aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java
diff options
context:
space:
mode:
authorAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-01-29 09:37:44 +0100
committerAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-01-29 09:57:37 +0100
commit17ed45c5d47d8b23a36c0088c2922c0f0fefe234 (patch)
tree03eda2fa49333698c2af5c7c6324ae2d3aca4b0c /eidas_modules/authmodule-eIDAS-v2/src/main/java
parent1791466bba8dc34971be3168ddcbf65b6cb2af98 (diff)
downloadNational_eIDAS_Gateway-17ed45c5d47d8b23a36c0088c2922c0f0fefe234.tar.gz
National_eIDAS_Gateway-17ed45c5d47d8b23a36c0088c2922c0f0fefe234.tar.bz2
National_eIDAS_Gateway-17ed45c5d47d8b23a36c0088c2922c0f0fefe234.zip
fixed package name, added JCE
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java9
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java224
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java)2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java)2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java10
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java190
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java)2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java32
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java19
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java)2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java)2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java)2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java)2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java)2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthRequestBuilderConfiguration.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java)2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java17
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java16
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java342
18 files changed, 857 insertions, 20 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java
new file mode 100644
index 00000000..36ea2440
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataConstants.java
@@ -0,0 +1,9 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants;
+
+public interface AhAuthProcessDataConstants extends EaafAuthProcessDataConstants {
+
+
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java
new file mode 100644
index 00000000..1b20960b
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhAuthProcessDataWrapper.java
@@ -0,0 +1,224 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import iaik.x509.X509Certificate;
+
+public class AhAuthProcessDataWrapper extends AuthProcessDataWrapper
+ implements IAhAuthProcessData, AhAuthProcessDataConstants {
+ private static final Logger log = LoggerFactory.getLogger(AhAuthProcessDataWrapper.class);
+
+ public static final String VALUE_SIGNER_CERT = "direct_signerCert";
+ public static final String VALUE_VDAURL = "direct_bkuUrl";
+
+ public static final String VALUE_MANDATES_REFVALUE = "direct_mis_refvalue";
+
+ public static final String VALUE_EID_QCBIND = "direct_eid_qcBind";
+ public static final String VALUE_EID_VSZ = "direct_eid_vsz";
+ public static final String VALUE_EID_SIGNEDAUTHBLOCK = "direct_eid_authblock";
+ public static final String VALUE_EID_SIGNEDAUTHBLOCK_TYPE = "direct_eid_authblock_type";
+ public static final String VALUE_EID_MIS_MANDATE = "direct_eid_mis_mandate";
+
+ public static final String VALUE_INTERNAL_BPK = "direct_internal_bpk";
+ public static final String VALUE_INTERNAL_BPKYPE = "direct_internal_bpktype";
+
+ public static final String VALUE_INTERNAL_MANDATE_ELGA_PROCESS = "direct_is_elga_mandate_process";
+ public static final String VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS = "direct_is_vda_auth_process";
+
+ public AhAuthProcessDataWrapper(final Map<String, Object> authProcessData) {
+ super(authProcessData);
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
+ */
+ @Override
+ public X509Certificate getSignerCertificate() {
+ final byte[] encCert = getEncodedSignerCertificate();
+
+ if (encCert != null) {
+ try {
+ return new X509Certificate(encCert);
+ } catch (final CertificateException e) {
+ log.warn("Signer certificate can not be loaded from session database!", e);
+
+ }
+ }
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate()
+ */
+ @Override
+ public byte[] getEncodedSignerCertificate() {
+ return wrapStoredObject(VALUE_SIGNER_CERT, null, byte[].class);
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.
+ * X509Certificate)
+ */
+ @Override
+ public void setSignerCertificate(final java.security.cert.X509Certificate signerCertificate) {
+ try {
+ authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
+
+ } catch (final CertificateEncodingException e) {
+ log.warn("Signer certificate can not be stored to session database!", e);
+ }
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL()
+ */
+ @Override
+ public String getVdaUrl() {
+ return wrapStoredObject(VALUE_VDAURL, null, String.class);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String)
+ */
+ @Override
+ public void setVdaUrl(final String vdaUrl) {
+ authProcessData.put(VALUE_VDAURL, vdaUrl);
+
+ }
+
+ @Override
+ public String getMandateReferenceValue() {
+ return wrapStoredObject(VALUE_MANDATES_REFVALUE, null, String.class);
+ }
+
+ @Override
+ public void setMandateReferenceValue(final String refValue) {
+ authProcessData.put(VALUE_MANDATES_REFVALUE, refValue);
+
+ }
+
+ @Override
+ public String getQcBind() {
+ return wrapStoredObject(VALUE_EID_QCBIND, null, String.class);
+ }
+
+ @Override
+ public void setQcBind(final String qcBind) {
+ authProcessData.put(VALUE_EID_QCBIND, qcBind);
+
+ }
+
+ @Override
+ public String getVsz() {
+ return wrapStoredObject(VALUE_EID_VSZ, null, String.class);
+ }
+
+ @Override
+ public void setVsz(final String vsz) {
+ authProcessData.put(VALUE_EID_VSZ, vsz);
+
+ }
+
+ @Override
+ public byte[] getSignedAuthBlock() {
+ return wrapStoredObject(VALUE_EID_SIGNEDAUTHBLOCK, null, byte[].class);
+ }
+
+ @Override
+ public void setSignedAuthBlock(final byte[] signedConsent) {
+ authProcessData.put(VALUE_EID_SIGNEDAUTHBLOCK, signedConsent);
+
+ }
+
+ @Override
+ public AuthHandlerConstants.AuthBlockType getSignedAuthBlockType() {
+ return wrapStoredObject(VALUE_EID_SIGNEDAUTHBLOCK_TYPE, AuthHandlerConstants.AuthBlockType.NONE,
+ AuthHandlerConstants.AuthBlockType.class);
+ }
+
+ @Override
+ public void setSignedAuthBlockType(final AuthHandlerConstants.AuthBlockType authBlockType) {
+ authProcessData.put(VALUE_EID_SIGNEDAUTHBLOCK_TYPE, authBlockType);
+
+ }
+
+ @Override
+ public ISignedMandate getMandateDate() {
+ return wrapStoredObject(VALUE_EID_MIS_MANDATE, null, ISignedMandate.class);
+
+ }
+
+ @Override
+ public void setMandateDate(final ISignedMandate mandateDate) {
+ authProcessData.put(VALUE_EID_MIS_MANDATE, mandateDate);
+
+ }
+
+ @Override
+ public String getInternalBpk() {
+ return wrapStoredObject(VALUE_INTERNAL_BPK, null, String.class);
+ }
+
+ @Override
+ public void setInternalBpk(final String bpk) {
+ authProcessData.put(VALUE_INTERNAL_BPK, bpk);
+
+ }
+
+ @Override
+ public String getInternalBpkType() {
+ return wrapStoredObject(VALUE_INTERNAL_BPKYPE, null, String.class);
+
+ }
+
+ @Override
+ public void setInternalBpkType(final String bpkType) {
+ authProcessData.put(VALUE_INTERNAL_BPKYPE, bpkType);
+
+ }
+
+ @Override
+ public boolean isElgaMandateProcess() {
+ return wrapStoredObject(VALUE_INTERNAL_MANDATE_ELGA_PROCESS, false, Boolean.class);
+
+ }
+
+ @Override
+ public void setElgaMandateProcess(boolean flag) {
+ authProcessData.put(VALUE_INTERNAL_MANDATE_ELGA_PROCESS, flag);
+
+ }
+
+ @Override
+ public boolean isVdaAuthentication() {
+ return wrapStoredObject(VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS, false, Boolean.class);
+
+ }
+
+ @Override
+ public void setVdaAuthentication(boolean flag) {
+ authProcessData.put(VALUE_INTERNAL_VDA_AUTHENTICATION_PROCESS, flag);
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java
index 8dea6df3..b74767de 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AhExtendedPvpAttributeDefinitions.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AhExtendedPvpAttributeDefinitions.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java
index 9c6929c2..1bbc31e0 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/AuthHandlerConstants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/AuthHandlerConstants.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
public class AuthHandlerConstants {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java
new file mode 100644
index 00000000..bca04369
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java
@@ -0,0 +1,10 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+public class EidasAuthEventConstants {
+
+ public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200;
+ public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201;
+ public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202;
+ public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203;
+ public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204;
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java
new file mode 100644
index 00000000..47d3d37c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhAuthProcessData.java
@@ -0,0 +1,190 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+import java.security.cert.X509Certificate;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+
+public interface IAhAuthProcessData extends IAuthProcessDataContainer {
+
+ /**
+ * Get the certificate that was used to sign the Consent.
+ *
+ * @return {@link X509Certificate}
+ */
+ X509Certificate getSignerCertificate();
+
+ /**
+ * Get the certificate that was used to sign the Consent.
+ *
+ * @return Serialized certificate
+ */
+ byte[] getEncodedSignerCertificate();
+
+ /**
+ * Set the certificate that was used to sign the Consent.
+ *
+ * @param signerCertificate Signer certificate of the user
+ */
+ void setSignerCertificate(X509Certificate signerCertificate);
+
+
+ /**
+ * Get URL to VDA that was used for authentication.
+ *
+ * @return
+ */
+ String getVdaUrl();
+
+ /**
+ * Set URL to VDA that was used for authentication.
+ *
+ * @param vdaUrl URL to VDA that was used for authentication
+ */
+ void setVdaUrl(String vdaUrl);
+
+ /**
+ * Get the reference-value that used to interact with MIS service.
+ *
+ * @return
+ */
+ String getMandateReferenceValue();
+
+ /**
+ * Set the reference-value that used to interact with MIS service.
+ *
+ * @param refValue Mandate reference value
+ */
+ void setMandateReferenceValue(String refValue);
+
+ /**
+ * Get the qcBind of the user that was received by VDA or other storage during authentication.
+ *
+ * @return
+ */
+ String getQcBind();
+
+ /**
+ * Set the qcBind of the user that was received by VDA or other storage during authentication.
+ *
+ * @param qcBind raw qcBind data-structure (serialized JSON)
+ */
+ void setQcBind(String qcBind);
+
+ /**
+ * Get the vSZ of the user.
+ *
+ * @return
+ */
+ String getVsz();
+
+ /**
+ * Set the vSZ of the user.
+ *
+ * @param vsz user's encrypted baseId
+ */
+ void setVsz(String vsz);
+
+ /**
+ * Get the signed AuthBlock of the user.
+ *
+ * @return
+ */
+ byte[] getSignedAuthBlock();
+
+ /**
+ * Set the signed AuthBlock of the user.
+ *
+ * @param authBlock raw signed consent
+ */
+ void setSignedAuthBlock(byte[] authBlock);
+
+ /**
+ * Get a textual type identifier of the AuthBlock.
+ *
+ * @return AuthBlock type
+ */
+ AuthHandlerConstants.AuthBlockType getSignedAuthBlockType();
+
+ /**
+ * Set a textual identifier for the type of the AuthBlock.
+ *
+ * @param authBlockType AuthBlock type
+ */
+ void setSignedAuthBlockType(final AuthHandlerConstants.AuthBlockType authBlockType);
+
+ /**
+ * Get the selected mandate of the user that was issued by MIS.
+ *
+ * @return
+ */
+ ISignedMandate getMandateDate();
+
+ /**
+ * Set the selected mandate of the user that is issued by MIS.
+ *
+ * @param signedMandate Raw mandate structure for E-ID backend
+ */
+ void setMandateDate(ISignedMandate signedMandate);
+
+
+ /**
+ * Get bPK for this entity. <br>
+ * <b>THIS bPK is only for AuthHandler internal usage</b>
+ *
+ * @return bPK, or null if no bPK is set
+ */
+ String getInternalBpk();
+
+ /**
+ * Get bPK type for this entity. <br>
+ * <b>THIS bPK is only for AuthHandler internal usage</b>
+ *
+ * @return bPKType, or null if no bPKType is set
+ */
+ String getInternalBpkType();
+
+ /**
+ * Set the bPK for INTERNAL USAGE of the current entity.
+ *
+ * @param bpk bPK for internal usage
+ */
+ void setInternalBpk(String bpk);
+
+ /**
+ * Set the bPK for INTERNAL USAGE of the current entity.
+ *
+ * @param bpkType bPK for internal usage
+ */
+ void setInternalBpkType(String bpkType);
+
+
+ /**
+ * Indicate if the current process uses ELGA mandates.
+ *
+ * @return <code>true</code> if ELGA mandates are used, otherwise <code>false</code>
+ */
+ boolean isElgaMandateProcess();
+
+ /**
+ * Set flag if the current process is an ELGA mandate process.
+ *
+ * @param flag <code>true</code> if it is an ELGA mandate-process, otherwise <code>false</code>
+ */
+ void setElgaMandateProcess(boolean flag);
+
+
+ /**
+ * Indicate if the current process was authenticated by a VDA.
+ *
+ * @return <code>true</code> if the current process was authenticated by VDA, otherwise <code>false</code>
+ */
+ boolean isVdaAuthentication();
+
+ /**
+ * Set flag that indicates if the current process was authenticated by a VDA.
+ *
+ * @param flag <code>true</code> in case of VDA authentication, otherwise <code>false</code>
+ */
+ void setVdaAuthentication(boolean flag);
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java
index 2a54f541..081b215a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IAhSpConfiguration.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IAhSpConfiguration.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
import java.util.List;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java
new file mode 100644
index 00000000..7e3b2aa1
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IRawMandateDao.java
@@ -0,0 +1,32 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+import java.io.Serializable;
+import java.util.Date;
+
+public interface IRawMandateDao extends Serializable {
+
+ boolean isNaturalPerson();
+
+ boolean isProfRepresentation();
+
+ String getIdentifier();
+
+ String getIdentifierType();
+
+ String getGivenName();
+
+ String getFamilyName();
+
+ Date getDateOfBirth();
+
+ String getCommonName();
+
+ String getMandateTypeOid();
+
+ String getMandateAnnotation();
+
+ String getMandateId();
+
+ String getMandateContent();
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java
new file mode 100644
index 00000000..edd167fb
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/ISignedMandate.java
@@ -0,0 +1,19 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+public interface ISignedMandate extends IRawMandateDao {
+
+ /**
+ * Get the full signed mandate issued by the MIS component.
+ *
+ * @return serialized JWS that contains the mandate
+ */
+ String getSignedMandate();
+
+ /**
+ * Get formated date-of-birth.
+ *
+ * @return date-of-birth as 'yyyy-MM-dd'
+ */
+ String getDateOfBirthFormated();
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
index 22910614..7d8b9dc8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthConstants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
index 1aa85e71..69386194 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthCredentialProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java
index 4b5861e9..93aefb42 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataConfiguration.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
import java.util.ArrayList;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java
index 87886397..a2966c7e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataController.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
import java.io.IOException;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java
index c0bfa290..46278ad8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthMetadataProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
import java.io.IOException;
import java.security.KeyStore;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthRequestBuilderConfiguration.java
index ddaf872d..65b6a198 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idAustriaClient/IdAustriaClientAuthRequestBuilderConfiguration.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthRequestBuilderConfiguration.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
import java.util.List;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java
new file mode 100644
index 00000000..71826d23
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/MisException.java
@@ -0,0 +1,17 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+public class MisException extends EaafException {
+
+ private static final long serialVersionUID = 1L;
+
+ public MisException(final String errorId, final Object[] params) {
+ super(errorId, params);
+ }
+
+ public MisException(final String errorId, final Object[] params, final Throwable e) {
+ super(errorId, params, e);
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
index 5f242c1b..aa8deb2b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
@@ -23,11 +23,11 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthMetadataProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IdAustriaClientAuthRequestBuilderConfiguration;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idAustriaClient.IAhSpConfiguration;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IAhSpConfiguration;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
@@ -75,9 +75,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
IdAustriaClientAuthCredentialProvider credential;
@Autowired
IdAustriaClientAuthMetadataProvider metadataService;
- // @Autowired
- // ITransactionStorage transactionStorage;
-
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
@@ -136,9 +133,6 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response);
- //MsEidasNodeConstants.ENDPOINT_PVP_POST
- //MsEidasNodeConstants.ENDPOINT_PVP_METADATA
-
//TODO
} catch (final Exception e) {
log.error("Initial search FAILED.", e);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
index b598cb92..9e6aa7cc 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
@@ -29,18 +29,59 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.AhAuthProcessDataWrapper;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.AuthHandlerConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.EidasAuthEventConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.MisException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import javax.naming.ConfigurationException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Base64;
import java.util.List;
+import java.util.Set;
/**
* Task that searches ErnB and ZMR before adding person to SZR.
@@ -51,6 +92,31 @@ import java.util.List;
@Component("ReceiveMobilePhoneSignatureResponseTask")
public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask {
+ @Autowired
+ private SamlVerificationEngine samlVerificationEngine;
+ @Autowired
+ private IdAustriaClientAuthCredentialProvider credentialProvider;
+ @Autowired(required = true)
+ IdAustriaClientAuthMetadataProvider metadataProvider;
+
+ private static final String ERROR_PVP_03 = "sp.pvp2.03";
+ private static final String ERROR_PVP_05 = "sp.pvp2.05";
+ private static final String ERROR_PVP_06 = "sp.pvp2.06";
+ private static final String ERROR_PVP_08 = "sp.pvp2.08";
+ private static final String ERROR_PVP_10 = "sp.pvp2.10";
+ private static final String ERROR_PVP_11 = "sp.pvp2.11";
+ private static final String ERROR_PVP_12 = "sp.pvp2.12";
+
+ private static final String ERROR_MSG_00 =
+ "Receive INVALID PVP Response from federated IDP";
+ private static final String ERROR_MSG_01 =
+ "Processing PVP response from 'ms-specific eIDAS node' FAILED.";
+ private static final String ERROR_MSG_02 =
+ "PVP response decrytion FAILED. No credential found.";
+ private static final String ERROR_MSG_03 =
+ "PVP response validation FAILED.";
+
+
private final IErnpClient ernpClient;
private final IZmrClient zmrClient;
@@ -71,6 +137,123 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS,
SimpleEidasData.class);
+
+ InboundMessage msg = null;
+
+ try {
+
+ IDecoder decoder = null;
+ EaafUriCompare comperator = null;
+ // select Response Binding
+ if (request.getMethod().equalsIgnoreCase("POST")) {
+ decoder = new PostBinding();
+ comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST);
+ log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding.");
+
+ } else if (request.getMethod().equalsIgnoreCase("GET")) {
+ decoder = new RedirectBinding();
+ comperator = new EaafUriCompare(pendingReq.getAuthUrl()
+ + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT);
+ log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding.");
+
+ } else {
+ log.warn("Receive PVP Response, but Binding ("
+ + request.getMethod() + ") is not supported.");
+ throw new AuthnResponseValidationException(ERROR_PVP_03, new Object[]{
+ IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING});
+
+ }
+
+ // decode PVP response object
+ msg = (InboundMessage) decoder.decode(
+ request, response, metadataProvider, IDPSSODescriptor.DEFAULT_ELEMENT_NAME,
+ comperator);
+
+ // validate response signature
+ if (!msg.isVerified()) {
+ samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(
+ metadataProvider));
+ msg.setVerified(true);
+
+ }
+
+ // validate assertion
+ final Pair<PvpSProfileResponse, Boolean> processedMsg =
+ preProcessAuthResponse((PvpSProfileResponse) msg);
+
+ //check if SAML2 response contains user-stop decision
+ if (processedMsg.getSecond()) {
+ stopProcessFromUserDecision(executionContext, request, response);
+
+ } else {
+ // validate entityId of response
+ final String msNodeEntityID = authConfig.getBasicConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+ final String respEntityId = msg.getEntityID();
+ if (!msNodeEntityID.equals(respEntityId)) {
+ log.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
+ throw new AuthnResponseValidationException(ERROR_PVP_08,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
+ msg.getEntityID()});
+
+ }
+
+ // initialize Attribute extractor
+ final AssertionAttributeExtractor extractor =
+ new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
+
+ getAuthDataFromInterfederation(extractor);
+
+ // set NeedConsent to false, because user gives consont during authentication
+ pendingReq.setNeedUserConsent(false);
+
+ // store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+ //set E-ID process flag to execution context
+ final AhAuthProcessDataWrapper session = pendingReq.getSessionData(
+ AhAuthProcessDataWrapper.class);
+ executionContext.put(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS, session.isEidProcess());
+ executionContext.put(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES, session.isMandateUsed());
+
+
+ log.info("Receive a valid assertion from IDP " + msg.getEntityID());
+
+ }
+
+ } catch (final AuthnResponseValidationException e) {
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);
+
+ } catch (MessageDecodingException | SecurityException | SamlSigningException e) {
+ //final String samlRequest = request.getParameter("SAMLRequest");
+ //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}",
+ // samlRequest, null, e);
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_00,
+ new AuthnResponseValidationException(ERROR_PVP_11,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
+
+ } catch (IOException | MarshallingException | TransformerException e) {
+ log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
+ new AuthnResponseValidationException(ERROR_PVP_12,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
+ e));
+
+ } catch (final CredentialsNotAvailableException e) {
+ log.debug("PVP response decrytion FAILED. No credential found.", e);
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
+ new AuthnResponseValidationException(ERROR_PVP_10,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING}, e));
+
+ } catch (final Exception e) {
+ log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
+ throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
+ new AuthnResponseValidationException(ERROR_PVP_12,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
+
+ }
+
+
//TODO extract bPK-ZP from response
String bpkzp = "TODO";
MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp);
@@ -93,6 +276,165 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
}
}
+ private Pair<PvpSProfileResponse, Boolean> preProcessAuthResponse(PvpSProfileResponse msg)
+ throws IOException, MarshallingException, TransformerException,
+ CredentialsNotAvailableException, AuthnResponseValidationException, SamlAssertionValidationExeption {
+ log.debug("Start PVP21 assertion processing... ");
+ final Response samlResp = (Response) msg.getResponse();
+
+ // check SAML2 response status-code
+ if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) {
+ // validate PVP 2.1 assertion
+ samlVerificationEngine.validateAssertion(samlResp,
+ credentialProvider.getMessageEncryptionCredential(),
+ pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA,
+ IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING);
+
+ msg.setSamlMessage(Saml2Utils.asDomDocument(samlResp).getDocumentElement());
+ revisionsLogger.logEvent(pendingReq,
+ EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED,
+ samlResp.getID());
+ return Pair.newInstance(msg, false);
+
+ } else {
+ log.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue()
+ + " from 'ms-specific eIDAS node'.");
+ StatusCode subStatusCode = getSubStatusCode(samlResp);
+ if (subStatusCode != null
+ && IdAustriaClientAuthConstants.SAML2_STATUSCODE_USERSTOP.equals(subStatusCode.getValue())) {
+ log.info("Find 'User-Stop operation' in SAML2 response. Stopping authentication process ... ");
+ return Pair.newInstance(msg, true);
+
+ }
+
+ revisionsLogger.logEvent(pendingReq,
+ EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);
+ throw new AuthnResponseValidationException(ERROR_PVP_05,
+ new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
+ samlResp.getIssuer().getValue(),
+ samlResp.getStatus().getStatusCode().getValue(),
+ samlResp.getStatus().getStatusMessage().getMessage()});
+
+ }
+
+ }
+
+ /**
+ * Get SAML2 Sub-StatusCode if not <code>null</code>.
+ *
+ * @param samlResp SAML2 response
+ * @return Sub-StatusCode or <code>null</code> if it's not set
+ */
+ private StatusCode getSubStatusCode(Response samlResp) {
+ if (samlResp.getStatus().getStatusCode().getStatusCode() != null
+ && StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) {
+ return samlResp.getStatus().getStatusCode().getStatusCode();
+ }
+ return null;
+ }
+
+ private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor)
+ throws EaafBuilderException, ConfigurationException {
+
+ List<String> requiredEidasNodeAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
+ if (authConfig.getBasicConfigurationBoolean(
+ AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, false)) {
+ log.trace("Build required attributes for legacy operaton ... ");
+ requiredEidasNodeAttributes = Arrays.asList(
+ PvpAttributeDefinitions.PVP_VERSION_NAME,
+ PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME,
+ PvpAttributeDefinitions.EID_ISSUING_NATION_NAME);
+
+ }
+
+ try {
+ // check if all attributes are include
+ if (!extractor.containsAllRequiredAttributes()
+ || !extractor.containsAllRequiredAttributes(
+ requiredEidasNodeAttributes)) {
+ log.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes.");
+ throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{
+ IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING});
+
+ }
+
+ // copy attributes into MOASession
+ final AhAuthProcessDataWrapper session = pendingReq.getSessionData(
+ AhAuthProcessDataWrapper.class);
+ final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+ for (final String attrName : includedAttrNames) {
+ injectAuthInfosIntoSession(session, attrName,
+ extractor.getSingleAttributeValue(attrName));
+
+ }
+
+ //set piiTransactionId from eIDAS Connector
+ String piiTransactionId = extractor.getSingleAttributeValue(
+ ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME);
+ if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) {
+ log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing");
+ ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId);
+
+ } else {
+ log.debug("Receive no piiTransactionId from Austrian eIDAS Connector.");
+
+ }
+
+ // set foreigner flag
+ session.setForeigner(true);
+
+ // set IssuerInstant from Assertion
+ session.setIssueInstant(extractor.getAssertionIssuingDate());
+
+ // set CCE URL
+ if (extractor.getFullAssertion().getIssuer() != null
+ && StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) {
+ session.setVdaUrl(extractor.getFullAssertion().getIssuer().getValue());
+
+ } else {
+ session.setVdaUrl("eIDAS_Authentication");
+
+ }
+
+ } catch (final EaafStorageException | MisException | AssertionValidationExeption | IOException e) {
+ throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
+
+ }
+ }
+
+ private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue)
+ throws EaafStorageException, MisException, IOException {
+ log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue);
+ log.debug("Inject attribute: {} into AuthSession", attrName);
+
+ if (ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME.equals(attrName)) {
+ log.debug("Find eidasBind attribute. Switching to E-ID mode ... ");
+ session.setEidProcess(true);
+ session.setQcBind(attrValue);
+ // session.setVsz(extractVszFromEidasBind(attrValue));
+ //T
+
+ } else if (ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME.equals(attrName)) {
+ session.setSignedAuthBlock(Base64.getDecoder().decode(attrValue));
+ session.setSignedAuthBlockType(AuthHandlerConstants.AuthBlockType.JWS);
+
+ } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
+ session.setQaaLevel(attrValue);
+
+ // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName)
+ // && authConfig.getBasicConfigurationBoolean(
+ // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
+ // session.setMandateDate(new SignedMandateDao(attrValue));
+ // session.setUseMandates(true);
+ //
+ } else {
+ session.setGenericDataToSession(attrName, attrValue);
+
+ }
+
+ }
+
+
private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) {
List<RegisterResult> resultsZmr = zmrClient.searchWithBpkZp(bpkzp);
List<RegisterResult> resultsErnp = ernpClient.searchWithBpkZp(bpkzp);