diff options
| author | Alexander Marsalek <amarsalek@iaik.tugraz.at> | 2021-01-29 09:37:44 +0100 |
|---|---|---|
| committer | Alexander Marsalek <amarsalek@iaik.tugraz.at> | 2021-01-29 09:57:37 +0100 |
| commit | 17ed45c5d47d8b23a36c0088c2922c0f0fefe234 (patch) | |
| tree | 03eda2fa49333698c2af5c7c6324ae2d3aca4b0c | |
| parent | 1791466bba8dc34971be3168ddcbf65b6cb2af98 (diff) | |
| download | National_eIDAS_Gateway-17ed45c5d47d8b23a36c0088c2922c0f0fefe234.tar.gz National_eIDAS_Gateway-17ed45c5d47d8b23a36c0088c2922c0f0fefe234.tar.bz2 National_eIDAS_Gateway-17ed45c5d47d8b23a36c0088c2922c0f0fefe234.zip | |
fixed package name, added JCE
20 files changed, 869 insertions, 23 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 680c528e..f578c52d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -50,6 +50,15 @@ <artifactId>eaaf-core</artifactId> </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_jce_full</artifactId> + <version>5.52_moa</version> +<!-- <groupId>iaik</groupId>--> +<!-- <artifactId>jce_full_signed</artifactId>--> +<!-- <version>5.52</version>--> + </dependency> + <!-- eIDAS reference implemenation libs --> <dependency> <groupId>eu.eidas</groupId> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java new file mode 100644 index 00000000..36ea2440 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java @@ -0,0 +1,9 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants; + +public interface AhAuthProcessDataConstants extends EaafAuthProcessDataConstants { + + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java new file mode 100644 index 00000000..1b20960b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java @@ -0,0 +1,224 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + + +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.util.Map; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import iaik.x509.X509Certificate; + +public class AhAuthProcessDataWrapper extends AuthProcessDataWrapper + implements IAhAuthProcessData, AhAuthProcessDataConstants { + private static final Logger log = LoggerFactory.getLogger(AhAuthProcessDataWrapper.class); + + public static final String VALUE_SIGNER_CERT = "direct_signerCert"; + public static final String VALUE_VDAURL = "direct_bkuUrl"; + + public static final String VALUE_MANDATES_REFVALUE = "direct_mis_refvalue"; + + public static final String VALUE_EID_QCBIND = "direct_eid_qcBind"; + public static final String VALUE_EID_VSZ = "direct_eid_vsz"; + public static final String VALUE_EID_SIGNEDAUTHBLOCK = "direct_eid_authblock"; + public static final String VALUE_EID_SIGNEDAUTHBLOCK_TYPE = "direct_eid_authblock_type"; + public static final String VALUE_EID_MIS_MANDATE = "direct_eid_mis_mandate"; + + public static final String VALUE_INTERNAL_BPK = "direct_internal_bpk"; + public static final String VALUE_INTERNAL_BPKYPE = "direct_internal_bpktype"; + + public static final String VALUE_INTERNAL_MANDATE_ELGA_PROCESS = "direct_is_elga_mandate_process"; + public static final String VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS = "direct_is_vda_auth_process"; + + public AhAuthProcessDataWrapper(final Map<String, Object> authProcessData) { + super(authProcessData); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate() + */ + @Override + public X509Certificate getSignerCertificate() { + final byte[] encCert = getEncodedSignerCertificate(); + + if (encCert != null) { + try { + return new X509Certificate(encCert); + } catch (final CertificateException e) { + log.warn("Signer certificate can not be loaded from session database!", e); + + } + } + return null; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate() + */ + @Override + public byte[] getEncodedSignerCertificate() { + return wrapStoredObject(VALUE_SIGNER_CERT, null, byte[].class); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509. + * X509Certificate) + */ + @Override + public void setSignerCertificate(final java.security.cert.X509Certificate signerCertificate) { + try { + authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded()); + + } catch (final CertificateEncodingException e) { + log.warn("Signer certificate can not be stored to session database!", e); + } + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL() + */ + @Override + public String getVdaUrl() { + return wrapStoredObject(VALUE_VDAURL, null, String.class); + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String) + */ + @Override + public void setVdaUrl(final String vdaUrl) { + authProcessData.put(VALUE_VDAURL, vdaUrl); + + } + + @Override + public String getMandateReferenceValue() { + return wrapStoredObject(VALUE_MANDATES_REFVALUE, null, String.class); + } + + @Override + public void setMandateReferenceValue(final String refValue) { + authProcessData.put(VALUE_MANDATES_REFVALUE, refValue); + + } + + @Override + public String getQcBind() { + return wrapStoredObject(VALUE_EID_QCBIND, null, String.class); + } + + @Override + public void setQcBind(final String qcBind) { + authProcessData.put(VALUE_EID_QCBIND, qcBind); + + } + + @Override + public String getVsz() { + return wrapStoredObject(VALUE_EID_VSZ, null, String.class); + } + + @Override + public void setVsz(final String vsz) { + authProcessData.put(VALUE_EID_VSZ, vsz); + + } + + @Override + public byte[] getSignedAuthBlock() { + return wrapStoredObject(VALUE_EID_SIGNEDAUTHBLOCK, null, byte[].class); + } + + @Override + public void setSignedAuthBlock(final byte[] signedConsent) { + authProcessData.put(VALUE_EID_SIGNEDAUTHBLOCK, signedConsent); + + } + + @Override + public AuthHandlerConstants.AuthBlockType getSignedAuthBlockType() { + return wrapStoredObject(VALUE_EID_SIGNEDAUTHBLOCK_TYPE, AuthHandlerConstants.AuthBlockType.NONE, + AuthHandlerConstants.AuthBlockType.class); + } + + @Override + public void setSignedAuthBlockType(final AuthHandlerConstants.AuthBlockType authBlockType) { + authProcessData.put(VALUE_EID_SIGNEDAUTHBLOCK_TYPE, authBlockType); + + } + + @Override + public ISignedMandate getMandateDate() { + return wrapStoredObject(VALUE_EID_MIS_MANDATE, null, ISignedMandate.class); + + } + + @Override + public void setMandateDate(final ISignedMandate mandateDate) { + authProcessData.put(VALUE_EID_MIS_MANDATE, mandateDate); + + } + + @Override + public String getInternalBpk() { + return wrapStoredObject(VALUE_INTERNAL_BPK, null, String.class); + } + + @Override + public void setInternalBpk(final String bpk) { + authProcessData.put(VALUE_INTERNAL_BPK, bpk); + + } + + @Override + public String getInternalBpkType() { + return wrapStoredObject(VALUE_INTERNAL_BPKYPE, null, String.class); + + } + + @Override + public void setInternalBpkType(final String bpkType) { + authProcessData.put(VALUE_INTERNAL_BPKYPE, bpkType); + + } + + @Override + public boolean isElgaMandateProcess() { + return wrapStoredObject(VALUE_INTERNAL_MANDATE_ELGA_PROCESS, false, Boolean.class); + + } + + @Override + public void setElgaMandateProcess(boolean flag) { + authProcessData.put(VALUE_INTERNAL_MANDATE_ELGA_PROCESS, flag); + + } + + @Override + public boolean isVdaAuthentication() { + return wrapStoredObject(VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS, false, Boolean.class); + + } + + @Override + public void setVdaAuthentication(boolean flag) { + authProcessData.put(VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS, flag); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java index 8dea6df3..b74767de 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java index 9c6929c2..1bbc31e0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; public class AuthHandlerConstants { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java new file mode 100644 index 00000000..bca04369 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java @@ -0,0 +1,10 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +public class EidasAuthEventConstants { + + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203; + public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204; +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java new file mode 100644 index 00000000..47d3d37c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java @@ -0,0 +1,190 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import java.security.cert.X509Certificate; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer; + +public interface IAhAuthProcessData extends IAuthProcessDataContainer { + + /** + * Get the certificate that was used to sign the Consent. + * + * @return {@link X509Certificate} + */ + X509Certificate getSignerCertificate(); + + /** + * Get the certificate that was used to sign the Consent. + * + * @return Serialized certificate + */ + byte[] getEncodedSignerCertificate(); + + /** + * Set the certificate that was used to sign the Consent. + * + * @param signerCertificate Signer certificate of the user + */ + void setSignerCertificate(X509Certificate signerCertificate); + + + /** + * Get URL to VDA that was used for authentication. + * + * @return + */ + String getVdaUrl(); + + /** + * Set URL to VDA that was used for authentication. + * + * @param vdaUrl URL to VDA that was used for authentication + */ + void setVdaUrl(String vdaUrl); + + /** + * Get the reference-value that used to interact with MIS service. + * + * @return + */ + String getMandateReferenceValue(); + + /** + * Set the reference-value that used to interact with MIS service. + * + * @param refValue Mandate reference value + */ + void setMandateReferenceValue(String refValue); + + /** + * Get the qcBind of the user that was received by VDA or other storage during authentication. + * + * @return + */ + String getQcBind(); + + /** + * Set the qcBind of the user that was received by VDA or other storage during authentication. + * + * @param qcBind raw qcBind data-structure (serialized JSON) + */ + void setQcBind(String qcBind); + + /** + * Get the vSZ of the user. + * + * @return + */ + String getVsz(); + + /** + * Set the vSZ of the user. + * + * @param vsz user's encrypted baseId + */ + void setVsz(String vsz); + + /** + * Get the signed AuthBlock of the user. + * + * @return + */ + byte[] getSignedAuthBlock(); + + /** + * Set the signed AuthBlock of the user. + * + * @param authBlock raw signed consent + */ + void setSignedAuthBlock(byte[] authBlock); + + /** + * Get a textual type identifier of the AuthBlock. + * + * @return AuthBlock type + */ + AuthHandlerConstants.AuthBlockType getSignedAuthBlockType(); + + /** + * Set a textual identifier for the type of the AuthBlock. + * + * @param authBlockType AuthBlock type + */ + void setSignedAuthBlockType(final AuthHandlerConstants.AuthBlockType authBlockType); + + /** + * Get the selected mandate of the user that was issued by MIS. + * + * @return + */ + ISignedMandate getMandateDate(); + + /** + * Set the selected mandate of the user that is issued by MIS. + * + * @param signedMandate Raw mandate structure for E-ID backend + */ + void setMandateDate(ISignedMandate signedMandate); + + + /** + * Get bPK for this entity. <br> + * <b>THIS bPK is only for AuthHandler internal usage</b> + * + * @return bPK, or null if no bPK is set + */ + String getInternalBpk(); + + /** + * Get bPK type for this entity. <br> + * <b>THIS bPK is only for AuthHandler internal usage</b> + * + * @return bPKType, or null if no bPKType is set + */ + String getInternalBpkType(); + + /** + * Set the bPK for INTERNAL USAGE of the current entity. + * + * @param bpk bPK for internal usage + */ + void setInternalBpk(String bpk); + + /** + * Set the bPK for INTERNAL USAGE of the current entity. + * + * @param bpkType bPK for internal usage + */ + void setInternalBpkType(String bpkType); + + + /** + * Indicate if the current process uses ELGA mandates. + * + * @return <code>true</code> if ELGA mandates are used, otherwise <code>false</code> + */ + boolean isElgaMandateProcess(); + + /** + * Set flag if the current process is an ELGA mandate process. + * + * @param flag <code>true</code> if it is an ELGA mandate-process, otherwise <code>false</code> + */ + void setElgaMandateProcess(boolean flag); + + + /** + * Indicate if the current process was authenticated by a VDA. + * + * @return <code>true</code> if the current process was authenticated by VDA, otherwise <code>false</code> + */ + boolean isVdaAuthentication(); + + /** + * Set flag that indicates if the current process was authenticated by a VDA. + * + * @param flag <code>true</code> in case of VDA authentication, otherwise <code>false</code> + */ + void setVdaAuthentication(boolean flag); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java index 2a54f541..081b215a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; import java.util.List; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java new file mode 100644 index 00000000..7e3b2aa1 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java @@ -0,0 +1,32 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import java.io.Serializable; +import java.util.Date; + +public interface IRawMandateDao extends Serializable { + + boolean isNaturalPerson(); + + boolean isProfRepresentation(); + + String getIdentifier(); + + String getIdentifierType(); + + String getGivenName(); + + String getFamilyName(); + + Date getDateOfBirth(); + + String getCommonName(); + + String getMandateTypeOid(); + + String getMandateAnnotation(); + + String getMandateId(); + + String getMandateContent(); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java new file mode 100644 index 00000000..edd167fb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java @@ -0,0 +1,19 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +public interface ISignedMandate extends IRawMandateDao { + + /** + * Get the full signed mandate issued by the MIS component. + * + * @return serialized JWS that contains the mandate + */ + String getSignedMandate(); + + /** + * Get formated date-of-birth. + * + * @return date-of-birth as 'yyyy-MM-dd' + */ + String getDateOfBirthFormated(); + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java index 22910614..7d8b9dc8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; import at.gv.egiz.eaaf.core.api.data.EaafConstants; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java index 1aa85e71..69386194 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java index 4b5861e9..93aefb42 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; import java.util.ArrayList; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java index 87886397..a2966c7e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; import java.io.IOException; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java index c0bfa290..46278ad8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; import java.io.IOException; import java.security.KeyStore; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthRequestBuilderConfiguration.java index ddaf872d..65b6a198 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthRequestBuilderConfiguration.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; import java.util.List; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java new file mode 100644 index 00000000..71826d23 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java @@ -0,0 +1,17 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +public class MisException extends EaafException { + + private static final long serialVersionUID = 1L; + + public MisException(final String errorId, final Object[] params) { + super(errorId, params); + } + + public MisException(final String errorId, final Object[] params, final Throwable e) { + super(errorId, params, e); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 5f242c1b..aa8deb2b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -23,11 +23,11 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthRequestBuilderConfiguration; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IAhSpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IAhSpConfiguration; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; @@ -75,9 +75,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet IdAustriaClientAuthCredentialProvider credential; @Autowired IdAustriaClientAuthMetadataProvider metadataService; - // @Autowired - // ITransactionStorage transactionStorage; - @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) @@ -136,9 +133,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response); - //MsEidasNodeConstants.ENDPOINT_PVP_POST - //MsEidasNodeConstants.ENDPOINT_PVP_METADATA - //TODO } catch (final Exception e) { log.error("Initial search FAILED.", e); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index b598cb92..9e6aa7cc 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -29,18 +29,59 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.AhAuthProcessDataWrapper; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.AuthHandlerConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.EidasAuthEventConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.MisException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.messaging.decoder.MessageDecodingException; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.core.StatusCode; +import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.naming.ConfigurationException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; +import java.io.IOException; +import java.util.Arrays; +import java.util.Base64; import java.util.List; +import java.util.Set; /** * Task that searches ErnB and ZMR before adding person to SZR. @@ -51,6 +92,31 @@ import java.util.List; @Component("ReceiveMobilePhoneSignatureResponseTask") public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask { + @Autowired + private SamlVerificationEngine samlVerificationEngine; + @Autowired + private IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired(required = true) + IdAustriaClientAuthMetadataProvider metadataProvider; + + private static final String ERROR_PVP_03 = "sp.pvp2.03"; + private static final String ERROR_PVP_05 = "sp.pvp2.05"; + private static final String ERROR_PVP_06 = "sp.pvp2.06"; + private static final String ERROR_PVP_08 = "sp.pvp2.08"; + private static final String ERROR_PVP_10 = "sp.pvp2.10"; + private static final String ERROR_PVP_11 = "sp.pvp2.11"; + private static final String ERROR_PVP_12 = "sp.pvp2.12"; + + private static final String ERROR_MSG_00 = + "Receive INVALID PVP Response from federated IDP"; + private static final String ERROR_MSG_01 = + "Processing PVP response from 'ms-specific eIDAS node' FAILED."; + private static final String ERROR_MSG_02 = + "PVP response decrytion FAILED. No credential found."; + private static final String ERROR_MSG_03 = + "PVP response validation FAILED."; + + private final IErnpClient ernpClient; private final IZmrClient zmrClient; @@ -71,6 +137,123 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); + + InboundMessage msg = null; + + try { + + IDecoder decoder = null; + EaafUriCompare comperator = null; + // select Response Binding + if (request.getMethod().equalsIgnoreCase("POST")) { + decoder = new PostBinding(); + comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST); + log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding."); + + } else if (request.getMethod().equalsIgnoreCase("GET")) { + decoder = new RedirectBinding(); + comperator = new EaafUriCompare(pendingReq.getAuthUrl() + + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT); + log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding."); + + } else { + log.warn("Receive PVP Response, but Binding (" + + request.getMethod() + ") is not supported."); + throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{ + IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + // decode PVP response object + msg = (InboundMessage) decoder.decode( + request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, + comperator); + + // validate response signature + if (!msg.isVerified()) { + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine( + metadataProvider)); + msg.setVerified(true); + + } + + // validate assertion + final Pair<PvpSProfileResponse, Boolean> processedMsg = + preProcessAuthResponse((PvpSProfileResponse) msg); + + //check if SAML2 response contains user-stop decision + if (processedMsg.getSecond()) { + stopProcessFromUserDecision(executionContext, request, response); + + } else { + // validate entityId of response + final String msNodeEntityID = authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + final String respEntityId = msg.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + log.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ..."); + throw new AuthnResponseValidationException(ERROR_PVP_08, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, + msg.getEntityID()}); + + } + + // initialize Attribute extractor + final AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); + + getAuthDataFromInterfederation(extractor); + + // set NeedConsent to false, because user gives consont during authentication + pendingReq.setNeedUserConsent(false); + + // store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //set E-ID process flag to execution context + final AhAuthProcessDataWrapper session = pendingReq.getSessionData( + AhAuthProcessDataWrapper.class); + executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess()); + executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed()); + + + log.info("Receive a valid assertion from IDP " + msg.getEntityID()); + + } + + } catch (final AuthnResponseValidationException e) { + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); + + } catch (MessageDecodingException | SecurityException | SamlSigningException e) { + //final String samlRequest = request.getParameter("SAMLRequest"); + //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", + // samlRequest, null, e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_00, + new AuthnResponseValidationException(ERROR_PVP_11, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); + + } catch (IOException | MarshallingException | TransformerException e) { + log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_01, + new AuthnResponseValidationException(ERROR_PVP_12, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, + e)); + + } catch (final CredentialsNotAvailableException e) { + log.debug("PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_02, + new AuthnResponseValidationException(ERROR_PVP_10, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e)); + + } catch (final Exception e) { + log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, ERROR_MSG_03, + new AuthnResponseValidationException(ERROR_PVP_12, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); + + } + + //TODO extract bPK-ZP from response String bpkzp = "TODO"; MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); @@ -93,6 +276,165 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } } + private Pair<PvpSProfileResponse, Boolean> preProcessAuthResponse(PvpSProfileResponse msg) + throws IOException, MarshallingException, TransformerException, + CredentialsNotAvailableException, AuthnResponseValidationException, SamlAssertionValidationExeption { + log.debug("Start PVP21 assertion processing... "); + final Response samlResp = (Response) msg.getResponse(); + + // check SAML2 response status-code + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) { + // validate PVP 2.1 assertion + samlVerificationEngine.validateAssertion(samlResp, + credentialProvider.getMessageEncryptionCredential(), + pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA, + IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING); + + msg.setSamlMessage(Saml2Utils.asDomDocument(samlResp).getDocumentElement()); + revisionsLogger.logEvent(pendingReq, + EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + samlResp.getID()); + return Pair.newInstance(msg, false); + + } else { + log.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + + " from 'ms-specific eIDAS node'."); + StatusCode subStatusCode = getSubStatusCode(samlResp); + if (subStatusCode != null + && IdAustriaClientAuthConstants.SAML2_STATUSCODE_USERSTOP.equals(subStatusCode.getValue())) { + log.info("Find 'User-Stop operation' in SAML2 response. Stopping authentication process ... "); + return Pair.newInstance(msg, true); + + } + + revisionsLogger.logEvent(pendingReq, + EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR); + throw new AuthnResponseValidationException(ERROR_PVP_05, + new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, + samlResp.getIssuer().getValue(), + samlResp.getStatus().getStatusCode().getValue(), + samlResp.getStatus().getStatusMessage().getMessage()}); + + } + + } + + /** + * Get SAML2 Sub-StatusCode if not <code>null</code>. + * + * @param samlResp SAML2 response + * @return Sub-StatusCode or <code>null</code> if it's not set + */ + private StatusCode getSubStatusCode(Response samlResp) { + if (samlResp.getStatus().getStatusCode().getStatusCode() != null + && StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) { + return samlResp.getStatus().getStatusCode().getStatusCode(); + } + return null; + } + + private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) + throws EaafBuilderException, ConfigurationException { + + List<String> requiredEidasNodeAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; + if (authConfig.getBasicConfigurationBoolean( + AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) { + log.trace("Build required attributes for legacy operaton ... "); + requiredEidasNodeAttributes = Arrays.asList( + PvpAttributeDefinitions.PVP_VERSION_NAME, + PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME); + + } + + try { + // check if all attributes are include + if (!extractor.containsAllRequiredAttributes() + || !extractor.containsAllRequiredAttributes( + requiredEidasNodeAttributes)) { + log.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes."); + throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{ + IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + // copy attributes into MOASession + final AhAuthProcessDataWrapper session = pendingReq.getSessionData( + AhAuthProcessDataWrapper.class); + final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (final String attrName : includedAttrNames) { + injectAuthInfosIntoSession(session, attrName, + extractor.getSingleAttributeValue(attrName)); + + } + + //set piiTransactionId from eIDAS Connector + String piiTransactionId = extractor.getSingleAttributeValue( + ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME); + if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) { + log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing"); + ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId); + + } else { + log.debug("Receive no piiTransactionId from Austrian eIDAS Connector."); + + } + + // set foreigner flag + session.setForeigner(true); + + // set IssuerInstant from Assertion + session.setIssueInstant(extractor.getAssertionIssuingDate()); + + // set CCE URL + if (extractor.getFullAssertion().getIssuer() != null + && StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) { + session.setVdaUrl(extractor.getFullAssertion().getIssuer().getValue()); + + } else { + session.setVdaUrl("eIDAS_Authentication"); + + } + + } catch (final EaafStorageException | MisException | AssertionValidationExeption | IOException e) { + throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); + + } + } + + private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue) + throws EaafStorageException, MisException, IOException { + log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue); + log.debug("Inject attribute: {} into AuthSession", attrName); + + if (ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME.equals(attrName)) { + log.debug("Find eidasBind attribute. Switching to E-ID mode ... "); + session.setEidProcess(true); + session.setQcBind(attrValue); + // session.setVsz(extractVszFromEidasBind(attrValue)); + //T + + } else if (ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME.equals(attrName)) { + session.setSignedAuthBlock(Base64.getDecoder().decode(attrValue)); + session.setSignedAuthBlockType(AuthHandlerConstants.AuthBlockType.JWS); + + } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { + session.setQaaLevel(attrValue); + + // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName) + // && authConfig.getBasicConfigurationBoolean( + // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { + // session.setMandateDate(new SignedMandateDao(attrValue)); + // session.setUseMandates(true); + // + } else { + session.setGenericDataToSession(attrName, attrValue); + + } + + } + + private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) { List<RegisterResult> resultsZmr = zmrClient.searchWithBpkZp(bpkzp); List<RegisterResult> resultsErnp = ernpClient.searchWithBpkZp(bpkzp); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index c6d69c5d..680ec19c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -135,13 +135,13 @@ scope="prototype" /> <bean id="eidasCentralAuthCredentialProvider" - class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthCredentialProvider" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider" /> <bean id="eidasCentralAuthMetadataProvider" - class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataProvider" /> + class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider" /> <bean id="eidasCentralAuthMetadataController" - class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataController" /> + class=" at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" /> </beans>
\ No newline at end of file |