From 518839d9ade1e97d878e494903e088a5b0cf0359 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 4 Nov 2016 09:50:25 +0100 Subject: update Http client for MIS communication --- .../internal/tasks/GetMISSessionIDTask.java | 2 +- .../internal/tasks/PrepareGetMISMandateTask.java | 3 +- .../client/szrgw/SZRGWSecureSocketFactory.java | 170 --------------------- .../id/util/client/mis/simple/MISSimpleClient.java | 91 +++++++---- 4 files changed, 63 insertions(+), 203 deletions(-) delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index a24cc9a43..3383cf201 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -79,7 +79,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { authConfig, connectionParameters); List list = MISSimpleClient.sendGetMandatesRequest( - connectionParameters.getUrl(), misSessionID, sslFactory); + connectionParameters.getUrl(), misSessionID, sslFactory, authConfig); //check if mandates received if (list == null || list.size() == 0) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 8acfd255b..975dec429 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -122,7 +122,8 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { profiles, targetType, authBlock, - sslFactory); + sslFactory, + authConfig); if (misSessionID == null) { Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java deleted file mode 100644 index 22b575489..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java +++ /dev/null @@ -1,170 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.net.UnknownHostException; - -import javax.net.ssl.SSLSocketFactory; - -import org.apache.commons.httpclient.params.HttpConnectionParams; -import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; - -/** - * This class implements a secure protocol socket factory - * for the Apache HTTP client. - * - * @author Peter Danner - */ -public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory { - - /** - * The SSL socket factory. - */ - private SSLSocketFactory factory; - - /** - * Creates a new Secure socket factory for the - * Apache HTTP client. - * - * @param factory the SSL socket factory to use. - */ - public SZRGWSecureSocketFactory(SSLSocketFactory factory) { - this.factory = factory; - } - - - /** - * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) - */ - public Socket createSocket( - String host, - int port, - InetAddress clientHost, - int clientPort) - throws IOException, UnknownHostException { - - return this.factory.createSocket( - host, - port, - clientHost, - clientPort - ); - } - - /** - * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) - */ - public Socket createSocket(String host, int port) - throws IOException, UnknownHostException { - return this.factory.createSocket( - host, - port - ); - } - - /** - * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) - */ - public Socket createSocket( - Socket socket, - String host, - int port, - boolean autoClose) - throws IOException, UnknownHostException { - return this.factory.createSocket( - socket, - host, - port, - autoClose - ); - } - - /** - * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams) - */ - public Socket createSocket( - String host, - int port, - InetAddress clientHost, - int clientPort, - HttpConnectionParams params) - throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException { - - Socket socket = createSocket(host, port, clientHost, clientPort); - if (socket != null) { - // socket.setKeepAlive(false); - if (params.getReceiveBufferSize() >= 0) - socket.setReceiveBufferSize(params.getReceiveBufferSize()); - if (params.getSendBufferSize() >= 0) - socket.setSendBufferSize(params.getSendBufferSize()); - socket.setReuseAddress(true); - if (params.getSoTimeout() >= 0) - socket.setSoTimeout(params.getSoTimeout()); - } - return socket; - - } - - /** - * @see java.lang.Object#equals(java.lang.Object) - */ - public boolean equals(Object obj) { - return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class)); - } - - /** - * @see java.lang.Object#hashCode() - */ - public int hashCode() { - return SZRGWSecureSocketFactory.class.hashCode(); - } - -} - diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 12e58342a..26d50905e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -56,10 +56,12 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.commons.codec.binary.Base64; -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.methods.PostMethod; -import org.apache.commons.httpclient.methods.StringRequestEntity; -import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.http.HttpEntity; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.entity.ContentType; +import org.apache.http.entity.StringEntity; +import org.apache.http.impl.client.CloseableHttpClient; import org.apache.xpath.XPathAPI; import org.w3c.dom.DOMException; import org.w3c.dom.Document; @@ -69,7 +71,7 @@ import org.w3c.dom.NodeList; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; @@ -96,21 +98,14 @@ public class MISSimpleClient { } } - public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { + public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory, AuthConfiguration authConfig) throws MISSimpleClientException { if (webServiceURL == null) { throw new NullPointerException("Argument webServiceURL must not be null."); } if (sessionId == null) { throw new NullPointerException("Argument sessionId must not be null."); } - - // ssl settings - if (sSLSocketFactory != null) { - SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); - Protocol.registerProtocol("https", new Protocol("https", fac, 443)); - } - - + try { Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest"); @@ -119,7 +114,11 @@ public class MISSimpleClient { mirElement.appendChild(sessionIdElement); // send soap request - Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement); + Element mandateIssueResponseElement = sendSOAPRequest( + webServiceURL, + mirElement, + sSLSocketFactory, + authConfig); // check for error checkForError(mandateIssueResponseElement); @@ -160,7 +159,7 @@ public class MISSimpleClient { } } - public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List mandateIdentifier, String targetType, byte[] authBlock, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException { + public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List mandateIdentifier, String targetType, byte[] authBlock, SSLSocketFactory sSLSocketFactory, AuthConfiguration authConfig) throws MISSimpleClientException { if (webServiceURL == null) { throw new MISSimpleClientException("service.04"); } @@ -170,13 +169,7 @@ public class MISSimpleClient { if (redirectURL == null) { throw new NullPointerException("Argument redirectURL must not be null."); } - - // ssl settings - if (sSLSocketFactory != null) { - SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); - Protocol.registerProtocol("https", new Protocol("https", fac, 443)); - } - + try { Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest"); @@ -233,7 +226,11 @@ public class MISSimpleClient { mirElement.appendChild(authBlockElement); // send soap request - Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement); + Element mandateIssueResponseElement = sendSOAPRequest( + webServiceURL, + mirElement, + sSLSocketFactory, + authConfig); // check for error checkForError(mandateIssueResponseElement); @@ -284,7 +281,9 @@ public class MISSimpleClient { } } - private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException { + private static Element sendSOAPRequest(String webServiceURL, Element request, + SSLSocketFactory sSLSocketFactory, + AuthConfiguration authConfig) throws MISSimpleClientException { // try { // System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request)); @@ -300,18 +299,32 @@ public class MISSimpleClient { if (request == null) { throw new NullPointerException("Argument request must not be null."); } + + CloseableHttpClient httpclient = null; + CloseableHttpResponse httpResp = null; try { - HttpClient httpclient = HttpClientWithProxySupport.getHttpClient(); - PostMethod post = new PostMethod(webServiceURL); - StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8"); - post.setRequestEntity(re); - int responseCode = httpclient.executeMethod(post); + httpclient = HttpClientWithProxySupport.getHttpClient( + sSLSocketFactory, + authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + // set http POST Request + HttpPost post = new HttpPost(webServiceURL); + HttpEntity postReq = new StringEntity( + DOMUtils.serializeNode(packIntoSOAP(request)), + ContentType.create("text/xml", "UTF-8") ); + post.setEntity(postReq); + + //request webService + httpResp = httpclient.execute(post); + + //parse response + int responseCode = httpResp.getStatusLine().getStatusCode(); if (responseCode != 200) { throw new MISSimpleClientException("Invalid HTTP response code " + responseCode); } + //Element elem = parse(post.getResponseBodyAsStream()); - Document doc = DOMUtils.parseDocumentSimple(post.getResponseBodyAsStream()); + Document doc = DOMUtils.parseDocumentSimple(httpResp.getEntity().getContent()); return unpackFromSOAP(doc.getDocumentElement()); } catch(IOException e) { @@ -329,8 +342,24 @@ public class MISSimpleClient { } catch (Exception e) { throw new MISSimpleClientException("service.06", new Object[]{e.getMessage()}, e); + } finally { + try { + if (httpclient != null) + httpclient.close(); + + if (httpResp != null) + httpResp.close(); + + + } catch (IOException e) { + Logger.error("HTTP-client or Response for MIS communication can NOT be closed!", e); + + } + + } + } private static Element packIntoSOAP(Element element) throws MISSimpleClientException { -- cgit v1.2.3