From e23226c47807be597bbbae3891dbb94069d56836 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 14 Feb 2020 08:46:52 +0100 Subject: Integrate HSM Facade from A-SIT+ The EaafKeyStoreFactory can be used to build KeyStores from differend providers and types --- .../egiz/eaaf/core/impl/utils/DataUrlBuilder.java | 16 +-- .../at/gv/egiz/eaaf/core/impl/utils/FileUtils.java | 20 ++-- .../eaaf/core/impl/utils/HttpClientFactory.java | 122 ++++++--------------- .../at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java | 11 +- .../eaaf/core/impl/utils/IHttpClientFactory.java | 6 +- .../egiz/eaaf/core/impl/utils/KeyStoreUtils.java | 36 +++--- .../egiz/eaaf/core/impl/utils/KeyValueUtils.java | 68 ++++++------ .../eaaf/core/impl/utils/NodeIteratorAdapter.java | 13 +-- .../egiz/eaaf/core/impl/utils/NodeListAdapter.java | 5 +- .../at/gv/egiz/eaaf/core/impl/utils/Random.java | 20 ++-- .../SecurePendingRequestIdGenerationStrategy.java | 30 ++--- .../SimplePendingRequestIdGenerationStrategy.java | 8 +- .../gv/egiz/eaaf/core/impl/utils/StreamUtils.java | 52 +++++---- .../eaaf/core/impl/utils/TransactionIdUtils.java | 6 +- .../at/gv/egiz/eaaf/core/impl/utils/X509Utils.java | 6 +- 15 files changed, 179 insertions(+), 240 deletions(-) (limited to 'eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils') diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java index 8090585f..ef1f3fdc 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java @@ -23,7 +23,8 @@ import org.apache.commons.lang3.StringUtils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; /** - * Builds a DataURL parameter meant for the security layer implementation to respond to. + * Builds a DataURL parameter meant for the security layer implementation to + * respond to. * * @author Paul Ivancsics * @version $Id$ @@ -39,12 +40,13 @@ public class DataUrlBuilder { /** * Constructs a data URL for VerifyIdentityLink or - * VerifyAuthenticationBlock, including the MOASessionID as a parameter. + * VerifyAuthenticationBlock, including the + * MOASessionID as a parameter. * - * @param authBaseUrl base URL (context path) of the MOA ID Authentication component, including a - * trailing '/' + * @param authBaseUrl base URL (context path) of the MOA ID Authentication + * component, including a trailing '/' * @param authServletName request part of the data URL - * @param pendingReqId sessionID to be included in the dataURL + * @param pendingReqId sessionID to be included in the dataURL * @return String */ public String buildDataUrl(String authBaseUrl, String authServletName, @@ -70,10 +72,10 @@ public class DataUrlBuilder { /** * Method addParameter. - * + * * @param urlString represents the url * @param paramname is the parameter to be added - * @param value is the value of that parameter + * @param value is the value of that parameter * @return String */ private String addParameter(final String urlString, final String paramname, final String value) { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java index 943d3dad..7cb551e2 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java @@ -17,8 +17,6 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.io.BufferedInputStream; @@ -31,6 +29,7 @@ import java.io.OutputStream; import java.net.MalformedURLException; import java.net.URI; import java.net.URL; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -38,7 +37,6 @@ import org.slf4j.LoggerFactory; public class FileUtils { private static final Logger log = LoggerFactory.getLogger(FileUtils.class); - /** * Reads a file, given by URL, into a byte array. * @@ -72,7 +70,7 @@ public class FileUtils { /** * Reads a file from a resource. * - * @param name filename + * @param name filename * @param encoding character encoding * @return file content * @throws IOException on any exception thrown @@ -82,11 +80,11 @@ public class FileUtils { return new String(content, encoding); } - /** - * Returns the absolute URL of a given url which is relative to the parameter root. + * Returns the absolute URL of a given url which is relative to the parameter + * root. * - * @param url Filepath + * @param url Filepath * @param root configuration root context * @return absolut filepath * @throws MalformedURLException In case of a filepath error @@ -102,9 +100,10 @@ public class FileUtils { } /** - * Returns the absolute URL of a given url which is relative to the parameter root. + * Returns the absolute URL of a given url which is relative to the parameter + * root. * - * @param url Filepath + * @param url Filepath * @param root configuration root context * @return absolut filepath */ @@ -145,7 +144,6 @@ public class FileUtils { } } - private static void copy(final InputStream fis, final OutputStream fos) { try { final byte[] buffer = new byte[0xFFFF]; @@ -161,7 +159,7 @@ public class FileUtils { /** * Copy file from source to destination. * - * @param src File source + * @param src File source * @param dest file destination */ public static void copyFile(final File src, final File dest) { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java index c60fcd7f..ade0c28d 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java @@ -1,18 +1,15 @@ package at.gv.egiz.eaaf.core.impl.utils; -import java.io.IOException; -import java.io.InputStream; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; + import javax.annotation.PostConstruct; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; + import org.apache.commons.lang3.StringUtils; import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; @@ -38,18 +35,27 @@ import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.protocol.HttpContext; import org.apache.http.ssl.SSLContexts; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import lombok.extern.slf4j.Slf4j; + +@Slf4j public class HttpClientFactory implements IHttpClientFactory { - private static final Logger log = LoggerFactory.getLogger(HttpClientFactory.class); + @Autowired(required = true) private IConfiguration basicConfig; + @Autowired(required = true) ResourceLoader resourceLoader; + + @Autowired private EaafKeyStoreFactory keyStoreFactory; public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE = "client.http.connection.pool.use"; @@ -73,6 +79,8 @@ public class HttpClientFactory implements IHttpClientFactory { "client.auth.ssl.keystore.path"; public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD = "client.auth.ssl.keystore.password"; + private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME = + "client.auth.ssl.keystore.name"; public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE = "client.auth.ssl.keystore.type"; public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD = @@ -127,47 +135,6 @@ public class HttpClientFactory implements IHttpClientFactory { } - public enum KeyStoreType { - PKCS12("pkcs12"), JKS("jks"); - - private final String type; - - KeyStoreType(final String type) { - this.type = type; - } - - /** - * Get the KeyStore type. - * - * @return - */ - public String getType() { - return this.type; - } - - /** - * Get Keystore type from configuration. - * - * @param s String representation for keyStore type - * @return - */ - public static KeyStoreType fromString(final String s) { - try { - return KeyStoreType.valueOf(s.toUpperCase()); - - } catch (IllegalArgumentException | NullPointerException e) { - return null; - } - } - - @Override - public String toString() { - return getType(); - - } - - } - private HttpClientBuilder httpClientBuilder = null; /* @@ -246,7 +213,6 @@ public class HttpClientFactory implements IHttpClientFactory { // set pool connection if required injectConnectionPoolIfRequired(sslConnectionFactory); - } private void injectBasicAuthenticationIfRequired(final ClientAuthMode clientAuthMode) { @@ -286,54 +252,39 @@ public class HttpClientFactory implements IHttpClientFactory { final String keyPasswordString = basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD); log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); - final char[] keyPassword = (keyPasswordString == null) ? StringUtils.EMPTY.toCharArray() + final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() : keyPasswordString.toCharArray(); return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build(); } private KeyStore getSslAuthKeyStore() throws EaafConfigurationException { - final KeyStoreType keyStoreType = KeyStoreType.fromString(basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getType())); + final String keyStoreType = basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType()); final String localKeyStorePath = basicConfig .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY); final String keyStorePassword = basicConfig .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY); + final String keyStoreName = basicConfig + .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY); try { + KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(keyStoreType); + keyStoreConfig.setFriendlyName("HttpClient Keystore"); + keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath); + keyStoreConfig.setSoftKeyStorePassword(keyStorePassword); + keyStoreConfig.setKeyStoreName(keyStoreName); + log.debug("Open keyStore with type: {}", keyStoreType); - KeyStore clientStore; - if (keyStoreType.equals(KeyStoreType.PKCS12)) { - clientStore = KeyStore.getInstance("pkcs12"); - } else { - clientStore = KeyStore.getInstance("JKS"); - } - - - log.debug("Read keyStore path: {} from configuration", localKeyStorePath); - if (StringUtils.isNotEmpty(localKeyStorePath)) { - final String absFilePath = FileUtils.makeAbsoluteUrl(localKeyStorePath, - basicConfig.getConfigurationRootDirectory()); - final Resource ressource = resourceLoader.getResource(absFilePath); - final InputStream is = ressource.getInputStream(); - log.trace("Load keyStore: {} with password: {}", absFilePath, keyStorePassword); - clientStore.load(is, keyStorePassword.toCharArray()); - is.close(); - - return clientStore; - - } else { - log.warn("Path to keyStore for SSL Client-Authentication is empty or null"); - throw new EaafConfigurationException( - "Path to keyStore for SSL Client-Authentication is empty or null", new Object[] {}); - - } - - } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException - | IOException e) { + KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + + return keyStore; + + } catch (final EaafException e) { log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e); throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem", - new Object[] {localKeyStorePath}, e); + new Object[] { localKeyStorePath }, e); } @@ -413,9 +364,6 @@ public class HttpClientFactory implements IHttpClientFactory { } - } - - } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java index 1f7601d8..66356ba0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java @@ -19,18 +19,17 @@ package at.gv.egiz.eaaf.core.impl.utils; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.lang3.StringUtils; - +import org.apache.commons.lang3.StringUtils; public class HttpUtils { - /** * Helper method to retrieve server URL including context path. * * @param request HttpServletRequest - * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth + * @return Server URL including context path (e.g. + * http://localhost:8443/moa-id-auth */ public static String getBaseUrl(final HttpServletRequest request) { final StringBuffer buffer = new StringBuffer(getServerUrl(request)); @@ -101,8 +100,8 @@ public class HttpUtils { /** * Add a http GET parameter to URL. * - * @param url URL - * @param paramname Name of the parameter. + * @param url URL + * @param paramname Name of the parameter. * @param paramvalue Value of the parameter. * @return */ diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java index 0dc00573..f922e1ac 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java @@ -5,7 +5,8 @@ import org.apache.http.impl.client.CloseableHttpClient; public interface IHttpClientFactory { /** - * Return an instance of a Apache HTTP client that follows http redirects automatically. + * Return an instance of a Apache HTTP client that follows http redirects + * automatically. * * @return */ @@ -14,7 +15,8 @@ public interface IHttpClientFactory { /** * Return an instance of a Apache HTTP client. * - * @param followRedirects if false, the client does not flow 30x http redirects + * @param followRedirects if false, the client does not flow 30x + * http redirects * @return */ CloseableHttpClient getHttpClient(boolean followRedirects); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java index 18ddf422..99b87819 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java @@ -17,8 +17,6 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.io.BufferedInputStream; @@ -50,16 +48,14 @@ public class KeyStoreUtils { */ private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12"; - - /** * Loads a key store from file. * * @param keystoreType key store type - * @param urlString URL of key store - * @param password password protecting the key store + * @param urlString URL of key store + * @param password password protecting the key store * @return key store loaded - * @throws IOException thrown while reading the key store from file + * @throws IOException thrown while reading the key store from file * @throws GeneralSecurityException thrown while creating the key store */ public static KeyStore loadKeyStore(final String keystoreType, final String urlString, @@ -74,10 +70,10 @@ public class KeyStoreUtils { * Load a KeyStore from Filesystem. * * @param keyStorePath Path to KeyStore - * @param password KeyStore password + * @param password KeyStore password * @return KeyStore * @throws KeyStoreException In case of a keystore error - * @throws IOException In case of a general read error + * @throws IOException In case of a general read error */ public static KeyStore loadKeyStore(final String keyStorePath, final String password) throws KeyStoreException, IOException { @@ -89,13 +85,15 @@ public class KeyStoreUtils { } /** - * Loads a key store from an InputStream, and closes the InputStream. + * Loads a key store from an InputStream, and closes the + * InputStream. * * @param keystoreType key store type - * @param in input stream - * @param password password protecting the key store + * @param in input stream + * @param password password protecting the key store * @return key store loaded - * @throws IOException thrown while reading the key store from the stream + * @throws IOException thrown while reading the key store from the + * stream * @throws GeneralSecurityException thrown while creating the key store */ public static KeyStore loadKeyStore(final String keystoreType, final InputStream in, @@ -114,11 +112,11 @@ public class KeyStoreUtils { /** * Loads a keyStore without knowing the keyStore type. * - * @param is input stream + * @param is input stream * @param password Password protecting the keyStore * @return keyStore loaded * @throws KeyStoreException thrown if keyStore cannot be loaded - * @throws IOException In case of a general error + * @throws IOException In case of a general error */ public static KeyStore loadKeyStore(final InputStream is, final String password) throws KeyStoreException, IOException { @@ -140,10 +138,10 @@ public class KeyStoreUtils { } /** - * Creates a key store from X509 certificate files, aliasing them with the index in the - * String[], starting with "0". + * Creates a key store from X509 certificate files, aliasing them with the index + * in the String[], starting with "0". * - * @param keyStoreType key store type + * @param keyStoreType key store type * @param certFilenames certificate filenames * @return key store created * @throws Exception In case of an error @@ -192,6 +190,4 @@ public class KeyStoreUtils { } } - - } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java index 929d2994..0c5eeb40 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java @@ -28,8 +28,10 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; import java.util.Set; + import javax.annotation.Nonnull; import javax.annotation.Nullable; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -49,8 +51,7 @@ public class KeyValueUtils { public static final String DEFAULT_VALUE = "default"; /** - * Convert Java properties into a Map String/String. - *
+ * Convert Java properties into a Map String/String.
* Important: The key/values from properties must be of type String! * * @param properties Java {@link Properties} that should be converted @@ -72,7 +73,7 @@ public class KeyValueUtils { /** * Extract the first child of an input key after a the prefix. * - * @param key Full input key + * @param key Full input key * @param prefix Prefix * @return Child key {String} if it exists or null */ @@ -82,11 +83,11 @@ public class KeyValueUtils { final int index = idAfterPrefix.indexOf(KEY_DELIMITER); if (index > 0) { final String adding = idAfterPrefix.substring(0, index); - if (!(adding.isEmpty())) { + if (!adding.isEmpty()) { return adding; } - } else if (!(idAfterPrefix.isEmpty())) { + } else if (!idAfterPrefix.isEmpty()) { return idAfterPrefix; } @@ -98,9 +99,10 @@ public class KeyValueUtils { /** * Extract the prefix from an input key. * - * @param key Full input key + * @param key Full input key * @param suffix Suffix of this key - * @return Prefix {String} of the key or null if input key does not ends with postfix string + * @return Prefix {String} of the key or null if input key does not ends with + * postfix string */ public static String getPrefixFromKey(final String key, final String suffix) { if (key != null && suffix != null && key.endsWith(suffix)) { @@ -118,9 +120,10 @@ public class KeyValueUtils { /** * Remove a prefix string from a key. * - * @param key Full input key + * @param key Full input key * @param prefix Prefix, which should be removed - * @return The suffix of the input key or null if the input does not starts with the prefix + * @return The suffix of the input key or null if the input does not starts with + * the prefix */ public static String removePrefixFromKey(final String key, String prefix) { if (prefix == null) { @@ -145,9 +148,10 @@ public class KeyValueUtils { /** * Remove a prefix string from all keys in Map String/String of key/value pairs. * - * @param keys Input data of key/value pairs + * @param keys Input data of key/value pairs * @param prefix Prefix which should be removed - * @return Map String/String of key/value pairs without prefix in key, but never null + * @return Map String/String of key/value pairs without prefix in key, but never + * null */ public static Map removePrefixFromKeys(final Map keys, final String prefix) { @@ -165,26 +169,29 @@ public class KeyValueUtils { } /** - * Get a subset of key/value pairs which starts with a prefix string The Prefix is removed from - * the key. + * Get a subset of key/value pairs which starts with a prefix string The Prefix + * is removed from the key. * - * @param keys Input data of key/value pairs + * @param keys Input data of key/value pairs * @param prefix Prefix string - * @return Map String/String of key/value pairs without prefix in key, but never null + * @return Map String/String of key/value pairs without prefix in key, but never + * null */ public static Map getSubSetWithPrefix(final Map keys, final String prefix) { return removePrefixFromKeys(keys, prefix); } - /** - * Add a prefix to key/value pairs to make the key absolute according to key namespace convention. + * Add a prefix to key/value pairs to make the key absolute according to key + * namespace convention. * - * @param input Input key/value pairs which should be updated - * @param prefix Key prefix, which should be added if the key is not absolute + * @param input Input key/value pairs which should be updated + * @param prefix Key prefix, which should be added if the key is not + * absolute * @param absolutIdentifier Key identifier, which indicates an absolute key - * @return Map String/String of key/value pairs in which all keys are absolute but never null + * @return Map String/String of key/value pairs in which all keys are absolute + * but never null */ public static Map makeKeysAbsolut(final Map input, final String prefix, final String absolutIdentifier) { @@ -225,7 +232,7 @@ public class KeyValueUtils { /** * Find the highest free list counter. * - * @param input Array of list keys + * @param input Array of list keys * @param listPrefix {String} prefix of the list * @return {int} highest free list counter */ @@ -247,7 +254,7 @@ public class KeyValueUtils { /** * Find the highest free list counter. * - * @param keySet Set of list keys + * @param keySet Set of list keys * @param listPrefix {String} prefix of the list * @return {int} highest free list counter */ @@ -261,13 +268,12 @@ public class KeyValueUtils { return findNextFreeListCounter(array, listPrefix); } - /** * Normalize a CSV encoded list of value of an key/value pair. * *

- * This method removes all whitespace at the begin or the end of CSV values and remove newLine - * signs at the end of value. The ',' is used as list delimiter + * This method removes all whitespace at the begin or the end of CSV values and + * remove newLine signs at the end of value. The ',' is used as list delimiter *

* * @param value CSV encoded input data @@ -289,7 +295,6 @@ public class KeyValueUtils { return normalizedCodes; } - /** * Check a String if it is a comma separated list of values. * @@ -298,7 +303,8 @@ public class KeyValueUtils { *

* * @param value CSV encoded input data - * @return true if the input data contains a ',' and has more then 1 list element, otherwise false + * @return true if the input data contains a ',' and has more then 1 list + * element, otherwise false */ public static boolean isCsvValueString(final String value) { if (StringUtils.isNotEmpty(value)) { @@ -316,8 +322,8 @@ public class KeyValueUtils { /** * Convert a CSV list to a List of CSV values.
*
- * This method removes all whitespace at the begin or the end of CSV values and remove newLine - * signs at the end of value. The ',' is used as list delimiter + * This method removes all whitespace at the begin or the end of CSV values and + * remove newLine signs at the end of value. The ',' is used as list delimiter * * @param csv CSV encoded input data * @return List of CSV normalized values, but never null @@ -338,8 +344,8 @@ public class KeyValueUtils { /** * Convert a List of String elements to a Map of Key/Value pairs.
- * Every List element used as a key/value pair and the '=' sign represents the delimiter between - * key and value + * Every List element used as a key/value pair and the '=' sign represents the + * delimiter between key and value * * @param elements List of key/value elements * @return Map of Key / Value pairs, but never null diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java index 755c4431..5d2a11d0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java @@ -17,18 +17,18 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.util.ListIterator; + import org.w3c.dom.DOMException; import org.w3c.dom.Node; import org.w3c.dom.traversal.NodeFilter; import org.w3c.dom.traversal.NodeIterator; /** - * A NodeIterator implementation based on a ListIterator. + * A NodeIterator implementation based on a + * ListIterator. * * @see java.util.ListIterator * @see org.w3c.dom.traversal.NodeIterator @@ -48,31 +48,26 @@ public class NodeIteratorAdapter implements NodeIterator { this.nodeIterator = nodeIterator; } - @Override public Node getRoot() { return null; } - @Override public int getWhatToShow() { return NodeFilter.SHOW_ALL; } - @Override public NodeFilter getFilter() { return null; } - @Override public boolean getExpandEntityReferences() { return false; } - @Override public Node nextNode() throws DOMException { if (nodeIterator.hasNext()) { @@ -81,7 +76,6 @@ public class NodeIteratorAdapter implements NodeIterator { return null; } - @Override public Node previousNode() throws DOMException { if (nodeIterator.hasPrevious()) { @@ -90,7 +84,6 @@ public class NodeIteratorAdapter implements NodeIterator { return null; } - @Override public void detach() { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java index a942f75e..83a6725c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java @@ -17,11 +17,10 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.util.List; + import org.w3c.dom.Node; import org.w3c.dom.NodeList; @@ -45,13 +44,11 @@ public class NodeListAdapter implements NodeList { this.nodeList = nodeList; } - @Override public Node item(final int index) { return (Node) nodeList.get(index); } - @Override public int getLength() { return nodeList.size(); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java index 14d54b0b..aedbbb7f 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.core.impl.utils; - import java.io.UnsupportedEncodingException; import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; @@ -27,12 +26,13 @@ import java.security.SecureRandom; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; -import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder; + import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.ArrayUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder; /** * Random number generator used to generate ID's. @@ -44,9 +44,9 @@ public class Random { private static final Logger log = LoggerFactory.getLogger(Random.class); private static final char[] allowedPreFix = - {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', + { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', - 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'}; + 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' }; /** random number generator used. */ private static SecureRandom random; @@ -63,14 +63,14 @@ public class Random { } - // random = iaik.security.random.SHA256FIPS186Random.getDefault(); } /** - * Generate a unique process reference-value [160bit], which always starts with a letter
- * This unique ID consists of single letter, a 64bit date String[yyyyddMM], and a 88bit random - * value. + * Generate a unique process reference-value [160bit], which always starts with + * a letter
+ * This unique ID consists of single letter, a 64bit date String[yyyyddMM], and + * a 88bit random value. * * @return 160bit ID, which is hex encoded */ @@ -98,12 +98,8 @@ public class Random { } - - } - - /** * Creates a new random number [256bit], and encode it as hex value. * diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java index ee88c4bb..bc770a8c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java @@ -8,17 +8,13 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import java.util.Arrays; import java.util.Base64; + import javax.annotation.PostConstruct; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; -import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; + import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.joda.time.DurationFieldType; @@ -30,9 +26,16 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.lang.NonNull; import org.springframework.lang.Nullable; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; + /** - * PendingRequestId generation strategy based on signed tokens that facilitates extended token - * validation. + * PendingRequestId generation strategy based on signed tokens that facilitates + * extended token validation. * * @author tlenz * @@ -78,7 +81,7 @@ public class SecurePendingRequestIdGenerationStrategy .encodeToString(externalPendingRequestId.toString().getBytes("UTF-8")); } catch (final UnsupportedEncodingException e) { - throw new EaafException("internal.99", new Object[] {e.getMessage()}, e); + throw new EaafException("internal.99", new Object[] { e.getMessage() }, e); } @@ -131,7 +134,6 @@ public class SecurePendingRequestIdGenerationStrategy return internalPendingReqId; - } catch (final IllegalArgumentException | EaafIllegalStateException e) { log.warn("Token is NOT a valid String. Msg: {}", e.getMessage()); log.debug("TokenValue: {}", externalPendingReqId); @@ -177,7 +179,6 @@ public class SecurePendingRequestIdGenerationStrategy } - @PostConstruct private void initialize() throws EaafConfigurationException { log.debug("Initializing " + this.getClass().getName() + " ... "); @@ -186,7 +187,7 @@ public class SecurePendingRequestIdGenerationStrategy baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET); if (StringUtils.isEmpty(pendingReqIdDigistSecret)) { throw new EaafConfigurationException("config.08", - new Object[] {CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET}); + new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET }); } digistAlgorithm = baseConfig.getBasicConfiguration( @@ -201,11 +202,10 @@ public class SecurePendingRequestIdGenerationStrategy final KeySpec spec = new PBEKeySpec(pendingReqIdDigistSecret.toCharArray(), salt, 10000, 128); key = keyFactory.generateSecret(spec); - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { log.error("Can NOT initialize TokenService with configuration object", e); throw new EaafConfigurationException("config.09", - new Object[] {CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key"}, + new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key" }, e); } @@ -229,7 +229,7 @@ public class SecurePendingRequestIdGenerationStrategy } catch (UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeyException e) { log.error("Can NOT generate secure pendingRequestId", e); throw new EaafIllegalStateException( - new Object[] {"Can NOT caluclate digist for secure pendingRequestId"}, e); + new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e); } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java index 049f7175..78f0cdec 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java @@ -1,11 +1,13 @@ package at.gv.egiz.eaaf.core.impl.utils; +import org.apache.commons.lang3.StringUtils; + import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; -import org.apache.commons.lang3.StringUtils; /** - * Simple pendingRequestId generation strategy that facilitates no extended validation. + * Simple pendingRequestId generation strategy that facilitates no extended + * validation. * * @author tlenz * @@ -34,8 +36,6 @@ public class SimplePendingRequestIdGenerationStrategy "PendingRequestId is empty or null"); } - - return externalPendingReqId; } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java index 795b71f7..22a6de2b 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java @@ -17,8 +17,6 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.io.ByteArrayOutputStream; @@ -39,8 +37,8 @@ public class StreamUtils { * * @param is1 The 1st InputStream to compare. * @param is2 The 2nd InputStream to compare. - * @return boolean true, if both streams contain the exactly the same content, - * false otherwise. + * @return boolean true, if both streams contain the exactly the + * same content, false otherwise. * @throws IOException An error occurred reading one of the streams. */ public static boolean compareStreams(final InputStream is1, final InputStream is2) @@ -83,10 +81,11 @@ public class StreamUtils { /** * Compare two byte arrays, up to a given maximum length. * - * @param b1 1st byte array to compare. - * @param b2 2nd byte array to compare. + * @param b1 1st byte array to compare. + * @param b2 2nd byte array to compare. * @param length The maximum number of bytes to compare. - * @return true, if the byte arrays are equal, false otherwise. + * @return true, if the byte arrays are equal, false + * otherwise. */ private static boolean compareBytes(final byte[] b1, final byte[] b2, final int length) { if (b1.length != b2.length) { @@ -115,8 +114,8 @@ public class StreamUtils { copyStream(in, out, null); /* - * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = in.read()) >= 0) - * out.write(b); + * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = + * in.read()) >= 0) out.write(b); * */ in.close(); @@ -126,10 +125,11 @@ public class StreamUtils { /** * Reads a String from a stream, using given encoding. * - * @param in The InputStream to read. + * @param in The InputStream to read. * @param encoding The character encoding to use for converting the bytes of the - * InputStream into a String. - * @return The content of the given InputStream converted into a String. + * InputStream into a String. + * @return The content of the given InputStream converted into a + * String. * @throws IOException on any exception thrown */ public static String readStream(final InputStream in, final String encoding) throws IOException { @@ -137,23 +137,26 @@ public class StreamUtils { copyStream(in, out, null); /* - * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = in.read()) >= 0) - * out.write(b); + * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = + * in.read()) >= 0) out.write(b); */ in.close(); return out.toString(encoding); } /** - * Reads all data (until EOF is reached) from the given source to the destination stream. If the - * destination stream is null, all data is dropped. It uses the given buffer to read data and - * forward it. If the buffer is null, this method allocates a buffer. + * Reads all data (until EOF is reached) from the given source to the + * destination stream. If the destination stream is null, all data is dropped. + * It uses the given buffer to read data and forward it. If the buffer is null, + * this method allocates a buffer. * - * @param source The stream providing the data. - * @param destination The stream that takes the data. If this is null, all data from source will - * be read and discarded. - * @param buffer The buffer to use for forwarding. If it is null, the method allocates a buffer. - * @exception IOException If reading from the source or writing to the destination fails. + * @param source The stream providing the data. + * @param destination The stream that takes the data. If this is null, all data + * from source will be read and discarded. + * @param buffer The buffer to use for forwarding. If it is null, the + * method allocates a buffer. + * @exception IOException If reading from the source or writing to the + * destination fails. */ private static void copyStream(final InputStream source, final OutputStream destination, byte[] buffer) throws IOException { @@ -169,14 +172,15 @@ public class StreamUtils { while ((bytesRead = source.read(buffer)) >= 0) { destination.write(buffer, 0, bytesRead); } - } + } } // /** // * Gets the stack trace of the Throwable passed in as a string. // * // * @param t The Throwable. - // * @return a String representing the stack trace of the Throwable. + // * @return a String representing the stack trace of the + // Throwable. // */ // public static String getStackTraceAsString(final Throwable t) { // final ByteArrayOutputStream stackTraceBis = new ByteArrayOutputStream(); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java index 3875e587..d8976548 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.core.impl.utils; - import at.gv.egiz.eaaf.core.api.IRequest; /** @@ -37,7 +36,8 @@ public class TransactionIdUtils { /** * Set all MDC variables from pending request to this threat context.
- * These includes SessionID, TransactionID, and unique service-provider identifier + * These includes SessionID, TransactionID, and unique service-provider + * identifier * * @param pendingRequest Http request object */ @@ -59,7 +59,6 @@ public class TransactionIdUtils { } - public static void setServiceProviderId(final String oaUniqueId) { org.slf4j.MDC.put(MDC_SERVICEPROVIDER_ID, oaUniqueId); @@ -90,5 +89,4 @@ public class TransactionIdUtils { } - } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java index 00a31a13..72c183bf 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java @@ -8,9 +8,9 @@ import javax.security.auth.x500.X500Principal; public class X509Utils { /** - * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should be the Hostname, - * the last Element should be the Root Certificate. - * + * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should + * be the Hostname, the last Element should be the Root Certificate. + * * @param certs The first element must be the correct one. * @return sorted Certificate Chain */ -- cgit v1.2.3