summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorManuel Bentele2021-12-21 16:00:59 +0100
committerManuel Bentele2021-12-21 16:00:59 +0100
commit78d2b0480fab8d5d75dbe4014153ff8791310156 (patch)
tree1a3c1d0847830dec287aab1a7006ff56066c936d
parentUpdate log4j because of the CVE-2021-45105 security flaw (diff)
downloadecp-client-lean-78d2b0480fab8d5d75dbe4014153ff8791310156.tar.gz
ecp-client-lean-78d2b0480fab8d5d75dbe4014153ff8791310156.tar.xz
ecp-client-lean-78d2b0480fab8d5d75dbe4014153ff8791310156.zip
Update httpclient library from version 4.5.x to version 5.y
-rw-r--r--pom.xml7
-rw-r--r--src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java24
-rw-r--r--src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java74
-rw-r--r--src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java2
4 files changed, 64 insertions, 43 deletions
diff --git a/pom.xml b/pom.xml
index 0514ef5..ae982c9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -41,9 +41,10 @@
</build>
<dependencies>
<dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
- <version>[4.5,4.6)</version>
+ <groupId>org.apache.httpcomponents.client5</groupId>
+ <artifactId>httpclient5</artifactId>
+ <version>[5.0,6.0)</version>
+ <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
index 089bc88..9422ea6 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
@@ -8,15 +8,15 @@ import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathException;
-import org.apache.http.HttpResponse;
-import org.apache.http.ParseException;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.protocol.HttpClientContext;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.client.BasicCookieStore;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.util.EntityUtils;
+import org.apache.hc.client5.http.classic.methods.HttpGet;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.cookie.BasicCookieStore;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.apache.hc.core5.http.ParseException;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
+import org.apache.hc.core5.http.io.entity.StringEntity;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -36,7 +36,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl);
}
- public HttpResponse authenticate() throws ECPAuthenticationException {
+ public CloseableHttpResponse authenticate() throws ECPAuthenticationException {
logger.info("Starting authentication");
logger.info("Contacting SP " + authInfo.getSpUrl());
@@ -52,7 +52,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
HttpClientContext ctx = HttpClientContext.create();
ctx.setCookieStore(new BasicCookieStore());
- HttpResponse httpResponse;
+ CloseableHttpResponse httpResponse;
String responseBody;
try {
httpResponse = client.execute(httpGet, ctx);
@@ -133,7 +133,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
try {
httpPost.setEntity(new StringEntity(documentToString(idpResponse)));
httpResponse = client.execute(httpPost, ctx);
- logger.info("Asserting resulted in " + httpResponse.getStatusLine());
+ logger.info("Asserting resulted in " + httpResponse.getReasonPhrase());
httpPost.reset();
} catch (TransformerException | IOException e) {
logger.debug("Could not post assertion back to SP");
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
index b6a4c01..454886f 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
@@ -3,7 +3,6 @@ package edu.kit.scc.dei.ecplean;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
import java.util.Observable;
import javax.xml.namespace.QName;
@@ -21,16 +20,20 @@ import javax.xml.xpath.XPathException;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathFactory;
-import org.apache.http.HttpResponse;
-import org.apache.http.HttpStatus;
-import org.apache.http.auth.AuthenticationException;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.auth.BasicScheme;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.util.EntityUtils;
+import org.apache.hc.client5.http.auth.AuthenticationException;
+import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.impl.auth.BasicScheme;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.client5.http.impl.classic.HttpClients;
+import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.apache.hc.core5.http.HttpHeaders;
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.HttpStatus;
+import org.apache.hc.core5.http.ParseException;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
+import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.w3c.dom.Document;
@@ -70,30 +73,47 @@ public abstract class ECPAuthenticatorBase extends Observable {
this(null);
}
- private HttpResponse exec(Document idpRequest, String user, String pass)
+ private CloseableHttpResponse exec(Document idpRequest, String user, String pass)
throws ECPAuthenticationException {
- UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass);
- //HttpClientContext passwordContext = HttpClientContext.create();
- HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString());
+ final HttpHost httpHost = HttpHost.create(authInfo.getSpUrl());
+ // setup basic authentication
+ final UsernamePasswordCredentials userCredentials = new UsernamePasswordCredentials(user, pass.toCharArray());
+ final BasicScheme basicAuth = new BasicScheme();
+ basicAuth.initPreemptive(userCredentials);
+
+ // create local HTTP context for basic authentication
+ final HttpClientContext httpContext = HttpClientContext.create();
+ httpContext.resetAuthExchange(httpHost, basicAuth);
+
+ // create POST request to IdP
+ final HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString());
+
+ // fill content of POST request
try {
httpPost.setEntity(new StringEntity(documentToString(idpRequest)));
- } catch (UnsupportedEncodingException | TransformerException e1) {
- logger.debug("Error setting XML payload of IdP POST");
+ } catch (TransformerException e1) {
+ logger.warn("Error setting XML payload of IdP POST");
throw new ECPAuthenticationException(e1);
}
- httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
- //passwordContext.setCredentialsProvider(bcp);
+
+ // set content type of POST request
+ httpPost.setHeader(HttpHeaders.CONTENT_TYPE, "text/xml; charset=utf-8");
+
+ // set basic authentication header for POST request
try {
- httpPost.addHeader(new BasicScheme().authenticate(creds, httpPost, null));
- } catch (AuthenticationException e1) {
- throw new ECPAuthenticationException(e1);
+ httpPost.setHeader(HttpHeaders.AUTHORIZATION, basicAuth.generateAuthResponse(httpHost, httpPost, httpContext));
+ } catch (AuthenticationException e) {
+ logger.warn("Error setting Authentication header for IdP POST");
+ throw new ECPAuthenticationException(e);
}
+
+ // send POST request to IdP
try {
- return client.execute(httpPost);
+ return client.execute(httpPost, httpContext);
} catch (Exception e) {
httpPost.reset();
- logger.debug("Could not submit PAOS request to IdP");
+ logger.error("Could not submit PAOS request to IdP");
throw new ECPAuthenticationException(e);
}
}
@@ -101,14 +121,14 @@ public abstract class ECPAuthenticatorBase extends Observable {
protected Document authenticateIdP(Document idpRequest) throws ECPAuthenticationException {
logger.info("Sending initial IdP Request");
- HttpResponse httpResponse = null;
+ CloseableHttpResponse httpResponse = null;
String user = authInfo.getUsername();
String pass = authInfo.getPassword();
int at = user.lastIndexOf('@');
boolean failed = false;
try {
httpResponse = exec(idpRequest, user, pass);
- failed = (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED);
+ failed = (httpResponse.getCode() == HttpStatus.SC_UNAUTHORIZED);
} catch (ECPAuthenticationException e) {
logger.debug("Could not submit PAOS request to IdP");
if (at == -1)
@@ -128,7 +148,7 @@ public abstract class ECPAuthenticatorBase extends Observable {
String responseBody;
try {
responseBody = EntityUtils.toString(httpResponse.getEntity());
- } catch (RuntimeException | IOException e) {
+ } catch (RuntimeException | IOException | ParseException e) {
logger.debug("Could not read response from IdP");
throw new ECPAuthenticationException(e);
}
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java
index 54227e6..9700d8c 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java
@@ -8,7 +8,7 @@ import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathException;
-import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;