io.mosip.authentication.common.service.filter

Class BaseAuthFilter

java.lang.Object

io.mosip.authentication.common.service.filter.BaseIDAFilter

io.mosip.authentication.common.service.filter.BaseAuthFilter

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

IdAuthFilter

@Component
public abstract class BaseAuthFilter
extends BaseIDAFilter

The Class BaseAuthFilter - The Base Auth Filter that does all necessary authentication/authorization before allowing the request to the respective controllers.

Author:

Manoj SP, Sanjay Murali

Field Summary

Fields

Modifier and Type	Field and Description
protected PublicKey	publicKey The public key.

Fields inherited from class io.mosip.authentication.common.service.filter.BaseIDAFilter

env, keyManager, mapper

Constructor Summary

Constructors

Constructor and Description
BaseAuthFilter()

Method Summary

Modifier and Type	Method and Description
protected void	authenticateRequest(ResettableStreamHttpServletRequest requestWrapper) authenticateRequest method used to validate the JSON signature pay load and the certificate
protected void	consumeRequest(ResettableStreamHttpServletRequest requestWrapper, Map<String,Object> requestBody) consumeRequest method is used to manipulate the request where the request is first reached and along this all validation are done further after successful decipher.
protected void	decipherAndValidateRequest(ResettableStreamHttpServletRequest requestWrapper, Map<String,Object> requestBody) Decipher and validate request - Method used to decipher the input stream request and validate it using validateDecipheredRequest method.
protected Map<String,Object>	decipherRequest(Map<String,Object> requestBody) decipherRequest method is used to get the deciphered request from the encoded and enciphered request passed by the authenticating partner.
protected static Object	decode(String stringToDecode) Decode method is used to decode the encoded string.
protected Map<String,Object>	encipherResponse(Map<String,Object> responseBody) encipherResponse method is used to encoded and encrypt the response received while returning the KYC response.
protected String	getPayloadFromJwsSingature(String jws)
void	init(javax.servlet.FilterConfig filterConfig)
protected Map<String,Object>	transformResponse(Map<String,Object> responseMap) transformResponse used to manipulate the response if any.
protected abstract void	validateDecipheredRequest(ResettableStreamHttpServletRequest requestWrapper, Map<String,Object> decipherRequest) validateDecipheredRequest - Method used to validate the input stream request by validating the policy, partner and MISP id of the authenticating partner once the request is decoded and deciphered.
protected void	validateRequestHMAC(String requestHMAC, String generatedHMAC) validateRequestHMAC method is used to validate the HMAC of the request with the deciphered request block and requestHMAC received in the request body.
protected boolean	validateRequestSignature(String signature, byte[] requestAsByte) validateSignature method is used to authenticate the request received from the authenticating partner from the pay load received which consists of the JSON signature and certificate .
protected void	verifyJwsData(String jwsSignature)
protected boolean	verifySignature(String jwsSignature)

Methods inherited from class io.mosip.authentication.common.service.filter.BaseIDAFilter

destroy, doFilter, fetchId, getRequestBody, isDate, mapResponse, removeNullOrEmptyFieldsInResponse, setResponseParams, validateId, validateRequest

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

publicKey

protected PublicKey publicKey

The public key.

Constructor Detail

BaseAuthFilter

public BaseAuthFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Overrides:

init in class BaseIDAFilter

Throws:

javax.servlet.ServletException

consumeRequest

protected void consumeRequest(ResettableStreamHttpServletRequest requestWrapper,
                              Map<String,Object> requestBody)
                       throws IdAuthenticationAppException

Description copied from class: BaseIDAFilter

consumeRequest method is used to manipulate the request where the request is first reached and along this all validation are done further after successful decipher.

Overrides:

consumeRequest in class BaseIDAFilter

Parameters:

requestWrapper - ResettableStreamHttpServletRequest

requestBody - the request body

Throws:

IdAuthenticationAppException - the id authentication app exception

decipherAndValidateRequest

protected void decipherAndValidateRequest(ResettableStreamHttpServletRequest requestWrapper,
                                          Map<String,Object> requestBody)
                                   throws IdAuthenticationAppException

Decipher and validate request - Method used to decipher the input stream request and validate it using validateDecipheredRequest method.

Parameters:

requestWrapper - the request wrapper

requestBody - the request body

Throws:

IdAuthenticationAppException - the id authentication app exception

verifyJwsData

protected void verifyJwsData(String jwsSignature)
                      throws IdAuthenticationAppException

Throws:

IdAuthenticationAppException

getPayloadFromJwsSingature

protected String getPayloadFromJwsSingature(String jws)

verifySignature

protected boolean verifySignature(String jwsSignature)

validateDecipheredRequest

protected abstract void validateDecipheredRequest(ResettableStreamHttpServletRequest requestWrapper,
                                                  Map<String,Object> decipherRequest)
                                           throws IdAuthenticationAppException

validateDecipheredRequest - Method used to validate the input stream request by validating the policy, partner and MISP id of the authenticating partner once the request is decoded and deciphered.

Parameters:

requestWrapper - ResettableStreamHttpServletRequest

decipherRequest - the request got after decode and decipher the input stream

Throws:

IdAuthenticationAppException - the id authentication app exception

authenticateRequest

protected void authenticateRequest(ResettableStreamHttpServletRequest requestWrapper)
                            throws IdAuthenticationAppException

Description copied from class: BaseIDAFilter

authenticateRequest method used to validate the JSON signature pay load and the certificate

Specified by:

authenticateRequest in class BaseIDAFilter

Parameters:

requestWrapper - ResettableStreamHttpServletRequest

Throws:

IdAuthenticationAppException - the id authentication app exception

validateRequestSignature

protected boolean validateRequestSignature(String signature,
                                           byte[] requestAsByte)
                                    throws IdAuthenticationAppException

validateSignature method is used to authenticate the request received from the authenticating partner from the pay load received which consists of the JSON signature and certificate .

Parameters:

signature - the JWS serialization received through the request

requestAsByte - the byte array of the request got after decipher

Returns:

true, if successful once the signature is validated

Throws:

IdAuthenticationAppException - the id authentication app exception

decode

protected static Object decode(String stringToDecode)
                        throws IdAuthenticationAppException

Decode method is used to decode the encoded string.

Parameters:

stringToDecode - the encoded string

Returns:

the object the decoded string

Throws:

IdAuthenticationAppException - the id authentication app exception

decipherRequest

protected Map<String,Object> decipherRequest(Map<String,Object> requestBody)
                                      throws IdAuthenticationAppException

decipherRequest method is used to get the deciphered request from the encoded and enciphered request passed by the authenticating partner.

Parameters:

requestBody - the encoded and enciphered request body

Returns:

the map the decoded and deciphered request body

Throws:

IdAuthenticationAppException - the id authentication app exception

encipherResponse

protected Map<String,Object> encipherResponse(Map<String,Object> responseBody)
                                       throws IdAuthenticationAppException

encipherResponse method is used to encoded and encrypt the response received while returning the KYC response.

Parameters:

responseBody - the response received after authentication

Returns:

the map the final encoded and enciphered response

Throws:

IdAuthenticationAppException - the id authentication app exception

transformResponse

protected Map<String,Object> transformResponse(Map<String,Object> responseMap)
                                        throws IdAuthenticationAppException

Description copied from class: BaseIDAFilter

transformResponse used to manipulate the response if any.

Overrides:

transformResponse in class BaseIDAFilter

Parameters:

responseMap - the response map

Returns:

the map

Throws:

IdAuthenticationAppException - the id authentication app exception

validateRequestHMAC

protected void validateRequestHMAC(String requestHMAC,
                                   String generatedHMAC)
                            throws IdAuthenticationAppException

validateRequestHMAC method is used to validate the HMAC of the request with the deciphered request block and requestHMAC received in the request body.

Parameters:

requestHMAC - the requestHMAC received in the request body

generatedHMAC - the generated HMAC computed once the request is decoded and deciphered

Throws:

IdAuthenticationAppException - the id authentication app exception