From 78d2b0480fab8d5d75dbe4014153ff8791310156 Mon Sep 17 00:00:00 2001 From: Manuel Bentele Date: Tue, 21 Dec 2021 16:00:59 +0100 Subject: Update httpclient library from version 4.5.x to version 5.y --- pom.xml | 7 +- .../edu/kit/scc/dei/ecplean/ECPAuthenticator.java | 24 +++---- .../kit/scc/dei/ecplean/ECPAuthenticatorBase.java | 74 ++++++++++++++-------- .../java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java | 2 +- 4 files changed, 64 insertions(+), 43 deletions(-) diff --git a/pom.xml b/pom.xml index 0514ef5..ae982c9 100644 --- a/pom.xml +++ b/pom.xml @@ -41,9 +41,10 @@ - org.apache.httpcomponents - httpclient - [4.5,4.6) + org.apache.httpcomponents.client5 + httpclient5 + [5.0,6.0) + compile org.apache.logging.log4j diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java index 089bc88..9422ea6 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java @@ -8,15 +8,15 @@ import javax.xml.transform.TransformerException; import javax.xml.xpath.XPathConstants; import javax.xml.xpath.XPathException; -import org.apache.http.HttpResponse; -import org.apache.http.ParseException; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.protocol.HttpClientContext; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.BasicCookieStore; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.util.EntityUtils; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.cookie.BasicCookieStore; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.protocol.HttpClientContext; +import org.apache.hc.core5.http.ParseException; +import org.apache.hc.core5.http.io.entity.EntityUtils; +import org.apache.hc.core5.http.io.entity.StringEntity; import org.w3c.dom.Document; import org.w3c.dom.Node; import org.w3c.dom.NodeList; @@ -36,7 +36,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl); } - public HttpResponse authenticate() throws ECPAuthenticationException { + public CloseableHttpResponse authenticate() throws ECPAuthenticationException { logger.info("Starting authentication"); logger.info("Contacting SP " + authInfo.getSpUrl()); @@ -52,7 +52,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { HttpClientContext ctx = HttpClientContext.create(); ctx.setCookieStore(new BasicCookieStore()); - HttpResponse httpResponse; + CloseableHttpResponse httpResponse; String responseBody; try { httpResponse = client.execute(httpGet, ctx); @@ -133,7 +133,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase { try { httpPost.setEntity(new StringEntity(documentToString(idpResponse))); httpResponse = client.execute(httpPost, ctx); - logger.info("Asserting resulted in " + httpResponse.getStatusLine()); + logger.info("Asserting resulted in " + httpResponse.getReasonPhrase()); httpPost.reset(); } catch (TransformerException | IOException e) { logger.debug("Could not post assertion back to SP"); diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java index b6a4c01..454886f 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java @@ -3,7 +3,6 @@ package edu.kit.scc.dei.ecplean; import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; -import java.io.UnsupportedEncodingException; import java.util.Observable; import javax.xml.namespace.QName; @@ -21,16 +20,20 @@ import javax.xml.xpath.XPathException; import javax.xml.xpath.XPathExpression; import javax.xml.xpath.XPathFactory; -import org.apache.http.HttpResponse; -import org.apache.http.HttpStatus; -import org.apache.http.auth.AuthenticationException; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.auth.BasicScheme; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.util.EntityUtils; +import org.apache.hc.client5.http.auth.AuthenticationException; +import org.apache.hc.client5.http.auth.UsernamePasswordCredentials; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.impl.auth.BasicScheme; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.protocol.HttpClientContext; +import org.apache.hc.core5.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.ParseException; +import org.apache.hc.core5.http.io.entity.EntityUtils; +import org.apache.hc.core5.http.io.entity.StringEntity; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.w3c.dom.Document; @@ -70,30 +73,47 @@ public abstract class ECPAuthenticatorBase extends Observable { this(null); } - private HttpResponse exec(Document idpRequest, String user, String pass) + private CloseableHttpResponse exec(Document idpRequest, String user, String pass) throws ECPAuthenticationException { - UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass); - //HttpClientContext passwordContext = HttpClientContext.create(); - HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString()); + final HttpHost httpHost = HttpHost.create(authInfo.getSpUrl()); + // setup basic authentication + final UsernamePasswordCredentials userCredentials = new UsernamePasswordCredentials(user, pass.toCharArray()); + final BasicScheme basicAuth = new BasicScheme(); + basicAuth.initPreemptive(userCredentials); + + // create local HTTP context for basic authentication + final HttpClientContext httpContext = HttpClientContext.create(); + httpContext.resetAuthExchange(httpHost, basicAuth); + + // create POST request to IdP + final HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString()); + + // fill content of POST request try { httpPost.setEntity(new StringEntity(documentToString(idpRequest))); - } catch (UnsupportedEncodingException | TransformerException e1) { - logger.debug("Error setting XML payload of IdP POST"); + } catch (TransformerException e1) { + logger.warn("Error setting XML payload of IdP POST"); throw new ECPAuthenticationException(e1); } - httpPost.setHeader("Content-Type", "text/xml; charset=utf-8"); - //passwordContext.setCredentialsProvider(bcp); + + // set content type of POST request + httpPost.setHeader(HttpHeaders.CONTENT_TYPE, "text/xml; charset=utf-8"); + + // set basic authentication header for POST request try { - httpPost.addHeader(new BasicScheme().authenticate(creds, httpPost, null)); - } catch (AuthenticationException e1) { - throw new ECPAuthenticationException(e1); + httpPost.setHeader(HttpHeaders.AUTHORIZATION, basicAuth.generateAuthResponse(httpHost, httpPost, httpContext)); + } catch (AuthenticationException e) { + logger.warn("Error setting Authentication header for IdP POST"); + throw new ECPAuthenticationException(e); } + + // send POST request to IdP try { - return client.execute(httpPost); + return client.execute(httpPost, httpContext); } catch (Exception e) { httpPost.reset(); - logger.debug("Could not submit PAOS request to IdP"); + logger.error("Could not submit PAOS request to IdP"); throw new ECPAuthenticationException(e); } } @@ -101,14 +121,14 @@ public abstract class ECPAuthenticatorBase extends Observable { protected Document authenticateIdP(Document idpRequest) throws ECPAuthenticationException { logger.info("Sending initial IdP Request"); - HttpResponse httpResponse = null; + CloseableHttpResponse httpResponse = null; String user = authInfo.getUsername(); String pass = authInfo.getPassword(); int at = user.lastIndexOf('@'); boolean failed = false; try { httpResponse = exec(idpRequest, user, pass); - failed = (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED); + failed = (httpResponse.getCode() == HttpStatus.SC_UNAUTHORIZED); } catch (ECPAuthenticationException e) { logger.debug("Could not submit PAOS request to IdP"); if (at == -1) @@ -128,7 +148,7 @@ public abstract class ECPAuthenticatorBase extends Observable { String responseBody; try { responseBody = EntityUtils.toString(httpResponse.getEntity()); - } catch (RuntimeException | IOException e) { + } catch (RuntimeException | IOException | ParseException e) { logger.debug("Could not read response from IdP"); throw new ECPAuthenticationException(e); } diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java index 54227e6..9700d8c 100644 --- a/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java +++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPIdPAuth.java @@ -8,7 +8,7 @@ import javax.xml.transform.TransformerException; import javax.xml.xpath.XPathConstants; import javax.xml.xpath.XPathException; -import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; import org.w3c.dom.Document; import org.w3c.dom.Node; import org.xml.sax.SAXException; -- cgit v1.2.3-55-g7522