aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java
diff options
context:
space:
mode:
authorThomas <>2021-02-19 16:14:31 +0100
committerThomas <>2021-02-19 16:14:31 +0100
commit6017e30de786ab9defab7eaef53ec8da5f606ee9 (patch)
treeef11369c106ee19b01afb9aa0f0db1e3fd41de76 /eidas_modules/authmodule-eIDAS-v2/src/main/java
parentfaca8b55b133adb7e01d891df1b45d24b7690111 (diff)
downloadNational_eIDAS_Gateway-6017e30de786ab9defab7eaef53ec8da5f606ee9.tar.gz
National_eIDAS_Gateway-6017e30de786ab9defab7eaef53ec8da5f606ee9.tar.bz2
National_eIDAS_Gateway-6017e30de786ab9defab7eaef53ec8da5f606ee9.zip
refactoring of ID Austria connection client and add/update of jUnit tests
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java21
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java121
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java55
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java18
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java)82
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java)9
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java)10
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java56
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java)28
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java91
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java154
13 files changed, 255 insertions, 398 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index b603774b..e7190ab4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -27,6 +27,8 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants;
public class Constants {
+ public static final String ERRORCODE_00 = "module.eidasauth.00";
+
public static final String DATA_REQUESTERID = "req_requesterId";
public static final String DATA_PROVIDERNAME = "req_providerName";
public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java
index 535e4f97..e5b10185 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasAuthenticationSpringResourceProvider.java
@@ -45,8 +45,10 @@ public class EidasAuthenticationSpringResourceProvider implements SpringResource
public Resource[] getResourcesToLoad() {
final ClassPathResource eidasAuthConfig = new ClassPathResource("/eidas_v2_auth.beans.xml",
EidasAuthenticationSpringResourceProvider.class);
-
- return new Resource[] { eidasAuthConfig };
+ final ClassPathResource eidasRefImplConfig = new ClassPathResource("/eidas_v2_auth_ref_impl_config.beans.xml",
+ EidasAuthenticationSpringResourceProvider.class);
+
+ return new Resource[] { eidasRefImplConfig, eidasAuthConfig };
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java
new file mode 100644
index 00000000..7a9f472a
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/config/EidasConnectorMessageSource.java
@@ -0,0 +1,21 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.config;
+
+import java.util.Arrays;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+/**
+ * Inject eIDAS Connector specific messages into Spring based message-source.
+ *
+ * @author tlenz
+ *
+ */
+public class EidasConnectorMessageSource implements IMessageSourceLocation {
+
+ @Override
+ public List<String> getMessageSourceLocation() {
+ return Arrays.asList("classpath:/messages/eidas_connector_message");
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java
deleted file mode 100644
index 30c8b65f..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaAuthPvpConfiguration.java
+++ /dev/null
@@ -1,121 +0,0 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
-
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.saml.saml2.metadata.ContactPerson;
-import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
-import org.opensaml.saml.saml2.metadata.EmailAddress;
-import org.opensaml.saml.saml2.metadata.GivenName;
-import org.opensaml.saml.saml2.metadata.Organization;
-import org.opensaml.saml.saml2.metadata.OrganizationDisplayName;
-import org.opensaml.saml.saml2.metadata.OrganizationName;
-import org.opensaml.saml.saml2.metadata.OrganizationURL;
-import org.opensaml.saml.saml2.metadata.SurName;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import java.util.Arrays;
-import java.util.List;
-
-public class IdAustriaAuthPvpConfiguration implements IPvp2BasicConfiguration {
-
- private static final String DEFAULT_XML_LANG = "en";
-
- @Autowired
- private IConfiguration basicConfig;
-
- @Override
- public String getIdpEntityId(String authUrl) throws EaafException {
- return authUrl + IdAustriaClientAuthConstants.ENDPOINT_METADATA;
-
- }
-
- @Override
- public String getIdpSsoPostService(String authUrl) throws EaafException {
- return null;
-
- }
-
- @Override
- public String getIdpSsoRedirectService(String authUrl) throws EaafException {
- return null;
-
- }
-
- @Override
- public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException {
- return null;
-
- }
-
- @Override
- public List<ContactPerson> getIdpContacts() throws EaafException {
- final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class);
- final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class);
- final SurName surname = Saml2Utils.createSamlObject(SurName.class);
- final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class);
-
- givenName.setName(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME));
- surname.setName(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME));
- emailAddress.setAddress(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL));
-
- contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
- contactPerson.setGivenName(givenName);
- contactPerson.setSurName(surname);
- contactPerson.getEmailAddresses().add(emailAddress);
-
- return Arrays.asList(contactPerson);
-
- }
-
- @Override
- public Organization getIdpOrganisation() throws EaafException {
- final Organization organisation = Saml2Utils.createSamlObject(Organization.class);
- final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class);
- final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class);
- final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class);
-
- orgName.setXMLLang(DEFAULT_XML_LANG);
- orgName.setValue(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME));
-
- orgDisplayName.setXMLLang(DEFAULT_XML_LANG);
- orgDisplayName.setValue(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME));
-
- orgUrl.setXMLLang(DEFAULT_XML_LANG);
- orgUrl.setValue(getAndVerifyFromConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL));
-
-
- organisation.getOrganizationNames().add(orgName);
- organisation.getDisplayNames().add(orgDisplayName);
- organisation.getURLs().add(orgUrl);
-
- return organisation;
- }
-
-
- @Override
- public IConfiguration getBasicConfiguration() {
- return basicConfig;
-
- }
-
- private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException {
- final String value = basicConfig.getBasicConfiguration(configKey);
- if (StringUtils.isEmpty(value)) {
- throw new EaafConfigurationException("module.eidasauth.00",
- new Object[]{configKey});
-
- }
-
- return value;
- }
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
index 8cbfb5f8..46d0e77d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java
@@ -1,21 +1,24 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
-import at.gv.egiz.eaaf.core.impl.data.Triple;
-
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
+
public class IdAustriaClientAuthConstants {
private IdAustriaClientAuthConstants() {
}
-
+
+ public static final String ERRORCODE_02 = "module.eidasauth.idaustria.02";
+ public static final String ERRORCODE_05 = "module.eidasauth.idaustria.05";
+
public static final String SAML2_STATUSCODE_USERSTOP = "1005";
public static final String MODULE_NAME_FOR_LOGGING = "ID Austria Client";
@@ -25,16 +28,15 @@ public class IdAustriaClientAuthConstants {
// public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION =
// AuthHandlerConstants.HTTP_PARAM_EIDAS_PROCESS;
- public static final String ENDPOINT_POST = "/idAustriaSp/post";
- public static final String ENDPOINT_REDIRECT = "/idAustriaSp/redirect";
- public static final String ENDPOINT_METADATA = "/idAustriaSp/metadata";
+ public static final String ENDPOINT_POST = "/sp/idaustria/post";
+ public static final String ENDPOINT_REDIRECT = "/sp/idaustria/redirect";
+ public static final String ENDPOINT_METADATA = "/sp/idaustria/metadata";
public static final String CONFIG_PROPS_PREFIX = "modules.idaustriaclient.";
public static final String CONFIG_PROPS_KEYSTORE_TYPE = CONFIG_PROPS_PREFIX + "keystore.type";
public static final String CONFIG_PROPS_KEYSTORE_NAME = CONFIG_PROPS_PREFIX + "keystore.name";
public static final String CONFIG_PROPS_KEYSTORE_PATH = CONFIG_PROPS_PREFIX + "keystore.path";
public static final String CONFIG_PROPS_KEYSTORE_PASSWORD = CONFIG_PROPS_PREFIX + "keystore.password";
- public static final String CONFIG_PROPS_AUTH_URL = CONFIG_PROPS_PREFIX + "authurl";
public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX
+ "metadata.sign.password";
public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS = CONFIG_PROPS_PREFIX
@@ -57,28 +59,9 @@ public class IdAustriaClientAuthConstants {
+ "required.additional.attributes";
public static final String CONFIG_PROPS_REQUIRED_LOA = CONFIG_PROPS_PREFIX
+ "required.loa";
- public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId";
- public static final String CONFIG_PROPS_SP_ENTITYID = CONFIG_PROPS_PREFIX + "sp.entityId";
- public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl";
- public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";
-
-
- public static final String CONFIG_PROPS_METADATA_CONTACT_GIVENNAME =
- CONFIG_PROPS_PREFIX + "metadata.contact.givenname";
- public static final String CONFIG_PROPS_METADATA_CONTACT_SURNAME =
- CONFIG_PROPS_PREFIX + "metadata.contact.surname";
- public static final String CONFIG_PROPS_METADATA_CONTACT_EMAIL =
- CONFIG_PROPS_PREFIX + "metadata.contact.email";
- public static final String CONFIG_PROPS_METADATA_ORGANISATION_NAME =
- CONFIG_PROPS_PREFIX + "metadata.organisation.name";
- public static final String CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME =
- CONFIG_PROPS_PREFIX + "metadata.organisation.friendyname";
- public static final String CONFIG_PROPS_METADATA_ORGANISATION_URL =
- CONFIG_PROPS_PREFIX + "metadata.organisation.url";
-
- public static final String CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL = "auth.eidas.node.entityId";
-
-
+ public static final String CONFIG_PROPS_ID_AUSTRIA_ENTITYID = CONFIG_PROPS_PREFIX + "idaustria.idp.entityId";
+ public static final String CONFIG_PROPS_ID_AUSTRIA_METADATAURL = CONFIG_PROPS_PREFIX + "idaustria.idp.metadataUrl";
+
public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EaafConstants.EIDAS_LOA_HIGH;
public static final List<Triple<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES =
@@ -105,16 +88,6 @@ public class IdAustriaClientAuthConstants {
add(Triple.newInstance(PvpAttributeDefinitions.BPK_NAME,
PvpAttributeDefinitions.BPK_FRIENDLY_NAME, true));
- // entity eID information
- // add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME,
- // ExtendedPvpAttributeDefinitions.EID_EIDBIND_FRIENDLY_NAME, true));
- // add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME,
- // ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME, true));
-
- //request pII transactionId from MS-Connector
- // add(Triple.newInstance(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
- // ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_FRIENDLY_NAME, false));
-
}
});
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java
index 4e7f86f1..4527ced4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataConfiguration.java
@@ -8,6 +8,14 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.opensaml.saml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.opensaml.saml.saml2.metadata.ContactPerson;
+import org.opensaml.saml.saml2.metadata.Organization;
+import org.opensaml.saml.saml2.metadata.RequestedAttribute;
+import org.opensaml.security.credential.Credential;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.data.Triple;
@@ -16,14 +24,6 @@ import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
-
-import org.opensaml.saml.saml2.core.Attribute;
-import org.opensaml.saml.saml2.core.NameIDType;
-import org.opensaml.saml.saml2.metadata.ContactPerson;
-import org.opensaml.saml.saml2.metadata.Organization;
-import org.opensaml.saml.saml2.metadata.RequestedAttribute;
-import org.opensaml.security.credential.Credential;
-
import lombok.extern.slf4j.Slf4j;
/**
@@ -357,7 +357,7 @@ public class IdAustriaClientAuthMetadataConfiguration implements IPvpMetadataBui
final Map<String, RequestedAttribute> requestedAttributes = new HashMap<>();
- log.trace("Build required attributes for E-ID operaton ... ");
+ log.trace("Build required attributes for ID Austria operaton ... ");
injectDefinedAttributes(requestedAttributes,
IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java
index 00b742dd..1e4b27f7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataController.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthMetadataController.java
@@ -1,21 +1,30 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
-import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
-import com.google.common.net.MediaType;
-import lombok.extern.slf4j.Slf4j;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import com.google.common.net.MediaType;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataConfiguration;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder;
+import lombok.extern.slf4j.Slf4j;
/**
* Controller that generates SAML2 metadata for eIDAS authentication client.
@@ -27,7 +36,7 @@ import java.io.IOException;
@Controller
public class IdAustriaClientAuthMetadataController extends AbstractController {
- //private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00";
+ private static final String ERROR_CODE_INTERNAL_00 = "eaaf.core.00";
@Autowired
PvpMetadataBuilder metadatabuilder;
@@ -35,8 +44,6 @@ public class IdAustriaClientAuthMetadataController extends AbstractController {
IdAustriaClientAuthCredentialProvider credentialProvider;
@Autowired
IPvp2BasicConfiguration pvpConfiguration;
- @Autowired
- private IConfiguration basicConfig;
/**
* Default construction with logging.
@@ -64,8 +71,7 @@ public class IdAustriaClientAuthMetadataController extends AbstractController {
EaafException {
// check PublicURL prefix
try {
- final String authUrl = basicConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_AUTH_URL);
+ final String authUrl = getAuthUrlFromHttpContext(req);
// initialize metadata builder configuration
final IdAustriaClientAuthMetadataConfiguration metadataConfig =
@@ -90,29 +96,27 @@ public class IdAustriaClientAuthMetadataController extends AbstractController {
}
+ private String getAuthUrlFromHttpContext(HttpServletRequest req) throws EaafException {
+ // check if End-Point is valid
+ final String authUrlString = HttpUtils.extractAuthUrlFromRequest(req);
+ URL authReqUrl;
+ try {
+ authReqUrl = new URL(authUrlString);
- // private List<Pair<String, Boolean>> getAdditionalRequiredAttributes() {
- // final List<Pair<String, Boolean>> result = new ArrayList<>();
- //
- // // load attributes from configuration
- // final Map<String, String> addReqAttributes = authConfig.getBasicConfigurationWithPrefix(
- // IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
- // for (final String el : addReqAttributes.values()) {
- // if (StringUtils.isNotEmpty(el)) {
- // log.trace("Parse additional attr. definition: " + el);
- // final List<String> attr = KeyValueUtils.getListOfCsvValues(el.trim());
- // if (attr.size() == 2) {
- // result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1))));
- //
- // } else {
- // log.info("IGNORE additional attr. definition: " + el
- // + " Reason: Format not valid");
- // }
- // }
- // }
- //
- // return result;
- //
- // }
+ } catch (final MalformedURLException e) {
+ log.warn("Requested URL: {} is not a valid URL.", authUrlString);
+ throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString }, e);
+
+ }
+
+ final String idpAuthUrl = authConfig.validateIdpUrl(authReqUrl);
+ if (idpAuthUrl == null) {
+ log.warn("Requested URL: {} is NOT found in configuration.", authReqUrl);
+ throw new EaafAuthenticationException(ERROR_CODE_INTERNAL_00, new Object[] { authUrlString });
+
+ }
+
+ return idpAuthUrl;
+ }
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java
index 1aceb88e..eca21683 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/controller/IdAustriaClientAuthSignalController.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller;
import java.io.IOException;
@@ -12,13 +12,13 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
import lombok.extern.slf4j.Slf4j;
/**
- * IdAustria client controller that receives the response from national
- * IdAustria node.
+ * IdAustria client controller that receives the response from ID Austria system.
*
* @author tlenz
*
@@ -28,7 +28,6 @@ import lombok.extern.slf4j.Slf4j;
public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSignalController {
public static final String HTTP_PARAM_RELAYSTATE = "RelayState";
- public static final String HTTP_PARAM_PENDINGREQUESTID = "pendingid";
/**
* Default constructor with logging.
@@ -43,7 +42,7 @@ public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSi
}
/**
- * HTTP end-point for incoming SAML2 Response from ID Austria node.
+ * HTTP end-point for incoming SAML2 Response from ID Austria system.
*
* @param req HTTP request
* @param resp HTTP response
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java
index 2608cad1..5b6085c1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthCredentialProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthCredentialProvider.java
@@ -1,13 +1,15 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import org.springframework.beans.factory.annotation.Autowired;
-
/**
* Credential provider for eIDAS PVP S-Profile client.
*
@@ -42,7 +44,7 @@ public class IdAustriaClientAuthCredentialProvider extends AbstractCredentialPro
final String path = authConfig.getBasicConfiguration(
IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH);
if (path == null) {
- throw new EaafConfigurationException("module.eidasauth.00",
+ throw new EaafConfigurationException(Constants.ERRORCODE_00,
new Object[] { IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH });
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java
new file mode 100644
index 00000000..b54b501d
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java
@@ -0,0 +1,56 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.HealthIndicator;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.resolver.ResolverException;
+
+/**
+ * Spring Actuator HealthCheck for ID Austria client that evaluates the current status of
+ * ID Austria SAML2 metadata that are loaded into MS-Connector.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class IdAustriaClientAuthHealthCheck implements HealthIndicator {
+
+ @Autowired IConfiguration authConfig;
+ @Autowired IdAustriaClientAuthMetadataProvider metadataService;
+
+ @Override
+ public Health health() {
+ String msNodeEntityID = authConfig.getBasicConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID);
+
+ if (StringUtils.isEmpty(msNodeEntityID)) {
+ log.trace("No ID Austria EntityId in configuration. Skipping tests ... ");
+ return Health.unknown().build();
+
+ }
+
+ try {
+ EntityDescriptor connectorMetadata =
+ metadataService.getEntityDescriptor(msNodeEntityID);
+ if (connectorMetadata != null) {
+ return Health.up().build();
+
+ } else {
+ return Health.outOfService().withDetail("Reason", "No SAML2 metadata").build();
+
+ }
+
+ } catch (ResolverException e) {
+ return Health.down(e).build();
+
+ }
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java
index 46278ad8..7c87548f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthMetadataProvider.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthMetadataProvider.java
@@ -1,4 +1,4 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider;
import java.io.IOException;
import java.security.KeyStore;
@@ -11,6 +11,13 @@ import java.util.List;
import javax.annotation.PostConstruct;
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.metadata.resolver.MetadataResolver;
+import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
+import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -24,17 +31,10 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvid
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
-
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.saml.metadata.resolver.MetadataResolver;
-import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
-import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
-import org.springframework.beans.factory.annotation.Autowired;
-
import lombok.extern.slf4j.Slf4j;
/**
- * SAML2 metadata-provider implementation for eIDAS client.
+ * SAML2 metadata-provider implementation for ID Austria client.
*
* @author tlenz
*
@@ -42,9 +42,9 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j
public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadataProvider {
- private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'eIDAS_client metadata truststore'";
+ private static final String FRIENDLYNAME_METADATA_TRUSTSTORE = "'ID Austria client metadata truststore'";
private static final String PROVIDER_ID_PATTERN = "eIDAS resolver: {0}";
- public static final String PROVIDER_ID = "'eIDAS_client metadata provider'";
+ public static final String PROVIDER_ID = "'ID Austria client metadata-provider'";
@Autowired
private IConfiguration basicConfig;
@@ -61,7 +61,7 @@ public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadat
@Override
protected String getMetadataUrl(String entityId) throws EaafConfigurationException {
- log.trace("eIDAS Auth. uses SAML2 well-known location approach. EntityId is Metadata-URL");
+ log.trace("ID Austria. uses SAML2 well-known location approach. EntityId is Metadata-URL");
return entityId;
}
@@ -85,7 +85,7 @@ public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadat
} catch (final Pvp2MetadataException e) {
log.info("Can NOT build metadata provider for entityId: {}", entityId);
- throw new EaafConfigurationException("module.eidasauth.04",
+ throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_05,
new Object[] { entityId, e.getMessage() }, e);
}
@@ -127,7 +127,7 @@ public class IdAustriaClientAuthMetadataProvider extends AbstractChainingMetadat
private void initializeFileSystemMetadata() {
try {
final String metadataUrl = basicConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_METADATAURL);
+ IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_METADATAURL);
if (StringUtils.isNotEmpty(metadataUrl)) {
log.info("Use not recommended metadata-provider initialization!"
+ " SAML2 'Well-Known-Location' is the preferred methode.");
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
index b4fe8bd7..4d305c7d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
@@ -23,13 +23,21 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.text.MessageFormat;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
@@ -37,36 +45,19 @@ import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy;
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.saml.saml2.core.Attribute;
-import org.opensaml.saml.saml2.metadata.EntityDescriptor;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.text.MessageFormat;
-import java.util.ArrayList;
-import java.util.List;
/**
- * Task that searches ErnB and ZMR before adding person to SZR.
+ * Generate a SAML2 AuthnRequest to authenticate the user at ID Austria system.
*
- * @author amarsalek
+ * @author tlenz
*/
@Slf4j
@Component("GenerateMobilePhoneSignatureRequestTask")
public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServletTask {
-
- private static final String ERROR_CODE_02 = "module.eidasauth.02";
-
private static final String ERROR_MSG_1 =
"Requested 'ms-specific eIDAS node' {0} has no valid metadata or metadata is not found";
@@ -89,21 +80,20 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
//step 15a
// get entityID for ms-specific ID Austria node
- //TODO load from config
final String msNodeEntityID = basicConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
- // final String msNodeEntityID = "classpath:/data/idp_metadata_classpath_entity.xml";
+ IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID);
if (StringUtils.isEmpty(msNodeEntityID)) {
- log.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!");
- throw new TaskExecutionException(pendingReq, "", null);
+ log.warn("ID Austria authentication not possible -> NO EntityID for ID Austria System FOUND!");
+ throw new EaafConfigurationException(Constants.ERRORCODE_00,
+ new Object[]{IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID});
}
// load IDP SAML2 entitydescriptor
final EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID);
if (entityDesc == null) {
- throw new EaafConfigurationException(ERROR_CODE_02,
+ throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_02,
new Object[]{MessageFormat.format(ERROR_MSG_1, msNodeEntityID)});
}
@@ -117,16 +107,12 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
authnReqConfig.setIdpEntity(entityDesc);
authnReqConfig.setPassive(false);
authnReqConfig.setSignCred(credential.getMessageSigningCredential());
- authnReqConfig.setSpEntityID(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA);
+ authnReqConfig.setSpEntityID(
+ pendingReq.getAuthUrlWithOutSlash() + IdAustriaClientAuthConstants.ENDPOINT_METADATA);
authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration(
IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA,
IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL));
- authnReqConfig.setScopeRequesterId(authConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_SP_ENTITYID));
- authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName());
- authnReqConfig.setRequestedAttributes(buildRequestedAttributes(pendingReq));
-
/*build relayState for session synchronization, because SAML2 only allows RelayState with 80 characters
* but encrypted PendingRequestId is much longer.
*/
@@ -136,37 +122,10 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
// build and transmit AuthnRequest
authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response);
-
- //TODO
} catch (final Exception e) {
- e.printStackTrace();
- log.error("Initial search FAILED.", e);
- throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e);
+ throw new TaskExecutionException(pendingReq,
+ "Generation of SAML2 AuthnRequest to ID Austria System FAILED", e);
+
}
}
-
- private List<EaafRequestedAttribute> buildRequestedAttributes(IRequest pendingReq) {
- final List<EaafRequestedAttribute> attributes = new ArrayList<>();
-
- //build TransactionId attribute
- final Attribute attrTransId = PvpAttributeBuilder.buildEmptyAttribute(
- ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME);
- final EaafRequestedAttribute attrTransIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
- attrTransId,
- true,
- pendingReq.getUniqueTransactionIdentifier());
- attributes.add(attrTransIdReqAttr);
-
- // build EID sector for identification attribute
- final Attribute attr = PvpAttributeBuilder.buildEmptyAttribute(
- PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME);
- final EaafRequestedAttribute bpkTargetReqAttr = Saml2Utils.generateReqAuthnAttributeSimple(
- attr,
- true,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
- attributes.add(bpkTargetReqAttr);
-
- return attributes;
- }
-
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
index 1dc8befd..44e13d78 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
@@ -23,6 +23,24 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
@@ -31,10 +49,10 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatur
import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
@@ -60,27 +78,11 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.core.xml.io.MarshallingException;
-import org.opensaml.messaging.decoder.MessageDecodingException;
-import org.opensaml.saml.saml2.core.Response;
-import org.opensaml.saml.saml2.core.StatusCode;
-import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Set;
/**
- * Task that searches ErnB and ZMR before adding person to SZR.
+ * Task that receives the SAML2 response from ID Austria system.
*
- * @author amarsalek
+ * @author tlenz
*/
@Slf4j
@Component("ReceiveMobilePhoneSignatureResponseTask")
@@ -102,9 +104,9 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
private static final String ERROR_PVP_12 = "sp.pvp2.12";
private static final String ERROR_MSG_00 =
- "Receive INVALID PVP Response from federated IDP";
+ "Receive INVALID PVP Response from ID Austria system";
private static final String ERROR_MSG_01 =
- "Processing PVP response from 'ms-specific eIDAS node' FAILED.";
+ "Processing PVP response from 'ID Austria system' FAILED.";
private static final String ERROR_MSG_02 =
"PVP response decrytion FAILED. No credential found.";
private static final String ERROR_MSG_03 =
@@ -124,29 +126,21 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
throws TaskExecutionException {
try {
log.trace("Starting ReceiveMobilePhoneSignatureResponseTask");//Node 15
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- MergedRegisterSearchResult initialSearchResult =
- authProcessData.getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
- MergedRegisterSearchResult.class);
- SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS,
- SimpleEidasData.class);
-
-
InboundMessage msg = null;
-
IDecoder decoder = null;
EaafUriCompare comperator = null;
+
// select Response Binding
if (request.getMethod().equalsIgnoreCase("POST")) {
decoder = new PostBinding();
comperator = new EaafUriCompare(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_POST);
- log.trace("Receive PVP Response from 'ID Austria node', by using POST-Binding.");
+ log.trace("Receive PVP Response from 'ID Austria system', by using POST-Binding.");
} else if (request.getMethod().equalsIgnoreCase("GET")) {
decoder = new RedirectBinding();
comperator = new EaafUriCompare(pendingReq.getAuthUrl()
+ IdAustriaClientAuthConstants.ENDPOINT_REDIRECT);
- log.trace("Receive PVP Response from 'ID Austria node', by using Redirect-Binding.");
+ log.trace("Receive PVP Response from 'ID Austria system', by using Redirect-Binding.");
} else {
log.warn("Receive PVP Response, but Binding ("
@@ -180,10 +174,10 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
} else {
// validate entityId of response
final String msNodeEntityID = authConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+ IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID);
final String respEntityId = msg.getEntityID();
if (!msNodeEntityID.equals(respEntityId)) {
- log.warn("Response Issuer is not a 'ID Austria node'. Stopping eIDAS authentication ...");
+ log.warn("Response Issuer is not from valid 'ID Austria IDP'. Stopping ID Austria authentication ...");
throw new AuthnResponseValidationException(ERROR_PVP_08,
new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
msg.getEntityID()});
@@ -194,6 +188,29 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
final AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
+
+
+
+ /*
+ * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem
+ * <AssertionAttributeExtractor extractor> ausgelesen werden.
+ * Die AttributeNamen sind entsprechend PVP Spezifikation, z.B. PvpAttributeDefinitions.GIVEN_NAME_NAME
+ *
+ * ---------------------------------------------------------------------------------------------
+ *
+ * TODO: ab hier müssen wir wohl was anpassen
+ *
+ */
+
+ //load additional search-data from pendingRequest
+ final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ MergedRegisterSearchResult initialSearchResult =
+ authProcessData.getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
+ MergedRegisterSearchResult.class);
+ SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS,
+ SimpleEidasData.class);
+
+
SimpleMobileSignatureData simpleMobileSignatureData =
getAuthDataFromInterfederation(extractor, authProcessData);
if (!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) {
@@ -278,8 +295,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
return Pair.newInstance(msg, false);
} else {
- log.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue()
- + " from 'ms-specific eIDAS node'.");
+ log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.",
+ samlResp.getStatus().getStatusCode().getValue());
StatusCode subStatusCode = getSubStatusCode(samlResp);
if (subStatusCode != null
&& IdAustriaClientAuthConstants.SAML2_STATUSCODE_USERSTOP.equals(subStatusCode.getValue())) {
@@ -311,6 +328,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
&& StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) {
return samlResp.getStatus().getStatusCode().getStatusCode();
}
+
return null;
}
@@ -352,34 +370,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
}
- //set piiTransactionId from eIDAS Connector
- // String piiTransactionId = extractor.getSingleAttributeValue(
- // ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME);
- // if (StringUtils.isNotEmpty(piiTransactionId) && pendingReq instanceof RequestImpl) {
- // log.info("Receive piiTransactionId from Austrian eIDAS Connector. Use this for further processing");
- // ((RequestImpl) pendingReq).setUniquePiiTransactionIdentifier(piiTransactionId);
- //
- // } else {
- // log.debug("Receive no piiTransactionId from Austrian eIDAS Connector.");
- //
- // }
-
- // set foreigner flag
- // session.setForeigner(true);
-
- // set IssuerInstant from Assertion
authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
- // set CCE URL
- //if (extractor.getFullAssertion().getIssuer() != null
- //&& StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) {
- // session.setVdaUrl(extractor.getFullAssertion().getIssuer().getValue());
-
- //} //else {
- // session.setVdaUrl("eIDAS_Authentication");
-
- //}
-
} catch (final AssertionValidationExeption e) {
throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
@@ -387,39 +379,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
return simpleMobileSignatureData;
}
- // private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue)
- // throws EaafStorageException, MisException, IOException {
- // log.trace("Inject attribute: {} with value: {} into AuthSession", attrName, attrValue);
- // log.debug("Inject attribute: {} into AuthSession", attrName);
- //
- // if (ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME.equals(attrName)) {
- // log.debug("Find eidasBind attribute. Switching to E-ID mode ... ");
- // session.setEidProcess(true);
- // session.setQcBind(attrValue);
- // // session.setVsz(extractVszFromEidasBind(attrValue));
- // //T
- //
- // } else if (ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME.equals(attrName)) {
- // session.setSignedAuthBlock(Base64.getDecoder().decode(attrValue));
- // session.setSignedAuthBlockType(AuthHandlerConstants.AuthBlockType.JWS);
- //
- // } else if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
- // session.setQaaLevel(attrValue);
- //
- // // } else if (ExtendedPvpAttributeDefinitions.EID_MIS_MANDATE_NAME.equals(attrName)
- // // && authConfig.getBasicConfigurationBoolean(
- // // IdAustriaClientAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
- // // session.setMandateDate(new SignedMandateDao(attrValue));
- // // session.setUseMandates(true);
- // //
- // } else {
- // session.setGenericDataToSession(attrName, attrValue);
- //
- // }
- //
- // }
-
-
+
private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) {
List<RegisterResult> resultsZmr = zmrClient.searchWithBpkZp(bpkzp);
List<RegisterResult> resultsErnp = ernpClient.searchWithBpkZp(bpkzp);