From e915685e22c7c084f7fd0c4870ff20d3f0194a91 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 31 Aug 2023 20:37:42 +0200 Subject: feat(core): refactor to openSAML 5 for Java 17 --- .../sl20/AbstractSL20AuthenticationModulImpl.java | 3 +- .../tasks/AbstractCreateQualEidRequestTask.java | 15 ++++---- .../sl20/tasks/AbstractReceiveQualEidTask.java | 7 ++-- .../modules/auth/sl20/utils/JsonSecurityUtils.java | 9 ++--- .../modules/auth/sl20/utils/SL20Constants.java | 4 +- .../auth/sl20/utils/SL20HttpBindingUtils.java | 44 +++++++++++----------- .../modules/auth/sl20/utils/SL20ResponseUtils.java | 9 ++--- 7 files changed, 43 insertions(+), 48 deletions(-) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java index d561a0bc..d7d2c90b 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java @@ -3,8 +3,6 @@ package at.gv.egiz.eaaf.modules.auth.sl20; import java.util.Arrays; import java.util.List; -import javax.annotation.PostConstruct; - import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -17,6 +15,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; +import jakarta.annotation.PostConstruct; /** * AuthModule to select a Securtiy-Layer 2.0 based authentication process. diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index 9dcfbe75..7e895d89 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -11,16 +11,13 @@ import java.util.Locale; import java.util.Map; import java.util.concurrent.TimeUnit; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.time.StopWatch; -import org.apache.http.NameValuePair; -import org.apache.http.client.entity.UrlEncodedFormEntity; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.message.BasicNameValuePair; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.entity.UrlEncodedFormEntity; +import org.apache.hc.core5.http.NameValuePair; +import org.apache.hc.core5.http.message.BasicNameValuePair; +import org.apache.hc.core5.net.URIBuilder; import org.jose4j.base64url.Base64Url; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.i18n.LocaleContextHolder; @@ -48,6 +45,8 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils.Sl20ResponseHolder; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import lombok.extern.slf4j.Slf4j; @Slf4j diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java index 79d9f8d6..dd3e9ea7 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java @@ -3,10 +3,7 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks; import java.io.IOException; import java.util.Map; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.fileupload2.core.FileUploadException; import org.apache.commons.lang3.StringUtils; import org.jose4j.base64url.Base64Url; import org.springframework.beans.factory.annotation.Autowired; @@ -36,6 +33,8 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonMapper; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20ResponseUtils; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import lombok.extern.slf4j.Slf4j; @Slf4j diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 668ce09a..5e7f926f 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -7,11 +7,11 @@ import java.security.KeyStoreException; import java.security.Provider; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; +import java.util.Base64; import java.util.Collections; import java.util.List; import javax.annotation.Nonnull; -import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -26,7 +26,6 @@ import org.jose4j.lang.JoseException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.lang.NonNull; import org.springframework.stereotype.Service; -import org.springframework.util.Base64Utils; import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.databind.JsonNode; @@ -49,6 +48,7 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; +import jakarta.annotation.PostConstruct; import lombok.extern.slf4j.Slf4j; @Service @@ -243,10 +243,9 @@ public class JsonSecurityUtils implements IJoseTools { if (!sortedX5cCerts.get(0).equals(encryptionCred.getSecond()[0])) { log.info("Certificate from JOSE header does NOT match encryption certificate"); - try { - - log.debug("JOSE certificate: {}", Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); + log.debug("JOSE certificate: {}", Base64.getEncoder().encodeToString( + sortedX5cCerts.get(0).getEncoded())); } catch (final CertificateEncodingException e) { e.printStackTrace(); } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index e75410f7..b98b2980 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -48,9 +48,9 @@ public class SL20Constants { */ public static VdaAuthMethod fromString(@Nonnull final String s) { try { - return VdaAuthMethod.valueOf(s.toUpperCase()); + return s != null ? VdaAuthMethod.valueOf(s.toUpperCase()) : VdaAuthMethod.ANY; - } catch (IllegalArgumentException | NullPointerException e) { + } catch (IllegalArgumentException e) { return VdaAuthMethod.ANY; } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java index c45245b1..f9ca7cf8 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java @@ -7,26 +7,26 @@ import java.text.MessageFormat; import javax.annotation.Nonnull; import javax.annotation.Nullable; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.http.Header; -import org.apache.http.HttpEntity; -import org.apache.http.ParseException; -import org.apache.http.StatusLine; -import org.apache.http.client.ResponseHandler; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.entity.ContentType; -import org.apache.http.util.EntityUtils; + +import org.apache.hc.core5.http.ContentType; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpEntity; +import org.apache.hc.core5.http.io.HttpClientResponseHandler; +import org.apache.hc.core5.http.io.entity.EntityUtils; +import org.apache.hc.core5.http.message.StatusLine; +import org.apache.hc.core5.net.URIBuilder; import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; +import com.fasterxml.jackson.core.JacksonException; import com.fasterxml.jackson.databind.JsonNode; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import lombok.Data; import lombok.Getter; @@ -48,20 +48,20 @@ public class SL20HttpBindingUtils { * * @return {@link Sl20ResponseHolder} */ - public static ResponseHandler sl20ResponseHandler() { + public static HttpClientResponseHandler sl20ResponseHandler() { return response -> { try { - final int httpStatusCode = response.getStatusLine().getStatusCode(); + final int httpStatusCode = response.getCode(); if (httpStatusCode == HttpStatus.OK.value()) { if (response.getEntity().getContentType() == null) { throw new SlCommandoParserException("SL20 response contains NO ContentType"); } - final ContentType contentType = ContentType.getOrDefault(response.getEntity()); + final ContentType contentType = ContentType.parse(response.getEntity().getContentType()); if (!ContentType.APPLICATION_JSON.getMimeType().equals(contentType.getMimeType())) { log.error("SL20 response with statuscode: {} has wrong http ContentType: {}", - response.getStatusLine(), contentType); + response.getCode(), contentType); throw new SlCommandoParserException( "SL20 response with a wrong http ContentType: " + contentType); @@ -69,7 +69,7 @@ public class SL20HttpBindingUtils { //parse OK response from body return new Sl20ResponseHolder(parseSL20ResultFromResponse(response.getEntity()), - response.getStatusLine()); + new StatusLine(response)); } else if (httpStatusCode == HttpStatus.SEE_OTHER.value() || httpStatusCode == HttpStatus.TEMPORARY_REDIRECT.value()) { @@ -81,24 +81,24 @@ public class SL20HttpBindingUtils { final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); return new Sl20ResponseHolder(JsonMapper.getMapper().readTree(Base64Url.decode(sl20RespString)), - response.getStatusLine()); + new StatusLine(response)); } else if ( httpStatusCode == HttpStatus.INTERNAL_SERVER_ERROR.value() || httpStatusCode == HttpStatus.UNAUTHORIZED.value() || httpStatusCode == HttpStatus.BAD_REQUEST.value()) { log.info("SL20 response with http-code: {}. Search for error message", httpStatusCode); - + String bodyMsg = "_EMPTY_"; try { //extract JSON body from defined http error-codes bodyMsg = EntityUtils.toString(response.getEntity()); log.info("SL20 response with http-code: {} and errorMsg: {}", httpStatusCode, bodyMsg); Sl20ResponseHolder holder = new Sl20ResponseHolder( - JsonMapper.getMapper().readTree(bodyMsg), response.getStatusLine()); + JsonMapper.getMapper().readTree(bodyMsg), new StatusLine(response)); return holder; - } catch (final IOException | ParseException e) { + } catch (final JacksonException e) { log.warn("SL20 response contains no valid JSON. Body msg: {}", bodyMsg, e); throw new SlCommandoParserException(MessageFormat.format( "SL20 response with http-code: {} and generic response-processing error: {}", @@ -115,12 +115,12 @@ public class SL20HttpBindingUtils { } } catch (SlCommandoParserException e) { - Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine()); + Sl20ResponseHolder holder = new Sl20ResponseHolder(null, new StatusLine(response)); holder.setError(e); return holder; } catch (final Exception e) { - Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine()); + Sl20ResponseHolder holder = new Sl20ResponseHolder(null, new StatusLine(response)); holder.setError( new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e)); return holder; diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java index c3826087..af292964 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java @@ -8,12 +8,9 @@ import java.util.HashMap; import java.util.Map; import java.util.UUID; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import org.apache.commons.lang3.StringUtils; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.entity.ContentType; +import org.apache.hc.core5.http.ContentType; +import org.apache.hc.core5.net.URIBuilder; import com.fasterxml.jackson.databind.node.ObjectNode; @@ -22,6 +19,8 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.modules.auth.sl20.Constants; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import lombok.extern.slf4j.Slf4j; @Slf4j -- cgit v1.2.3