From 651b5e445023d7d7004a8a7387065454b823c581 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 4 Nov 2020 17:50:14 +0100
Subject: refactoring of SL2.0 response processing to mitigate problems with
 ConnectionPool of Apache http-client

---
 .../auth/sl20/utils/SL20HttpBindingUtils.java      | 124 +++++++++++++++++++++
 1 file changed, 124 insertions(+)

(limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java')

diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
index 1d7c9646..d07c0e66 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java
@@ -3,23 +3,129 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils;
 import java.io.IOException;
 import java.io.StringWriter;
 import java.net.URISyntaxException;
+import java.text.MessageFormat;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.http.Header;
+import org.apache.http.HttpEntity;
+import org.apache.http.ParseException;
+import org.apache.http.StatusLine;
+import org.apache.http.client.ResponseHandler;
 import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.util.EntityUtils;
 import org.jose4j.base64url.Base64Url;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 
 import com.fasterxml.jackson.databind.JsonNode;
 
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+import lombok.Data;
+import lombok.Getter;
+
 public class SL20HttpBindingUtils {
   private static final Logger log = LoggerFactory.getLogger(SL20HttpBindingUtils.class);
 
+  private static JsonMapper mapper = new JsonMapper();
+  
+  @Data
+  @Getter
+  public static class Sl20ResponseHolder {
+    private final JsonNode responseBody;
+    private final StatusLine responseStatus;
+    private SlCommandoParserException error;
+
+  }
+  
+  /**
+   * Security-Layer 2.0 specific response-handler for Apache HTTP client.
+   * 
+   * @return {@link Sl20ResponseHolder}
+   */
+  public static ResponseHandler<Sl20ResponseHolder> sl20ResponseHandler() {
+    return response -> {
+      try {
+        final int httpStatusCode = response.getStatusLine().getStatusCode();
+        if (httpStatusCode == HttpStatus.OK.value()) {
+          if (response.getEntity().getContentType() == null) {
+            throw new SlCommandoParserException("SL20 response contains NO ContentType");
+            
+          }
+
+          if (!response.getEntity().getContentType().getValue().startsWith("application/json")) {
+            throw new SlCommandoParserException(
+                "SL20 response with a wrong ContentType: " + response.getEntity().getContentType().getValue());
+            
+          } 
+          
+          //parse OK response from body
+          return new Sl20ResponseHolder(parseSL20ResultFromResponse(response.getEntity()),
+              response.getStatusLine());                    
+        
+        } else if (httpStatusCode == HttpStatus.SEE_OTHER.value() 
+            || httpStatusCode == HttpStatus.TEMPORARY_REDIRECT.value()) {
+          final Header[] locationHeader = response.getHeaders("Location");
+          if (locationHeader == null) {
+            throw new SlCommandoParserException("Find Redirect statuscode but not Location header");
+            
+          }
+
+          final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
+          return new Sl20ResponseHolder(mapper.getMapper().readTree(Base64Url.decode(sl20RespString)), 
+              response.getStatusLine()); 
+                             
+        } else if (
+            httpStatusCode == HttpStatus.INTERNAL_SERVER_ERROR.value() 
+            || httpStatusCode == HttpStatus.UNAUTHORIZED.value()
+            || httpStatusCode == HttpStatus.BAD_REQUEST.value()) {
+          log.info("SL20 response with http-code: {}. Search for error message", httpStatusCode);                    
+          
+          String bodyMsg = "_EMPTY_";
+          try {
+            //extract JSON body from defined http error-codes
+            bodyMsg = EntityUtils.toString(response.getEntity());            
+            log.info("SL20 response with http-code: {0} and errorMsg: {1}", httpStatusCode, bodyMsg);
+            Sl20ResponseHolder holder = new Sl20ResponseHolder(
+                mapper.getMapper().readTree(bodyMsg), response.getStatusLine());
+            return holder; 
+            
+          } catch (final IOException | ParseException e) {
+            log.warn("SL20 response contains no valid JSON", e);            
+            throw new SlCommandoParserException(MessageFormat.format(
+                "SL20 response with http-code: {0} with body: {1} and generic response-processing error: {2}", 
+                httpStatusCode, bodyMsg, e.getMessage()));
+            
+          }
+      
+        } else {
+          //all other HTTP StatusCodes
+          throw new SlCommandoParserException(MessageFormat.format(
+              "SL20 response with http-code: {0} and errorMsg: {1}", 
+              httpStatusCode, EntityUtils.toString(response.getEntity())));
+          
+        }
+      
+      } catch (SlCommandoParserException e) {
+        Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine());
+        holder.setError(e);
+        return holder;
+        
+      } catch (final Exception e) {        
+        Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine());
+        holder.setError(
+            new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e));
+        return holder;
+        
+      }
+    };
+  }
+    
   /**
    * Write SL2.0 response into http-response object
    *
@@ -59,6 +165,24 @@ public class SL20HttpBindingUtils {
       httpResp.setHeader("Location", clientRedirectUri.build().toString());
 
     }
+  }
+  
+  private static JsonNode parseSL20ResultFromResponse(final HttpEntity resp) throws Exception {
+    if (resp != null && resp.getContent() != null) {
+      final String rawSL20Resp = EntityUtils.toString(resp);
+      final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp);
+
+      // TODO: check sl20Resp type like && sl20Resp.isJsonObject()
+      if (sl20Resp != null) {
+        return sl20Resp;
+
+      } else {
+        throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object");
+      }
+
+    } else {
+      throw new SlCommandoParserException("Can NOT find content in http response");
+    }
 
   }
 }
-- 
cgit v1.2.3