httpResp Current http response - * @param sl20Forward SL2.0 command that should be written to response - * @param redirectUrl SL2.0 redirect URL in case of SL2.0 redirect command and no native client - * (see SL2.0 specification) - * @param httpCodeRedirect http redirect-code in case of SL2.0 redirect command and no native - * client (see SL2.0 specification) - * @throws IOException In case of an IO error + * @param httpReq Current http request + * @param httpResp Current http response + * @param sl20Forward SL2.0 command that should be written to response + * @param redirectUrl SL2.0 redirect URL in case of SL2.0 redirect command + * and no native client (see SL2.0 specification) + * @param httpCodeRedirect http redirect-code in case of SL2.0 redirect command + * and no native client (see SL2.0 specification) + * @throws IOException In case of an IO error * @throws URISyntaxException In case of a wrong URL */ public static void writeIntoResponse(@Nonnull final HttpServletRequest httpReq, @Nonnull final HttpServletResponse httpResp, @Nonnull final JsonNode sl20Forward, - @Nullable final String redirectUrl, @Nonnull final int httpCodeRedirect) - throws IOException, URISyntaxException { + @Nullable final String redirectUrl, @Nonnull final int httpCodeRedirect) throws IOException, URISyntaxException { // forward SL2.0 command httpResp.addIntHeader(SL20Constants.HTTP_HEADER_SL20_RESP, SL20Constants.CURRENT_SL20_VERSION); - if (httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null - && httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) - .equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + if (httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && httpReq + .getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { log.debug("Client request containts 'native client' header ... "); final StringWriter writer = new StringWriter(); writer.write(sl20Forward.toString()); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java index 82a8cf26..eb17781b 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java @@ -8,11 +8,13 @@ import java.util.Base64; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import at.gv.egiz.eaaf.modules.auth.sl20.Constants; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; +import at.gv.egiz.eaaf.modules.auth.sl20.Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; + public class SL20JsonBuilderUtils { private static JsonMapper mapper = new JsonMapper(); @@ -20,13 +22,12 @@ public class SL20JsonBuilderUtils { /** * Create command request. * - * @param name Commando name + * @param name Commando name * @param params Commando parameters * @return JSON Object * @throws SlCommandoBuildException In case of a build error */ - public static ObjectNode createCommand(final String name, final ObjectNode params) - throws SlCommandoBuildException { + public static ObjectNode createCommand(final String name, final ObjectNode params) throws SlCommandoBuildException { final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); @@ -38,14 +39,14 @@ public class SL20JsonBuilderUtils { /** * Create signed command request. * - * @param name Commando name + * @param name Commando name * @param params commando parameter * @param signer JWS signer implementation * @return Serialized JWS * @throws SlCommandoBuildException In case of a build error */ - public static String createSignedCommand(final String name, final ObjectNode params, - final IJoseTools signer) throws SlCommandoBuildException { + public static String createSignedCommand(final String name, final ObjectNode params, final IJoseTools signer) + throws SlCommandoBuildException { final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addSingleJsonElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); @@ -53,17 +54,16 @@ public class SL20JsonBuilderUtils { } - /** * Create encrypted command result. * - * @param result JSON to encrypt + * @param result JSON to encrypt * @param encrypter JWE encrypter implementation * @return Serialized JWE * @throws SlCommandoBuildException In case of a processing error */ - public static String createEncryptedCommandoResult(final ObjectNode result, - final JsonSecurityUtils encrypter) throws SlCommandoBuildException { + public static String createEncryptedCommandoResult(final ObjectNode result, final JsonSecurityUtils encrypter) + throws SlCommandoBuildException { // TODO: add real implementation // create header and footer final String dummyHeader = createJsonEncryptionHeader().toString(); @@ -71,21 +71,20 @@ public class SL20JsonBuilderUtils { final String dummyFooter = createJsonSignedFooter(); try { - return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); - } catch (UnsupportedEncodingException e) { - throw new SlCommandoBuildException("No UTF-8 encoding", e); - } + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(payLoad.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); + } catch (final UnsupportedEncodingException e) { + throw new SlCommandoBuildException("No UTF-8 encoding", e); + } } - /** * Create command result. * - * @param name Commando name - * @param result commande result + * @param name Commando name + * @param result commande result * @param encryptedResult encrypted commando result * @return Result json * @throws SlCommandoBuildException In case of an error @@ -103,16 +102,15 @@ public class SL20JsonBuilderUtils { /** * Create signed command result. * - * @param name commando name - * @param result commando result + * @param name commando name + * @param result commando result * @param encryptedResult encrypted commando result * @return JWS in serialized form * @throws SlCommandoBuildException in case of an error - + * */ public static String createSignedCommandResponse(final String name, final ObjectNode result, - final String encryptedResult, final JsonSecurityUtils signer) - throws SlCommandoBuildException { + final String encryptedResult, final JsonSecurityUtils signer) throws SlCommandoBuildException { final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addOnlyOnceOfTwo(command, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, @@ -125,36 +123,34 @@ public class SL20JsonBuilderUtils { final String dummyFooter = createJsonSignedFooter(); try { - return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "." - + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); - - } catch (UnsupportedEncodingException e) { - throw new SlCommandoBuildException("No UTF-8 encoding", e); - } + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes("UTF-8")) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes("UTF-8")); + + } catch (final UnsupportedEncodingException e) { + throw new SlCommandoBuildException("No UTF-8 encoding", e); + } } /** * Create parameters for Redirect command. * - * @param url redirect URL - * @param command embedded command + * @param url redirect URL + * @param command embedded command * @param signedCommand Signed embedded command - * @param ipcRedirect IPC redirect flag + * @param ipcRedirect IPC redirect flag * @return result JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createRedirectCommandParameters(final String url, - final ObjectNode command, final ObjectNode signedCommand, final Boolean ipcRedirect) - throws SlCommandoBuildException { + public static ObjectNode createRedirectCommandParameters(final String url, final ObjectNode command, + final ObjectNode signedCommand, final Boolean ipcRedirect) throws SlCommandoBuildException { final ObjectNode redirectReqParams = mapper.getMapper().createObjectNode(); addOnlyOnceOfTwo(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, command, signedCommand); - addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, - url, false); - addSingleBooleanElement(redirectReqParams, - SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, ipcRedirect, false); + addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, url, false); + addSingleBooleanElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, + ipcRedirect, false); return redirectReqParams; } @@ -162,26 +158,21 @@ public class SL20JsonBuilderUtils { /** * Create parameters for Call command. * - * @param url http URL for Call command - * @param method http method used by call commando result + * @param url http URL for Call command + * @param method http method used by call commando result * @param includeTransactionId TransactionId - * @param reqParameters Request parameters on CALL command + * @param reqParameters Request parameters on CALL command * @return JSON * @throws SlCommandoBuildException In case of an error */ public static ObjectNode createCallCommandParameters(final String url, final String method, - final Boolean includeTransactionId, final Map<String, String> reqParameters) - throws SlCommandoBuildException { + final Boolean includeTransactionId, final Map<String, String> reqParameters) throws SlCommandoBuildException { final ObjectNode callReqParams = mapper.getMapper().createObjectNode(); - addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, - true); - addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, - method, true); - addSingleBooleanElement(callReqParams, - SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, includeTransactionId, - false); - addArrayOfStringElements(callReqParams, - SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, true); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, method, true); + addSingleBooleanElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, + includeTransactionId, false); + addArrayOfStringElements(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters); return callReqParams; } @@ -190,17 +181,15 @@ public class SL20JsonBuilderUtils { * Create result for Error command. * * @param errorCode Error-Code - * @param errorMsg Error-message + * @param errorMsg Error-message * @return JSON * @throws SlCommandoBuildException In case of an error */ public static ObjectNode createErrorCommandResult(final String errorCode, final String errorMsg) throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, - errorCode, true); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, - errorMsg, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, errorCode, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, errorMsg, true); return result; } @@ -208,20 +197,21 @@ public class SL20JsonBuilderUtils { /** * Create parameters for qualifiedeID command. * - * @param consentTemplateId Identifier of the template that is used for consent visualization - * @param consent Consent that has to be signed by user - * @param dataUrl DataURL for result - * @param x5cEnc Response encryption certificate + * @param consentTemplateId Identifier of the template that is used for consent + * visualization + * @param consent Consent that has to be signed by user + * @param dataUrl DataURL for result + * @param x5cEnc Response encryption certificate * @return JSON - * @throws CertificateEncodingException In case of a encryption certificate encoding problem - * @throws SlCommandoBuildException In case of a generel error + * @throws CertificateEncodingException In case of a encryption certificate + * encoding problem + * @throws SlCommandoBuildException In case of a generel error */ - public static ObjectNode createQualifiedeEidConsent(final String consentTemplateId, - final byte[] consent, final String dataUrl, final X509Certificate x5cEnc) + public static ObjectNode createQualifiedeEidConsent(final String consentTemplateId, final byte[] consent, + final String dataUrl, final X509Certificate x5cEnc) throws CertificateEncodingException, SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID, - consentTemplateId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID, consentTemplateId, true); addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENT, consent, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); @@ -229,28 +219,26 @@ public class SL20JsonBuilderUtils { } - /** * Create parameters for qualifiedeID command. * - * @param authBlockId AuthBlock transformation Id - * @param dataUrl DataURL for result - * @param additionalReqParameters additional parameters - * @param x5cEnc Response encryption certificate + * @param authBlockId AuthBlock transformation Id + * @param dataUrl DataURL for result + * @param additionalReqParameters additional parameters + * @param x5cEnc Response encryption certificate * @return JSON - * @throws CertificateEncodingException In case of a encryption certificate encoding problem - * @throws SlCommandoBuildException In case of a generel error + * @throws CertificateEncodingException In case of a encryption certificate + * encoding problem + * @throws SlCommandoBuildException In case of a generel error */ @Deprecated - public static ObjectNode createQualifiedEidCommandParameters(final String authBlockId, - final String dataUrl, final Map<String, String> additionalReqParameters, - final X509Certificate x5cEnc) throws CertificateEncodingException, SlCommandoBuildException { + public static ObjectNode createQualifiedEidCommandParameters(final String authBlockId, final String dataUrl, + final Map<String, String> additionalReqParameters, final X509Certificate x5cEnc) + throws CertificateEncodingException, SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, - true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); - addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, - additionalReqParameters); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, additionalReqParameters); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); return params; @@ -259,10 +247,10 @@ public class SL20JsonBuilderUtils { /** * Create result for qualifiedeID command. * - * @param idl IdentityLink + * @param idl IdentityLink * @param authBlock AuthBlock - * @param ccsUrl VDA URL - * @param loa LoA + * @param ccsUrl VDA URL + * @param loa LoA * @return JSON * @throws SlCommandoBuildException In case of an error */ @@ -270,57 +258,45 @@ public class SL20JsonBuilderUtils { final String ccsUrl, final String loa) throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idl, true); - addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, - true); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsUrl, - true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsUrl, true); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, loa, true); return result; } - /** * Create Binding-Key command parameters. * - * @param kontoId KontoId - * @param subjectName SubjectName - * @param keySize KeySize - * @param keyAlg Key-algorithm - * @param policies Key policy - * @param dataUrl DataURL - * @param x5cVdaTrust trusted certificate from VDA + * @param kontoId KontoId + * @param subjectName SubjectName + * @param keySize KeySize + * @param keyAlg Key-algorithm + * @param policies Key policy + * @param dataUrl DataURL + * @param x5cVdaTrust trusted certificate from VDA * @param reqUserPassword User passwort initialize request - * @param x5cEnc Result encryption certificate + * @param x5cEnc Result encryption certificate * @return JSON - * @throws SlCommandoBuildException in case of an errr + * @throws SlCommandoBuildException in case of an errr * @throws CertificateEncodingException In case of a certificate error */ - public static ObjectNode createBindingKeyCommandParams(final String kontoId, - final String subjectName, final int keySize, final String keyAlg, - final Map<String, String> policies, final String dataUrl, final X509Certificate x5cVdaTrust, - final Boolean reqUserPassword, final X509Certificate x5cEnc) + public static ObjectNode createBindingKeyCommandParams(final String kontoId, final String subjectName, + final int keySize, final String keyAlg, final Map<String, String> policies, final String dataUrl, + final X509Certificate x5cVdaTrust, final Boolean reqUserPassword, final X509Certificate x5cEnc) throws SlCommandoBuildException, CertificateEncodingException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, - true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, - true); - addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, - keySize, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, - true); - addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, - policies); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, - true); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, - x5cVdaTrust, false); - addSingleBooleanElement(params, - SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, reqUserPassword, + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, true); + addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, keySize, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, true); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, policies); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, x5cVdaTrust, false); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, - x5cEnc, false); + addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, + reqUserPassword, false); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, x5cEnc, false); return params; } @@ -328,27 +304,24 @@ public class SL20JsonBuilderUtils { /** * Create Binding-Key command result. * - * @param appId AppId - * @param csr CSR - * @param attCert Key-Attestation certificate + * @param appId AppId + * @param csr CSR + * @param attCert Key-Attestation certificate * @param password user's password * @return JSON - * @throws SlCommandoBuildException In case of an error - * @throws CertificateEncodingException In case of a certificate processing error + * @throws SlCommandoBuildException In case of an error + * @throws CertificateEncodingException In case of a certificate processing + * error */ public static ObjectNode createBindingKeyCommandResult(final String appId, final byte[] csr, final X509Certificate attCert, final byte[] password) throws SlCommandoBuildException, CertificateEncodingException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, - appId, true); - addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, - true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, appId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, true); addSingleCertificateElement(result, - SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, - false); - addSingleByteElement(result, - SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false); + SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, false); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false); return result; } @@ -356,19 +329,18 @@ public class SL20JsonBuilderUtils { /** * Create Store Binding-Certificate command parameters. * - * @param cert Certificate + * @param cert Certificate * @param dataUrl DATA URL * @return JSON - * @throws CertificateEncodingException In case of a certificate processing error - * @throws SlCommandoBuildException In case of a error + * @throws CertificateEncodingException In case of a certificate processing + * error + * @throws SlCommandoBuildException In case of a error */ - public static ObjectNode createStoreBindingCertCommandParams(final X509Certificate cert, - final String dataUrl) throws CertificateEncodingException, SlCommandoBuildException { + public static ObjectNode createStoreBindingCertCommandParams(final X509Certificate cert, final String dataUrl) + throws CertificateEncodingException, SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, - cert, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, - true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, cert, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, true); return params; } @@ -379,8 +351,7 @@ public class SL20JsonBuilderUtils { * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createStoreBindingCertCommandSuccessResult() - throws SlCommandoBuildException { + public static ObjectNode createStoreBindingCertCommandSuccessResult() throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE, true); @@ -388,27 +359,23 @@ public class SL20JsonBuilderUtils { } - /** * Create idAndPassword command parameters. * - * @param keyAlg key algorithm + * @param keyAlg key algorithm * @param dataUrl DATA Url - * @param x5cEnc result encryption certificate + * @param x5cEnc result encryption certificate * @return JSON - * @throws SlCommandoBuildException In case of an error - * @throws CertificateEncodingException In case of a certificate processing error + * @throws SlCommandoBuildException In case of an error + * @throws CertificateEncodingException In case of a certificate processing + * error */ - public static ObjectNode createIdAndPasswordCommandParameters(final String keyAlg, - final String dataUrl, final X509Certificate x5cEnc) - throws SlCommandoBuildException, CertificateEncodingException { + public static ObjectNode createIdAndPasswordCommandParameters(final String keyAlg, final String dataUrl, + final X509Certificate x5cEnc) throws SlCommandoBuildException, CertificateEncodingException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, - keyAlg, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, - dataUrl, true); - addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, - x5cEnc, false); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, keyAlg, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, x5cEnc, false); return params; } @@ -416,18 +383,17 @@ public class SL20JsonBuilderUtils { /** * Create idAndPassword command result. * - * @param kontoId User's Id + * @param kontoId User's Id * @param password User's password * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createIdAndPasswordCommandResult(final String kontoId, - final byte[] password) throws SlCommandoBuildException { + public static ObjectNode createIdAndPasswordCommandResult(final String kontoId, final byte[] password) + throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, - SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); - addSingleByteElement(result, - SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, + true); return result; } @@ -435,25 +401,20 @@ public class SL20JsonBuilderUtils { /** * Create JWS Token Authentication command. * - * @param nonce nonce that should be signed - * @param dataUrl Data URL + * @param nonce nonce that should be signed + * @param dataUrl Data URL * @param displayData Data that should be displayed * @param displayUrl URL to data that should be displayed * @return JSON * @throws SlCommandoBuildException In case of an error */ public static ObjectNode createJwsTokenAuthCommandParams(final String nonce, final String dataUrl, - final List<String> displayData, final List<String> displayUrl) - throws SlCommandoBuildException { + final List<String> displayData, final List<String> displayUrl) throws SlCommandoBuildException { final ObjectNode params = mapper.getMapper().createObjectNode(); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, - true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, - true); - addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, - displayData); - addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, - displayUrl); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, true); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, displayData); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, displayUrl); return params; } @@ -465,22 +426,19 @@ public class SL20JsonBuilderUtils { * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static ObjectNode createJwsTokenAuthCommandResult(final String nonce) - throws SlCommandoBuildException { + public static ObjectNode createJwsTokenAuthCommandResult(final String nonce) throws SlCommandoBuildException { final ObjectNode result = mapper.getMapper().createObjectNode(); - addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, - nonce, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, nonce, true); return result; } - /** * Create Generic Request Container. * - * @param reqId RequestId + * @param reqId RequestId * @param transactionId TransactionId - * @param payLoad unsigned payload + * @param payLoad unsigned payload * @param signedPayload Signed payload * @return JSON * @throws SlCommandoBuildException In case of an error @@ -488,12 +446,10 @@ public class SL20JsonBuilderUtils { public static ObjectNode createGenericRequest(final String reqId, final String transactionId, final ObjectNode payLoad, final String signedPayload) throws SlCommandoBuildException { final ObjectNode req = mapper.getMapper().createObjectNode(); - addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, - true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); - addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, - signedPayload); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, signedPayload); return req; } @@ -501,32 +457,29 @@ public class SL20JsonBuilderUtils { /** * Create Generic Response Container. * - * @param respId Response Id - * @param inResponseTo RequestId to this response + * @param respId Response Id + * @param inResponseTo RequestId to this response * @param transactionId transactionId - * @param payLoad Unsigned payload + * @param payLoad Unsigned payload * @param signedPayload Signed payload * @return JSON * @throws SlCommandoBuildException In case of an error */ - public static final ObjectNode createGenericResponse(final String respId, - final String inResponseTo, final String transactionId, final ObjectNode payLoad, - final String signedPayload) throws SlCommandoBuildException { + public static final ObjectNode createGenericResponse(final String respId, final String inResponseTo, + final String transactionId, final ObjectNode payLoad, final String signedPayload) + throws SlCommandoBuildException { final ObjectNode req = mapper.getMapper().createObjectNode(); - addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, - true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true); addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, false); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); - addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, - signedPayload); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, payLoad, signedPayload); return req; } - private static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, - final String secondKeyId, final ObjectNode first, final ObjectNode second) - throws SlCommandoBuildException { + private static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, final String secondKeyId, + final ObjectNode first, final ObjectNode second) throws SlCommandoBuildException { if (first == null && second == null) { throw new SlCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); } else if (first != null && second != null) { @@ -542,18 +495,18 @@ public class SL20JsonBuilderUtils { /** * Add one element of two possible elements <br> - * This method adds either the first element or the second element to parent JSON, but never both. + * This method adds either the first element or the second element to parent + * JSON, but never both. * - * @param parent Parent JSON element - * @param firstKeyId first element Id + * @param parent Parent JSON element + * @param firstKeyId first element Id * @param secondKeyId second element Id - * @param first first element - * @param second second element + * @param first first element + * @param second second element * @throws SlCommandoBuildException In case of an error. */ - public static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, - final String secondKeyId, final ObjectNode first, final String second) - throws SlCommandoBuildException { + public static void addOnlyOnceOfTwo(final ObjectNode parent, final String firstKeyId, final String secondKeyId, + final ObjectNode first, final String second) throws SlCommandoBuildException { if (first == null && (second == null || second.isEmpty())) { throw new SlCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); } else if (first != null && second != null) { @@ -567,34 +520,25 @@ public class SL20JsonBuilderUtils { } } - - // TODO!!!! - private static ObjectNode createJsonSignedHeader() - throws SlCommandoBuildException { + private static ObjectNode createJsonSignedHeader() throws SlCommandoBuildException { final ObjectNode header = mapper.getMapper().createObjectNode(); - addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, - SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); - addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, - SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); - addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, - Arrays.asList(Constants.DUMMY_SIGNING_CERT)); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); + addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, Arrays.asList(Constants.DUMMY_SIGNING_CERT)); return header; } // TODO!!!! - private static ObjectNode createJsonEncryptionHeader() - throws SlCommandoBuildException { + private static ObjectNode createJsonEncryptionHeader() throws SlCommandoBuildException { final ObjectNode header = mapper.getMapper().createObjectNode(); - addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, - SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); addSingleStringElement(header, SL20Constants.JSON_ENCRYPTION_PAYLOAD, SL20Constants.JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, true); - addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, - SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, true); - addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, - Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, + true); + addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true); return header; } @@ -605,14 +549,11 @@ public class SL20JsonBuilderUtils { + " AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n" + " BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n" + " 0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv\n" - + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" - + " p0igcN_IoypGlUPQGe77Rw"; + + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" + " p0igcN_IoypGlUPQGe77Rw"; } - - - private static void addArrayOfStrings(final ObjectNode parent, final String keyId, - final List<String> values) throws SlCommandoBuildException { + private static void addArrayOfStrings(final ObjectNode parent, final String keyId, final List<String> values) + throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (values != null) { final ArrayNode callReqParamsArray = mapper.getMapper().createArrayNode(); @@ -624,7 +565,6 @@ public class SL20JsonBuilderUtils { } } - private static void addArrayOfStringElements(final ObjectNode parent, final String keyId, final Map<String, String> keyValuePairs) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); @@ -652,10 +592,8 @@ public class SL20JsonBuilderUtils { } - - - private static void addSingleByteElement(final ObjectNode parent, final String keyId, - final byte[] value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleByteElement(final ObjectNode parent, final String keyId, final byte[] value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -666,8 +604,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleBooleanElement(final ObjectNode parent, final String keyId, - final Boolean value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleBooleanElement(final ObjectNode parent, final String keyId, final Boolean value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -678,8 +616,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleNumberElement(final ObjectNode parent, final String keyId, - final Integer value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleNumberElement(final ObjectNode parent, final String keyId, final Integer value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -690,8 +628,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleStringElement(final ObjectNode parent, final String keyId, - final String value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleStringElement(final ObjectNode parent, final String keyId, final String value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && (value == null || value.isEmpty())) { @@ -702,8 +640,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleIntegerElement(final ObjectNode parent, final String keyId, - final Integer value, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleIntegerElement(final ObjectNode parent, final String keyId, final Integer value, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && value == null) { @@ -714,8 +652,8 @@ public class SL20JsonBuilderUtils { } - private static void addSingleJsonElement(final ObjectNode parent, final String keyId, - final ObjectNode element, final boolean isRequired) throws SlCommandoBuildException { + private static void addSingleJsonElement(final ObjectNode parent, final String keyId, final ObjectNode element, + final boolean isRequired) throws SlCommandoBuildException { validateParentAndKey(parent, keyId); if (isRequired && element == null) { @@ -726,8 +664,6 @@ public class SL20JsonBuilderUtils { } - - private static void validateParentAndKey(final ObjectNode parent, final String keyId) throws SlCommandoBuildException { if (parent == null) { diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index d4e1490d..eb6de461 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -7,9 +7,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; + import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; @@ -18,25 +16,29 @@ import org.apache.http.util.EntityUtils; import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; + import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ObjectNode; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; + public class SL20JsonExtractorUtils { private static final Logger log = LoggerFactory.getLogger(SL20JsonExtractorUtils.class); private static JsonMapper mapper = new JsonMapper(); - /** * Extract String value from JSON. * - * @param input JSON - * @param keyID Element identifier + * @param input JSON + * @param keyID Element identifier * @param isRequired true, if the element must not null * @return Value of this element * @throws SlCommandoParserException In case an error */ - public static String getStringValue(final JsonNode input, final String keyID, - final boolean isRequired) throws SlCommandoParserException { + public static String getStringValue(final JsonNode input, final String keyID, final boolean isRequired) + throws SlCommandoParserException { try { final JsonNode internal = getAndCheck(input, keyID, isRequired); @@ -58,14 +60,14 @@ public class SL20JsonExtractorUtils { /** * Extract Boolean value from JSON. * - * @param input JSON - * @param keyID Element identifier + * @param input JSON + * @param keyID Element identifier * @param isRequired true, if the element must not null * @return Boolean * @throws SlCommandoParserException In case of an error */ - public static boolean getBooleanValue(final ObjectNode input, final String keyID, - final boolean isRequired, final boolean defaultValue) throws SlCommandoParserException { + public static boolean getBooleanValue(final ObjectNode input, final String keyID, final boolean isRequired, + final boolean defaultValue) throws SlCommandoParserException { try { final JsonNode internal = getAndCheck(input, keyID, isRequired); @@ -87,14 +89,14 @@ public class SL20JsonExtractorUtils { /** * Extract JSONObject value from JSON. * - * @param input JSON - * @param keyID Element identifier + * @param input JSON + * @param keyID Element identifier * @param isRequired true, if the element must not null * @return JSON node * @throws SlCommandoParserException In case of an error */ - public static JsonNode getJsonObjectValue(final JsonNode input, final String keyID, - final boolean isRequired) throws SlCommandoParserException { + public static JsonNode getJsonObjectValue(final JsonNode input, final String keyID, final boolean isRequired) + throws SlCommandoParserException { try { final JsonNode internal = getAndCheck(input, keyID, isRequired); @@ -120,8 +122,7 @@ public class SL20JsonExtractorUtils { * @return List of Elements in this node * @throws SlCommandoParserException In case of an error */ - public static List<String> getListOfStringElements(final JsonNode input) - throws SlCommandoParserException { + public static List<String> getListOfStringElements(final JsonNode input) throws SlCommandoParserException { final List<String> result = new ArrayList<>(); if (input != null) { if (input.isArray()) { @@ -149,8 +150,8 @@ public class SL20JsonExtractorUtils { /** * Extract Map of Key/Value pairs from a JSON Element. * - * @param input parent JSON object - * @param keyID KeyId of the child that should be parsed + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed * @param isRequired true, if the element must not null * @return Map of element pairs * @throws SlCommandoParserException In case of an error @@ -169,8 +170,7 @@ public class SL20JsonExtractorUtils { * @return Map of element pairs * @throws SlCommandoParserException in case of an error */ - public static Map<String, String> getMapOfStringElements(final JsonNode input) - throws SlCommandoParserException { + public static Map<String, String> getMapOfStringElements(final JsonNode input) throws SlCommandoParserException { final Map<String, String> result = new HashMap<>(); if (input != null) { @@ -196,13 +196,11 @@ public class SL20JsonExtractorUtils { return result; } - private static void entitySetToMap(final Map<String, String> result, - final Iterator<Entry<String, JsonNode>> entry) { + private static void entitySetToMap(final Map<String, String> result, final Iterator<Entry<String, JsonNode>> entry) { while (entry.hasNext()) { final Entry<String, JsonNode> el = entry.next(); if (result.containsKey(el.getKey())) { - log.info("Attr. Map already contains Element with Key: " + el.getKey() - + ". Overwrite element ... "); + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); } result.put(el.getKey(), el.getValue().asText()); @@ -211,12 +209,11 @@ public class SL20JsonExtractorUtils { } - /** * Extract Security-Layer 2.0 result from response object. * - * @param command SL2.0 command - * @param decrypter JWS decrypter implementation + * @param command SL2.0 command + * @param decrypter JWS decrypter implementation * @param mustBeEncrypted if <code>true</code>, the result must be encrypted * @return decrypted JSON * @throws SL20Exception In case of an error @@ -224,8 +221,7 @@ public class SL20JsonExtractorUtils { public static JsonNode extractSL20Result(final JsonNode command, final IJoseTools decrypter, final boolean mustBeEncrypted) throws SL20Exception { final JsonNode result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); - final JsonNode encryptedResult = - command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + final JsonNode encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); if (result == null && encryptedResult == null) { throw new SlCommandoParserException("NO result OR encryptedResult FOUND."); @@ -238,8 +234,7 @@ public class SL20JsonExtractorUtils { } catch (final Exception e) { log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); if (!mustBeEncrypted) { - log.warn( - "Decrypted results are disabled by configuration. Parse result in plain if it is possible"); + log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); // dummy code try { @@ -267,7 +262,6 @@ public class SL20JsonExtractorUtils { throw new SlCommandoParserException("Internal build error"); } - } /** @@ -278,8 +272,8 @@ public class SL20JsonExtractorUtils { * @return Signature verification result that contains the payLoad * @throws SlCommandoParserException In case of an error */ - public static VerificationResult extractSL20PayLoad(final JsonNode container, - final IJoseTools joseTools, final boolean mustBeSigned) throws SL20Exception { + public static VerificationResult extractSL20PayLoad(final JsonNode container, final IJoseTools joseTools, + final boolean mustBeSigned) throws SL20Exception { final JsonNode sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); final JsonNode sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); @@ -301,10 +295,8 @@ public class SL20JsonExtractorUtils { throw new SlCommandoParserException("Internal build error"); } - } - /** * Extract generic transport container from httpResponse. * @@ -312,19 +304,16 @@ public class SL20JsonExtractorUtils { * @return JSON with SL2.0 response * @throws SlCommandoParserException In case of an error */ - public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) - throws SlCommandoParserException { + public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) throws SlCommandoParserException { try { JsonNode sl20Resp = null; - if (httpResp.getStatusLine().getStatusCode() == 303 - || httpResp.getStatusLine().getStatusCode() == 307) { + if (httpResp.getStatusLine().getStatusCode() == 303 || httpResp.getStatusLine().getStatusCode() == 307) { final Header[] locationHeader = httpResp.getHeaders("Location"); if (locationHeader == null) { throw new SlCommandoParserException("Find Redirect statuscode but not Location header"); } - final String sl20RespString = - new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); + final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); sl20Resp = mapper.getMapper().readTree(Base64Url.decode(sl20RespString)); } else if (httpResp.getStatusLine().getStatusCode() == 200) { @@ -333,16 +322,15 @@ public class SL20JsonExtractorUtils { } if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) { - throw new SlCommandoParserException("SL20 response with a wrong ContentType: " - + httpResp.getEntity().getContentType().getValue()); + throw new SlCommandoParserException( + "SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); } sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - } else if (httpResp.getStatusLine().getStatusCode() == 500 - || httpResp.getStatusLine().getStatusCode() == 401 + } else if (httpResp.getStatusLine().getStatusCode() == 500 || httpResp.getStatusLine().getStatusCode() == 401 || httpResp.getStatusLine().getStatusCode() == 400) { - log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() - + ". Search for error message"); + log.info( + "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + ". Search for error message"); try { sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); @@ -354,8 +342,6 @@ public class SL20JsonExtractorUtils { } - - } else { throw new SlCommandoParserException( "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); @@ -365,8 +351,7 @@ public class SL20JsonExtractorUtils { return sl20Resp; } catch (final Exception e) { - throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), - e); + throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); } } @@ -384,21 +369,18 @@ public class SL20JsonExtractorUtils { throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object"); } - } else { throw new SlCommandoParserException("Can NOT find content in http response"); } } - - private static JsonNode getAndCheck(final JsonNode input, final String keyID, - final boolean isRequired) throws SlCommandoParserException { + private static JsonNode getAndCheck(final JsonNode input, final String keyID, final boolean isRequired) + throws SlCommandoParserException { final JsonNode internal = input.get(keyID); if (internal == null && isRequired) { - throw new SlCommandoParserException( - "REQUIRED Element with keyId: " + keyID + " does not exist"); + throw new SlCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); } return internal; |