diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java')
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java | 124 |
1 files changed, 69 insertions, 55 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 4d305c7d..e6484e63 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -23,16 +23,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import java.text.MessageFormat; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.saml.saml2.metadata.EntityDescriptor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration; @@ -42,15 +32,28 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder; import lombok.extern.slf4j.Slf4j; +import net.shibboleth.utilities.java.support.resolver.ResolverException; import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy; +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.text.MessageFormat; /** * Generate a SAML2 AuthnRequest to authenticate the user at ID Austria system. + * This corresponds to Step 15A in the eIDAS Matching Concept. * * @author tlenz */ @@ -77,55 +80,66 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet throws TaskExecutionException { try { log.trace("Starting GenerateMobilePhoneSignatureRequestTask"); - //step 15a - - // get entityID for ms-specific ID Austria node - final String msNodeEntityID = basicConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); - - if (StringUtils.isEmpty(msNodeEntityID)) { - log.warn("ID Austria authentication not possible -> NO EntityID for ID Austria System FOUND!"); - throw new EaafConfigurationException(Constants.ERRORCODE_00, - new Object[]{IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID}); - - } - - // load IDP SAML2 entitydescriptor - final EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); - if (entityDesc == null) { - throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_02, - new Object[]{MessageFormat.format(ERROR_MSG_1, msNodeEntityID)}); - - } + final String entityId = loadEntityId(); + final EntityDescriptor entityDesc = loadEntityDescriptor(entityId); + final IdAustriaClientAuthRequestBuilderConfiguration authnReqConfig = buildAuthnRequestConfig(entityDesc); + final String relayState = buildRelayState(); + authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response); // also transmits! + } catch (final Exception e) { + throw new TaskExecutionException(pendingReq, "Generation of SAML2 AuthnRequest to ID Austria System FAILED", e); + } + } - // setup AuthnRequestBuilder configuration - final IdAustriaClientAuthRequestBuilderConfiguration authnReqConfig = - new IdAustriaClientAuthRequestBuilderConfiguration(); - final SecureRandomIdentifierGenerationStrategy gen = - new SecureRandomIdentifierGenerationStrategy(); - authnReqConfig.setRequestId(gen.generateIdentifier()); - authnReqConfig.setIdpEntity(entityDesc); - authnReqConfig.setPassive(false); - authnReqConfig.setSignCred(credential.getMessageSigningCredential()); - authnReqConfig.setSpEntityID( - pendingReq.getAuthUrlWithOutSlash() + IdAustriaClientAuthConstants.ENDPOINT_METADATA); - authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA, - IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); + @NotNull + private String loadEntityId() throws EaafConfigurationException { + final String msNodeEntityID = basicConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); + if (StringUtils.isEmpty(msNodeEntityID)) { + log.warn("ID Austria authentication not possible -> NO EntityID for ID Austria System FOUND!"); + throw new EaafConfigurationException(Constants.ERRORCODE_00, + new Object[]{IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID}); + } + return msNodeEntityID; + } - /*build relayState for session synchronization, because SAML2 only allows RelayState with 80 characters - * but encrypted PendingRequestId is much longer. - */ - String relayState = Random.nextProcessReferenceValue(); - transactionStorage.put(relayState, pendingReq.getPendingRequestId(), -1); + /** + * Build relayState for session synchronization, because SAML2 only allows RelayState with 80 characters + * but encrypted PendingRequestId is much longer. + */ + @NotNull + private String buildRelayState() throws EaafException { + String relayState = Random.nextProcessReferenceValue(); + transactionStorage.put(relayState, pendingReq.getPendingRequestId(), -1); + return relayState; + } - // build and transmit AuthnRequest - authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response); + @NotNull + private EntityDescriptor loadEntityDescriptor(String msNodeEntityID) + throws ResolverException, EaafConfigurationException { + final EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); + if (entityDesc == null) { + throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_02, + new Object[]{MessageFormat.format(ERROR_MSG_1, msNodeEntityID)}); - } catch (final Exception e) { - throw new TaskExecutionException(pendingReq, - "Generation of SAML2 AuthnRequest to ID Austria System FAILED", e); - } + return entityDesc; + } + + @NotNull + private IdAustriaClientAuthRequestBuilderConfiguration buildAuthnRequestConfig(EntityDescriptor entityDesc) + throws CredentialsNotAvailableException { + final IdAustriaClientAuthRequestBuilderConfiguration authnReqConfig = + new IdAustriaClientAuthRequestBuilderConfiguration(); + final SecureRandomIdentifierGenerationStrategy gen = new SecureRandomIdentifierGenerationStrategy(); + authnReqConfig.setRequestId(gen.generateIdentifier()); + authnReqConfig.setIdpEntity(entityDesc); + authnReqConfig.setPassive(false); + authnReqConfig.setSignCred(credential.getMessageSigningCredential()); + authnReqConfig.setSpEntityID( + pendingReq.getAuthUrlWithOutSlash() + IdAustriaClientAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration( + IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA, + IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); + return authnReqConfig; } } |