diff options
Diffstat (limited to 'eaaf_modules')
2 files changed, 37 insertions, 33 deletions
| diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java index 337002c5..3890aaac 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualeIDRequestTask.java @@ -1,9 +1,7 @@  package at.gv.egiz.eaaf.modules.auth.sl20.tasks;  import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate;  import java.util.ArrayList; -import java.util.HashMap;  import java.util.List;  import java.util.Map; @@ -25,13 +23,11 @@ import org.springframework.beans.factory.annotation.Autowired;  import com.fasterxml.jackson.databind.JsonNode;  import com.fasterxml.jackson.databind.node.ObjectNode; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration;  import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;  import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;  import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;  import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;  import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;  import at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory;  import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;  import at.gv.egiz.eaaf.core.impl.utils.Random; @@ -42,7 +38,6 @@ import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;  import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;  import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SLCommandoBuildException;  import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SLCommandoParserException; -import at.gv.egiz.eaaf.modules.auth.sl20.utils.IJOSETools;  import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants;  import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils;  import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JSONBuilderUtils; @@ -51,8 +46,6 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JSONExtractorUtils;  public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServletTask {  	private static final Logger log = LoggerFactory.getLogger(AbstractCreateQualeIDRequestTask.class); -	@Autowired(required=true) private IJOSETools joseTools; -	@Autowired(required=true) private IConfiguration basicConfig;  	@Autowired(required=true) private HttpClientFactory httpClientFactory;  	@Override  @@ -65,28 +58,29 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl  			try {  				//get service-provider configuration -				ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); +				final ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration();  				//get basic configuration parameters -				String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext);				 +				final String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext);				  				if (StringUtils.isEmpty(vdaQualeIDUrl)) {  					log.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")");  					throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});  				} +				log.debug("Use {} as VDA end-point") ;  				revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_ENDPOINT_URL, vdaQualeIDUrl);  				//create SL2.0 command for qualified eID -				String signedQualeIDCommand = buildSignedQualifiedEIDCommand(); +				final String signedQualeIDCommand = buildSignedQualifiedEIDCommand();  				//build request container -				String qualeIDReqId = Random.nextProcessReferenceValue(); -				ObjectNode sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); +				final String qualeIDReqId = Random.nextProcessReferenceValue(); +				final ObjectNode sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);  				//build http POST request -				HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());								 -				List<NameValuePair> parameters = new ArrayList<NameValuePair>();; +				final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());								 +				final List<NameValuePair> parameters = new ArrayList<NameValuePair>();;  				parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())));  				httpReq.setEntity(new UrlEncodedFormEntity(parameters ));				 @@ -101,29 +95,29 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl  				log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes()));  				//request VDA -				HttpResponse httpResp = httpClientFactory.getHttpClient().execute(httpReq); +				final HttpResponse httpResp = httpClientFactory.getHttpClient().execute(httpReq);  				//parse response  				log.info("Receive response from VDA ... "); -				JsonNode sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); -				VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); +				final JsonNode sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); +				final VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false);  				if (respPayloadContainer.isValidSigned() == null) {  					log.debug("Receive unsigned payLoad from VDA");  				} -				JsonNode respPayload = respPayloadContainer.getPayload(); +				final JsonNode respPayload = respPayloadContainer.getPayload();  				if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).asText()  						.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) {  					log.debug("Find 'redirect' command in VDA response ... ");									 -					JsonNode params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true);					 -					String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true);									 -					JsonNode command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false); -					String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false);					 +					final JsonNode params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true);					 +					final String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true);									 +					final JsonNode command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false); +					final String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false);					  					//create forward SL2.0 command -					ObjectNode sl20Forward = sl20Resp.deepCopy();					 +					final ObjectNode sl20Forward = sl20Resp.deepCopy();					  					SL20JSONBuilderUtils.addOnlyOnceOfTwo(sl20Forward,   							SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD,   							command.deepCopy(), signedCommand); @@ -143,8 +137,8 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl  					if (result  == null)  						result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); -					String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); -					String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); +					final String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); +					final String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true);  					log.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg);  					throw new SL20Exception("sl20.08", new Object[]{errorCode, errorMsg}); @@ -156,10 +150,10 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl  				} -			} catch (EAAFAuthenticationException  e) { +			} catch (final EAAFAuthenticationException  e) {  				throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); -			} catch (Exception e) { +			} catch (final Exception e) {  				log.warn("SL2.0 Authentication FAILED with a generic error.", e);  				throw new TaskExecutionException(pendingReq, e.getMessage(), e); @@ -187,9 +181,9 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl  		//TODO: fully remove if not required any more  		//String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);		 -		String spSpecificVDAEndpoints = null; +		final String spSpecificVDAEndpoints = null; -		Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); +		final Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);  		if (StringUtils.isNotEmpty(spSpecificVDAEndpoints)) {  			endPointMap.putAll(KeyValueUtils.convertListToMap(  							KeyValueUtils.getListOfCSVValues( @@ -201,9 +195,9 @@ public abstract class AbstractCreateQualeIDRequestTask extends AbstractAuthServl  		log.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... ");  		//selection based on request Header -		String sl20VDATypeHeader = (String)  executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); +		final String sl20VDATypeHeader = (String)  executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());  		if (StringUtils.isNotEmpty(sl20VDATypeHeader)) { -			String vdaURL = endPointMap.get(sl20VDATypeHeader); +			final String vdaURL = endPointMap.get(sl20VDATypeHeader);  			if (StringUtils.isNotEmpty(vdaURL))  				return vdaURL.trim(); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java index 524c9e80..a5e5a3dc 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONExtractorUtils.java @@ -307,8 +307,18 @@ public class SL20JSONExtractorUtils {  					(httpResp.getStatusLine().getStatusCode() == 401) ||   					(httpResp.getStatusLine().getStatusCode() == 400) ) {  				log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()  -						+ ". Search for error message");				 -				sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); +						+ ". Search for error message"); +				 +				try { +					sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); +					 +				} catch (final Exception e) { +					log.warn("SL20 response contains no valid JSON", e); +					throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()  +							+ " AND NO valid JSON errormsg", e); +					 +				} +							  			} else | 
