diff options
| author | Manuel Bentele | 2021-12-21 16:00:59 +0100 |
|---|---|---|
| committer | Manuel Bentele | 2021-12-21 16:00:59 +0100 |
| commit | 78d2b0480fab8d5d75dbe4014153ff8791310156 (patch) | |
| tree | 1a3c1d0847830dec287aab1a7006ff56066c936d /src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java | |
| parent | Update log4j because of the CVE-2021-45105 security flaw (diff) | |
| download | ecp-client-lean-78d2b0480fab8d5d75dbe4014153ff8791310156.tar.gz ecp-client-lean-78d2b0480fab8d5d75dbe4014153ff8791310156.tar.xz ecp-client-lean-78d2b0480fab8d5d75dbe4014153ff8791310156.zip | |
Update httpclient library from version 4.5.x to version 5.y
Diffstat (limited to 'src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java')
| -rw-r--r-- | src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java | 74 |
1 files changed, 47 insertions, 27 deletions
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java index b6a4c01..454886f 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java @@ -3,7 +3,6 @@ package edu.kit.scc.dei.ecplean; import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
import java.util.Observable;
import javax.xml.namespace.QName;
@@ -21,16 +20,20 @@ import javax.xml.xpath.XPathException; import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathFactory;
-import org.apache.http.HttpResponse;
-import org.apache.http.HttpStatus;
-import org.apache.http.auth.AuthenticationException;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.auth.BasicScheme;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.util.EntityUtils;
+import org.apache.hc.client5.http.auth.AuthenticationException;
+import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.impl.auth.BasicScheme;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.client5.http.impl.classic.HttpClients;
+import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.apache.hc.core5.http.HttpHeaders;
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.HttpStatus;
+import org.apache.hc.core5.http.ParseException;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
+import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.w3c.dom.Document;
@@ -70,30 +73,47 @@ public abstract class ECPAuthenticatorBase extends Observable { this(null);
}
- private HttpResponse exec(Document idpRequest, String user, String pass)
+ private CloseableHttpResponse exec(Document idpRequest, String user, String pass)
throws ECPAuthenticationException {
- UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass);
- //HttpClientContext passwordContext = HttpClientContext.create();
- HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString());
+ final HttpHost httpHost = HttpHost.create(authInfo.getSpUrl());
+ // setup basic authentication
+ final UsernamePasswordCredentials userCredentials = new UsernamePasswordCredentials(user, pass.toCharArray());
+ final BasicScheme basicAuth = new BasicScheme();
+ basicAuth.initPreemptive(userCredentials);
+
+ // create local HTTP context for basic authentication
+ final HttpClientContext httpContext = HttpClientContext.create();
+ httpContext.resetAuthExchange(httpHost, basicAuth);
+
+ // create POST request to IdP
+ final HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString());
+
+ // fill content of POST request
try {
httpPost.setEntity(new StringEntity(documentToString(idpRequest)));
- } catch (UnsupportedEncodingException | TransformerException e1) {
- logger.debug("Error setting XML payload of IdP POST");
+ } catch (TransformerException e1) {
+ logger.warn("Error setting XML payload of IdP POST");
throw new ECPAuthenticationException(e1);
}
- httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
- //passwordContext.setCredentialsProvider(bcp);
+
+ // set content type of POST request
+ httpPost.setHeader(HttpHeaders.CONTENT_TYPE, "text/xml; charset=utf-8");
+
+ // set basic authentication header for POST request
try {
- httpPost.addHeader(new BasicScheme().authenticate(creds, httpPost, null));
- } catch (AuthenticationException e1) {
- throw new ECPAuthenticationException(e1);
+ httpPost.setHeader(HttpHeaders.AUTHORIZATION, basicAuth.generateAuthResponse(httpHost, httpPost, httpContext));
+ } catch (AuthenticationException e) {
+ logger.warn("Error setting Authentication header for IdP POST");
+ throw new ECPAuthenticationException(e);
}
+
+ // send POST request to IdP
try {
- return client.execute(httpPost);
+ return client.execute(httpPost, httpContext);
} catch (Exception e) {
httpPost.reset();
- logger.debug("Could not submit PAOS request to IdP");
+ logger.error("Could not submit PAOS request to IdP");
throw new ECPAuthenticationException(e);
}
}
@@ -101,14 +121,14 @@ public abstract class ECPAuthenticatorBase extends Observable { protected Document authenticateIdP(Document idpRequest) throws ECPAuthenticationException {
logger.info("Sending initial IdP Request");
- HttpResponse httpResponse = null;
+ CloseableHttpResponse httpResponse = null;
String user = authInfo.getUsername();
String pass = authInfo.getPassword();
int at = user.lastIndexOf('@');
boolean failed = false;
try {
httpResponse = exec(idpRequest, user, pass);
- failed = (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED);
+ failed = (httpResponse.getCode() == HttpStatus.SC_UNAUTHORIZED);
} catch (ECPAuthenticationException e) {
logger.debug("Could not submit PAOS request to IdP");
if (at == -1)
@@ -128,7 +148,7 @@ public abstract class ECPAuthenticatorBase extends Observable { String responseBody;
try {
responseBody = EntityUtils.toString(httpResponse.getEntity());
- } catch (RuntimeException | IOException e) {
+ } catch (RuntimeException | IOException | ParseException e) {
logger.debug("Could not read response from IdP");
throw new ECPAuthenticationException(e);
}
|