From aee52550868c56de7f7063e4ca153b031dedecb0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 13 Jul 2018 15:49:38 +0200
Subject: some updates and bugfixes
---
.../eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java | 7 ++++++-
.../eaaf/modules/pvp2/idp/impl/AuthenticationAction.java | 16 ++++++++--------
.../pvp2/idp/impl/builder/PVP2AssertionBuilder.java | 10 +++++-----
3 files changed, 19 insertions(+), 14 deletions(-)
(limited to 'eaaf_modules')
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java
index 1621aa84..2bb2cb10 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/QAALevelVerifier.java
@@ -28,6 +28,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
import java.util.List;
+import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -82,6 +83,10 @@ public class QAALevelVerifier {
}
public static void verifyQAALevel(String qaaAuth, List<String> requiredLoAs, String matchingMode) throws QAANotAllowedException {
+ log.trace("Starting LoA verification: authLoA: " + qaaAuth
+ + " requiredLoA: " + StringUtils.join(requiredLoAs, "|")
+ + " matchingMode: " + matchingMode);
+
boolean hasMatch = false;
for (String loa : requiredLoAs) {
if (verifyQAALevel(qaaAuth, loa, matchingMode))
@@ -90,7 +95,7 @@ public class QAALevelVerifier {
}
if (!hasMatch)
- throw new QAANotAllowedException(qaaAuth, requiredLoAs.toArray().toString(), matchingMode);
+ throw new QAANotAllowedException(qaaAuth, StringUtils.join(requiredLoAs, "|"), matchingMode);
else
log.debug("Requesed LoA fits LoA from authentication. Continue auth process ... ");
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
index 32c2cce7..b6e00709 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -139,17 +139,17 @@ public class AuthenticationAction implements IAction {
sloInformation.setProtocolType(req.requestedModule());
sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
return sloInformation;
-
- } catch (MessageEncodingException e) {
- log.error("Message Encoding exception", e);
- throw new ResponderErrorException("pvp2.01", null, e);
-
- } catch (SecurityException e) {
- log.error("Security exception", e);
+
+ } catch (MessageEncodingException | SecurityException e) {
+ log.warn("Message Encoding exception", e);
throw new ResponderErrorException("pvp2.01", null, e);
} catch (EAAFException e) {
- log.error("Response generation error", e);
+ log.info("Response generation error: Msg: ", e.getMessage());
+ throw new ResponderErrorException(e.getErrorId(), e.getParams(), e);
+
+ } catch (Exception e) {
+ log.warn("Response generation error", e);
throw new ResponderErrorException("pvp2.01", null, e);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java
index 5ef112dd..d049aeb3 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/builder/PVP2AssertionBuilder.java
@@ -156,7 +156,8 @@ public class PVP2AssertionBuilder implements PVPConstants {
//get matching mode from authn. request
String loaMatchingMode = EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
- if (StringUtils.isNotEmpty(reqAuthnContext.getComparison().toString()))
+ if (reqAuthnContext.getComparison() != null &&
+ StringUtils.isNotEmpty(reqAuthnContext.getComparison().toString()))
loaMatchingMode = reqAuthnContext.getComparison().toString();
//get requested LoAs
@@ -172,7 +173,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
if (!qaa_uri.trim().startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) {
if (loaLevelMapper != null) {
- log.debug("Find no eIDAS LoA. Start mapping process ... " );
+ log.debug("Find no eIDAS LoA in AuthnReq. Start mapping process ... " );
eIDASLoaFromRequest.add(loaLevelMapper.mapToeIDASLoA(qaa_uri.trim()));
} else
@@ -356,14 +357,13 @@ public class PVP2AssertionBuilder implements PVPConstants {
SubjectConfirmationData subjectConfirmationData = SAML2Utils
.createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
- subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
-// subjectConfirmationData.setNotBefore(date);
+ subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
//set 'recipient' attribute in subjectConformationData
subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
//set IP address of the user machine as 'Address' attribute in subjectConformationData
- String usersIPAddress = pendingReq.getGenericData(
+ String usersIPAddress = pendingReq.getRawData(
RequestImpl.DATAID_REQUESTER_IP_ADDRESS, String.class);
if (StringUtils.isNotEmpty(usersIPAddress))
subjectConfirmationData.setAddress(usersIPAddress);
--
cgit v1.2.3