322. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 12/7/2018 11:36:14 AM Central Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

322.1 Files compared

#	Location	File	Last Modified
1	C:\SCRUB\MHED\MHED\VATS 2.3.0\var-utility-resources-2.3.0@ab955ab4732\VarUtilityResourceIntTest\src\resIntTest\java\gov\va\vamf\scheduling\varutility\clientapi	OauthClient.java	Mon Sep 17 15:51:54 2018 UTC
2	C:\MHED-scrubbed\MHED\MHED\VATS 2.3.0\var-utility-resources-2.3.0@ab955ab4732\VarUtilityResourceIntTest\src\resIntTest\java\gov\va\vamf\scheduling\varutility\clientapi	OauthClient.java	Fri Dec 7 13:26:36 2018 UTC

322.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	5	510
Changed	4	20
Inserted	0	0
Removed	0	0

322.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

322.4 Active regular expressions

No regular expressions were active.

322.5 Comparison detail

	1	package go v.va.vamf. scheduling .varutilit y.clientap i;
	2
	3	import com .agilex.he althcare.u tility.Nul lChecker;
	4	import com .gargoyles oftware.ht mlunit.Bro wserVersio n;
	5	import com .gargoyles oftware.ht mlunit.Ele mentNotFou ndExceptio n;
	6	import com .gargoyles oftware.ht mlunit.Fai lingHttpSt atusCodeEx ception;
	7	import com .gargoyles oftware.ht mlunit.Web Client;
	8	import com .gargoyles oftware.ht mlunit.htm l.*;
	9	import org .apache.lo g4j.Logger ;
	10	import org .springfra mework.htt p.HttpHead ers;
	11	import org .springfra mework.htt p.HttpMeth od;
	12	import org .springfra mework.htt p.HttpStat us;
	13	import org .springfra mework.htt p.Response Entity;
	14	import org .springfra mework.htt p.client.C lientHttpR equest;
	15	import org .springfra mework.htt p.client.C lientHttpR esponse;
	16	import org .springfra mework.htt p.client.H ttpCompone ntsClientH ttpRequest Factory;
	17	import org .springfra mework.sec urity.oaut h2.client. DefaultOAu th2ClientC ontext;
	18	import org .springfra mework.sec urity.oaut h2.client. OAuth2Rest Template;
	19	import org .springfra mework.sec urity.oaut h2.client. token.Acce ssTokenReq uest;
	20	import org .springfra mework.sec urity.oaut h2.client. token.Defa ultAccessT okenReques t;
	21	import org .springfra mework.sec urity.oaut h2.client. token.gran t.code.Aut horization CodeResour ceDetails;
	22	import org .springfra mework.sec urity.oaut h2.common. Authentica tionScheme ;
	23	import org .springfra mework.sec urity.oaut h2.common. OAuth2Acce ssToken;
	24	import org .springfra mework.uti l.LinkedMu ltiValueMa p;
	25	import org .springfra mework.uti l.MultiVal ueMap;
	26	import org .springfra mework.web .client.Re questCallb ack;
	27	import org .springfra mework.web .client.Re sponseErro rHandler;
	28	import org .springfra mework.web .client.Re sponseExtr actor;
	29	import org .springfra mework.web .client.Re stTemplate ;
	30
	31	import jav ax.ws.rs.c ore.UriBui lder;
	32	import jav a.io.IOExc eption;
	33	import jav a.net.Malf ormedURLEx ception;
	34	import jav a.net.URI;
	35	import jav a.net.URIS yntaxExcep tion;
	36	import jav a.util.Arr ays;
	37	import jav a.util.Str ingTokeniz er;
	38
	39	import sta tic org.ju nit.Assert .*;
	40
	41	public cla ss OauthCl ient {
	42
	43	pr ivate stat ic final L ogger LOGG ER = Logge r.getLogge r(OauthCli ent.class) ;
	44	pr ivate stat ic final S tring CLIE NT_SECRET = "client_ secret";
	45	pr ivate stat ic final S tring AUTH _CODE = "c ode";
	46	pr ivate stat ic final S tring GRAN T_TYPE = " grant_type ";
	47	pr ivate stat ic final S tring SCOP E = "scope ";
	48	pr ivate stat ic final S tring REDI RECT_URI = "redirect _uri";
	49	pr ivate stat ic final S tring CLIE NT_ID = "c lient_id";
	50	pr ivate stat ic final S tring STAT E = "state ";
	51	pr ivate stat ic final S tring RESP ONSE_TYPE = "respons e_type";
	52	pr ivate Stri ng redirec tionUri = "http://an ywhere";
	53
	54	pu blic Strin g authenti cate(Authe nticationI nfo authen ticationIn fo, WebCli ent userAg ent) throw s Exceptio n {
	55	Auth orizationR esult auth orizationR esult = au thorize(au thenticati onInfo, us erAgent);
	56	OAut h2AccessTo ken access Token = ge tAccessTok en(authent icationInf o, authori zationResu lt);
	57	retu rn accessT oken.getVa lue();
	58	}
	59
	60	pu blic Autho rizationRe sult autho rize(Authe nticationI nfo authen ticationIn fo, WebCli ent userAg ent) throw s IOExcept ion, Malfo rmedURLExc eption, UR ISyntaxExc eption {
	61	Stri ng stateId = "stateI d";
	62
	63	if ( userAgent == null)
	64	userAg ent = new WebClient( BrowserVer sion.CHROM E);
	65
	66	user Agent.getO ptions().s etThrowExc eptionOnSc riptError( false);
	67
	68	user Agent.getO ptions().s etRedirect Enabled(fa lse);
	69
	70	Stri ng mhpAuth orizeUrl = authentic ationInfo. getAuthori zeUrl();
	71	UriB uilder aut horizeUrlB uilder = U riBuilder. fromPath(m hpAuthoriz eUrl);
	72
	73	URI uri = auth orizeUrlBu ilder.quer yParam(RES PONSE_TYPE , AUTH_COD E).queryPa ram(STATE, stateId). queryParam (CLIENT_ID , authenti cationInfo .getClient Id()).quer yParam(RED IRECT_URI, redirecti onUri).que ryParam(SC OPE, "read ").build() ;
	74
	75	Stri ng authent icationRed irectUri = null;
	76	Html Page confi rmationPag e = null;
	77	try {
	78	confir mationPage = userAge nt.getPage (uri.toStr ing());
	79	} ca tch (Faili ngHttpStat usCodeExce ption e) {
	80	authen ticationRe directUri = e.getRes ponse().ge tResponseH eaderValue ("Location ");
	81	if (e. getRespons e().getSta tusCode() == 404 && authentica tionRedire ctUri == n ull)
	82	throw ne w IllegalS tateExcept ion("404 E rror (is t he service running?) : " + e.ge tMessage() );
	83	}
	84
	85	bool ean denied = false;
	86
	87	if ( NullChecke r.isNotNul lish(authe nticationR edirectUri )) {
	88	HtmlPa ge loginPa ge = userA gent.getPa ge(authent icationRed irectUri);
	89	// sho uld be dir ected to t he login s creen...
	90	HtmlForm l oginForm = loginPage .getF D N S ame("logon Form");
	91	((Html PasswordIn put) login Form.getIn putByName( "j_usernam e")).setVa lueAttribu te(authent icationInf o.getUsern ame());
	92	((Html PasswordIn put) login Form.getIn putByName( "j_passwor d")).setVa lueAttribu te(authent icationInf o.getPassw ord());
	93
	94	HtmlHi ddenInput facilityNa me = null;
	95	HtmlHi ddenInput facilityCo de = null;
	96	String errorMsg = null;
	97	try {
	98	facility Name = (Ht mlHiddenIn put) login Page.getHt mlElementB yId("facil ityName");
	99	facility Code = (Ht mlHiddenIn put) login Page.getHt mlElementB yId("facil ityCode");
	100
	101	if (faci lityName ! = null){
	102	facilityNa me.setValu eAttribute (authentic ationInfo. getFacilit yName());
	103	}
	104	if (faci lityCode ! = null){
	105	facilityCo de.setValu eAttribute (authentic ationInfo. getFacilit yCode());
	106	}
	107	} catc h (Excepti on e) {
	108	// Inten tionally i gnored as vistaLocat ion is not available on Vetera n Login pa ge
	109	LOGGER.e rror("logi nForm elem ent error : " + e.ge tMessage() );
	110	errorMsg = e.getMe ssage();
	111	}
	112
	113	try {
	114	HtmlElem ent button = (HtmlEl ement)logi nPage.crea teElement( "button");
	115	button.s etAttribut e("type", "submit");
	116
	117	loginFor m.appendCh ild(button );
	118	button.c lick();
	119
	120	throw ne w IllegalS tateExcept ion("shoul d have bee n redirect ed to the authorizat ion endpoi nt. " + e rrorMsg);
	121	} catc h (Failing HttpStatus CodeExcept ion e) {
	122	String a uthorizati onRedirect Uri = e.ge tResponse( ).getRespo nseHeaderV alue("Loca tion");
	123
	124	if (auth orizationR edirectUri != null & & authoriz ationRedir ectUri.con tains("den ied"))
	125	denied = t rue;
	126
	127	try {
	128	confirmati onPage = u serAgent.g etPage(aut horization RedirectUr i);
	129
	130	// dev mod e (confirm ation page )
	131	HtmlForm o kForm = co nfirmation Page.getF D N S ame("confi rmationFor m");
	132	((HtmlSubm itInput) o kForm.getI nputByName ("authoriz e")).click ();
	133	} catch (FailingHt tpStatusCo deExceptio n fe) {
	134	// other m odes (no c onfirmatio n page)
	135	authentica tionRedire ctUri = fe .getRespon se().getRe sponseHead erValue("L ocation");
	136	if (fe.get Response() .getStatus Code() == 404 && aut henticatio nRedirectU ri == null )
	137	th row new Il legalState Exception( "404 Error (possible cause was access wa s denied f or that us er): " + f e.getMessa ge());
	138	} catch (ElementNo tFoundExce ption exc) {
	139	if (denied == true)
	140	th row new Il legalState Exception( "Access wa s denied f or that us er.");
	141	else
	142	th row exc;
	143	}
	144	}
	145	}
	146
	147	if ( authentica tionRedire ctUri == n ull) {
	148	if (de nied == tr ue)
	149	throw ne w IllegalS tateExcept ion("No Re direct URI was retur ned after the User w as denied access");
	150	else
	151	throw ne w IllegalS tateExcept ion("No Re direct URI was retur ned after login comp leted");
	152	}
	153	URI redirectio n = new UR I(authenti cationRedi rectUri); //authenti cationRedi rectUriBui lder.build ();
	154
	155	Stri ng code = null;
	156	Stri ng state = null;
	157	for (StringTok enizer que ryTokens = new Strin gTokenizer (redirecti on.getQuer y(), "&=") ; queryTok ens.hasMor eTokens(); ) {
	158	String token = q ueryTokens .nextToken ();
	159	if (AU TH_CODE.eq uals(token )) {
	160	if (code != null) {
	161	fail("shou ldn't have returned more than one code." );
	162	}
	163
	164	code = q ueryTokens .nextToken ();
	165	} else if (STATE .equals(to ken)) {
	166	state = queryToken s.nextToke n();
	167	}
	168	}
	169
	170	asse rtEquals(s tateId, st ate);
	171	asse rtNotNull( code);
	172
	173	Auth orizationR esult auth orizationR esult = ne w Authoriz ationResul t(code, st ate);
	174	retu rn authori zationResu lt;
	175	}
	176
	177	pu blic OAuth 2AccessTok en getAcce ssToken(Au thenticati onInfo aut henticatio nInfo, Aut horization Result aut horization Result) {
	178	MultiValue Map<String , String> f D NS a = new Li nkedMultiV alueMap<St ring, Stri ng>();
	179	f D NS a.add(GRAN T_TYPE, "a uthorizati on_code");
	180	f D NS a.add(CLIE NT_ID, aut henticatio nInfo.getC lientId()) ;
	181	f D NS a.add(SCOP E, "read") ;
	182	f D NS a.add(REDI RECT_URI, redirectio nUri);
	183	f D NS a.add(AUTH _CODE, aut horization Result.get Code());
	184	f D NS a.add(CLIE NT_SECRET, authentic ationInfo. getClientS ecret());
	185
	186	Auth orizationC odeResourc eDetails r esource = new Author izationCod eResourceD etails();
	187
	188	reso urce.setAc cessTokenU ri(authent icationInf o.getToken Url());
	189	reso urce.setCl ientId(aut henticatio nInfo.getC lientId()) ;
	190	reso urce.setSc ope(Arrays .asList("r ead"));
	191	reso urce.setCl ientSecret (authentic ationInfo. getClientS ecret());
	192	reso urce.setCl ientAuthen ticationSc heme(Authe nticationS cheme.quer y);
	193
	194	Acce ssTokenReq uest reque st = new D efaultAcce ssTokenReq uest();
	195	requ est.setAut horization Code(autho rizationRe sult.getCo de());
	196	requ est.setPre servedStat e(new Obje ct());
	197	request.se tAll(f D NS a.toSingle ValueMap() );
	198
	199	OAut h2RestTemp late templ ate = new OAuth2Rest Template(r esource, n ew Default OAuth2Clie ntContext( request));
	200	OAut h2AccessTo ken access Token = te mplate.get AccessToke n();
	201
	202	retu rn accessT oken ;
	203	}
	204
	205	pu blic RestT emplate ge tRestTempl ate() {
	206	Rest Template c lient = ne w RestTemp late();
	207	Http Components ClientHttp RequestFac tory reque stFactory = new Http Components ClientHttp RequestFac tory();
	208	clie nt.setRequ estFactory (requestFa ctory);
	209	clie nt.setErro rHandler(n ew Respons eErrorHand ler() {
	210	public boolean h asError(Cl ientHttpRe sponse res ponse) thr ows IOExce ption {
	211	return f alse;
	212	}
	213
	214	public void hand leError(Cl ientHttpRe sponse res ponse) thr ows IOExce ption {
	215	}
	216	});
	217	retu rn client;
	218	}
	219
	220	pu blic HttpS tatus getS tatusCode( String pat h, final H ttpHeaders headers) {
	221	Requ estCallbac k requestC allback = createRequ estCallbac k(headers) ;
	222
	223	retu rn execute (path, Htt pMethod.GE T, request Callback);
	224	}
	225
	226	pr ivate Requ estCallbac k createRe questCallb ack(final HttpHeader s headers) {
	227	Requ estCallbac k requestC allback = new NullRe questCallb ack();
	228	if ( headers != null) {
	229	reques tCallback = new Requ estCallbac k() {
	230	public v oid doWith Request(Cl ientHttpRe quest requ est) throw s IOExcept ion {
	231	request.ge tHeaders() .putAll(he aders);
	232	}
	233	};
	234	}
	235	retu rn request Callback;
	236	}
	237
	238	pu blic HttpS tatus dele teToken(St ring path, OAuth2Acc essToken a ccessToken ) {
	239	fina l HttpHead ers header s = new Ht tpHeaders( );
	240	head ers.set("A uthorizati on", Strin g.format(" %s %s", OA uth2Access Token.BEAR ER_TYPE, a ccessToken .getValue( )));
	241	Requ estCallbac k requestC allback = createRequ estCallbac k(headers) ;
	242
	243	retu rn execute (path, Htt pMethod.DE LETE, requ estCallbac k);
	244	}
	245
	246	pr ivate Http Status exe cute(Strin g path, Ht tpMethod m ethod, Req uestCallba ck request Callback) {
	247	Http Status sta tusCode = getRestTem plate().ex ecute(path , method, requestCal lback, new ResponseE xtractor<R esponseEnt ity<String >>() {
	248	public ResponseE ntity<Stri ng> extrac tData(Clie ntHttpResp onse respo nse) throw s IOExcept ion {
	249	return n ew Respons eEntity<St ring>(resp onse.getSt atusCode() );
	250	}
	251	}).g etStatusCo de();
	252
	253	retu rn statusC ode;
	254	}
	255
	256
	257	pu blic HttpS tatus getS tatusCode( String pat h) {
	258	retu rn getStat usCode(pat h, null);
	259	}
	260
	261	pr ivate stat ic final c lass NullR equestCall back imple ments Requ estCallbac k {
	262	publ ic void do WithReques t(ClientHt tpRequest request) t hrows IOEx ception {
	263	}
	264	}
	265	}