HttpServletCredential.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */
  20. package org.openspcoop2.utils.transport.http;

  22. import java.io.Serializable;
  23. import java.security.cert.X509Certificate;
  24. import java.util.ArrayList;
  25. import java.util.List;

  27. import javax.servlet.http.HttpServletRequest;

  29. import org.apache.commons.lang.NotImplementedException;
  30. import org.openspcoop2.utils.certificate.Certificate;
  31. import org.openspcoop2.utils.certificate.CertificateUtils;
  32. import org.openspcoop2.utils.io.Base64Utilities;
  33. import org.openspcoop2.utils.transport.Credential;
  34. import org.slf4j.Logger;

  36. /**
  37.  * HttpServletCredentials
  38.  *
  39.  * @author Poli Andrea (apoli@link.it)
  40.  * @author $Author$
  41.  * @version $Rev$, $Date$
  42.  */
  43. public class HttpServletCredential extends Credential implements Serializable {

  45.     /**
  46.      * 
  47.      */
  48.     private static final long serialVersionUID = 1L;

  50.     public static final String SERVLET_REQUEST_X509CERTIFICATE = "javax.servlet.request.X509Certificate";
  51.     
  52.     // Servlet Request
  53.     private transient HttpServletRequest httpServletRequest;
  54.     
  55.     public HttpServletCredential(){
  56.         super();
  57.     }
  58.     public HttpServletCredential(HttpServletRequest req,Logger log){
  59.         this(req, log, false);
  60.     }
  61.     public HttpServletCredential(HttpServletRequest req,Logger log,boolean debug){
  62.         
  63.         super();
  64.         
  65.         this.httpServletRequest = req;
  66.         
  67.         String auth = req.getHeader(HttpConstants.AUTHORIZATION);
  68.         
  69.         // Basic (HTTP-Based)
  70.         if(auth != null && auth.toLowerCase().startsWith(HttpConstants.AUTHORIZATION_PREFIX_BASIC.toLowerCase())){
  71.             // Sbustring(6): elimina la parte "Basic "
  72.             String cValue = auth.substring(HttpConstants.AUTHORIZATION_PREFIX_BASIC.length());
  73.             String decodeAuth = null;
  74.             try {
  75.                 decodeAuth = new String(Base64Utilities.decode(cValue));
  76.             }catch(Throwable e) {
  77.                 log.error("Password non estraibile dalla stringa ricevuta '"+cValue+"', decodifica base-64 non riuscita: "+e.getMessage(),e);
  78.             }
  79.             if(decodeAuth!=null) {
  80.                 String [] decodeAuthSplit = decodeAuth.split(":");
  81.                 if(decodeAuthSplit.length>1){
  82.                     this.username = decodeAuthSplit[0];
  83.                     try {
  84.                         this.password = decodeAuth.substring(decodeAuth.indexOf(":")+1, decodeAuth.length());
  85.                     }catch(Throwable e) {
  86.                         log.error("Password non estraibile dalla stringa ricevuta '"+decodeAuth+"'");
  87.                     }
  88.                 }
  89.                 if(debug && log!=null){
  90.                     log.info("BasicAuthentication presente nella richiesta, username ["+this.username+"] e password ["+this.password+"]");
  91.                 }
  92.             }
  93.         }
  94.         
  95.         // Bearer (Token Oauth)
  96.         if(auth != null && auth.toLowerCase().startsWith(HttpConstants.AUTHORIZATION_PREFIX_BEARER.toLowerCase())){
  97.             this.bearerToken = auth.substring(HttpConstants.AUTHORIZATION_PREFIX_BEARER.length());
  98.         }
  99.         
  100.         // SSL (HTTPS)
  101.         java.security.cert.X509Certificate[] certs =
  102.             (java.security.cert.X509Certificate[]) req.getAttribute(SERVLET_REQUEST_X509CERTIFICATE);
  103.         
  104.         if(certs!=null) {
  105.             if(debug && log!=null){
  106.                 try{
  107.                     StringBuilder bf = new StringBuilder();
  108.                     CertificateUtils.printCertificate(bf, certs);
  109.                     log.info(bf.toString());
  110.                 }catch(Throwable e){
  111.                     log.error("Print info certs error: "+e.getMessage(),e);
  112.                 }
  113.             }
  114.             if(certs.length > 0){
  115.                 //System.out.println("toString ["+certs[0].getSubjectX500Principal().toString()+"]"); // toString e' equivalente a RFC1779
  116.                 //System.out.println("getName ["+certs[0].getSubjectX500Principal().getName()+"]");
  117.                 //System.out.println("CANONICAL ["+certs[0].getSubjectX500Principal().getName(javax.security.auth.x500.X500Principal.CANONICAL)+"]");
  118.                 //System.out.println("RFC1779 ["+certs[0].getSubjectX500Principal().getName(javax.security.auth.x500.X500Principal.RFC1779)+"]");
  119.                 //System.out.println("RFC2253 ["+certs[0].getSubjectX500Principal().getName(javax.security.auth.x500.X500Principal.RFC2253)+"]");
  120.                 this.subject = certs[0].getSubjectX500Principal().toString();
  121.                 this.issuer = certs[0].getIssuerX500Principal().toString();
  122.                 List<X509Certificate> chains = new ArrayList<>();
  123.                 if(certs.length > 1){
  124.                     for (int i = 1; i < certs.length; i++) {
  125.                         chains.add(certs[i]);
  126.                     }
  127.                 }
  128.                 this.certificate = new Certificate("transport", certs[0], chains);
  129.             }
  130.         }else{
  131.             if(debug && log!=null){
  132.                 log.info("Certificati non presenti nella richiesta");
  133.             }
  134.         }
  135.         
  136.         // getUserPrincipal (SERVLET API)
  137.         if( req.getUserPrincipal()!=null ){
  138.             this.principal = req.getUserPrincipal();
  139.             this.principalName = this.principal.getName();
  140.         }
  141.     }
  142.     
  143.     
  144.     @Override
  145.     public boolean isUserInRole(String role){
  146.         if(this.httpServletRequest!=null){
  147.             return this.httpServletRequest.isUserInRole(role);
  148.         }
  149.         else{
  150.             throw new NotImplementedException();
  151.         }
  152.     }
  153.     
  154.     @Override
  155.     public Object getAttribute(String attributeName){
  156.         if(this.httpServletRequest!=null){
  157.             return this.httpServletRequest.getAttribute(attributeName);
  158.         }
  159.         else{
  160.             throw new NotImplementedException();
  161.         }
  162.     }

  164. }
Created with JaCoCo 0.8.8.202204050719