AbstractRESTMessageSecurityReceiver.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */


  22. package org.openspcoop2.security.message;

  24. import java.util.List;
  25. import java.util.Map;

  27. import javax.xml.namespace.QName;

  29. import org.openspcoop2.message.OpenSPCoop2RestMessage;
  30. import org.openspcoop2.message.OpenSPCoop2SoapMessage;
  31. import org.openspcoop2.message.constants.MessageRole;
  32. import org.openspcoop2.message.soap.reference.Reference;
  33. import org.openspcoop2.security.SecurityException;
  34. import org.openspcoop2.security.message.constants.SecurityConstants;
  35. import org.openspcoop2.utils.io.Base64Utilities;

  37. /**
  38.  * AbstractRESTMessageSecurityReceiver
  39.  *
  40.  * @author Andrea Poli (apoli@link.it)
  41.  * @author $Author$
  42.  * @version $Rev$, $Date$
  43.  */
  44. public abstract class AbstractRESTMessageSecurityReceiver implements IMessageSecurityReceiver{

  46.     @Override
  47.     public boolean checkExistsWSSecurityHeader() {
  48.         return false;
  49.     }

  51.     @Override
  52.     public List<Reference> getDirtyElements(MessageSecurityContext messageSecurityContext,
  53.             OpenSPCoop2SoapMessage message) throws SecurityException {
  54.         return null;
  55.     }

  57.     @Override
  58.     public Map<QName, QName> checkEncryptSignatureParts(MessageSecurityContext messageSecurityContext,
  59.             List<Reference> elementsToClean, OpenSPCoop2SoapMessage message, List<SubErrorCodeSecurity> codiciErrore)
  60.             throws SecurityException {
  61.         return null;
  62.     }

  64.     @Override
  65.     public void checkEncryptionPartElements(Map<QName, QName> notResolved, OpenSPCoop2SoapMessage message,
  66.             List<SubErrorCodeSecurity> erroriRilevati) throws SecurityException {
  67.         
  68.     }

  70.     @Override
  71.     public void cleanDirtyElements(MessageSecurityContext messageSecurityContext, OpenSPCoop2SoapMessage message,
  72.             List<Reference> elementsToClean, boolean detachHeaderWSSecurity, boolean removeAllIdRef)
  73.             throws SecurityException {
  74.         
  75.     }

  77.     
  78.     
  79.     
  80.     // *** DETACHED UTILS ***
  81.     
  82.     private String signatureDetachedHeader = null;
  83.     private String signatureDetachedPropertyUrl = null;
  84.     
  85.     protected String readDetachedSignatureFromMessage(Map<String,Object> map, OpenSPCoop2RestMessage<?> restMessage, String descriptionEngine) throws SecurityException {
  86.         String detachedSignature = null;
  87.         String mode = (String) map.get(SecurityConstants.SIGNATURE_MODE);
  88.         this.signatureDetachedHeader = (String) map.get(SecurityConstants.SIGNATURE_DETACHED_HEADER);
  89.         if(this.signatureDetachedHeader==null || "".equals(this.signatureDetachedHeader.trim())){
  90.             this.signatureDetachedHeader=null; // normalizzo
  91.             if(MessageRole.REQUEST.equals(restMessage.getMessageRole())) {
  92.                 this.signatureDetachedPropertyUrl = (String) map.get(SecurityConstants.SIGNATURE_DETACHED_PROPERTY_URL);
  93.                 if(this.signatureDetachedPropertyUrl==null || "".equals(this.signatureDetachedPropertyUrl.trim())){
  94.                     this.signatureDetachedPropertyUrl=null; // normalizzo
  95.                     throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") require '"+SecurityConstants.SIGNATURE_DETACHED_HEADER+"'/'"+SecurityConstants.SIGNATURE_DETACHED_PROPERTY_URL+"' property");
  96.                 }
  97.                 else {
  98.                     if(restMessage.getTransportRequestContext()==null || restMessage.getTransportRequestContext().getParameters()==null ||
  99.                             restMessage.getTransportRequestContext().getParameters().size()<=0) {
  100.                         throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") property url '"+this.signatureDetachedPropertyUrl+"' not found (properties url not exists)");
  101.                     }
  102.                     detachedSignature = restMessage.getTransportRequestContext().getParameterFirstValue(this.signatureDetachedPropertyUrl);
  103.                     if(detachedSignature==null) {
  104.                         throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") property url '"+this.signatureDetachedPropertyUrl+"' not found");
  105.                     }
  106.                 }
  107.             }
  108.             else {
  109.                 throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") require '"+SecurityConstants.SIGNATURE_DETACHED_HEADER+"' property");
  110.             }
  111.         }
  112.         else {
  113.             if(MessageRole.REQUEST.equals(restMessage.getMessageRole())) {
  114.                 if(restMessage.getTransportRequestContext()==null || restMessage.getTransportRequestContext().getHeaders()==null ||
  115.                         restMessage.getTransportRequestContext().getHeaders().size()<=0) {
  116.                     throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") header '"+this.signatureDetachedHeader+"' not found (header empty)");
  117.                 }
  118.                 detachedSignature = restMessage.getTransportRequestContext().getHeaderFirstValue(this.signatureDetachedHeader);
  119.             }
  120.             else {
  121.                 if(restMessage.getTransportResponseContext()==null || restMessage.getTransportResponseContext().getHeaders()==null ||
  122.                         restMessage.getTransportResponseContext().getHeaders().size()<=0) {
  123.                     throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") header '"+this.signatureDetachedHeader+"' not found (header empty)");
  124.                 }
  125.                 detachedSignature = restMessage.getTransportResponseContext().getHeaderFirstValue(this.signatureDetachedHeader);
  126.             }
  127.             if(detachedSignature==null) {
  128.                 throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") header '"+this.signatureDetachedHeader+"' not found");
  129.             }
  130.         }
  131.         
  132.         boolean base64Detached = SecurityConstants.SIGNATURE_DETACHED_BASE64_DEFAULT;
  133.         String tmpBase64 = (String) map.get(SecurityConstants.SIGNATURE_DETACHED_BASE64);
  134.         if(tmpBase64!=null && !"".equals(tmpBase64)) {
  135.             try {
  136.                 base64Detached = Boolean.parseBoolean(tmpBase64);
  137.             }catch(Exception e) {
  138.                 throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") property '"+SecurityConstants.SIGNATURE_DETACHED_BASE64+
  139.                         "' with wrong value (expected "+SecurityConstants.SIGNATURE_DETACHED_BASE64_TRUE+"/"+SecurityConstants.SIGNATURE_DETACHED_BASE64_FALSE+"): "+e.getMessage(),e);
  140.             }
  141.         }
  142.         if(base64Detached) {
  143.             return new String(Base64Utilities.decode(detachedSignature));
  144.         }
  145.         else {
  146.             return detachedSignature;
  147.         }
  148.     }
  149.     
  150.     protected void deleteDetachedSignatureFromMessage(OpenSPCoop2RestMessage<?> restMessage, String descriptionEngine) throws SecurityException {
  151.         if(this.signatureDetachedHeader!=null) {
  152.             if(MessageRole.REQUEST.equals(restMessage.getMessageRole())) {
  153.                 if(restMessage.getTransportRequestContext()==null || restMessage.getTransportRequestContext().getHeaders()==null ||
  154.                         restMessage.getTransportRequestContext().getHeaders().size()<=0) {
  155.                     return;
  156.                 }
  157.                 restMessage.getTransportRequestContext().removeHeader(this.signatureDetachedHeader);
  158.             }
  159.             else {
  160.                 if(restMessage.getTransportResponseContext()==null || restMessage.getTransportResponseContext().getHeaders()==null ||
  161.                         restMessage.getTransportResponseContext().getHeaders().size()<=0) {
  162.                     return;
  163.                 }
  164.                 restMessage.getTransportResponseContext().removeHeader(this.signatureDetachedHeader);
  165.             }
  166.         }
  167.         else if(this.signatureDetachedPropertyUrl!=null) {
  168.             if(restMessage.getTransportRequestContext()==null || restMessage.getTransportRequestContext().getParameters()==null ||
  169.                     restMessage.getTransportRequestContext().getParameters().size()<=0) {
  170.                 return;
  171.             }
  172.             restMessage.getTransportRequestContext().removeParameter(this.signatureDetachedPropertyUrl);
  173.         }
  174.         else {
  175.             throw new SecurityException(descriptionEngine+"; this method required preProcess detached signature");          
  176.         }
  177.     }
  178. }
Created with JaCoCo 0.8.8.202204050719