diff options
| author | Thomas <> | 2022-03-09 18:41:35 +0100 | 
|---|---|---|
| committer | Thomas <> | 2022-03-09 18:41:35 +0100 | 
| commit | b59cc11d18d0c711aae7c5adca9ac6cc48664fc2 (patch) | |
| tree | 10bce5b72280d644acf677a8e6a0c98d173d221c | |
| parent | 4ce8b6eb491f93702860f3b2117637aa7d96edac (diff) | |
| download | National_eIDAS_Gateway-b59cc11d18d0c711aae7c5adca9ac6cc48664fc2.tar.gz National_eIDAS_Gateway-b59cc11d18d0c711aae7c5adca9ac6cc48664fc2.tar.bz2 National_eIDAS_Gateway-b59cc11d18d0c711aae7c5adca9ac6cc48664fc2.zip | |
feature(eidas): add optional parameter to support more-than-one MS-Connector stage
# Conflicts:
#	modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
#	modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
2 files changed, 93 insertions, 47 deletions
| diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 2c4654ad..9ceb08ee 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -131,7 +131,6 @@ public class Constants {        CONIG_PROPS_EIDAS_SZRCLIENT + ".revisionlog.eidmapping.active";    public static final String DEFAULT_MS_NODE_COUNTRY_CODE = "AT"; -    @Deprecated    public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL = diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index 8d5df99f..c918b7a4 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -23,11 +23,16 @@  package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.io.IOException; +  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils;  import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext;  import org.springframework.stereotype.Component; +import org.springframework.web.util.UriComponentsBuilder;  import at.asitplus.eidas.specific.core.MsConnectorEventCodes;  import at.asitplus.eidas.specific.core.MsEidasNodeConstants; @@ -41,7 +46,13 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;  import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;  import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;  import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import eu.eidas.auth.commons.EidasParameterKeys;  import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.BinaryLightTokenHelper; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;  import lombok.extern.slf4j.Slf4j;  @Slf4j @@ -49,6 +60,9 @@ import lombok.extern.slf4j.Slf4j;  public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {    @Autowired +  ApplicationContext context; +   +  @Autowired    private IConfiguration basicConfig;    @Autowired    private EidasAttributeRegistry attrRegistry; @@ -65,54 +79,18 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {        } -      log.debug("Receive eIDAS response with RespId:" + eidasResponse.getId() + " for ReqId:" + eidasResponse -          .getInResponseToId()); -      log.trace("Full eIDAS-Resp: " + eidasResponse.toString()); -      revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse -          .getId()); - -      // check response StatusCode -      if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { -        log.info("Receice eIDAS Response with StatusCode:" + eidasResponse.getStatus().getStatusCode() -            + " Subcode:" + eidasResponse.getStatus().getSubStatusCode() + " Msg:" + eidasResponse.getStatus() -                .getStatusMessage()); -        throw new EidasSAuthenticationException("eidas.02", new Object[] { eidasResponse.getStatus() -            .getStatusCode(), eidasResponse.getStatus().getStatusMessage() }); - +      String stagingEndpoint = pendingReq.getRawData( +          MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class);       +      if (StringUtils.isNotEmpty(stagingEndpoint)) { +        log.info("Find ms-connector staging to: {}. Forwarding to that endpoint ... ", stagingEndpoint); +        forwardToOtherStage(response, executionContext, eidasResponse, stagingEndpoint); +                 +      } else { +        executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, false); +        processResponseOnThatStage(executionContext, eidasResponse); +                } - -      // extract all Attributes from response - -      // ********************************************************** -      // ******* MS-specificresponse validation ********** -      // ********************************************************** -      final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, -          Constants.DEFAULT_MS_NODE_COUNTRY_CODE); -      final String citizenCountryCode = (String) executionContext.get( -          MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); -      EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, -          attrRegistry); - -      // ********************************************************** -      // ******* Store resonse infos into session object ********** -      // ********************************************************** - -      // update MOA-Session data with received information -      log.debug("Store eIDAS response information into pending-request."); -      final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class); -      authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); -      authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); - -      //inject set flag to inject  -      authProcessData.setTestIdentity( -          basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false)); -             -      // store MOA-session to database -      requestStoreage.storePendingRequest(pendingReq); - -      revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID); -      } catch (final EaafException e) {        revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID);        throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); @@ -124,7 +102,76 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {            new EidasSAuthenticationException("eidas.05", new Object[] { e.getMessage() }, e));      } +  } + +  private void forwardToOtherStage(HttpServletResponse response, ExecutionContext executionContext,  +      ILightResponse eidasResponse, String stagingEndpoint) throws SpecificCommunicationException, IOException { +    executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, true); +     +    final SpecificCommunicationService specificConnectorCommunicationService = +        (SpecificCommunicationService) context.getBean( +            SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); +    BinaryLightToken token = specificConnectorCommunicationService.putResponse(eidasResponse); +    final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);     +     +    final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(stagingEndpoint); +    redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); + +    log.debug("Forward to other stage .... "); +    response.sendRedirect(redirectUrl.build().encode().toString()); +        +  } + +  private void processResponseOnThatStage(ExecutionContext executionContext, ILightResponse eidasResponse)  +      throws EaafException { +    log.debug("Receive eIDAS response with RespId:" + eidasResponse.getId() + " for ReqId:" + eidasResponse +        .getInResponseToId()); +    log.trace("Full eIDAS-Resp: " + eidasResponse.toString()); +    revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse +        .getId()); + +    // check response StatusCode +    if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { +      log.info("Receice eIDAS Response with StatusCode:" + eidasResponse.getStatus().getStatusCode() +          + " Subcode:" + eidasResponse.getStatus().getSubStatusCode() + " Msg:" + eidasResponse.getStatus() +              .getStatusMessage()); +      throw new EidasSAuthenticationException("eidas.02", new Object[] { eidasResponse.getStatus() +          .getStatusCode(), eidasResponse.getStatus().getStatusMessage() }); + +    } +    // extract all Attributes from response + +    // ********************************************************** +    // ******* MS-specificresponse validation ********** +    // ********************************************************** +    final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, +        "AT"); +    final String citizenCountryCode = (String) executionContext.get( +        MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); +    EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, +        attrRegistry); + +    // ********************************************************** +    // ******* Store resonse infos into session object ********** +    // ********************************************************** + +    // update MOA-Session data with received information +    log.debug("Store eIDAS response information into pending-request."); +    final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class); +    authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); +    authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + +     +    //inject set flag to inject  +    authProcessData.setTestIdentity( +        basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false)); +           +    // store MOA-session to database +    requestStoreage.storePendingRequest(pendingReq); + +    revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID); +        }  } | 
