From aee52550868c56de7f7063e4ca153b031dedecb0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Jul 2018 15:49:38 +0200 Subject: some updates and bugfixes --- .../eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java | 7 ++++++- .../eaaf/modules/pvp2/idp/impl/AuthenticationAction.java | 16 ++++++++-------- .../pvp2/idp/impl/builder/PVP2AssertionBuilder.java | 10 +++++----- 3 files changed, 19 insertions(+), 14 deletions(-) (limited to 'eaaf_modules') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java index 1621aa84..2bb2cb10 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java @@ -28,6 +28,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.util.List; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -82,6 +83,10 @@ public class QAALevelVerifier { } public static void verifyQAALevel(String qaaAuth, List requiredLoAs, String matchingMode) throws QAANotAllowedException { + log.trace("Starting LoA verification: authLoA: " + qaaAuth + + " requiredLoA: " + StringUtils.join(requiredLoAs, "|") + + " matchingMode: " + matchingMode); + boolean hasMatch = false; for (String loa : requiredLoAs) { if (verifyQAALevel(qaaAuth, loa, matchingMode)) @@ -90,7 +95,7 @@ public class QAALevelVerifier { } if (!hasMatch) - throw new QAANotAllowedException(qaaAuth, requiredLoAs.toArray().toString(), matchingMode); + throw new QAANotAllowedException(qaaAuth, StringUtils.join(requiredLoAs, "|"), matchingMode); else log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... "); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index 32c2cce7..b6e00709 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -139,17 +139,17 @@ public class AuthenticationAction implements IAction { sloInformation.setProtocolType(req.requestedModule()); sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier()); return sloInformation; - - } catch (MessageEncodingException e) { - log.error("Message Encoding exception", e); - throw new ResponderErrorException("pvp2.01", null, e); - - } catch (SecurityException e) { - log.error("Security exception", e); + + } catch (MessageEncodingException | SecurityException e) { + log.warn("Message Encoding exception", e); throw new ResponderErrorException("pvp2.01", null, e); } catch (EAAFException e) { - log.error("Response generation error", e); + log.info("Response generation error: Msg: ", e.getMessage()); + throw new ResponderErrorException(e.getErrorId(), e.getParams(), e); + + } catch (Exception e) { + log.warn("Response generation error", e); throw new ResponderErrorException("pvp2.01", null, e); } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java index 5ef112dd..d049aeb3 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java @@ -156,7 +156,8 @@ public class PVP2AssertionBuilder implements PVPConstants { //get matching mode from authn. request String loaMatchingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM; - if (StringUtils.isNotEmpty(reqAuthnContext.getComparison().toString())) + if (reqAuthnContext.getComparison() != null && + StringUtils.isNotEmpty(reqAuthnContext.getComparison().toString())) loaMatchingMode = reqAuthnContext.getComparison().toString(); //get requested LoAs @@ -172,7 +173,7 @@ public class PVP2AssertionBuilder implements PVPConstants { if (!qaa_uri.trim().startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) { if (loaLevelMapper != null) { - log.debug("Find no eIDAS LoA. Start mapping process ... " ); + log.debug("Find no eIDAS LoA in AuthnReq. Start mapping process ... " ); eIDASLoaFromRequest.add(loaLevelMapper.mapToeIDASLoA(qaa_uri.trim())); } else @@ -356,14 +357,13 @@ public class PVP2AssertionBuilder implements PVPConstants { SubjectConfirmationData subjectConfirmationData = SAML2Utils .createSAMLObject(SubjectConfirmationData.class); subjectConfirmationData.setInResponseTo(authnRequest.getID()); - subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime())); -// subjectConfirmationData.setNotBefore(date); + subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime())); //set 'recipient' attribute in subjectConformationData subjectConfirmationData.setRecipient(assertionConsumerService.getLocation()); //set IP address of the user machine as 'Address' attribute in subjectConformationData - String usersIPAddress = pendingReq.getGenericData( + String usersIPAddress = pendingReq.getRawData( RequestImpl.DATAID_REQUESTER_IP_ADDRESS, String.class); if (StringUtils.isNotEmpty(usersIPAddress)) subjectConfirmationData.setAddress(usersIPAddress); -- cgit v1.2.3