3858. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 6/9/2017 3:50:56 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

3858.1 Files compared

#	Location	File	Last Modified
1			Fri Jun 9 19:50:56 2017 UTC
2	eHealth_Exch (eHealth Exchange Enhancements) Build 3 docs & code_May_2017.zip\VAP_CIF_CODE0502.zip\VAP_CIF_CODE0502\VAP_CIF_CODE0502\nvap-server\src\main\java\gov\va\nvap\server\auth	ServiceAuthentication.java	Fri Apr 21 20:03:28 2017 UTC

3858.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	0	0
Changed	0	0
Inserted	1	143
Removed	0	0

3858.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

3858.4 Active regular expressions

No regular expressions were active.

3858.5 Comparison detail

				1		/*
				2		* To chan ge this te mplate, ch oose Tools \| Templat es
				3		* and ope n the temp late in th e editor.
				4		*/
				5		package go v.va.nvap. server.aut h;
				6
				7		import gov .va.nvap.s ervice.aut h.ServiceA udit;
				8		import gov .va.nvap.s ervice.aut h.ServiceA uditDAO;
				9		import gov .va.nvap.s ervice.aut h.ServiceA uthenticat ionExcepti on;
				10		import gov .va.nvap.s ervice.aut h.ServiceP ermission;
				11		import gov .va.nvap.s ervice.aut h.ServiceP ermissionD AO;
				12		import jav a.io.IOExc eption;
				13		import jav a.security .cert.X509 Certificat e;
				14		import jav a.util.Dat e;
				15		import jav a.util.log ging.Level ;
				16		import jav a.util.log ging.Logge r;
				17		import jav a.util.reg ex.Matcher ;
				18		import jav a.util.reg ex.Pattern ;
				19		import jav ax.interce ptor.Inter ceptors;
				20		import jav ax.naming. InvalidNam eException ;
				21		import jav ax.naming. ldap.LdapN ame;
				22		import jav ax.naming. ldap.Rdn;
				23		import jav ax.servlet .http.Http ServletReq uest;
				24		import jav ax.servlet .http.Http ServletRes ponse;
				25		import jav ax.xml.ws. WebService Context;
				26		import jav ax.xml.ws. handler.Me ssageConte xt;
				27		import org .springfra mework.con text.Appli cationCont ext;
				28		import org .springfra mework.ejb .intercept or.SpringB eanAutowir ingInterce ptor;
				29
				30		/**
				31		*
				32		* @author 564685
				33		*/
				34		@Intercept ors(Spring BeanAutowi ringInterc eptor.clas s)
				35		public cla ss Service Authentica tion {
				36
				37		public ServiceAu dit checkA uth(WebSer viceContex t context, Applicati onContext applicatio nContext, String fun ction) thr ows Servic eAuthentic ationExcep tion {
				38		bo olean auth orized = f alse;
				39		Ht tpServletR equest hsr ;
				40		Se rviceAudit sa = new ServiceAud it();
				41		St ring cn = "Unknown";
				42		Se rvicePermi ssionDAO s pdao = app licationCo ntext.getB ean(Servic ePermissio nDAO.class );
				43		tr y {
				44		hsr = (H ttpServlet Request) c ontext.get MessageCon text().get (MessageCo ntext.SERV LET_REQUES T);
				45		sa.setWe bService(h sr.getCont extPath(). substring( 1));
				46		} catch (Ill egalStateE xception e ) {
				47		return n ull; //Int ernal call
				48		}
				49		St ring addre ss = hsr.g etRemoteAd dr();
				50		St ring serve let = hsr. getContext Path();
				51		sa .setEventD ate(new Da te());
				52		sa .setCN(cn) ;
				53		sa .setIp(add ress);
				54		sa .setWebSer vice(serve let.substr ing(1));
				55		sa .setCall(f unction);
				56		sa .setAuthor ized(false );
				57		X5 09Certific ate[] cert s = (X509C ertificate []) hsr.ge tAttribute ("javax.se rvlet.requ est.X509Ce rtificate" );
				58		// if there e xists a ce rificate p arse it
				59		if (certs != null && c erts.lengt h > 0) {
				60		try {
				61		Stri ng dn = ce rts[0].get SubjectDN( ).getName( );
				62
				63		Ldap Name parse r;
				64		pars er = new L dapName(dn );
				65		for (Rdn rdn : parser.ge tRdns()) {
				66		if (rdn.ge tType().eq ualsIgnore Case("CN") ) {
				67		cn = r dn.getValu e().toStri ng();
				68		break;
				69		}
				70		}
				71		if ( cn == null ) {
				72		this.persi st(applica tionContex t, sa);
				73		this.retur nError(con text, "Cer tificate D N does not contain C N");
				74		}
				75		sa.s etCN(cn);
				76		Serv icePermiss ion sp = s pdao.check Authorizat ion(cn);
				77		if ( sp != null && sp.get Enabled()) {
				78		authorized = true;
				79		} el se {
				80		sp = spdao .checkAuth orization( "wildcard ");
				81		if (sp != null && sp .getEnable d()) {
				82		Logger .getLogger (ServiceAu thenticati on.class.g etName()). log(Level. INFO, "(" + cn + ") does not m atch any a llowed Aut horized Se rvice but wildcard i s enabled. ");
				83		author ized = tru e;
				84		}
				85		}
				86		} catch (InvalidNa meExceptio n ex) {
				87		this .persist(a pplication Context, s a);
				88		this .returnErr or(context , "Certifi cate conta ins invali d DN");
				89		}
				90		}
				91		// no certif icate
				92		el se {
				93		//check to see if system is disabled
				94		ServiceP ermission sp = spdao .checkAuth orization( "disable ");
				95		if (sp ! = null && sp.getEnab led()) {
				96		auth orized = t rue;
				97		Logg er.getLogg er(Service Authentica tion.class .getName() ).log(Leve l.INFO, "N o certific ate passed but secur ity is dis abled.");
				98		}
				99		else{
				100		this .persist(a pplication Context, s a);
				101		this .returnErr or(context , "Certifi cate was n ot passed" );
				102		}
				103		}
				104
				105		sa .setAuthor ized(autho rized);
				106		if (!authori zed) {
				107		// Log t he un-auth orized cal l in the d atabase. W e do loggi ng the cal l here to alleviate each of th e calling
				108		// funct ions from having to do this af ter catchi ng the err or that th is functio n raises.
				109		this.per sist(appli cationCont ext, sa);
				110		this.ret urnError(c ontext, "A pplication is not au thorized") ;
				111		}
				112
				113
				114
				115		// return aut horized;
				116		re turn sa;
				117		}
				118
				119		privat e void ret urnError(W ebServiceC ontext con text, Stri ng message ) throws S erviceAuth entication Exception {
				120		Ht tpServletR esponse hs r = (HttpS ervletResp onse) cont ext.getMes sageContex t().get(Me ssageConte xt.SERVLET _RESPONSE) ;
				121		tr y {
				122		hsr.send Error(403, message);
				123		} catch (IOE xception e x) {
				124		Logger.g etLogger(S erviceAuth entication .class.get Name()).lo g(Level.SE VERE, "Una ble to ret urn 403 re sponse");
				125		}
				126		th row new Se rviceAuthe nticationE xception(m essage);
				127		}
				128
				129		public ServiceAu dit persis t(Applicat ionContext applicati onContext, ServiceAu dit servic eAudit) {
				130		Se rviceAudit DAO sadao = applicat ionContext .getBean(S erviceAudi tDAO.class );
				131
				132		tr y {
				133		if (serv iceAudit ! = null) // this will be null if it is an internal ( dev) call as we don' t want to log those
				134		{
				135		sada o.create(s erviceAudi t);
				136		}
				137		} catch (Exc eption ex) {
				138		Logger.g etLogger(S erviceAuth entication .class.get Name()).lo g(Level.SE VERE, "Una ble to sto re service audit", e x);
				139		}
				140
				141		re turn servi ceAudit;
				142		}
				143		}