SecretDecoder.java

/*
 * GovWay - A customizable API Gateway
 * https://govway.org
 *
 * Copyright (c) 2005-2025 Link.it srl (https://link.it).
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 3, as published by
 * the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
package org.openspcoop2.web.ctrlstat.servlet.utils;

import java.io.ByteArrayOutputStream;
import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.openspcoop2.core.byok.BYOKUtilities;
import org.openspcoop2.utils.transport.http.HttpConstants;
import org.openspcoop2.utils.transport.http.HttpRequestMethod;
import org.openspcoop2.web.ctrlstat.core.ControlStationCore;
import org.openspcoop2.web.lib.mvc.MessageType;
import org.openspcoop2.web.lib.mvc.PageData;
import org.openspcoop2.web.lib.mvc.ServletUtils;
import org.openspcoop2.web.lib.mvc.byok.LockUtilities;

/**
 * SecretDecoder
 *
 * @author Andrea Poli (apoli@link.it)
 * @author Giuliano Pintori (giuliano.pintori@link.it)
 * @author $Author$
 * @version $Rev$, $Date$
 *
 */
public class SecretDecoder extends HttpServlet {

    private static final long serialVersionUID = 1L;

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        this.processRequest(req, resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        try {
            IOUtils.copy(req.getInputStream(), baos);
        }catch(Exception e){
            ControlStationCore.logError("Errore durante la ricerca delle informazioni oggetto: "+e.getMessage(), e);
            return;
        }           

        this.processRequest(req, resp);
    }

    private void processRequest(HttpServletRequest request, HttpServletResponse response) {
        String risposta = "";
        String messaggioEsito = null;
        String messageType = null;
        response.setContentType(HttpConstants.CONTENT_TYPE_JSON);
        
        try(ByteArrayOutputStream baosPayload = new ByteArrayOutputStream();){
            HttpRequestMethod httpRequestMethod = HttpRequestMethod.valueOf(request.getMethod().toUpperCase()); 

            if(httpRequestMethod.equals(HttpRequestMethod.POST)) { // copia del payload
                IOUtils.copy(request.getInputStream(), baosPayload);
            }

            HttpSession session = request.getSession(true);
            PageData pd = new PageData();
            UtilsHelper registroHelper = new UtilsHelper(request, pd, session);
            ControlStationCore core = registroHelper.getCore();
            
            String secretToUnwrap = registroHelper.getParameter(UtilsCostanti.PARAMETRO_SECRET_TO_UNWRAP);
            
            // Viaggia comunque un valore cifrato, quindi il caso della informazione in chiaro non è riconoscibile
            if (core.getDriverBYOKUtilities().isEnabledBYOK()) {
                StringBuilder sb = new StringBuilder();
                ControlStationCore.logInfo("SecretDecoder: secretToUnwrap: " + secretToUnwrap);
                String messaggioInformativoInformazioneNonCifrata = core.getNotaInformativaInformazioneMemorizzataInChiaro();
                if(BYOKUtilities.isWrappedValue(secretToUnwrap)) {
                    if(!core.getDriverBYOKUtilities().isWrappedWithActivePolicy(secretToUnwrap)) {
                        LockUtilities.appendErrorMessageSecurityPolicyDifferente(core.getNotaInformativaInformazioneCifrataSecurityPolicyDifferente(), sb, secretToUnwrap);
                    }
                }
                else if(messaggioInformativoInformazioneNonCifrata!=null && StringUtils.isNotEmpty(messaggioInformativoInformazioneNonCifrata)) {
                    sb.append(messaggioInformativoInformazioneNonCifrata);
                }
                
                if(sb.length()>0) {
                    sb.append("\n\nValore in chiaro: ");
                }
                messaggioEsito = core.getDriverBYOKUtilities().unwrap(secretToUnwrap);
                messageType = MessageType.INFO.toString();
            }
            else {
                messaggioEsito = "ERROR: BYOK Unitialized";
                messageType = MessageType.ERROR.toString();
            }
        }catch(Exception e){
            ControlStationCore.logError("Errore durante la decodifica: "+e.getMessage(), e);
            messaggioEsito = UtilsCostanti.MESSAGGIO_ERRORE_UNWRAP;
            messageType = MessageType.ERROR.toString();
        } finally {
            risposta = ServletUtils.getJson(ServletUtils.getJsonPair(UtilsCostanti.KEY_ESITO, messageType), ServletUtils.getJsonPair(UtilsCostanti.KEY_DETTAGLIO_ESITO, messaggioEsito));
            try {
                ServletOutputStream outputStream = response.getOutputStream();
                outputStream.write(risposta.getBytes());
            }catch(Exception eErr){
                ControlStationCore.logError("Errore durante la serializzazione dell'errore di decodifica: "+eErr.getMessage(), eErr);
            }
        }
    }
}