Refactor tasks for MobilePhoneSignature login and tests

author: Christian Kollmann <christian.kollmann@a-sit.at> 2021-02-25 07:54:53 +0100
committer: Christian Kollmann <christian.kollmann@a-sit.at> 2021-02-25 13:27:12 +0100
commit: 0c4fe92684a707040fd7536da05945a64b309740 (patch)
tree: e0ecf1d6367b2e110d9f1801506b9d6d6385f750 /eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules
parent: 3338a3dd00fabf28f1de8579535b1626dbe99908 (diff)
download: National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.gz
National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.bz2
National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.zip
2 files changed, 64 insertions, 59 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
index 2a7beb3b..e7a5547a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
@@ -24,12 +24,12 @@
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
 
 import lombok.Data;
+import org.apache.commons.lang3.builder.EqualsBuilder;
 
 @Data
 public class SimpleMobileSignatureData {
 
   private String citizenCountryCode;
-
   private String bpk;
   private String givenName;
   private String familyName;
@@ -37,19 +37,15 @@ public class SimpleMobileSignatureData {
 
   /**
    * Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS.
+   *
    * @param simpleEidasData The extracted eIDAS data
    * @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise.
    */
   public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) {
-    if (!simpleEidasData.getGivenName().equals(givenName)) {
-      return false;
-    }
-    if (!simpleEidasData.getFamilyName().equals(familyName)) {
-      return false;
-    }
-    if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) {
-      return false;
-    }
-    return true;
+    return new EqualsBuilder()
+        .append(simpleEidasData.getGivenName(), givenName)
+        .append(simpleEidasData.getFamilyName(), familyName)
+        .append(simpleEidasData.getDateOfBirth(), dateOfBirth)
+        .isEquals();
   }
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 81be04b5..0f40b337 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -64,7 +64,6 @@ import org.opensaml.messaging.decoder.MessageDecodingException;
 import org.opensaml.saml.saml2.core.Response;
 import org.opensaml.saml.saml2.core.StatusCode;
 import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import javax.servlet.http.HttpServletRequest;
@@ -86,16 +85,12 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.I
  */
 @Slf4j
 @Component("ReceiveMobilePhoneSignatureResponseTask")
-public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask {
+public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServletTask {
 
-  @Autowired
-  private SamlVerificationEngine samlVerificationEngine;
-  @Autowired
-  private RegisterSearchService registerSearchService;
-  @Autowired
-  private IdAustriaClientAuthCredentialProvider credentialProvider;
-  @Autowired
-  IdAustriaClientAuthMetadataProvider metadataProvider;
+  private final SamlVerificationEngine samlVerificationEngine;
+  private final RegisterSearchService registerSearchService;
+  private final IdAustriaClientAuthCredentialProvider credentialProvider;
+  private final IdAustriaClientAuthMetadataProvider metadataProvider;
 
   private static final String ERROR_PVP_03 = "sp.pvp2.03";
   private static final String ERROR_PVP_05 = "sp.pvp2.05";
@@ -107,9 +102,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
 
   private static final String ERROR_MSG_00 = "Receive INVALID PVP Response from ID Austria system";
   private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED.";
-  private static final String ERROR_MSG_02 = "PVP response decrytion FAILED. No credential found.";
+  private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found.";
   private static final String ERROR_MSG_03 = "PVP response validation FAILED.";
 
+  /**
+   * Creates the new task, with autowired dependencies from Spring.
+   */
+  public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine,
+                                                 RegisterSearchService registerSearchService,
+                                                 IdAustriaClientAuthCredentialProvider credentialProvider,
+                                                 IdAustriaClientAuthMetadataProvider metadataProvider) {
+    this.samlVerificationEngine = samlVerificationEngine;
+    this.registerSearchService = registerSearchService;
+    this.credentialProvider = credentialProvider;
+    this.metadataProvider = metadataProvider;
+  }
+
   @Override
   public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
       throws TaskExecutionException {
@@ -118,7 +126,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
       IDecoder decoder = loadDecoder(request);
       EaafUriCompare comparator = loadComparator(request);
       InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator);
-      final Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
+      Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
       if (processedMsg.getSecond()) {
         stopProcessFromUserDecision(executionContext, request, response);
         return;
@@ -138,30 +146,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
        *
        */
 
-      final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+      AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
       MergedRegisterSearchResult initialSearchResult =
           authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class);
       SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class);
+      String bpkZp = extractBpkZp(extractor, authProcessData, eidasData);
 
-      SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
-      if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
-        //TODO User has cheated?
-        throw new InvalidUserInputException();
-      }
-
-      String bpkZp = simpleMobileSignatureData.getBpk();
       MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp);
       if (result.getResultCount() == 0) {
-        //go to step 16
         executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
         return;
       } else if (result.getResultCount() == 1) {
         String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq);
         authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
         return;
-        //node 110
       } else if (result.getResultCount() > 1) {
-        throw new ManualFixNecessaryException("bpkZp: " + bpkZp);// node 108
+        throw new ManualFixNecessaryException("bpkZp: " + bpkZp);
       }
 
       // set NeedConsent to false, because user gives consent during authentication
@@ -180,7 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
       throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
           new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
     } catch (final CredentialsNotAvailableException e) {
-      log.debug("PVP response decrytion FAILED. No credential found.", e);
+      log.debug("PVP response decryption FAILED. No credential found.", e);
       throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
           new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
     } catch (final Exception e) {
@@ -191,6 +191,17 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
     }
   }
 
+  private String extractBpkZp(AssertionAttributeExtractor extractor,
+                              AuthProcessDataWrapper authProcessData,
+                              SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException {
+    SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
+    if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
+      //TODO User has cheated?
+      throw new InvalidUserInputException();
+    }
+    return simpleMobileSignatureData.getBpk();
+  }
+
   @NotNull
   private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response,
                                                 IDecoder decoder, EaafUriCompare comparator) throws Exception {
@@ -297,33 +308,31 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
       throws EaafBuilderException {
     List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
     SimpleMobileSignatureData result = new SimpleMobileSignatureData();
-    try {
-      if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
-        log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
-        throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{MODULE_NAME_FOR_LOGGING});
+    if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
+      log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
+      AssertionValidationExeption e = new AssertionValidationExeption(ERROR_PVP_06,
+          new Object[]{MODULE_NAME_FOR_LOGGING});
+      throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
+    }
+    final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+    for (final String attrName : includedAttrNames) {
+      if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
+        result.setBpk(extractor.getSingleAttributeValue(attrName));
       }
-      final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
-      for (final String attrName : includedAttrNames) {
-        if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
-          result.setBpk(extractor.getSingleAttributeValue(attrName));
-        }
-        if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
-          result.setGivenName(extractor.getSingleAttributeValue(attrName));
-        }
-        if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) {
-          result.setFamilyName(extractor.getSingleAttributeValue(attrName));
-        }
-        if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
-          result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
-        }
-        if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
-          authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
-        }
+      if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
+        result.setGivenName(extractor.getSingleAttributeValue(attrName));
+      }
+      if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) {
+        result.setFamilyName(extractor.getSingleAttributeValue(attrName));
+      }
+      if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
+        result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
+      }
+      if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
+        authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
       }
-      authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
-    } catch (final AssertionValidationExeption e) {
-      throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
     }
+    authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
     return result;
   }
author	Christian Kollmann <christian.kollmann@a-sit.at>	2021-02-25 07:54:53 +0100
committer	Christian Kollmann <christian.kollmann@a-sit.at>	2021-02-25 13:27:12 +0100
commit	0c4fe92684a707040fd7536da05945a64b309740 (patch)
tree	e0ecf1d6367b2e110d9f1801506b9d6d6385f750 /eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules
parent	3338a3dd00fabf28f1de8579535b1626dbe99908 (diff)
download	National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.gz National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.bz2 National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.zip