aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java5
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java4
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java14
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java12
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java4
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java8
7 files changed, 26 insertions, 23 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java
index 0939bffd..113fc3e7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java
@@ -42,6 +42,7 @@ import com.google.common.collect.ImmutableSortedSet;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
import eu.eidas.auth.commons.EidasParameterKeys;
import eu.eidas.auth.commons.light.ILightResponse;
@@ -73,7 +74,7 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT
},
method = {RequestMethod.POST, RequestMethod.GET})
- public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
signalProcessManagement(req, resp);
}
@@ -111,7 +112,7 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
if (StringUtils.isEmpty(eIDASResponse.getRelayState())) {
log.debug("eIDAS Node returns no RelayState. ");
- if (authConfig.getBasicMOAIDConfigurationBoolean(
+ if (authConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER,
false)) {
log.trace("Use lightRequestId to recover session ... ");
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java
index 52572199..762bf4d4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java
@@ -104,7 +104,7 @@ public class eIDASAttributeRegistry {
* legal persons on the same time, because it's not possible to represent both simultaneously.
*/
Map<String, String> configAttributes =
- basicConfig.getBasicMOAIDConfigurationWithPrefix(
+ basicConfig.getBasicConfigurationWithPrefix(
Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_ONLYNATURAL);
for (String el: configAttributes.values()) {
if (StringUtils.isNotEmpty(el.trim())) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java
index 2003a5eb..a3d28304 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java
@@ -198,7 +198,7 @@ public class SZRClient {
log.info("Starting SZR-Client initialization .... ");
URL url = SZRClient.class.getResource("/szr_client/SZR-1.1.WSDL");
- boolean useTestSZR = basicConfig.getBasicMOAIDConfigurationBoolean(
+ boolean useTestSZR = basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE,
true);
@@ -305,7 +305,7 @@ public class SZRClient {
}
//add logging handler to trace messages if required
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES,
false)) {
LoggingHandler loggingHandler = new LoggingHandler();
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
index 481f9e1d..cc1d6ae4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
@@ -114,7 +114,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
writeMDSLogInformation(eIDData);
//connect SZR-Gateway
- if(basicConfig.getBasicMOAIDConfigurationBoolean(
+ if(basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!");
// create fake IdL
@@ -185,7 +185,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
//set PlaceOfBirth if available
if (eIDData.getPlaceOfBirth() != null) {
log.trace("Find 'PlaceOfBirth' attribute: " + eIDData.getPlaceOfBirth());
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE,
true)) {
naturalPerson.setPlaceOfBirth(eIDData.getPlaceOfBirth());
@@ -197,7 +197,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
//set BirthName if available
if (eIDData.getBirthName() != null) {
log.trace("Find 'BirthName' attribute: " + eIDData.getBirthName());
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE,
true)) {
AlternativeNameType alternativeName = new AlternativeNameType();
@@ -215,7 +215,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink();
//write ERnB inputdata into revisionlog
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
revisionsLogger.logEvent(pendingReq,
MSConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
@@ -226,7 +226,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
//get bPK from SZR
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
bPK = szrClient.getBPK(
personInfo,
@@ -370,7 +370,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
private void writeMDSLogInformation(ERnBeIDData eIDData) {
//log MDS and country code into technical log
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
MSeIDASNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false))
log.info("eIDAS Auth. for user: "
+ eIDData.getGivenName() + " "
@@ -379,7 +379,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
+ "from " + eIDData.getCitizenCountryCode());
//log MDS and country code into revision log
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
MSeIDASNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, false))
revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA,
"{" + eIDData.getGivenName() + ","
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
index 0020a222..ea5ec25f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java
@@ -156,7 +156,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for any SPType
String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class);
if (StringUtils.isNotEmpty(providerName)
- && basicConfig.getBasicMOAIDConfigurationBoolean(
+ && basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME,
false)
)
@@ -195,7 +195,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
//Workaround, because eIDAS node ref. impl. does not return relayState
- if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER,
false)) {
log.trace("Put lightRequestId into transactionstore as session-handling backup");
@@ -236,13 +236,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Constants.TEMPLATE_POST_FORWARD_NAME,
null);
- config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL);
- config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME,
+ config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL);
+ config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME,
EidasParameterKeys.TOKEN.toString());
- config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE,
+ config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE,
tokenBase64);
- guiBuilder.build(response, config, "BKU-Selection form");
+ guiBuilder.build(request, response, config, "BKU-Selection form");
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
index 93e25102..2698d4ea 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
@@ -33,6 +33,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.asitplus.eidas.specific.connector.MSConnectorEventCodes;
+import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry;
@@ -83,7 +84,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
// ******* MS-specificresponse validation **********
// **********************************************************
String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT");
- eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, attrRegistry);
+ String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
+ eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, citizenCountryCode, attrRegistry);
// **********************************************************
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java
index a659f337..f974232b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java
@@ -48,7 +48,7 @@ import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
public class eIDASResponseValidator {
private static final Logger log = LoggerFactory.getLogger(eIDASResponseValidator.class);
- public static void validateResponse(IRequest pendingReq, ILightResponse eIDASResponse, String spCountry, eIDASAttributeRegistry attrRegistry) throws eIDASValidationException {
+ public static void validateResponse(IRequest pendingReq, ILightResponse eIDASResponse, String spCountry, String citizenCountryCode, eIDASAttributeRegistry attrRegistry) throws eIDASValidationException {
/*-----------------------------------------------------|
* validate received LoA against minimum required LoA |
@@ -139,11 +139,11 @@ public class eIDASResponseValidator {
"No or empty citizen country"});
}
- if (!split.getSecond().equalsIgnoreCase(spCountry)) {
+ if (!split.getFirst().equalsIgnoreCase(citizenCountryCode)) {
log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER
- + " includes a relaying-party country that does not match to service-provider country. "
+ + " includes a citizen country that does not match to service-provider country. "
+ " Value:" + natPersId
- + " SP Country:" + spCountry);
+ + " citiczen Country:" + spCountry);
throw new eIDASValidationException("eidas.07",
new Object[]{
Constants.eIDAS_ATTR_PERSONALIDENTIFIER,
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 09:50:46 +0000