AbstractRESTMessageSecuritySender.java
/*
* GovWay - A customizable API Gateway
* https://govway.org
*
* Copyright (c) 2005-2024 Link.it srl (https://link.it).
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3, as published by
* the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package org.openspcoop2.security.message;
import java.util.HashMap;
import java.util.Map;
import org.openspcoop2.message.OpenSPCoop2RestMessage;
import org.openspcoop2.message.constants.MessageRole;
import org.openspcoop2.security.SecurityException;
import org.openspcoop2.security.message.constants.SecurityConstants;
import org.openspcoop2.utils.io.Base64Utilities;
/**
* AbstractRESTMessageSecuritySender
*
* @author Andrea Poli (apoli@link.it)
* @author $Author$
* @version $Rev$, $Date$
*/
public abstract class AbstractRESTMessageSecuritySender implements IMessageSecuritySender{
// *** DETACHED UTILS ***
protected void setDetachedSignatureInMessage(Map<String,Object> map, OpenSPCoop2RestMessage<?> restMessage, String descriptionEngine, String detachedSignatureParam) throws SecurityException {
String signatureDetachedHeader = null;
String signatureDetachedPropertyUrl = null;
String mode = (String) map.get(SecurityConstants.SIGNATURE_MODE);
boolean base64Detached = SecurityConstants.SIGNATURE_DETACHED_BASE64_DEFAULT;
String tmpBase64 = (String) map.get(SecurityConstants.SIGNATURE_DETACHED_BASE64);
if(tmpBase64!=null && !"".equals(tmpBase64)) {
try {
base64Detached = Boolean.parseBoolean(tmpBase64);
}catch(Exception e) {
throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") property '"+SecurityConstants.SIGNATURE_DETACHED_BASE64+
"' with wrong value (expected "+SecurityConstants.SIGNATURE_DETACHED_BASE64_TRUE+"/"+SecurityConstants.SIGNATURE_DETACHED_BASE64_FALSE+"): "+e.getMessage(),e);
}
}
String detachedSignature = null;
if(base64Detached) {
detachedSignature = Base64Utilities.encodeAsString(detachedSignatureParam.getBytes());
}
else {
detachedSignature = detachedSignatureParam;
}
signatureDetachedHeader = (String) map.get(SecurityConstants.SIGNATURE_DETACHED_HEADER);
if(signatureDetachedHeader==null || "".equals(signatureDetachedHeader.trim())){
signatureDetachedHeader=null; // normalizzo
if(MessageRole.REQUEST.equals(restMessage.getMessageRole())) {
signatureDetachedPropertyUrl = (String) map.get(SecurityConstants.SIGNATURE_DETACHED_PROPERTY_URL);
if(signatureDetachedPropertyUrl==null || "".equals(signatureDetachedPropertyUrl.trim())){
signatureDetachedPropertyUrl=null; // normalizzo
throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") require '"+SecurityConstants.SIGNATURE_DETACHED_HEADER+"'/'"+SecurityConstants.SIGNATURE_DETACHED_PROPERTY_URL+"' property");
}
else {
if(restMessage.getTransportRequestContext()==null) {
throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") property url '"+signatureDetachedPropertyUrl+"'; transporto context undefined");
}
if(restMessage.getTransportRequestContext().getParameters()==null) {
restMessage.getTransportRequestContext().setParameters(new HashMap<>());
}
restMessage.getTransportRequestContext().removeParameter(signatureDetachedPropertyUrl); // sovrascrivo
//restMessage.getTransportRequestContext().getParametersFormBased().put(signatureDetachedPropertyUrl, detachedSignature);
restMessage.forceUrlProperty(signatureDetachedPropertyUrl, detachedSignature);
}
}
else {
throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") require '"+SecurityConstants.SIGNATURE_DETACHED_HEADER+"' property");
}
}
else {
if(MessageRole.REQUEST.equals(restMessage.getMessageRole())) {
if(restMessage.getTransportRequestContext()==null) {
throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") property url '"+signatureDetachedPropertyUrl+"'; transporto context undefined");
}
if(restMessage.getTransportRequestContext().getHeaders()==null) {
restMessage.getTransportRequestContext().setHeaders(new HashMap<>());
}
restMessage.getTransportRequestContext().removeHeader(signatureDetachedHeader); // sovrascrivo
//restMessage.getTransportRequestContext().getParametersTrasporto().put(signatureDetachedHeader, detachedSignature);
restMessage.forceTransportHeader(signatureDetachedHeader, detachedSignature);
}
else {
if(restMessage.getTransportResponseContext()==null) {
throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") property url '"+signatureDetachedPropertyUrl+"'; transporto context undefined");
}
if(restMessage.getTransportResponseContext().getHeaders()==null) {
restMessage.getTransportResponseContext().setHeaders(new HashMap<>());
}
restMessage.getTransportResponseContext().removeHeader(signatureDetachedHeader); // sovrascrivo
//restMessage.getTransportResponseContext().getParametersTrasporto().put(signatureDetachedHeader, detachedSignature);
restMessage.forceTransportHeader(signatureDetachedHeader, detachedSignature);
}
if(detachedSignature==null) {
throw new SecurityException(descriptionEngine+" (mode:"+mode+" message-role:"+restMessage.getMessageRole()+") header '"+signatureDetachedHeader+"' not found");
}
}
}
}