diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java')
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java | 91 |
1 files changed, 25 insertions, 66 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index b4fe8bd7..4d305c7d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -23,13 +23,21 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.text.MessageFormat; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; @@ -37,36 +45,19 @@ import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy; -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.saml2.core.Attribute; -import org.opensaml.saml.saml2.metadata.EntityDescriptor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.text.MessageFormat; -import java.util.ArrayList; -import java.util.List; /** - * Task that searches ErnB and ZMR before adding person to SZR. + * Generate a SAML2 AuthnRequest to authenticate the user at ID Austria system. * - * @author amarsalek + * @author tlenz */ @Slf4j @Component("GenerateMobilePhoneSignatureRequestTask") public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServletTask { - - private static final String ERROR_CODE_02 = "module.eidasauth.02"; - private static final String ERROR_MSG_1 = "Requested 'ms-specific eIDAS node' {0} has no valid metadata or metadata is not found"; @@ -89,21 +80,20 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet //step 15a // get entityID for ms-specific ID Austria node - //TODO load from config final String msNodeEntityID = basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID); - // final String msNodeEntityID = "classpath:/data/idp_metadata_classpath_entity.xml"; + IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); if (StringUtils.isEmpty(msNodeEntityID)) { - log.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!"); - throw new TaskExecutionException(pendingReq, "", null); + log.warn("ID Austria authentication not possible -> NO EntityID for ID Austria System FOUND!"); + throw new EaafConfigurationException(Constants.ERRORCODE_00, + new Object[]{IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID}); } // load IDP SAML2 entitydescriptor final EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); if (entityDesc == null) { - throw new EaafConfigurationException(ERROR_CODE_02, + throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_02, new Object[]{MessageFormat.format(ERROR_MSG_1, msNodeEntityID)}); } @@ -117,16 +107,12 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet authnReqConfig.setIdpEntity(entityDesc); authnReqConfig.setPassive(false); authnReqConfig.setSignCred(credential.getMessageSigningCredential()); - authnReqConfig.setSpEntityID(pendingReq.getAuthUrl() + IdAustriaClientAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setSpEntityID( + pendingReq.getAuthUrlWithOutSlash() + IdAustriaClientAuthConstants.ENDPOINT_METADATA); authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration( IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA, IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); - authnReqConfig.setScopeRequesterId(authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_SP_ENTITYID)); - authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName()); - authnReqConfig.setRequestedAttributes(buildRequestedAttributes(pendingReq)); - /*build relayState for session synchronization, because SAML2 only allows RelayState with 80 characters * but encrypted PendingRequestId is much longer. */ @@ -136,37 +122,10 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet // build and transmit AuthnRequest authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response); - - //TODO } catch (final Exception e) { - e.printStackTrace(); - log.error("Initial search FAILED.", e); - throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, + "Generation of SAML2 AuthnRequest to ID Austria System FAILED", e); + } } - - private List<EaafRequestedAttribute> buildRequestedAttributes(IRequest pendingReq) { - final List<EaafRequestedAttribute> attributes = new ArrayList<>(); - - //build TransactionId attribute - final Attribute attrTransId = PvpAttributeBuilder.buildEmptyAttribute( - ExtendedPvpAttributeDefinitions.EID_TRANSACTION_ID_NAME); - final EaafRequestedAttribute attrTransIdReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( - attrTransId, - true, - pendingReq.getUniqueTransactionIdentifier()); - attributes.add(attrTransIdReqAttr); - - // build EID sector for identification attribute - final Attribute attr = PvpAttributeBuilder.buildEmptyAttribute( - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); - final EaafRequestedAttribute bpkTargetReqAttr = Saml2Utils.generateReqAuthnAttributeSimple( - attr, - true, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - attributes.add(bpkTargetReqAttr); - - return attributes; - } - } |