Search in sources :

Example 1 with StreamHttpClientConnection

use of org.openecard.transport.httpcore.StreamHttpClientConnection in project open-ecard by ecsec.

the class HttpGetTask method getRequest.

private void getRequest() throws IOException, ConnectionError, URISyntaxException, HttpException {
    TlsConnectionHandler tlsHandler = new TlsConnectionHandler(dispatcher, tokenRequest, connectionHandle);
    tlsHandler.setUpClient();
    // connect the tls endpoint and make a get request
    TlsClientProtocol handler = tlsHandler.createTlsConnection();
    // set up connection to endpoint
    InputStream in = handler.getInputStream();
    OutputStream out = handler.getOutputStream();
    StreamHttpClientConnection conn = new StreamHttpClientConnection(in, out);
    // prepare HTTP connection
    HttpContext ctx = new BasicHttpContext();
    HttpRequestExecutor httpexecutor = new HttpRequestExecutor();
    DefaultConnectionReuseStrategy reuse = new DefaultConnectionReuseStrategy();
    // prepare request
    String resource = tlsHandler.getResource();
    BasicHttpEntityEnclosingRequest req = new BasicHttpEntityEnclosingRequest("GET", resource);
    HttpRequestHelper.setDefaultHeader(req, tlsHandler.getServerAddress());
    req.setHeader("Accept", "text/html, */*;q=0.8");
    req.setHeader("Accept-Charset", "utf-8, *;q=0.8");
    HttpUtils.dumpHttpRequest(LOG, req);
    // send request and receive response
    HttpResponse response = httpexecutor.execute(req, conn, ctx);
    int statusCode = response.getStatusLine().getStatusCode();
    conn.receiveResponseEntity(response);
    HttpEntity entity = response.getEntity();
    byte[] entityData = FileUtils.toByteArray(entity.getContent());
    HttpUtils.dumpHttpResponse(LOG, response, entityData);
    conn.close();
    if (statusCode < 200 || statusCode > 299) {
        throw new ConnectionError(WRONG_SERVER_RESULT, statusCode);
    }
}
Also used : HttpRequestExecutor(org.openecard.apache.http.protocol.HttpRequestExecutor) HttpEntity(org.openecard.apache.http.HttpEntity) InputStream(java.io.InputStream) BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext) OutputStream(java.io.OutputStream) TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol) BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext) HttpContext(org.openecard.apache.http.protocol.HttpContext) DefaultConnectionReuseStrategy(org.openecard.apache.http.impl.DefaultConnectionReuseStrategy) HttpResponse(org.openecard.apache.http.HttpResponse) StreamHttpClientConnection(org.openecard.transport.httpcore.StreamHttpClientConnection) BasicHttpEntityEnclosingRequest(org.openecard.apache.http.message.BasicHttpEntityEnclosingRequest)

Example 2 with StreamHttpClientConnection

use of org.openecard.transport.httpcore.StreamHttpClientConnection in project open-ecard by ecsec.

the class ResourceContext method getStreamInt.

private static ResourceContext getStreamInt(URL url, CertificateValidator v, List<Pair<URL, TlsServerCertificate>> serverCerts, int maxRedirects) throws IOException, ResourceException, ValidationError, InvalidAddressException {
    try {
        DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
        CookieManager cManager = (CookieManager) dynCtx.get(TR03112Keys.COOKIE_MANAGER);
        LOG.info("Trying to load resource from: {}", url);
        if (maxRedirects == 0) {
            throw new ResourceException(MAX_REDIRECTS);
        }
        maxRedirects--;
        String protocol = url.getProtocol();
        String hostname = url.getHost();
        int port = url.getPort();
        if (port == -1) {
            port = url.getDefaultPort();
        }
        String resource = url.getFile();
        resource = resource.isEmpty() ? "/" : resource;
        if (!"https".equals(protocol)) {
            throw new InvalidAddressException(INVALID_ADDRESS);
        }
        // open a TLS connection, retrieve the server certificate and save it
        TlsClientProtocol h;
        DynamicAuthentication tlsAuth = new DynamicAuthentication(hostname);
        // add PKIX validator if not doin nPA auth
        if (isPKIXVerify()) {
            tlsAuth.addCertificateVerifier(new JavaSecVerifier());
        }
        // FIXME: validate certificate chain as soon as a usable solution exists for the trust problem
        // tlsAuth.setCertificateVerifier(new JavaSecVerifier());
        TlsCrypto crypto = new BcTlsCrypto(ReusableSecureRandom.getInstance());
        ClientCertTlsClient tlsClient = new ClientCertDefaultTlsClient(crypto, hostname, true);
        tlsClient.setAuthentication(tlsAuth);
        // connect tls client
        tlsClient.setClientVersion(ProtocolVersion.TLSv12);
        Socket socket = ProxySettings.getDefault().getSocket(protocol, hostname, port);
        h = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream());
        LOG.debug("Performing TLS handshake.");
        h.connect(tlsClient);
        LOG.debug("TLS handshake performed.");
        serverCerts.add(new Pair<>(url, tlsAuth.getServerCertificate()));
        // check result
        CertificateValidator.VerifierResult verifyResult = v.validate(url, tlsAuth.getServerCertificate());
        if (verifyResult == CertificateValidator.VerifierResult.FINISH) {
            List<Pair<URL, TlsServerCertificate>> pairs = Collections.unmodifiableList(serverCerts);
            return new ResourceContext(tlsClient, h, pairs);
        }
        StreamHttpClientConnection conn = new StreamHttpClientConnection(h.getInputStream(), h.getOutputStream());
        HttpContext ctx = new BasicHttpContext();
        HttpRequestExecutor httpexecutor = new HttpRequestExecutor();
        BasicHttpEntityEnclosingRequest req = new BasicHttpEntityEnclosingRequest("GET", resource);
        HttpRequestHelper.setDefaultHeader(req, url);
        req.setHeader("Accept", "text/xml, */*;q=0.8");
        req.setHeader("Accept-Charset", "utf-8, *;q=0.8");
        setCookieHeader(req, cManager, url);
        HttpUtils.dumpHttpRequest(LOG, req);
        LOG.debug("Sending HTTP request.");
        HttpResponse response = httpexecutor.execute(req, conn, ctx);
        storeCookies(response, cManager, url);
        LOG.debug("HTTP response received.");
        StatusLine status = response.getStatusLine();
        int statusCode = status.getStatusCode();
        String reason = status.getReasonPhrase();
        HttpUtils.dumpHttpResponse(LOG, response, null);
        HttpEntity entity = null;
        boolean finished = false;
        if (TR03112Utils.isRedirectStatusCode(statusCode)) {
            Header[] headers = response.getHeaders("Location");
            if (headers.length > 0) {
                String uri = headers[0].getValue();
                url = new URL(uri);
            } else {
                // FIXME: refactor exception handling
                throw new ResourceException(MISSING_LOCATION_HEADER);
            }
        } else if (statusCode >= 400) {
            // according to the HTTP RFC, codes greater than 400 signal errors
            LOG.debug("Received a result code {} '{}' from server.", statusCode, reason);
            throw new InvalidResultStatus(LANG.translationForKey(INVALID_RESULT_STATUS, statusCode, reason));
        } else {
            if (verifyResult == CertificateValidator.VerifierResult.CONTINUE) {
                throw new InvalidAddressException(INVALID_REFRESH_ADDRESS_NOSOP);
            } else {
                conn.receiveResponseEntity(response);
                entity = response.getEntity();
                finished = true;
            }
        }
        // follow next redirect or finish?
        if (finished) {
            assert (entity != null);
            ResourceContext result = new ResourceContext(tlsClient, h, serverCerts);
            LimitedInputStream is = new LimitedInputStream(entity.getContent());
            result.setStream(is);
            return result;
        } else {
            h.close();
            return getStreamInt(url, v, serverCerts, maxRedirects);
        }
    } catch (URISyntaxException ex) {
        throw new IOException(LANG.translationForKey(FAILED_PROXY), ex);
    } catch (HttpException ex) {
        // don't translate this, it is handled in the ActivationAction
        throw new IOException("Invalid HTTP message received.", ex);
    }
}
Also used : HttpRequestExecutor(org.openecard.apache.http.protocol.HttpRequestExecutor) HttpEntity(org.openecard.apache.http.HttpEntity) BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext) LimitedInputStream(org.openecard.common.io.LimitedInputStream) TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol) URISyntaxException(java.net.URISyntaxException) ClientCertTlsClient(org.openecard.crypto.tls.ClientCertTlsClient) StreamHttpClientConnection(org.openecard.transport.httpcore.StreamHttpClientConnection) URL(java.net.URL) TlsCrypto(org.openecard.bouncycastle.tls.crypto.TlsCrypto) BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto) HttpException(org.openecard.apache.http.HttpException) CookieManager(org.openecard.transport.httpcore.cookies.CookieManager) JavaSecVerifier(org.openecard.crypto.tls.verify.JavaSecVerifier) InvalidResultStatus(org.openecard.transport.httpcore.InvalidResultStatus) Pair(org.openecard.common.util.Pair) BasicHttpEntityEnclosingRequest(org.openecard.apache.http.message.BasicHttpEntityEnclosingRequest) BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext) HttpContext(org.openecard.apache.http.protocol.HttpContext) ClientCertDefaultTlsClient(org.openecard.crypto.tls.ClientCertDefaultTlsClient) HttpResponse(org.openecard.apache.http.HttpResponse) BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto) IOException(java.io.IOException) StatusLine(org.openecard.apache.http.StatusLine) Header(org.openecard.apache.http.Header) DynamicAuthentication(org.openecard.crypto.tls.auth.DynamicAuthentication) InvalidAddressException(org.openecard.binding.tctoken.ex.InvalidAddressException) Socket(java.net.Socket) DynamicContext(org.openecard.common.DynamicContext)

Example 3 with StreamHttpClientConnection

use of org.openecard.transport.httpcore.StreamHttpClientConnection in project open-ecard by ecsec.

the class PAOS method openHttpStream.

private StreamHttpClientConnection openHttpStream() throws PAOSConnectionException {
    StreamHttpClientConnection conn;
    try {
        LOG.debug("Opening connection to PAOS server.");
        TlsClientProtocol handler = tlsHandler.createTlsConnection();
        conn = new StreamHttpClientConnection(handler.getInputStream(), handler.getOutputStream());
        LOG.debug("Connection to PAOS server established.");
        return conn;
    } catch (IOException | URISyntaxException ex) {
        throw new PAOSConnectionException(ex);
    }
}
Also used : TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol) IOException(java.io.IOException) URISyntaxException(java.net.URISyntaxException) StreamHttpClientConnection(org.openecard.transport.httpcore.StreamHttpClientConnection)

Example 4 with StreamHttpClientConnection

use of org.openecard.transport.httpcore.StreamHttpClientConnection in project open-ecard by ecsec.

the class PAOS method sendStartPAOS.

/**
 * Sends start PAOS and answers all successor messages to the server associated with this instance.
 * Messages are exchanged until the server replies with a {@code StartPAOSResponse} message.
 *
 * @param message The StartPAOS message which is sent in the first message.
 * @return The {@code StartPAOSResponse} message from the server.
 * @throws DispatcherException In case there errors with the message conversion or the dispatcher.
 * @throws PAOSException In case there were errors in the transport layer.
 * @throws PAOSConnectionException
 */
public StartPAOSResponse sendStartPAOS(StartPAOS message) throws DispatcherException, PAOSException, PAOSConnectionException {
    Object msg = message;
    StreamHttpClientConnection conn = null;
    HttpContext ctx = new BasicHttpContext();
    HttpRequestExecutor httpexecutor = new HttpRequestExecutor();
    DefaultConnectionReuseStrategy reuse = new DefaultConnectionReuseStrategy();
    boolean connectionDropped = false;
    ResponseBaseType lastResponse = null;
    try {
        // loop and send makes a computer happy
        while (true) {
            // set up connection to PAOS endpoint
            // if this one fails we may not continue
            conn = openHttpStream();
            boolean isReusable;
            // send as long as connection is valid
            try {
                do {
                    // save the last message we sent to the eID-Server.
                    if (msg instanceof ResponseBaseType) {
                        lastResponse = (ResponseBaseType) msg;
                    }
                    // prepare request
                    String resource = tlsHandler.getResource();
                    BasicHttpEntityEnclosingRequest req = new BasicHttpEntityEnclosingRequest("POST", resource);
                    HttpRequestHelper.setDefaultHeader(req, tlsHandler.getServerAddress());
                    req.setHeader(HEADER_KEY_PAOS, headerValuePaos);
                    req.setHeader("Accept", "text/xml, application/xml, application/vnd.paos+xml");
                    ContentType reqContentType = ContentType.create("application/vnd.paos+xml", "UTF-8");
                    HttpUtils.dumpHttpRequest(LOG, "before adding content", req);
                    String reqMsgStr = createPAOSResponse(msg);
                    StringEntity reqMsg = new StringEntity(reqMsgStr, reqContentType);
                    req.setEntity(reqMsg);
                    req.setHeader(reqMsg.getContentType());
                    req.setHeader("Content-Length", Long.toString(reqMsg.getContentLength()));
                    // send request and receive response
                    LOG.debug("Sending HTTP request.");
                    HttpResponse response = httpexecutor.execute(req, conn, ctx);
                    LOG.debug("HTTP response received.");
                    int statusCode = response.getStatusLine().getStatusCode();
                    try {
                        checkHTTPStatusCode(statusCode);
                    } catch (PAOSConnectionException ex) {
                        // response with error. So check the status of our last response to the eID-Server
                        if (lastResponse != null) {
                            WSHelper.checkResult(lastResponse);
                        }
                        throw ex;
                    }
                    conn.receiveResponseEntity(response);
                    HttpEntity entity = response.getEntity();
                    byte[] entityData = FileUtils.toByteArray(entity.getContent());
                    HttpUtils.dumpHttpResponse(LOG, response, entityData);
                    // consume entity
                    Object requestObj = processPAOSRequest(new ByteArrayInputStream(entityData));
                    // break when message is startpaosresponse
                    if (requestObj instanceof StartPAOSResponse) {
                        StartPAOSResponse startPAOSResponse = (StartPAOSResponse) requestObj;
                        // an ok.
                        if (lastResponse != null) {
                            WSHelper.checkResult(lastResponse);
                        }
                        WSHelper.checkResult(startPAOSResponse);
                        return startPAOSResponse;
                    }
                    // send via dispatcher
                    msg = dispatcher.deliver(requestObj);
                    // check if connection can be used one more time
                    isReusable = reuse.keepAlive(response, ctx);
                    connectionDropped = false;
                } while (isReusable);
            } catch (IOException ex) {
                if (!connectionDropped) {
                    connectionDropped = true;
                    LOG.warn("PAOS server closed the connection. Trying to connect again.");
                } else {
                    String errMsg = "Error in the link to the PAOS server.";
                    LOG.error(errMsg);
                    throw new PAOSException(DELIVERY_FAILED, ex);
                }
            }
        }
    } catch (HttpException ex) {
        throw new PAOSException(DELIVERY_FAILED, ex);
    } catch (SOAPException ex) {
        throw new PAOSException(SOAP_MESSAGE_FAILURE, ex);
    } catch (MarshallingTypeException ex) {
        throw new PAOSDispatcherException(MARSHALLING_ERROR, ex);
    } catch (InvocationTargetException ex) {
        throw new PAOSDispatcherException(DISPATCHER_ERROR, ex);
    } catch (TransformerException ex) {
        throw new DispatcherException(ex);
    } catch (WSException ex) {
        throw new PAOSException(ex);
    } finally {
        try {
            if (conn != null) {
                conn.close();
            }
        } catch (IOException ex) {
        // throw new PAOSException(ex);
        }
    }
}
Also used : MarshallingTypeException(org.openecard.ws.marshal.MarshallingTypeException) HttpRequestExecutor(org.openecard.apache.http.protocol.HttpRequestExecutor) ContentType(org.openecard.apache.http.entity.ContentType) HttpEntity(org.openecard.apache.http.HttpEntity) BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext) DefaultConnectionReuseStrategy(org.openecard.apache.http.impl.DefaultConnectionReuseStrategy) StartPAOSResponse(iso.std.iso_iec._24727.tech.schema.StartPAOSResponse) StreamHttpClientConnection(org.openecard.transport.httpcore.StreamHttpClientConnection) StringEntity(org.openecard.apache.http.entity.StringEntity) SOAPException(org.openecard.ws.soap.SOAPException) WSException(org.openecard.common.WSHelper.WSException) HttpException(org.openecard.apache.http.HttpException) TransformerException(javax.xml.transform.TransformerException) BasicHttpEntityEnclosingRequest(org.openecard.apache.http.message.BasicHttpEntityEnclosingRequest) BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext) HttpContext(org.openecard.apache.http.protocol.HttpContext) HttpResponse(org.openecard.apache.http.HttpResponse) DispatcherException(org.openecard.common.interfaces.DispatcherException) ResponseBaseType(oasis.names.tc.dss._1_0.core.schema.ResponseBaseType) IOException(java.io.IOException) InvocationTargetException(java.lang.reflect.InvocationTargetException) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 5 with StreamHttpClientConnection

use of org.openecard.transport.httpcore.StreamHttpClientConnection in project open-ecard by ecsec.

the class ChipGateway method openHttpStream.

private void openHttpStream() throws ConnectionError, InvalidRedirectUrlException {
    try {
        LOG.debug("Opening connection to ChipGateway server.");
        TlsClientProtocol handler = tlsHandler.createTlsConnection();
        conn = new StreamHttpClientConnection(handler.getInputStream(), handler.getOutputStream());
        LOG.debug("Connection to ChipGateway server established.");
    } catch (IOException | URISyntaxException ex) {
        throw new ConnectionError(token.finalizeErrorAddress(ResultMinor.COMMUNICATION_ERROR), CONNECTION_OPEN_FAILED, ex);
    }
}
Also used : TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol) ConnectionError(org.openecard.addons.cg.ex.ConnectionError) IOException(java.io.IOException) URISyntaxException(java.net.URISyntaxException) StreamHttpClientConnection(org.openecard.transport.httpcore.StreamHttpClientConnection)

Aggregations

StreamHttpClientConnection (org.openecard.transport.httpcore.StreamHttpClientConnection)5 IOException (java.io.IOException)4 TlsClientProtocol (org.openecard.bouncycastle.tls.TlsClientProtocol)4 URISyntaxException (java.net.URISyntaxException)3 HttpEntity (org.openecard.apache.http.HttpEntity)3 HttpResponse (org.openecard.apache.http.HttpResponse)3 BasicHttpEntityEnclosingRequest (org.openecard.apache.http.message.BasicHttpEntityEnclosingRequest)3 BasicHttpContext (org.openecard.apache.http.protocol.BasicHttpContext)3 HttpContext (org.openecard.apache.http.protocol.HttpContext)3 HttpRequestExecutor (org.openecard.apache.http.protocol.HttpRequestExecutor)3 HttpException (org.openecard.apache.http.HttpException)2 DefaultConnectionReuseStrategy (org.openecard.apache.http.impl.DefaultConnectionReuseStrategy)2 StartPAOSResponse (iso.std.iso_iec._24727.tech.schema.StartPAOSResponse)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 InputStream (java.io.InputStream)1 OutputStream (java.io.OutputStream)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 Socket (java.net.Socket)1 URL (java.net.URL)1 TransformerException (javax.xml.transform.TransformerException)1