From e913773134f617eb7afbe00362e5b580776b8ad8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 18 Sep 2020 08:57:35 +0200 Subject: add HTTP-Proxy support for SAML2 Metadata provider --- .../config/persistence/MOAIDConfigurationImpl.java | 6 +-- .../apache/commons/httpclient/MOAHttpClient.java | 52 +++++++++++++++++++--- .../utils/EIDAuthMetadataProvider.java | 13 +++++- 3 files changed, 61 insertions(+), 10 deletions(-) (limited to 'id/server') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java index 6ef7a00cd..0e729ca5b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java @@ -60,7 +60,7 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement List configResult = configQuery.getResultList(); if (configResult == null || configResult.isEmpty()) { - Logger.warn("Found no configuration keys with prefix: " + preFix + ".%"); + Logger.debug("Found no configuration keys with prefix: " + preFix + ".%"); return null; } @@ -98,7 +98,7 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement List configResult = configQuery.getResultList(); if (configResult == null || configResult.isEmpty()) { - Logger.warn("Found no configuration keys with searchKey: " + searchKey); + Logger.debug("Found no configuration keys with searchKey: " + searchKey); return null; } @@ -228,7 +228,7 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement List oaConfigResult = oaConfigQuery.getResultList(); if (oaConfigResult == null) { - Logger.warn("Found no configuration keys with prefix: " + oaKey + ".%"); + Logger.info("Found no configuration keys with prefix: " + oaKey + ".%"); return null; } Logger.trace("Find " + oaConfigResult.size() + " key/value pairs with prefix: " + oaKey + ".%"); diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java index edf7ce268..4d4c7fa88 100644 --- a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java +++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java @@ -26,10 +26,12 @@ import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; +import org.apache.commons.httpclient.auth.AuthScope; import org.apache.commons.httpclient.protocol.Protocol; import org.apache.commons.httpclient.protocol.ProtocolSocketFactory; -import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -39,10 +41,48 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException */ public class MOAHttpClient extends HttpClient { - - public void setCustomSSLTrustStore(String metadataURL, ProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException { - ; - + public MOAHttpClient() { + super(); + injectProxyCredentials(); + + } + + public void injectProxyCredentials() { + //set proxy functionality + String host = System.getProperty("http.proxyHost"); //$NON-NLS-1$ + String port = System.getProperty("http.proxyPort"); //$NON-NLS-1$ + String user = System.getProperty("http.proxyUser"); //$NON-NLS-1$ + String pass = System.getProperty("http.proxyPassword"); //$NON-NLS-1$ + + if (MiscUtil.isNotEmpty(host)) { + int p = -1; + if (MiscUtil.isNotEmpty(port)) { + try { + p = Integer.parseInt(port); + + } catch (Exception e) { + Logger.error("'http.proxyPort' not valid!", e); + + } + } + Logger.info("Set HTTP-Proxy to Host: " + host + " and port: " + p); + getHostConfiguration().setProxy(host, p); + if (MiscUtil.isNotEmpty(user) && pass != null) { + //set proxy credentials + AuthScope authscope = new AuthScope(host, p); + Credentials credentials = new UsernamePasswordCredentials(user, pass); + getState().setProxyCredentials(authscope, credentials); + Logger.info(" Use Proxy with Username: " + user + " and password: " + + (Logger.isTraceEnabled() ? pass : "*******")); + + } + + } + } + + public void setCustomSSLTrustStore(String metadataURL, ProtocolSocketFactory protoSocketFactory) + throws MalformedURLException { + URL url = new URL(metadataURL); int port = -1; if (url.getPort() < 0) @@ -52,7 +92,7 @@ public class MOAHttpClient extends HttpClient { Protocol authhttps = new Protocol("https", protoSocketFactory, 443); getHostConfiguration().setHost(url.getHost(), port, authhttps); - + } public int executeMethod(HostConfiguration hostconfig, diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java index 649cfa691..e9ea40e0b 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java @@ -28,8 +28,12 @@ import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.Credentials; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.ProxyHost; +import org.apache.commons.httpclient.UsernamePasswordCredentials; +import org.apache.commons.httpclient.auth.AuthScope; import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; @@ -317,7 +321,14 @@ public class EIDAuthMetadataProvider extends SimpleMetadataProvider HttpClientParams httpClientParams = new HttpClientParams(); httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); httpClient.setParams(httpClientParams); - + + Credentials defaultcreds = new UsernamePasswordCredentials("username", "password"); + httpClient.getState().setProxyCredentials( + new AuthScope("myhost", 8080, AuthScope.ANY_REALM), defaultcreds); + ProxyHost proxyHost = new ProxyHost("myhost", 8080); + httpClient.getHostConfiguration().setProxyHost(proxyHost); + + if (metadataURL.startsWith("https:")) { try { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 -- cgit v1.2.3