From 514747e925abddcb320a8433908dbae32dc5049b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 28 Jun 2019 09:25:09 +0200 Subject: some small updates --- .../eaaf/modules/auth/sl20/utils/JsonMapper.java | 89 +++++++++++----------- .../modules/auth/sl20/utils/JsonSecurityUtils.java | 58 +++++++------- .../modules/auth/sl20/utils/SL20Constants.java | 27 ++++--- .../auth/sl20/utils/SL20HttpBindingUtils.java | 35 ++++++--- .../auth/sl20/utils/SL20JSONBuilderUtils.java | 88 +++++++++++++-------- 5 files changed, 172 insertions(+), 125 deletions(-) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java index 959a696a..043a39bc 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonMapper.java @@ -1,10 +1,5 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; -import com.fasterxml.jackson.annotation.PropertyAccessor; -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.core.type.TypeReference; - import java.io.IOException; import org.slf4j.Logger; @@ -12,17 +7,22 @@ import org.slf4j.LoggerFactory; import org.springframework.lang.NonNull; import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility; +import com.fasterxml.jackson.annotation.PropertyAccessor; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.JavaType; -import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.SerializationFeature; import com.fasterxml.jackson.databind.type.TypeFactory; -public class JsonMapper { +import at.gv.egiz.eaaf.core.api.utils.IJsonMapper; +import at.gv.egiz.eaaf.core.exceptions.EAAFJsonMapperException; + +public class JsonMapper implements IJsonMapper { private static final Logger log = LoggerFactory.getLogger(JsonMapper.class); - private ObjectMapper mapper = new ObjectMapper(); + private final ObjectMapper mapper = new ObjectMapper(); /** * The default constructor where the default pretty printer is disabled. @@ -53,10 +53,8 @@ public class JsonMapper { } - /** - * Get the internal mapper implemenation - * - * @return + /* (non-Javadoc) + * @at.gv.egiz.eaaf.core.api.utils.IJsonMapper#getMapper() */ public ObjectMapper getMapper() { return mapper; @@ -64,44 +62,47 @@ public class JsonMapper { } - /** - * Serialize an object to a JSON string. - * @param value the object to serialize - * @return a JSON string - * @throws JsonProcessingException thrown when an error occurs during serialization + /* (non-Javadoc) + * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#serialize(java.lang.Object) */ - public String serialize(Object value) throws JsonProcessingException { - return mapper.writeValueAsString(value); + @Override + public String serialize(Object value) throws EAAFJsonMapperException { + try { + return mapper.writeValueAsString(value); + + } catch (final JsonProcessingException e) { + log.warn("JSON mapping FAILED with error: {}", e.getMessage()); + throw new EAAFJsonMapperException(e.getMessage(), e); + + } } - /** - * Deserialize a JSON string. - * - * @param value the JSON string to deserialize - * @param clazz optional parameter that determines the type of the returned object. If not set, an {@link Object} is returned. - * @return the deserialized JSON string as an object of type {@code clazz} or {@link Object} - * @throws JsonParseException if the JSON string contains invalid content. - * @throws JsonMappingException if the input JSON structure does not match structure expected for result type - * @throws IOException if an I/O problem occurs (e.g. unexpected end-of-input) + /* (non-Javadoc) + * @see at.gv.egiz.eaaf.core.api.utils.IJsonMapper#deserialize(java.lang.String, java.lang.Class) */ - public Object deserialize(String value, Class clazz) throws JsonParseException, JsonMappingException, IOException{ - - ObjectMapper mapper = new ObjectMapper(); - if (clazz != null) { - JavaType javaType = TypeFactory.defaultInstance().constructType(clazz); - return mapper.readValue(value, javaType); + @Override + public Object deserialize(String value, Class clazz) throws EAAFJsonMapperException { + try { + if (clazz != null) { + if (clazz.isAssignableFrom(TypeReference.class)) + return mapper.readValue(value, clazz); + + else { + final JavaType javaType = TypeFactory.defaultInstance().constructType(clazz); + return mapper.readValue(value, javaType); + + } - } else - return mapper.readValue(value, Object.class); + } else + return mapper.readValue(value, Object.class); + + } catch (final IOException e) { + log.warn("JSON mapping FAILED with error: {}", e.getMessage()); + throw new EAAFJsonMapperException(e.getMessage(), e); + + } } - - - - public Object deserialize(String value, TypeReference clazz) throws JsonParseException, JsonMappingException, IOException { - return mapper.readValue(value, clazz); - - } - + } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 5eda95cc..33873f43 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -57,7 +57,7 @@ public class JsonSecurityUtils implements IJOSETools{ private Key encPrivKey = null; private X509Certificate[] encCertChain = null; - private List trustedCerts = new ArrayList(); + private final List trustedCerts = new ArrayList(); private static JsonMapper mapper = new JsonMapper(); @@ -66,12 +66,12 @@ public class JsonSecurityUtils implements IJOSETools{ log.info("Initialize SL2.0 authentication security constrains ... "); try { if (getKeyStoreFilePath() != null) { - KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); //load signing key signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); - Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); + final Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); signCertChain = new X509Certificate[certChainSigning.length]; for (int i=0; i aliases = keyStore.aliases(); + final Enumeration aliases = keyStore.aliases(); while(aliases.hasMoreElements()) { - String el = aliases.nextElement(); + final String el = aliases.nextElement(); log.trace("Process TrustStoreEntry: " + el); if (keyStore.isCertificateEntry(el)) { - Certificate cert = keyStore.getCertificate(el); + final Certificate cert = keyStore.getCertificate(el); if (cert != null && cert instanceof X509Certificate) trustedCerts.add((X509Certificate) cert); else @@ -134,7 +134,7 @@ public class JsonSecurityUtils implements IJOSETools{ } else log.info("NO SL2.0 authentication security configuration. Initialization was skipped"); - } catch ( Exception e) { + } catch ( final Exception e) { log.error("SL2.0 security constrains initialization FAILED.", e); } @@ -145,7 +145,7 @@ public class JsonSecurityUtils implements IJOSETools{ @Override public String createSignature(String payLoad) throws SLCommandoBuildException { try { - JsonWebSignature jws = new JsonWebSignature(); + final JsonWebSignature jws = new JsonWebSignature(); //set payload jws.setPayload(payLoad); @@ -163,7 +163,7 @@ public class JsonSecurityUtils implements IJOSETools{ return jws.getCompactSerialization(); - } catch (JoseException e) { + } catch (final JoseException e) { log.warn("Can NOT sign SL2.0 command.", e); throw new SLCommandoBuildException("Can NOT sign SL2.0 command.", e); @@ -174,7 +174,7 @@ public class JsonSecurityUtils implements IJOSETools{ @Override public VerificationResult validateSignature(String serializedContent) throws SL20Exception { try { - JsonWebSignature jws = new JsonWebSignature(); + final JsonWebSignature jws = new JsonWebSignature(); //set payload jws.setCompactSerialization(serializedContent); @@ -184,12 +184,12 @@ public class JsonSecurityUtils implements IJOSETools{ //load signinc certs Key selectedKey = null; - List x5cCerts = jws.getCertificateChainHeaderValue(); - String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); + final List x5cCerts = jws.getCertificateChainHeaderValue(); + final String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); if (x5cCerts != null) { log.debug("Found x509 certificate in JOSE header ... "); log.trace("Sorting received X509 certificates ... "); - List sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + final List sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); if (trustedCerts.contains(sortedX5cCerts.get(0))) { selectedKey = sortedX5cCerts.get(0).getPublicKey(); @@ -199,7 +199,7 @@ public class JsonSecurityUtils implements IJOSETools{ log.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); try { log.debug("Cert: " + Base64Utils.encodeToString(sortedX5cCerts.get(0).getEncoded())); - } catch (CertificateEncodingException e) { + } catch (final CertificateEncodingException e) { e.printStackTrace(); } @@ -207,7 +207,7 @@ public class JsonSecurityUtils implements IJOSETools{ } else if (StringUtils.isNotEmpty(x5t256)) { log.debug("Found x5t256 fingerprint in JOSE header .... "); - X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); + final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.emptyList()); } else { @@ -226,7 +226,7 @@ public class JsonSecurityUtils implements IJOSETools{ jws.setKey(selectedKey); //validate signature - boolean valid = jws.verifySignature(); + final boolean valid = jws.verifySignature(); if (!valid) { log.info("JWS signature invalide. Stopping authentication process ..."); log.debug("Received JWS msg: " + serializedContent); @@ -237,7 +237,7 @@ public class JsonSecurityUtils implements IJOSETools{ //load payLoad log.debug("SL2.0 commando signature validation sucessfull"); - JsonNode sl20Req = mapper.getMapper().readTree(jws.getPayload()); + final JsonNode sl20Req = mapper.getMapper().readTree(jws.getPayload()); return new VerificationResult(sl20Req, null, valid) ; @@ -245,7 +245,7 @@ public class JsonSecurityUtils implements IJOSETools{ log.warn("SL2.0 commando signature validation FAILED", e); throw new SL20SecurityException(new Object[]{e.getMessage()}, e); - } catch (IOException e) { + } catch (final IOException e) { log.warn("Decrypted SL2.0 result can not be parsed.", e); throw new SLCommandoParserException("Decrypted SL2.0 result can not be parsed", e); @@ -257,7 +257,7 @@ public class JsonSecurityUtils implements IJOSETools{ @Override public JsonNode decryptPayload(String compactSerialization) throws SL20Exception { try { - JsonWebEncryption receiverJwe = new JsonWebEncryption(); + final JsonWebEncryption receiverJwe = new JsonWebEncryption(); //set security constrains receiverJwe.setAlgorithmConstraints( @@ -272,12 +272,12 @@ public class JsonSecurityUtils implements IJOSETools{ //validate key from header against key from config - List x5cCerts = receiverJwe.getCertificateChainHeaderValue(); - String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); + final List x5cCerts = receiverJwe.getCertificateChainHeaderValue(); + final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); if (x5cCerts != null) { log.debug("Found x509 certificate in JOSE header ... "); log.trace("Sorting received X509 certificates ... "); - List sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + final List sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { log.info("Certificate from JOSE header does NOT match encryption certificate"); @@ -285,7 +285,7 @@ public class JsonSecurityUtils implements IJOSETools{ try { log.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); - } catch (CertificateEncodingException e) { + } catch (final CertificateEncodingException e) { e.printStackTrace(); } throw new SL20Exception("sl20.05", new Object[]{"Certificate from JOSE header does NOT match encryption certificate"}); @@ -293,7 +293,7 @@ public class JsonSecurityUtils implements IJOSETools{ } else if (StringUtils.isNotEmpty(x5t256)) { log.debug("Found x5t256 fingerprint in JOSE header .... "); - String certFingerPrint = X509Util.x5tS256(encCertChain[0]); + final String certFingerPrint = X509Util.x5tS256(encCertChain[0]); if (!certFingerPrint.equals(x5t256)) { log.info("X5t256 from JOSE header does NOT match encryption certificate"); log.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); @@ -314,15 +314,15 @@ public class JsonSecurityUtils implements IJOSETools{ //decrypt payload return mapper.getMapper().readTree(receiverJwe.getPlaintextString()); - } catch (JoseException e) { + } catch (final JoseException e) { log.warn("SL2.0 result decryption FAILED", e); throw new SL20SecurityException(new Object[]{e.getMessage()}, e); - } catch ( JsonParseException e) { + } catch ( final JsonParseException e) { log.warn("Decrypted SL2.0 result is NOT a valid JSON.", e); throw new SLCommandoParserException("Decrypted SL2.0 result is NOT a valid JSON.", e); - } catch (IOException e) { + } catch (final IOException e) { log.warn("Decrypted SL2.0 result can not be parsed.", e); throw new SLCommandoParserException("Decrypted SL2.0 result can not be parsed", e); } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index 416c16b6..06c36cff 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -92,7 +92,8 @@ public class SL20Constants { public static final String SL20_COMMAND_IDENTIFIER_REDIRECT = "redirect"; public static final String SL20_COMMAND_IDENTIFIER_CALL = "call"; public static final String SL20_COMMAND_IDENTIFIER_ERROR = "error"; - public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID"; + @Deprecated public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID"; + public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEIDCONSENT = "qualifiedEIDConsent"; //public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig"; public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate"; @@ -133,19 +134,25 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE = "errorMessage"; //qualified eID command - public static final String SL20_COMMAND_PARAM_EID_AUTHBLOCKID = "authBlockTemplateID"; + @Deprecated public static final String SL20_COMMAND_PARAM_EID_AUTHBLOCKID = "authBlockTemplateID"; public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID"; - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME"; - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE"; + @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; + @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; + @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID"; + @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME"; + @Deprecated public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE"; public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; public static final String SL20_COMMAND_PARAM_EID_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; - public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK"; - public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK"; + @Deprecated public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK"; + @Deprecated public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK"; public static final String SL20_COMMAND_PARAM_EID_RESULT_CCSURL = "EID-CCS-URL"; - public static final String SL20_COMMAND_PARAM_EID_RESULT_LOA = "EID-CITIZEN-QAA-LEVEL"; + @Deprecated public static final String SL20_COMMAND_PARAM_EID_RESULT_LOA = "EID-CITIZEN-QAA-LEVEL"; + + public static final String SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID = "consentTemplateID"; + public static final String SL20_COMMAND_PARAM_EID_CONSENT = "consent"; + public static final String SL20_COMMAND_PARAM_EID_CONSENT_RESULT_MDS = "MDS"; + public static final String SL20_COMMAND_PARAM_EID_CONSENT_RESULT_VSZ = "vSZ"; + public static final String SL20_COMMAND_PARAM_EID_CONSENT_RESULT_SIGNEDCONSENT = "signedConsent"; //qualified Signature comamnd // public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java index e1cca5ef..39f2515d 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java @@ -4,6 +4,8 @@ import java.io.IOException; import java.io.StringWriter; import java.net.URISyntaxException; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,20 +20,33 @@ import com.fasterxml.jackson.databind.JsonNode; public class SL20HttpBindingUtils { private static final Logger log = LoggerFactory.getLogger(SL20HttpBindingUtils.class); - public static void writeIntoResponse(HttpServletRequest request, HttpServletResponse response, JsonNode sl20Forward, String redirectURL) throws IOException, URISyntaxException { + /** + * Write SL2.0 response into http-response object + * + * @param httpReq Current http request + * @param httpResp Current http response + * @param sl20Forward SL2.0 command that should be written to response + * @param redirectURL SL2.0 redirect URL in case of SL2.0 redirect command and no native client (see SL2.0 specification) + * @param httpCodeRedirect http redirect-code in case of SL2.0 redirect command and no native client (see SL2.0 specification) + * @throws IOException + * @throws URISyntaxException + */ + public static void writeIntoResponse(@Nonnull HttpServletRequest httpReq, @Nonnull HttpServletResponse httpResp, + @Nonnull JsonNode sl20Forward, @Nullable String redirectURL, + @Nonnull int httpCodeRedirect) throws IOException, URISyntaxException { //forward SL2.0 command - response.addIntHeader(SL20Constants.HTTP_HEADER_SL20_RESP, SL20Constants.CURRENT_SL20_VERSION); + httpResp.addIntHeader(SL20Constants.HTTP_HEADER_SL20_RESP, SL20Constants.CURRENT_SL20_VERSION); - if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && - request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + if (httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + httpReq.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { log.debug("Client request containts 'native client' header ... "); final StringWriter writer = new StringWriter(); writer.write(sl20Forward.toString()); final byte[] content = writer.toString().getBytes("UTF-8"); - response.setStatus(HttpServletResponse.SC_OK); - response.setContentLength(content.length); - response.setContentType(ContentType.APPLICATION_JSON.toString()); - response.getOutputStream().write(content); + httpResp.setStatus(HttpServletResponse.SC_OK); + httpResp.setContentLength(content.length); + httpResp.setContentType(ContentType.APPLICATION_JSON.toString()); + httpResp.getOutputStream().write(content); } else { log.debug("Client request containts is no native client ... "); @@ -39,8 +54,8 @@ public class SL20HttpBindingUtils { clientRedirectURI.addParameter( SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Forward.toString().getBytes())); - response.setStatus(307); - response.setHeader("Location", clientRedirectURI.build().toString()); + httpResp.setStatus(httpCodeRedirect); + httpResp.setHeader("Location", clientRedirectURI.build().toString()); } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONBuilderUtils.java index 611bb339..84e02887 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONBuilderUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JSONBuilderUtils.java @@ -27,7 +27,7 @@ public class SL20JSONBuilderUtils { */ public static ObjectNode createCommand(String name, ObjectNode params) throws SLCommandoBuildException { - ObjectNode command = mapper.getMapper().createObjectNode(); + final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); return command; @@ -44,7 +44,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static String createSignedCommand(String name, ObjectNode params, IJOSETools signer) throws SLCommandoBuildException { - ObjectNode command = mapper.getMapper().createObjectNode(); + final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); return signer.createSignature(command.toString()); @@ -63,9 +63,9 @@ public class SL20JSONBuilderUtils { public static String createEncryptedCommandoResult(ObjectNode result, JsonSecurityUtils encrypter) throws SLCommandoBuildException { //TODO: add real implementation //create header and footer - String dummyHeader = createJsonEncryptionHeader(encrypter).toString(); - String payLoad = result.toString(); - String dummyFooter = createJsonSignedFooter(encrypter); + final String dummyHeader = createJsonEncryptionHeader(encrypter).toString(); + final String payLoad = result.toString(); + final String dummyFooter = createJsonSignedFooter(encrypter); return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." + Base64.getUrlEncoder().encodeToString(payLoad.getBytes()) + "." @@ -84,7 +84,7 @@ public class SL20JSONBuilderUtils { * @return */ public static ObjectNode createCommandResponse(String name, ObjectNode result, String encryptedResult) throws SLCommandoBuildException { - ObjectNode command = mapper.getMapper().createObjectNode(); + final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addOnlyOnceOfTwo(command, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, @@ -103,17 +103,17 @@ public class SL20JSONBuilderUtils { * @return */ public static String createSignedCommandResponse(String name, ObjectNode result, String encryptedResult, JsonSecurityUtils signer) throws SLCommandoBuildException { - ObjectNode command = mapper.getMapper().createObjectNode(); + final ObjectNode command = mapper.getMapper().createObjectNode(); addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); addOnlyOnceOfTwo(command, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, result, encryptedResult); - String encodedCommand = command.toString(); + final String encodedCommand = command.toString(); //TODO: add real implementation //create header and footer - String dummyHeader = createJsonSignedHeader(signer).toString(); - String dummyFooter = createJsonSignedFooter(signer); + final String dummyHeader = createJsonSignedHeader(signer).toString(); + final String dummyFooter = createJsonSignedFooter(signer); return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes()) + "." @@ -132,7 +132,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createRedirectCommandParameters(String url, ObjectNode command, ObjectNode signedCommand, Boolean ipcRedirect) throws SLCommandoBuildException{ - ObjectNode redirectReqParams = mapper.getMapper().createObjectNode(); + final ObjectNode redirectReqParams = mapper.getMapper().createObjectNode(); addOnlyOnceOfTwo(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, command, signedCommand); @@ -153,7 +153,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createCallCommandParameters(String url, String method, Boolean includeTransactionId, Map reqParameters) throws SLCommandoBuildException { - ObjectNode callReqParams = mapper.getMapper().createObjectNode(); + final ObjectNode callReqParams = mapper.getMapper().createObjectNode(); addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, true); addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, method, true); addSingleBooleanElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, includeTransactionId, false); @@ -171,13 +171,36 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createErrorCommandResult(String errorCode, String errorMsg) throws SLCommandoBuildException { - ObjectNode result = mapper.getMapper().createObjectNode(); + final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, errorCode, true); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, errorMsg, true); return result; } + /** + * Create parameters for qualifiedeID command + * + * @param consentTemplateId Identifier of the template that is used for consent visualization + * @param consent Consent that has to be signed by user + * @param dataUrl + * @param additionalReqParameters + * @param x5cEnc + * @return + * @throws CertificateEncodingException + * @throws SLCommandoBuildException + */ + public static ObjectNode createQualifiedeEIDConsent(String consentTemplateId, byte[] consent, String dataUrl, + X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException { + final ObjectNode params = mapper.getMapper().createObjectNode(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENTTEMPLATEID, consentTemplateId, true); + addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_CONSENT, consent, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); + return params; + + } + /** * Create parameters for qualifiedeID command @@ -190,9 +213,10 @@ public class SL20JSONBuilderUtils { * @throws CertificateEncodingException * @throws SLCommandoBuildException */ + @Deprecated public static ObjectNode createQualifiedeIDCommandParameters(String authBlockId, String dataUrl, Map additionalReqParameters, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException { - ObjectNode params = mapper.getMapper().createObjectNode(); + final ObjectNode params = mapper.getMapper().createObjectNode(); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, additionalReqParameters); @@ -212,7 +236,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createQualifiedeIDCommandResult(byte[] idl, byte[] authBlock, String ccsURL, String LoA) throws SLCommandoBuildException { - ObjectNode result = mapper.getMapper().createObjectNode(); + final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idl, true); addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, true); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsURL, true); @@ -240,7 +264,7 @@ public class SL20JSONBuilderUtils { */ public static ObjectNode createBindingKeyCommandParams(String kontoId, String subjectName, int keySize, String keyAlg, Map policies, String dataUrl, X509Certificate x5cVdaTrust, Boolean reqUserPassword, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException { - ObjectNode params = mapper.getMapper().createObjectNode(); + final ObjectNode params = mapper.getMapper().createObjectNode(); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, true); addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, keySize, true); @@ -266,7 +290,7 @@ public class SL20JSONBuilderUtils { * @throws CertificateEncodingException */ public static ObjectNode createBindingKeyCommandResult(String appId, byte[] csr, X509Certificate attCert, byte[] password) throws SLCommandoBuildException, CertificateEncodingException { - ObjectNode result = mapper.getMapper().createObjectNode(); + final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, appId, true); addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, true); addSingleCertificateElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, false); @@ -285,7 +309,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createStoreBindingCertCommandParams(X509Certificate cert, String dataUrl) throws CertificateEncodingException, SLCommandoBuildException { - ObjectNode params = mapper.getMapper().createObjectNode(); + final ObjectNode params = mapper.getMapper().createObjectNode(); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, cert, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, true); return params; @@ -299,7 +323,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createStoreBindingCertCommandSuccessResult() throws SLCommandoBuildException { - ObjectNode result = mapper.getMapper().createObjectNode(); + final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE, true); return result; @@ -318,7 +342,7 @@ public class SL20JSONBuilderUtils { * @throws CertificateEncodingException */ public static ObjectNode createIdAndPasswordCommandParameters(String keyAlg, String dataUrl, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException { - ObjectNode params = mapper.getMapper().createObjectNode(); + final ObjectNode params = mapper.getMapper().createObjectNode(); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, keyAlg, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, dataUrl, true); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, x5cEnc, false); @@ -335,7 +359,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createIdAndPasswordCommandResult(String kontoId, byte[] password) throws SLCommandoBuildException { - ObjectNode result = mapper.getMapper().createObjectNode(); + final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, true); return result; @@ -353,7 +377,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createJwsTokenAuthCommandParams(String nonce, String dataUrl, List displayData, List displayUrl) throws SLCommandoBuildException { - ObjectNode params = mapper.getMapper().createObjectNode(); + final ObjectNode params = mapper.getMapper().createObjectNode(); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, true); addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, displayData); @@ -370,7 +394,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createJwsTokenAuthCommandResult(String nonce) throws SLCommandoBuildException { - ObjectNode result = mapper.getMapper().createObjectNode(); + final ObjectNode result = mapper.getMapper().createObjectNode(); addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, nonce, true); return result; @@ -388,7 +412,7 @@ public class SL20JSONBuilderUtils { * @throws SLCommandoBuildException */ public static ObjectNode createGenericRequest(String reqId, String transactionId, ObjectNode payLoad, String signedPayload) throws SLCommandoBuildException { - ObjectNode req = mapper.getMapper().createObjectNode(); + final ObjectNode req = mapper.getMapper().createObjectNode(); addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); @@ -411,7 +435,7 @@ public class SL20JSONBuilderUtils { */ public static final ObjectNode createGenericResponse(String respId, String inResponseTo, String transactionId, ObjectNode payLoad, String signedPayload) throws SLCommandoBuildException { - ObjectNode req = mapper.getMapper().createObjectNode(); + final ObjectNode req = mapper.getMapper().createObjectNode(); addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true); addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true); @@ -454,7 +478,7 @@ public class SL20JSONBuilderUtils { //TODO!!!! private static ObjectNode createJsonSignedHeader(JsonSecurityUtils signer) throws SLCommandoBuildException { - ObjectNode header = mapper.getMapper().createObjectNode(); + final ObjectNode header = mapper.getMapper().createObjectNode(); addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, Arrays.asList(Constants.DUMMY_SIGNING_CERT)); @@ -464,7 +488,7 @@ public class SL20JSONBuilderUtils { //TODO!!!! private static ObjectNode createJsonEncryptionHeader(JsonSecurityUtils signer) throws SLCommandoBuildException { - ObjectNode header = mapper.getMapper().createObjectNode(); + final ObjectNode header = mapper.getMapper().createObjectNode(); addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); addSingleStringElement(header, SL20Constants.JSON_ENCRYPTION_PAYLOAD, SL20Constants.JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, true); addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, true); @@ -488,9 +512,9 @@ public class SL20JSONBuilderUtils { private static void addArrayOfStrings(ObjectNode parent, String keyId, List values) throws SLCommandoBuildException { validateParentAndKey(parent, keyId); if (values != null) { - ArrayNode callReqParamsArray = mapper.getMapper().createArrayNode(); + final ArrayNode callReqParamsArray = mapper.getMapper().createArrayNode(); parent.set(keyId, callReqParamsArray ); - for(String el : values) + for(final String el : values) callReqParamsArray.add(el); } @@ -500,11 +524,11 @@ public class SL20JSONBuilderUtils { private static void addArrayOfStringElements(ObjectNode parent, String keyId, Map keyValuePairs) throws SLCommandoBuildException { validateParentAndKey(parent, keyId); if (keyValuePairs != null) { - ArrayNode callReqParamsArray = mapper.getMapper().createArrayNode(); + final ArrayNode callReqParamsArray = mapper.getMapper().createArrayNode(); parent.set(keyId, callReqParamsArray); - for(Entry el : keyValuePairs.entrySet()) { - ObjectNode callReqParams = mapper.getMapper().createObjectNode(); + for(final Entry el : keyValuePairs.entrySet()) { + final ObjectNode callReqParams = mapper.getMapper().createObjectNode(); callReqParams.put(el.getKey(), el.getValue()); callReqParamsArray.add(callReqParams); -- cgit v1.2.3