fix(matching): remove prefix from bPK aftern an ID Austria login

author: Thomas <> 2022-05-12 10:39:31 +0200
committer: Thomas <> 2022-05-12 10:39:31 +0200
commit: 332a953758ab2626095ae5bd0169ff2edd9adcae (patch)
tree: d9a1979f6ec70ef7fd6e5d78b73a80dd2d61bbc3 /modules/authmodule-eIDAS-v2/src/main
parent: 1cfd49dacd0ad5970b5c360d2c903b60244e587b (diff)
download: National_eIDAS_Gateway-332a953758ab2626095ae5bd0169ff2edd9adcae.tar.gz
National_eIDAS_Gateway-332a953758ab2626095ae5bd0169ff2edd9adcae.tar.bz2
National_eIDAS_Gateway-332a953758ab2626095ae5bd0169ff2edd9adcae.zip
1 files changed, 30 insertions, 8 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 286b63b1..b212d133 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -127,7 +127,9 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
   private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED.";
   private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found.";
   private static final String ERROR_MSG_03 = "PVP response validation FAILED.";
-
+  private static final String ERROR_GENERIC = "Matching failed, because response from ID Austria was "
+      + "invalid or contains an error. Detail: {}";
+  
   private static final String MSG_PROP_23 = "module.eidasauth.matching.23";
   private static final String MSG_PROP_24 = "module.eidasauth.matching.24";
   
@@ -155,6 +157,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
       InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator);
       Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
       if (processedMsg.getSecond()) {
+        log.info("Matching failed, because ID Austria login was stopped by user.");
         // forward to next matching step in case of ID Autria authentication was stopped by user
         executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
         executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_23);
@@ -177,6 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
 
       // check if MDS from ID Austria authentication matchs to eIDAS authentication
       if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
+        log.info("Matching failed, because MDS from ID-Austria login does not match to MDS from initial eIDAS");
         executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
         executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_24);
         executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);  
@@ -207,28 +211,27 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
       }
 
     } catch (final AuthnResponseValidationException e) {
+      log.info(ERROR_GENERIC, e.getMessage());
       throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);
 
     } catch (MessageDecodingException | SecurityException | SamlSigningException e) {
-      //final String samlRequest = request.getParameter("SAMLRequest");
-      //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}",
-      //    samlRequest, null, e);
+      log.info(ERROR_GENERIC, e.getMessage());
       throw new TaskExecutionException(pendingReq, ERROR_MSG_00,
           new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
 
     } catch (IOException | MarshallingException | TransformerException e) {
-      log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+      log.info("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
       throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
           new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
 
     } catch (final CredentialsNotAvailableException e) {
-      log.debug("PVP response decryption FAILED. No credential found.", e);
+      log.info("PVP response decryption FAILED. No credential found.", e);
       throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
           new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
 
     } catch (final Exception e) {
       // todo catch ManualFixNecessaryException in any other way?
-      log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
+      log.info("PVP response validation FAILED. Msg: {}",e.getMessage(), e);
       throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
           new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
 
@@ -356,7 +359,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
     final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
     for (final String attrName : includedAttrNames) {
       if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
-        builder.bpk(extractor.getSingleAttributeValue(attrName));
+        builder.bpk(removeTargetPrefixFromBpk(extractor.getSingleAttributeValue(attrName)));
       }
       if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
         builder.givenName(extractor.getSingleAttributeValue(attrName));
@@ -377,5 +380,24 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
 
   }
 
+  private String removeTargetPrefixFromBpk(String bpkWithPrefix) {
+    if (StringUtils.isNotEmpty(bpkWithPrefix)) {    
+      final String[] spitted = bpkWithPrefix.split(":");
+      if (spitted.length == 2) {
+        log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.BPK_FRIENDLY_NAME);
+        return spitted[1];
+            
+      } else {      
+        log.info("Find PVP-Attr: {} without prefix. Use it as it is", PvpAttributeDefinitions.BPK_FRIENDLY_NAME);
+        return spitted[0];
+      
+      }
+    } else {
+      log.warn("Receive no bPK in response from ID Austria System. There is something wrong on IDA side!!!");
+      return null;  
+      
+    }        
+  }
+
 
 }
author	Thomas <>	2022-05-12 10:39:31 +0200
committer	Thomas <>	2022-05-12 10:39:31 +0200
commit	332a953758ab2626095ae5bd0169ff2edd9adcae (patch)
tree	d9a1979f6ec70ef7fd6e5d78b73a80dd2d61bbc3 /modules/authmodule-eIDAS-v2/src/main
parent	1cfd49dacd0ad5970b5c360d2c903b60244e587b (diff)
download	National_eIDAS_Gateway-332a953758ab2626095ae5bd0169ff2edd9adcae.tar.gz National_eIDAS_Gateway-332a953758ab2626095ae5bd0169ff2edd9adcae.tar.bz2 National_eIDAS_Gateway-332a953758ab2626095ae5bd0169ff2edd9adcae.zip