aboutsummaryrefslogtreecommitdiff
path: root/modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
authorThomas <>2022-05-12 10:39:31 +0200
committerThomas <>2022-05-12 10:39:31 +0200
commit332a953758ab2626095ae5bd0169ff2edd9adcae (patch)
treed9a1979f6ec70ef7fd6e5d78b73a80dd2d61bbc3 /modules/authmodule-eIDAS-v2/src/main
parent1cfd49dacd0ad5970b5c360d2c903b60244e587b (diff)
downloadNational_eIDAS_Gateway-332a953758ab2626095ae5bd0169ff2edd9adcae.tar.gz
National_eIDAS_Gateway-332a953758ab2626095ae5bd0169ff2edd9adcae.tar.bz2
National_eIDAS_Gateway-332a953758ab2626095ae5bd0169ff2edd9adcae.zip
fix(matching): remove prefix from bPK aftern an ID Austria login
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java38
1 files changed, 30 insertions, 8 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 286b63b1..b212d133 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -127,7 +127,9 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED.";
private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found.";
private static final String ERROR_MSG_03 = "PVP response validation FAILED.";
-
+ private static final String ERROR_GENERIC = "Matching failed, because response from ID Austria was "
+ + "invalid or contains an error. Detail: {}";
+
private static final String MSG_PROP_23 = "module.eidasauth.matching.23";
private static final String MSG_PROP_24 = "module.eidasauth.matching.24";
@@ -155,6 +157,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator);
Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
if (processedMsg.getSecond()) {
+ log.info("Matching failed, because ID Austria login was stopped by user.");
// forward to next matching step in case of ID Autria authentication was stopped by user
executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_23);
@@ -177,6 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
// check if MDS from ID Austria authentication matchs to eIDAS authentication
if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
+ log.info("Matching failed, because MDS from ID-Austria login does not match to MDS from initial eIDAS");
executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_24);
executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
@@ -207,28 +211,27 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
}
} catch (final AuthnResponseValidationException e) {
+ log.info(ERROR_GENERIC, e.getMessage());
throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);
} catch (MessageDecodingException | SecurityException | SamlSigningException e) {
- //final String samlRequest = request.getParameter("SAMLRequest");
- //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}",
- // samlRequest, null, e);
+ log.info(ERROR_GENERIC, e.getMessage());
throw new TaskExecutionException(pendingReq, ERROR_MSG_00,
new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
} catch (IOException | MarshallingException | TransformerException e) {
- log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+ log.info("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
} catch (final CredentialsNotAvailableException e) {
- log.debug("PVP response decryption FAILED. No credential found.", e);
+ log.info("PVP response decryption FAILED. No credential found.", e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
} catch (final Exception e) {
// todo catch ManualFixNecessaryException in any other way?
- log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
+ log.info("PVP response validation FAILED. Msg: {}",e.getMessage(), e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
@@ -356,7 +359,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
for (final String attrName : includedAttrNames) {
if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
- builder.bpk(extractor.getSingleAttributeValue(attrName));
+ builder.bpk(removeTargetPrefixFromBpk(extractor.getSingleAttributeValue(attrName)));
}
if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
builder.givenName(extractor.getSingleAttributeValue(attrName));
@@ -377,5 +380,24 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
}
+ private String removeTargetPrefixFromBpk(String bpkWithPrefix) {
+ if (StringUtils.isNotEmpty(bpkWithPrefix)) {
+ final String[] spitted = bpkWithPrefix.split(":");
+ if (spitted.length == 2) {
+ log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.BPK_FRIENDLY_NAME);
+ return spitted[1];
+
+ } else {
+ log.info("Find PVP-Attr: {} without prefix. Use it as it is", PvpAttributeDefinitions.BPK_FRIENDLY_NAME);
+ return spitted[0];
+
+ }
+ } else {
+ log.warn("Receive no bPK in response from ID Austria System. There is something wrong on IDA side!!!");
+ return null;
+
+ }
+ }
+
}