aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
authorThomas <>2022-03-04 08:53:06 +0100
committerThomas <>2022-03-04 08:53:06 +0100
commit9a16e78a3403200bb100bec5f578fe84fb52c6c6 (patch)
treed8ae96465dd373afa09b273e50ae70af6e4c9502 /eidas_modules/authmodule-eIDAS-v2/src/main
parent1da1de0c549f98facfe71887e0d7f29825cfedfe (diff)
downloadNational_eIDAS_Gateway-9a16e78a3403200bb100bec5f578fe84fb52c6c6.tar.gz
National_eIDAS_Gateway-9a16e78a3403200bb100bec5f578fe84fb52c6c6.tar.bz2
National_eIDAS_Gateway-9a16e78a3403200bb100bec5f578fe84fb52c6c6.zip
feature(eidas): add optional parameter to support more-than-one MS-Connector stage
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java3
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java23
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java139
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml19
4 files changed, 125 insertions, 59 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 1732a61a..ea1dc97a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -125,6 +125,9 @@ public class Constants {
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE =
CONIG_PROPS_EIDAS_SZRCLIENT + ".revisionlog.eidmapping.active";
+ public static final String CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR =
+ CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.staging.msconnector.endpoint";
+
@Deprecated
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL =
CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.url";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
index 9900fa98..82226d59 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java
@@ -46,6 +46,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import eu.eidas.auth.commons.EidasParameterKeys;
@@ -125,14 +126,17 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
// Add country-specific informations into eIDAS request
ccSpecificProcessing.preProcess(citizenCountryCode, pendingReq, authnRequestBuilder);
-
+
// build request
final LightRequest lightAuthnReq = authnRequestBuilder.build();
- // put request into Hazelcast cache
+ // put request into shared cache
final BinaryLightToken token = putRequestInCommunicationCache(lightAuthnReq);
final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
+ // Workaround for ms-connector staging
+ injectStagingWorkaroundForMsConnector();
+
// Workaround, because eIDAS node ref. impl. does not return relayState
if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER,
@@ -200,6 +204,21 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
}
+
+ private void injectStagingWorkaroundForMsConnector() throws EaafException {
+ String alternativReturnEndpoint = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR);
+ if (StringUtils.isNotEmpty(alternativReturnEndpoint)) {
+ log.info("Inject alternative MS-Connector end-point: {}", alternativReturnEndpoint);
+ pendingReq.setRawDataToTransaction(
+ MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, alternativReturnEndpoint);
+
+ // store pending request after update
+ requestStoreage.storePendingRequest(pendingReq);
+
+ }
+ }
+
/**
* Select a forward URL from configuration for a specific environment <br>
* <br>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
index 6cab9214..5c5c3461 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
@@ -23,11 +23,16 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.io.IOException;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Component;
+import org.springframework.web.util.UriComponentsBuilder;
import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
@@ -41,7 +46,13 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import eu.eidas.auth.commons.EidasParameterKeys;
import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.tx.BinaryLightToken;
+import eu.eidas.specificcommunication.BinaryLightTokenHelper;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -49,6 +60,9 @@ import lombok.extern.slf4j.Slf4j;
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
@Autowired
+ ApplicationContext context;
+
+ @Autowired
private IConfiguration basicConfig;
@Autowired
private EidasAttributeRegistry attrRegistry;
@@ -65,54 +79,18 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
}
- log.debug("Receive eIDAS response with RespId:" + eidasResponse.getId() + " for ReqId:" + eidasResponse
- .getInResponseToId());
- log.trace("Full eIDAS-Resp: " + eidasResponse.toString());
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse
- .getId());
-
- // check response StatusCode
- if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) {
- log.info("Receice eIDAS Response with StatusCode:" + eidasResponse.getStatus().getStatusCode()
- + " Subcode:" + eidasResponse.getStatus().getSubStatusCode() + " Msg:" + eidasResponse.getStatus()
- .getStatusMessage());
- throw new EidasSAuthenticationException("eidas.02", new Object[] { eidasResponse.getStatus()
- .getStatusCode(), eidasResponse.getStatus().getStatusMessage() });
-
+ String stagingEndpoint = pendingReq.getRawData(
+ MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class);
+ if (StringUtils.isNotEmpty(stagingEndpoint)) {
+ log.info("Find ms-connector staging to: {}. Forwarding to that endpoint ... ", stagingEndpoint);
+ forwardToOtherStage(response, executionContext, eidasResponse, stagingEndpoint);
+
+ } else {
+ executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, false);
+ processResponseOnThatStage(executionContext, eidasResponse);
+
}
-
- // extract all Attributes from response
-
- // **********************************************************
- // ******* MS-specificresponse validation **********
- // **********************************************************
- final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE,
- "AT");
- final String citizenCountryCode = (String) executionContext.get(
- MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
- EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode,
- attrRegistry);
-
- // **********************************************************
- // ******* Store resonse infos into session object **********
- // **********************************************************
-
- // update MOA-Session data with received information
- log.debug("Store eIDAS response information into pending-request.");
- final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
- authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
- authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
-
- //inject set flag to inject
- authProcessData.setTestIdentity(
- basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false));
-
- // store MOA-session to database
- requestStoreage.storePendingRequest(pendingReq);
-
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID);
-
} catch (final EaafException e) {
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID);
throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
@@ -124,7 +102,76 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
new EidasSAuthenticationException("eidas.05", new Object[] { e.getMessage() }, e));
}
+ }
+
+ private void forwardToOtherStage(HttpServletResponse response, ExecutionContext executionContext,
+ ILightResponse eidasResponse, String stagingEndpoint) throws SpecificCommunicationException, IOException {
+ executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, true);
+
+ final SpecificCommunicationService specificConnectorCommunicationService =
+ (SpecificCommunicationService) context.getBean(
+ SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
+ BinaryLightToken token = specificConnectorCommunicationService.putResponse(eidasResponse);
+ final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
+
+ final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(stagingEndpoint);
+ redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64);
+
+ log.debug("Forward to other stage .... ");
+ response.sendRedirect(redirectUrl.build().encode().toString());
+
+ }
+
+ private void processResponseOnThatStage(ExecutionContext executionContext, ILightResponse eidasResponse)
+ throws EaafException {
+ log.debug("Receive eIDAS response with RespId:" + eidasResponse.getId() + " for ReqId:" + eidasResponse
+ .getInResponseToId());
+ log.trace("Full eIDAS-Resp: " + eidasResponse.toString());
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse
+ .getId());
+
+ // check response StatusCode
+ if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) {
+ log.info("Receice eIDAS Response with StatusCode:" + eidasResponse.getStatus().getStatusCode()
+ + " Subcode:" + eidasResponse.getStatus().getSubStatusCode() + " Msg:" + eidasResponse.getStatus()
+ .getStatusMessage());
+ throw new EidasSAuthenticationException("eidas.02", new Object[] { eidasResponse.getStatus()
+ .getStatusCode(), eidasResponse.getStatus().getStatusMessage() });
+
+ }
+ // extract all Attributes from response
+
+ // **********************************************************
+ // ******* MS-specificresponse validation **********
+ // **********************************************************
+ final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE,
+ "AT");
+ final String citizenCountryCode = (String) executionContext.get(
+ MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
+ EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode,
+ attrRegistry);
+
+ // **********************************************************
+ // ******* Store resonse infos into session object **********
+ // **********************************************************
+
+ // update MOA-Session data with received information
+ log.debug("Store eIDAS response information into pending-request.");
+ final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+ authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
+ authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+
+
+ //inject set flag to inject
+ authProcessData.setTestIdentity(
+ basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false));
+
+ // store MOA-session to database
+ requestStoreage.storePendingRequest(pendingReq);
+
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID);
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
index 55bb1ace..e645c50e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
@@ -13,17 +13,14 @@
<pd:StartEvent id="start" />
- <pd:Transition from="start"
- to="createAuthnRequest" />
- <pd:Transition from="createAuthnRequest"
- to="receiveAuthnResponse" />
- <pd:Transition from="receiveAuthnResponse"
- to="generateIdentityLink" />
- <pd:Transition from="generateIdentityLink"
- to="finalizeAuthentication" />
- <pd:Transition from="finalizeAuthentication"
- to="end" />
-
+ <pd:Transition from="start" to="createAuthnRequest" />
+ <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" />
+ <pd:Transition conditionExpression="ctx['msConnectorStaging']"
+ from="receiveAuthnResponse" to="end" />
+ <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" />
+ <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" />
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
<pd:EndEvent id="end" />
</pd:ProcessDefinition>