Update httpclient library from version 4.5.x to version 5.y

4 files changed, 64 insertions, 43 deletions

diff --git a/pom.xml b/pom.xml
index 0514ef5..ae982c9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -41,9 +41,10 @@
 	</build>

 	<dependencies>

 		<dependency>

-			<groupId>org.apache.httpcomponents</groupId>

-			<artifactId>httpclient</artifactId>

-			<version>[4.5,4.6)</version>

+			<groupId>org.apache.httpcomponents.client5</groupId>

+			<artifactId>httpclient5</artifactId>

+			<version>[5.0,6.0)</version>

+			<scope>compile</scope>

 		</dependency>

 		<dependency>

 			<groupId>org.apache.logging.log4j</groupId>

diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
index 089bc88..9422ea6 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
@@ -8,15 +8,15 @@ import javax.xml.transform.TransformerException;
 import javax.xml.xpath.XPathConstants;

 import javax.xml.xpath.XPathException;

 

-import org.apache.http.HttpResponse;

-import org.apache.http.ParseException;

-import org.apache.http.client.methods.HttpGet;

-import org.apache.http.client.methods.HttpPost;

-import org.apache.http.client.protocol.HttpClientContext;

-import org.apache.http.entity.StringEntity;

-import org.apache.http.impl.client.BasicCookieStore;

-import org.apache.http.impl.client.CloseableHttpClient;

-import org.apache.http.util.EntityUtils;

+import org.apache.hc.client5.http.classic.methods.HttpGet;

+import org.apache.hc.client5.http.classic.methods.HttpPost;

+import org.apache.hc.client5.http.cookie.BasicCookieStore;

+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;

+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;

+import org.apache.hc.client5.http.protocol.HttpClientContext;

+import org.apache.hc.core5.http.ParseException;

+import org.apache.hc.core5.http.io.entity.EntityUtils;

+import org.apache.hc.core5.http.io.entity.StringEntity;

 import org.w3c.dom.Document;

 import org.w3c.dom.Node;

 import org.w3c.dom.NodeList;

@@ -36,7 +36,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
 		authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl);

 	}

 	

-	public HttpResponse authenticate() throws ECPAuthenticationException {

+	public CloseableHttpResponse authenticate() throws ECPAuthenticationException {

 		logger.info("Starting authentication");

 

 		logger.info("Contacting SP " + authInfo.getSpUrl());

@@ -52,7 +52,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
 		HttpClientContext ctx = HttpClientContext.create();

 		ctx.setCookieStore(new BasicCookieStore());

 

-		HttpResponse httpResponse;

+		CloseableHttpResponse httpResponse;

 		String responseBody;

 		try {

 			httpResponse = client.execute(httpGet, ctx);

@@ -133,7 +133,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
 		try {

 			httpPost.setEntity(new StringEntity(documentToString(idpResponse)));

 			httpResponse = client.execute(httpPost, ctx);

-			logger.info("Asserting resulted in " + httpResponse.getStatusLine());

+			logger.info("Asserting resulted in " + httpResponse.getReasonPhrase());

 			httpPost.reset();

 		} catch (TransformerException | IOException e) {

 			logger.debug("Could not post assertion back to SP");

diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
index b6a4c01..454886f 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
@@ -3,7 +3,6 @@ package edu.kit.scc.dei.ecplean;
 import java.io.IOException;

 import java.io.StringReader;

 import java.io.StringWriter;

-import java.io.UnsupportedEncodingException;

 import java.util.Observable;

 

 import javax.xml.namespace.QName;

@@ -21,16 +20,20 @@ import javax.xml.xpath.XPathException;
 import javax.xml.xpath.XPathExpression;

 import javax.xml.xpath.XPathFactory;

 

-import org.apache.http.HttpResponse;

-import org.apache.http.HttpStatus;

-import org.apache.http.auth.AuthenticationException;

-import org.apache.http.auth.UsernamePasswordCredentials;

-import org.apache.http.client.methods.HttpPost;

-import org.apache.http.entity.StringEntity;

-import org.apache.http.impl.auth.BasicScheme;

-import org.apache.http.impl.client.CloseableHttpClient;

-import org.apache.http.impl.client.HttpClients;

-import org.apache.http.util.EntityUtils;

+import org.apache.hc.client5.http.auth.AuthenticationException;

+import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;

+import org.apache.hc.client5.http.classic.methods.HttpPost;

+import org.apache.hc.client5.http.impl.auth.BasicScheme;

+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;

+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;

+import org.apache.hc.client5.http.impl.classic.HttpClients;

+import org.apache.hc.client5.http.protocol.HttpClientContext;

+import org.apache.hc.core5.http.HttpHeaders;

+import org.apache.hc.core5.http.HttpHost;

+import org.apache.hc.core5.http.HttpStatus;

+import org.apache.hc.core5.http.ParseException;

+import org.apache.hc.core5.http.io.entity.EntityUtils;

+import org.apache.hc.core5.http.io.entity.StringEntity;

 import org.apache.logging.log4j.LogManager;

 import org.apache.logging.log4j.Logger;

 import org.w3c.dom.Document;

@@ -70,30 +73,47 @@ public abstract class ECPAuthenticatorBase extends Observable {
 		this(null);

 	}

 

-	private HttpResponse exec(Document idpRequest, String user, String pass)

+	private CloseableHttpResponse exec(Document idpRequest, String user, String pass)

 			throws ECPAuthenticationException {

-		UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass);

-		//HttpClientContext passwordContext = HttpClientContext.create();

-		HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString());

+		final HttpHost httpHost = HttpHost.create(authInfo.getSpUrl());

 

+		// setup basic authentication

+		final UsernamePasswordCredentials userCredentials = new UsernamePasswordCredentials(user, pass.toCharArray());

+      final BasicScheme basicAuth = new BasicScheme();

+      basicAuth.initPreemptive(userCredentials);

+

+      // create local HTTP context for basic authentication

+      final HttpClientContext httpContext = HttpClientContext.create();

+      httpContext.resetAuthExchange(httpHost, basicAuth);

+

+      // create POST request to IdP

+      final HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString());

+

+      // fill content of POST request

 		try {

 			httpPost.setEntity(new StringEntity(documentToString(idpRequest)));

-		} catch (UnsupportedEncodingException | TransformerException e1) {

-			logger.debug("Error setting XML payload of IdP POST");

+		} catch (TransformerException e1) {

+			logger.warn("Error setting XML payload of IdP POST");

 			throw new ECPAuthenticationException(e1);

 		}

-		httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");

-		//passwordContext.setCredentialsProvider(bcp);

+

+		// set content type of POST request

+		httpPost.setHeader(HttpHeaders.CONTENT_TYPE, "text/xml; charset=utf-8");

+

+		// set basic authentication header for POST request

 		try {

-			httpPost.addHeader(new BasicScheme().authenticate(creds, httpPost, null));

-		} catch (AuthenticationException e1) {

-			throw new ECPAuthenticationException(e1);

+			httpPost.setHeader(HttpHeaders.AUTHORIZATION, basicAuth.generateAuthResponse(httpHost, httpPost, httpContext));

+		} catch (AuthenticationException e) {

+			logger.warn("Error setting Authentication header for IdP POST");

+			throw new ECPAuthenticationException(e);

 		}

+

+		// send POST request to IdP

 		try {

-			return client.execute(httpPost);

+			return client.execute(httpPost, httpContext);

 		} catch (Exception e) {

 			httpPost.reset();

-			logger.debug("Could not submit PAOS request to IdP");

+			logger.error("Could not submit PAOS request to IdP");

 			throw new ECPAuthenticationException(e);

 		}

 	}

@@ -101,14 +121,14 @@ public abstract class ECPAuthenticatorBase extends Observable {
 	protected Document authenticateIdP(Document idpRequest) throws ECPAuthenticationException {

 		logger.info("Sending initial IdP Request");

 

-		HttpResponse httpResponse = null;

+		CloseableHttpResponse httpResponse = null;

 		String user = authInfo.getUsername();

 		String pass = authInfo.getPassword();

 		int at = user.lastIndexOf('@');

 		boolean failed = false;

 		try {

 			httpResponse = exec(idpRequest, user, pass);

-			failed = (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED);

+			failed = (httpResponse.getCode() == HttpStatus.SC_UNAUTHORIZED);

 		} catch (ECPAuthenticationException e) {

 			logger.debug("Could not submit PAOS request to IdP");

 			if (at == -1)

@@ -128,7 +148,7 @@ public abstract class ECPAuthenticatorBase extends Observable {
 		String responseBody;

 		try {

 			responseBody = EntityUtils.toString(httpResponse.getEntity());

-		} catch (RuntimeException | IOException e) {

+		} catch (RuntimeException | IOException | ParseException e) {

 			logger.debug("Could not read response from IdP");

 			throw new ECPAuthenticationException(e);

 		}

diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java
index 54227e6..9700d8c 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java
@@ -8,7 +8,7 @@ import javax.xml.transform.TransformerException;
 import javax.xml.xpath.XPathConstants;

 import javax.xml.xpath.XPathException;

 

-import org.apache.http.impl.client.CloseableHttpClient;

+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;

 import org.w3c.dom.Document;

 import org.w3c.dom.Node;

 import org.xml.sax.SAXException;