Search in sources :

Example 1 with WebToken

use of uk.gov.hscic.common.filters.model.WebToken in project gpconnect-demonstrator by nhsconnect.

the class FhirRequestAuthInterceptor method buildRuleList.

@Override
public List<IAuthRule> buildRuleList(RequestDetails requestDetails) {
    WebToken webToken = webTokenFactory.getWebToken(requestDetails, futureRequestLeeway);
    validateClaim(webToken, requestDetails);
    validateIdentifier(webToken, requestDetails);
    return new RuleBuilder().allowAll().build();
}
Also used : RuleBuilder(ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder) WebToken(uk.gov.hscic.common.filters.model.WebToken)

Example 2 with WebToken

use of uk.gov.hscic.common.filters.model.WebToken in project gpconnect-demonstrator by nhsconnect.

the class WebTokenFactory method getWebToken.

WebToken getWebToken(RequestDetails requestDetails, int futureRequestLeeway) {
    WebToken webToken = null;
    String authorizationHeader = requestDetails.getHeader(HttpHeaders.AUTHORIZATION);
    if (null == authorizationHeader) {
        throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException(HttpHeaders.AUTHORIZATION + " header missing"), SystemCode.BAD_REQUEST, IssueType.INVALID);
    }
    String[] authorizationHeaderComponents = authorizationHeader.split(" ");
    if (authorizationHeaderComponents.length != 2 || !"Bearer".equalsIgnoreCase(authorizationHeaderComponents[0])) {
        throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException(HttpHeaders.AUTHORIZATION + " header invalid"), SystemCode.BAD_REQUEST, IssueType.INVALID);
    }
    String contentType = requestDetails.getHeader(HttpHeaders.CONTENT_TYPE);
    if (contentType == null) {
        if (Arrays.asList(RequestTypeEnum.POST, RequestTypeEnum.PUT).contains(requestDetails.getRequestType())) {
            throw OperationOutcomeFactory.buildOperationOutcomeException(new UnclassifiedServerFailureException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, "No content media type set"), SystemCode.BAD_REQUEST, IssueType.INCOMPLETE);
        }
    } else if (!CONTENT_TYPES.contains(contentType.split(";")[0])) {
        throw OperationOutcomeFactory.buildOperationOutcomeException(new UnclassifiedServerFailureException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, "Unsupported content media type"), SystemCode.BAD_REQUEST, IssueType.INVALID);
    }
    String[] formatParam = requestDetails.getParameters().get("_format");
    String acceptHeader = null == formatParam ? requestDetails.getHeader(HttpHeaders.ACCEPT) : formatParam[0];
    // If it's still null, use the Content-Type header value
    if (null == acceptHeader) {
        acceptHeader = contentType;
    }
    if (acceptHeader == null || !CONTENT_TYPES.contains(acceptHeader.split(";")[0])) {
        throw OperationOutcomeFactory.buildOperationOutcomeException(new UnclassifiedServerFailureException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, "Unsupported accept media type"), SystemCode.BAD_REQUEST, IssueType.INVALID);
    }
    try {
        if (authorizationHeaderComponents[1].contains("==") || authorizationHeaderComponents[1].contains("/") || authorizationHeaderComponents[1].contains("+")) {
            throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException("JWT must be encoded using Base64URL. Padding is not allowed"), SystemCode.BAD_REQUEST, IssueType.INVALID);
        }
        String claimsJsonString = new String(Base64.getDecoder().decode(authorizationHeaderComponents[1].split("\\.")[1]));
        webToken = new ObjectMapper().readValue(claimsJsonString, WebToken.class);
        jwtParseResourcesValidation(claimsJsonString);
    } catch (IllegalArgumentException iae) {
        throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException("Not Base 64"), SystemCode.BAD_REQUEST, IssueType.INVALID);
    } catch (IOException ex) {
        throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException("Invalid WebToken"), SystemCode.BAD_REQUEST, IssueType.INVALID);
    }
    WebTokenValidator.validateWebToken(webToken, futureRequestLeeway);
    return webToken;
}
Also used : UnclassifiedServerFailureException(ca.uhn.fhir.rest.server.exceptions.UnclassifiedServerFailureException) InvalidRequestException(ca.uhn.fhir.rest.server.exceptions.InvalidRequestException) IOException(java.io.IOException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) WebToken(uk.gov.hscic.common.filters.model.WebToken)

Aggregations

WebToken (uk.gov.hscic.common.filters.model.WebToken)2 InvalidRequestException (ca.uhn.fhir.rest.server.exceptions.InvalidRequestException)1 UnclassifiedServerFailureException (ca.uhn.fhir.rest.server.exceptions.UnclassifiedServerFailureException)1 RuleBuilder (ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 IOException (java.io.IOException)1