aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java124
1 files changed, 69 insertions, 55 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
index 4d305c7d..e6484e63 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java
@@ -23,16 +23,6 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
-import java.text.MessageFormat;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang3.StringUtils;
-import org.opensaml.saml.saml2.metadata.EntityDescriptor;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthRequestBuilderConfiguration;
@@ -42,15 +32,28 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder;
import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy;
+import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.text.MessageFormat;
/**
* Generate a SAML2 AuthnRequest to authenticate the user at ID Austria system.
+ * This corresponds to Step 15A in the eIDAS Matching Concept.
*
* @author tlenz
*/
@@ -77,55 +80,66 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet
throws TaskExecutionException {
try {
log.trace("Starting GenerateMobilePhoneSignatureRequestTask");
- //step 15a
-
- // get entityID for ms-specific ID Austria node
- final String msNodeEntityID = basicConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID);
-
- if (StringUtils.isEmpty(msNodeEntityID)) {
- log.warn("ID Austria authentication not possible -> NO EntityID for ID Austria System FOUND!");
- throw new EaafConfigurationException(Constants.ERRORCODE_00,
- new Object[]{IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID});
-
- }
-
- // load IDP SAML2 entitydescriptor
- final EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID);
- if (entityDesc == null) {
- throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_02,
- new Object[]{MessageFormat.format(ERROR_MSG_1, msNodeEntityID)});
-
- }
+ final String entityId = loadEntityId();
+ final EntityDescriptor entityDesc = loadEntityDescriptor(entityId);
+ final IdAustriaClientAuthRequestBuilderConfiguration authnReqConfig = buildAuthnRequestConfig(entityDesc);
+ final String relayState = buildRelayState();
+ authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response); // also transmits!
+ } catch (final Exception e) {
+ throw new TaskExecutionException(pendingReq, "Generation of SAML2 AuthnRequest to ID Austria System FAILED", e);
+ }
+ }
- // setup AuthnRequestBuilder configuration
- final IdAustriaClientAuthRequestBuilderConfiguration authnReqConfig =
- new IdAustriaClientAuthRequestBuilderConfiguration();
- final SecureRandomIdentifierGenerationStrategy gen =
- new SecureRandomIdentifierGenerationStrategy();
- authnReqConfig.setRequestId(gen.generateIdentifier());
- authnReqConfig.setIdpEntity(entityDesc);
- authnReqConfig.setPassive(false);
- authnReqConfig.setSignCred(credential.getMessageSigningCredential());
- authnReqConfig.setSpEntityID(
- pendingReq.getAuthUrlWithOutSlash() + IdAustriaClientAuthConstants.ENDPOINT_METADATA);
- authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration(
- IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA,
- IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL));
+ @NotNull
+ private String loadEntityId() throws EaafConfigurationException {
+ final String msNodeEntityID = basicConfig.getBasicConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID);
+ if (StringUtils.isEmpty(msNodeEntityID)) {
+ log.warn("ID Austria authentication not possible -> NO EntityID for ID Austria System FOUND!");
+ throw new EaafConfigurationException(Constants.ERRORCODE_00,
+ new Object[]{IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID});
+ }
+ return msNodeEntityID;
+ }
- /*build relayState for session synchronization, because SAML2 only allows RelayState with 80 characters
- * but encrypted PendingRequestId is much longer.
- */
- String relayState = Random.nextProcessReferenceValue();
- transactionStorage.put(relayState, pendingReq.getPendingRequestId(), -1);
+ /**
+ * Build relayState for session synchronization, because SAML2 only allows RelayState with 80 characters
+ * but encrypted PendingRequestId is much longer.
+ */
+ @NotNull
+ private String buildRelayState() throws EaafException {
+ String relayState = Random.nextProcessReferenceValue();
+ transactionStorage.put(relayState, pendingReq.getPendingRequestId(), -1);
+ return relayState;
+ }
- // build and transmit AuthnRequest
- authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig, relayState, response);
+ @NotNull
+ private EntityDescriptor loadEntityDescriptor(String msNodeEntityID)
+ throws ResolverException, EaafConfigurationException {
+ final EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID);
+ if (entityDesc == null) {
+ throw new EaafConfigurationException(IdAustriaClientAuthConstants.ERRORCODE_02,
+ new Object[]{MessageFormat.format(ERROR_MSG_1, msNodeEntityID)});
- } catch (final Exception e) {
- throw new TaskExecutionException(pendingReq,
- "Generation of SAML2 AuthnRequest to ID Austria System FAILED", e);
-
}
+ return entityDesc;
+ }
+
+ @NotNull
+ private IdAustriaClientAuthRequestBuilderConfiguration buildAuthnRequestConfig(EntityDescriptor entityDesc)
+ throws CredentialsNotAvailableException {
+ final IdAustriaClientAuthRequestBuilderConfiguration authnReqConfig =
+ new IdAustriaClientAuthRequestBuilderConfiguration();
+ final SecureRandomIdentifierGenerationStrategy gen = new SecureRandomIdentifierGenerationStrategy();
+ authnReqConfig.setRequestId(gen.generateIdentifier());
+ authnReqConfig.setIdpEntity(entityDesc);
+ authnReqConfig.setPassive(false);
+ authnReqConfig.setSignCred(credential.getMessageSigningCredential());
+ authnReqConfig.setSpEntityID(
+ pendingReq.getAuthUrlWithOutSlash() + IdAustriaClientAuthConstants.ENDPOINT_METADATA);
+ authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA,
+ IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL));
+ return authnReqConfig;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 13:44:32 +0000