summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_auth_sl20
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20')
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java57
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java67
2 files changed, 60 insertions, 64 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
index 34a097bd..a377a4c0 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualeIDTask.java
@@ -2,9 +2,7 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks;
import java.io.IOException;
import java.io.StringWriter;
-import java.security.cert.X509Certificate;
import java.util.HashMap;
-import java.util.List;
import java.util.Map;
import java.util.UUID;
@@ -59,12 +57,12 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
JsonNode sl20ReqObj = null;
try {
//get SL2.0 command or result from HTTP request
- Map<String, String> reqParams = getParameters(request);
+ final Map<String, String> reqParams = getParameters(request);
sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
if (StringUtils.isEmpty(sl20Result)) {
//Workaround for SIC Handy-Signature, because it sends result in InputStream
- String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8");
+ final String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8");
if (StringUtils.isNotEmpty(isReqInput)) {
log.info("Use SIC Handy-Signature work-around!");
sl20Result = isReqInput.substring("slcommand=".length());
@@ -83,7 +81,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
try {
sl20ReqObj = new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result));
- } catch (JsonParseException e) {
+ } catch (final JsonParseException e) {
log.warn("SL2.0 command or result is NOT valid JSON.", e);
log.debug("SL2.0 msg: " + sl20Result);
throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e);
@@ -91,8 +89,8 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
}
//validate reqId with inResponseTo
- String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
- String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
+ final String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
+ final String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
log.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
@@ -100,7 +98,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
//validate signature
- VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(
+ final VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(
sl20ReqObj, joseTools,
authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
@@ -115,21 +113,18 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
}
}
- /*TODO validate certificate by using MOA-SPSS
- * currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore
- */
- List<X509Certificate> sigCertChain = payLoadContainer.getCertChain();
+ payLoadContainer.getCertChain();
//extract payloaf
- JsonNode payLoad = payLoadContainer.getPayload();
+ final JsonNode payLoad = payLoadContainer.getPayload();
//handle SL2.0 response payLoad
handleResponsePayLoad(payLoad);
- } catch (EAAFAuthenticationException e) {
+ } catch (final EAAFAuthenticationException e) {
log.warn("SL2.0 processing error:", e);
if (sl20Result != null)
log.debug("Received SL2.0 result: " + sl20Result);
@@ -137,7 +132,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
- } catch (Exception e) {
+ } catch (final Exception e) {
log.warn("ERROR:", e);
log.warn("SL2.0 Authentication FAILED with a generic error.", e);
if (sl20Result != null)
@@ -158,7 +153,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
}
- } catch (Exception e) {
+ } catch (final Exception e) {
//write internal server errror 500 according to SL2.0 specification, chapter https transport binding
log.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e);
if (sl20Result != null)
@@ -166,7 +161,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
try {
response.sendError(500, "Internal Server Error.");
- } catch (IOException e1) {
+ } catch (final IOException e1) {
log.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e);
}
@@ -183,8 +178,8 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
protected abstract String getResumeEndPoint();
private void buildErrorResponse(HttpServletRequest request, HttpServletResponse response, String errorCode, String errorMsg) throws Exception {
- ObjectNode error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg);
- ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest(
+ final ObjectNode error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg);
+ final ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest(
UUID.randomUUID().toString(),
null,
error ,
@@ -192,7 +187,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
log.debug("Client request containts 'native client' header ... ");
log.trace("SL20 response to VDA: " + respContainer);
- StringWriter writer = new StringWriter();
+ final StringWriter writer = new StringWriter();
writer.write(respContainer.toString());
final byte[] content = writer.toString().getBytes("UTF-8");
response.setStatus(HttpServletResponse.SC_OK);
@@ -204,30 +199,30 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonNode sl20ReqObj) throws IOException, SL20Exception {
//create response
- Map<String, String> reqParameters = new HashMap<String, String>();
+ final Map<String, String> reqParameters = new HashMap<String, String>();
reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId());
- ObjectNode callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
+ final ObjectNode callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), getResumeEndPoint(), null),
SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET,
false,
reqParameters);
- ObjectNode callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams);
+ final ObjectNode callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams);
//build first redirect command for app
- ObjectNode redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
+ final ObjectNode redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
generateICPRedirectURLForDebugging(),
callCommand, null, true);
- ObjectNode redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
+ final ObjectNode redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
//build second redirect command for IDP
- ObjectNode redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
- new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), getResumeEndPoint(), null),
+ final ObjectNode redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
+ new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), getResumeEndPoint(), pendingReq.getPendingRequestId()),
redirectOneCommand, null, true);
- ObjectNode redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
+ final ObjectNode redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
//build generic SL2.0 response container
- String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false);
- ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest(
+ final String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false);
+ final ObjectNode respContainer = SL20JSONBuilderUtils.createGenericRequest(
UUID.randomUUID().toString(),
transactionId,
redirectTwoCommand,
@@ -239,7 +234,7 @@ public abstract class AbstractReceiveQualeIDTask extends AbstractAuthServletTask
|| true) {
log.debug("Client request containts 'native client' header ... ");
log.trace("SL20 response to VDA: " + respContainer);
- StringWriter writer = new StringWriter();
+ final StringWriter writer = new StringWriter();
writer.write(respContainer.toString());
final byte[] content = writer.toString().getBytes("UTF-8");
response.setStatus(HttpServletResponse.SC_OK);
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java
index 827b5970..524c9e80 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java
@@ -1,6 +1,5 @@
package at.gv.egiz.eaaf.modules.auth.sl20.utils;
-import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
@@ -13,6 +12,7 @@ import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.util.EntityUtils;
import org.apache.log4j.Logger;
import org.jose4j.base64url.Base64Url;
@@ -39,17 +39,17 @@ public class SL20JSONExtractorUtils {
*/
public static String getStringValue(JsonNode input, String keyID, boolean isRequired) throws SLCommandoParserException {
try {
- JsonNode internal = getAndCheck(input, keyID, isRequired);
+ final JsonNode internal = getAndCheck(input, keyID, isRequired);
if (internal != null)
return internal.asText();
else
return null;
- } catch (SLCommandoParserException e) {
+ } catch (final SLCommandoParserException e) {
throw e;
- } catch (Exception e) {
+ } catch (final Exception e) {
throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e);
}
@@ -66,17 +66,17 @@ public class SL20JSONExtractorUtils {
*/
public static boolean getBooleanValue(ObjectNode input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException {
try {
- JsonNode internal = getAndCheck(input, keyID, isRequired);
+ final JsonNode internal = getAndCheck(input, keyID, isRequired);
if (internal != null)
return internal.asBoolean();
else
return defaultValue;
- } catch (SLCommandoParserException e) {
+ } catch (final SLCommandoParserException e) {
throw e;
- } catch (Exception e) {
+ } catch (final Exception e) {
throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e);
}
@@ -93,17 +93,17 @@ public class SL20JSONExtractorUtils {
*/
public static JsonNode getJSONObjectValue(JsonNode input, String keyID, boolean isRequired) throws SLCommandoParserException {
try {
- JsonNode internal = getAndCheck(input, keyID, isRequired);
+ final JsonNode internal = getAndCheck(input, keyID, isRequired);
if (internal != null)
return internal;
else
return null;
- } catch (SLCommandoParserException e) {
+ } catch (final SLCommandoParserException e) {
throw e;
- } catch (Exception e) {
+ } catch (final Exception e) {
throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e);
}
@@ -117,12 +117,12 @@ public class SL20JSONExtractorUtils {
* @throws SLCommandoParserException
*/
public static List<String> getListOfStringElements(JsonNode input) throws SLCommandoParserException {
- List<String> result = new ArrayList<String>();
+ final List<String> result = new ArrayList<String>();
if (input != null) {
if (input.isArray()) {
- Iterator<JsonNode> arrayIterator = input.iterator();
+ final Iterator<JsonNode> arrayIterator = input.iterator();
while(arrayIterator.hasNext()) {
- JsonNode next = arrayIterator.next();
+ final JsonNode next = arrayIterator.next();
if (next.isTextual())
result.add(next.asText());
}
@@ -150,7 +150,7 @@ public class SL20JSONExtractorUtils {
* @throws SLCommandoParserException
*/
public static Map<String, String> getMapOfStringElements(JsonNode input, String keyID, boolean isRequired) throws SLCommandoParserException {
- JsonNode internal = getAndCheck(input, keyID, isRequired);
+ final JsonNode internal = getAndCheck(input, keyID, isRequired);
return getMapOfStringElements(internal);
}
@@ -163,20 +163,20 @@ public class SL20JSONExtractorUtils {
* @throws SLCommandoParserException
*/
public static Map<String, String> getMapOfStringElements(JsonNode input) throws SLCommandoParserException {
- Map<String, String> result = new HashMap<String, String>();
+ final Map<String, String> result = new HashMap<String, String>();
if (input != null) {
if (input.isArray()) {
- Iterator<JsonNode> arrayIterator = input.iterator();
+ final Iterator<JsonNode> arrayIterator = input.iterator();
while(arrayIterator.hasNext()) {
- JsonNode next = arrayIterator.next();
- Iterator<Entry<String, JsonNode>> entry = next.fields();
+ final JsonNode next = arrayIterator.next();
+ final Iterator<Entry<String, JsonNode>> entry = next.fields();
entitySetToMap(result, entry);
}
} else if (input.isObject()) {
- Iterator<Entry<String, JsonNode>> objectKeys = input.fields();
+ final Iterator<Entry<String, JsonNode>> objectKeys = input.fields();
entitySetToMap(result, objectKeys);
} else
@@ -189,7 +189,7 @@ public class SL20JSONExtractorUtils {
private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonNode>> entry) {
while (entry.hasNext()) {
- Entry<String, JsonNode> el = entry.next();
+ final Entry<String, JsonNode> el = entry.next();
if (result.containsKey(el.getKey()))
log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
@@ -201,8 +201,8 @@ public class SL20JSONExtractorUtils {
public static JsonNode extractSL20Result(JsonNode command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception {
- JsonNode result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
- JsonNode encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT);
+ final JsonNode result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
+ final JsonNode encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT);
if (result == null && encryptedResult == null)
throw new SLCommandoParserException("NO result OR encryptedResult FOUND.");
@@ -214,18 +214,18 @@ public class SL20JSONExtractorUtils {
try {
return decrypter.decryptPayload(encryptedResult.asText());
- } catch (Exception e) {
+ } catch (final Exception e) {
log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage());
if (!mustBeEncrypted) {
log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible");
//dummy code
try {
- String[] signedPayload = encryptedResult.toString().split("\\.");
- JsonNode payLoad = mapper.getMapper().readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
+ final String[] signedPayload = encryptedResult.toString().split("\\.");
+ final JsonNode payLoad = mapper.getMapper().readTree(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
return payLoad;
- } catch (Exception e1) {
+ } catch (final Exception e1) {
log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ...");
throw new SL20Exception(e.getMessage(), null, e);
@@ -255,8 +255,8 @@ public class SL20JSONExtractorUtils {
*/
public static VerificationResult extractSL20PayLoad(JsonNode container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception {
- JsonNode sl20Payload = container.get(SL20Constants.SL20_PAYLOAD);
- JsonNode sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD);
+ final JsonNode sl20Payload = container.get(SL20Constants.SL20_PAYLOAD);
+ final JsonNode sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD);
if (mustBeSigned && joseTools == null)
throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'");
@@ -291,11 +291,11 @@ public class SL20JSONExtractorUtils {
try {
JsonNode sl20Resp = null;
if (httpResp.getStatusLine().getStatusCode() == 307) {
- Header[] locationHeader = httpResp.getHeaders("Location");
+ final Header[] locationHeader = httpResp.getHeaders("Location");
if (locationHeader == null)
throw new SLCommandoParserException("Find Redirect statuscode but not Location header");
- String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
+ final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
sl20Resp = mapper.getMapper().readTree(Base64Url.encode((sl20RespString.getBytes())));
} else if (httpResp.getStatusLine().getStatusCode() == 200) {
@@ -317,7 +317,7 @@ public class SL20JSONExtractorUtils {
log.info("Find JSON object in http response");
return sl20Resp;
- } catch (Exception e) {
+ } catch (final Exception e) {
throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e);
}
@@ -325,7 +325,8 @@ public class SL20JSONExtractorUtils {
private static JsonNode parseSL20ResultFromResponse(HttpEntity resp) throws Exception {
if (resp != null && resp.getContent() != null) {
- JsonNode sl20Resp = mapper.getMapper().readTree(new InputStreamReader(resp.getContent()));
+ final String rawSL20Resp = EntityUtils.toString(resp);
+ final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp);
//TODO: check sl20Resp type like && sl20Resp.isJsonObject()
if (sl20Resp != null) {
@@ -342,7 +343,7 @@ public class SL20JSONExtractorUtils {
private static JsonNode getAndCheck(JsonNode input, String keyID, boolean isRequired) throws SLCommandoParserException {
- JsonNode internal = input.get(keyID);
+ final JsonNode internal = input.get(keyID);
if (internal == null && isRequired)
throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist");