aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
authorChristian Kollmann <christian.kollmann@a-sit.at>2021-02-25 07:54:53 +0100
committerChristian Kollmann <christian.kollmann@a-sit.at>2021-02-25 13:27:12 +0100
commit0c4fe92684a707040fd7536da05945a64b309740 (patch)
treee0ecf1d6367b2e110d9f1801506b9d6d6385f750 /eidas_modules/authmodule-eIDAS-v2/src/main
parent3338a3dd00fabf28f1de8579535b1626dbe99908 (diff)
downloadNational_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.gz
National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.bz2
National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.zip
Refactor tasks for MobilePhoneSignature login and tests
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java18
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java)105
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml2
3 files changed, 65 insertions, 60 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
index 2a7beb3b..e7a5547a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
@@ -24,12 +24,12 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
import lombok.Data;
+import org.apache.commons.lang3.builder.EqualsBuilder;
@Data
public class SimpleMobileSignatureData {
private String citizenCountryCode;
-
private String bpk;
private String givenName;
private String familyName;
@@ -37,19 +37,15 @@ public class SimpleMobileSignatureData {
/**
* Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS.
+ *
* @param simpleEidasData The extracted eIDAS data
* @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise.
*/
public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) {
- if (!simpleEidasData.getGivenName().equals(givenName)) {
- return false;
- }
- if (!simpleEidasData.getFamilyName().equals(familyName)) {
- return false;
- }
- if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) {
- return false;
- }
- return true;
+ return new EqualsBuilder()
+ .append(simpleEidasData.getGivenName(), givenName)
+ .append(simpleEidasData.getFamilyName(), familyName)
+ .append(simpleEidasData.getDateOfBirth(), dateOfBirth)
+ .isEquals();
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 81be04b5..0f40b337 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -64,7 +64,6 @@ import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
@@ -86,16 +85,12 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.I
*/
@Slf4j
@Component("ReceiveMobilePhoneSignatureResponseTask")
-public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask {
+public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServletTask {
- @Autowired
- private SamlVerificationEngine samlVerificationEngine;
- @Autowired
- private RegisterSearchService registerSearchService;
- @Autowired
- private IdAustriaClientAuthCredentialProvider credentialProvider;
- @Autowired
- IdAustriaClientAuthMetadataProvider metadataProvider;
+ private final SamlVerificationEngine samlVerificationEngine;
+ private final RegisterSearchService registerSearchService;
+ private final IdAustriaClientAuthCredentialProvider credentialProvider;
+ private final IdAustriaClientAuthMetadataProvider metadataProvider;
private static final String ERROR_PVP_03 = "sp.pvp2.03";
private static final String ERROR_PVP_05 = "sp.pvp2.05";
@@ -107,9 +102,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
private static final String ERROR_MSG_00 = "Receive INVALID PVP Response from ID Austria system";
private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED.";
- private static final String ERROR_MSG_02 = "PVP response decrytion FAILED. No credential found.";
+ private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found.";
private static final String ERROR_MSG_03 = "PVP response validation FAILED.";
+ /**
+ * Creates the new task, with autowired dependencies from Spring.
+ */
+ public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine,
+ RegisterSearchService registerSearchService,
+ IdAustriaClientAuthCredentialProvider credentialProvider,
+ IdAustriaClientAuthMetadataProvider metadataProvider) {
+ this.samlVerificationEngine = samlVerificationEngine;
+ this.registerSearchService = registerSearchService;
+ this.credentialProvider = credentialProvider;
+ this.metadataProvider = metadataProvider;
+ }
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
@@ -118,7 +126,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
IDecoder decoder = loadDecoder(request);
EaafUriCompare comparator = loadComparator(request);
InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator);
- final Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
+ Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
if (processedMsg.getSecond()) {
stopProcessFromUserDecision(executionContext, request, response);
return;
@@ -138,30 +146,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
*
*/
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
MergedRegisterSearchResult initialSearchResult =
authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class);
SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class);
+ String bpkZp = extractBpkZp(extractor, authProcessData, eidasData);
- SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
- if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
- //TODO User has cheated?
- throw new InvalidUserInputException();
- }
-
- String bpkZp = simpleMobileSignatureData.getBpk();
MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp);
if (result.getResultCount() == 0) {
- //go to step 16
executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
return;
} else if (result.getResultCount() == 1) {
String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq);
authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
return;
- //node 110
} else if (result.getResultCount() > 1) {
- throw new ManualFixNecessaryException("bpkZp: " + bpkZp);// node 108
+ throw new ManualFixNecessaryException("bpkZp: " + bpkZp);
}
// set NeedConsent to false, because user gives consent during authentication
@@ -180,7 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
} catch (final CredentialsNotAvailableException e) {
- log.debug("PVP response decrytion FAILED. No credential found.", e);
+ log.debug("PVP response decryption FAILED. No credential found.", e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
} catch (final Exception e) {
@@ -191,6 +191,17 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
}
}
+ private String extractBpkZp(AssertionAttributeExtractor extractor,
+ AuthProcessDataWrapper authProcessData,
+ SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException {
+ SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
+ if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
+ //TODO User has cheated?
+ throw new InvalidUserInputException();
+ }
+ return simpleMobileSignatureData.getBpk();
+ }
+
@NotNull
private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response,
IDecoder decoder, EaafUriCompare comparator) throws Exception {
@@ -297,33 +308,31 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
throws EaafBuilderException {
List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
SimpleMobileSignatureData result = new SimpleMobileSignatureData();
- try {
- if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
- log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
- throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{MODULE_NAME_FOR_LOGGING});
+ if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
+ log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
+ AssertionValidationExeption e = new AssertionValidationExeption(ERROR_PVP_06,
+ new Object[]{MODULE_NAME_FOR_LOGGING});
+ throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
+ }
+ final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+ for (final String attrName : includedAttrNames) {
+ if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
+ result.setBpk(extractor.getSingleAttributeValue(attrName));
}
- final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
- for (final String attrName : includedAttrNames) {
- if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
- result.setBpk(extractor.getSingleAttributeValue(attrName));
- }
- if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
- result.setGivenName(extractor.getSingleAttributeValue(attrName));
- }
- if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) {
- result.setFamilyName(extractor.getSingleAttributeValue(attrName));
- }
- if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
- result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
- }
- if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
- authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
- }
+ if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
+ result.setGivenName(extractor.getSingleAttributeValue(attrName));
+ }
+ if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) {
+ result.setFamilyName(extractor.getSingleAttributeValue(attrName));
+ }
+ if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
+ result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
+ }
+ if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
+ authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
}
- authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
- } catch (final AssertionValidationExeption e) {
- throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
}
+ authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
return result;
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 34046e55..ed086493 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -121,7 +121,7 @@
scope="prototype" />
<bean id="ReceiveMobilePhoneSignatureResponseTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask"
scope="prototype" />
<bean id="GenerateAustrianResidenceGuiTask"