aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java163
1 files changed, 65 insertions, 98 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
index 055c402f..f0b37ede 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java
@@ -5,84 +5,78 @@ package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.opensaml.saml2.core.StatusCode;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException;
-import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-import eu.eidas.auth.commons.EidasStringUtil;
-import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
-import eu.eidas.auth.engine.ProtocolEngineI;
-import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.validator.eIDASResponseValidator;
+import eu.eidas.auth.commons.light.ILightResponse;
-@Component("ReceiveAuthnResponseTask")
+@Component("ReceiveResponseFromeIDASNodeTask")
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
-
- @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
+ private static final Logger log = LoggerFactory.getLogger(ReceiveAuthnResponseTask.class);
- @Override
+ @Autowired private ApplicationContext context;
+ @Autowired private IConfiguration basicConfig;
+ @Autowired private eIDASAttributeRegistry attrRegistry;
+
+ @Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
-
- try{
- //get SAML Response
- String base64SamlToken = request.getParameter("SAMLResponse");
- if (MiscUtil.isEmpty(base64SamlToken)) {
- Logger.warn("No eIDAS SAMLReponse found in http request.");
- throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null);
+ try{
+
+// //get token from Request
+// final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString());
+// if (StringUtils.isEmpty(tokenBase64)) {
+// log.warn("NO eIDAS message token found.");
+// throw new eIDASAuthenticationException("TODO", null,
+// "NO eIDAS message token found.");
+//
+// }
+//
+// //get eIDAS response from cache
+// final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService =
+// (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
+// ILightResponse eIDASResponse = specificConnectorCommunicationService.getAndRemoveResponse(tokenBase64,
+// ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));
+
+ ILightResponse eIDASResponse = (ILightResponse) request.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE);
+ if (eIDASResponse == null) {
+ log.warn("NO eIDAS response-message found.");
+ throw new eIDASAuthenticationException("eidas.01", null);
}
- //get MOASession
- defaultTaskInitialization(request, executionContext);
+ log.debug("Receive eIDAS response with RespId:" + eIDASResponse.getId() + " for ReqId:" + eIDASResponse.getInResponseToId());
- //decode SAML response
- byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken);
-
- //get eIDAS SAML-engine
- ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
-
- //validate SAML token
- IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken,
- request.getRemoteHost(),
- Constants.CONFIG_PROPS_SKEWTIME_BEFORE,
- Constants.CONFIG_PROPS_SKEWTIME_AFTER,
- pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
-
- if (samlResp.isEncrypted()) {
- Logger.info("Received encrypted eIDAS SAML-Response.");
- //TODO: check if additional decryption operation is required
-
- }
-
-
- //check response StatusCode
- if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
- Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode()
- + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getStatusMessage());
- throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()});
+
+ //check response StatusCode
+ if (!eIDASResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) {
+ log.info("Receice eIDAS Response with StatusCode:" + eIDASResponse.getStatus().getStatusCode()
+ + " Subcode:" + eIDASResponse.getStatus().getSubStatusCode() + " Msg:" + eIDASResponse.getStatus().getStatusMessage());
+ throw new eIDASAuthenticationException("eidas.02", new Object[]{eIDASResponse.getStatus().getStatusCode(), eIDASResponse.getStatus().getStatusMessage()});
}
+ // extract all Attributes from response
+
+
+
// **********************************************************
- // ******* MOA-ID specific response validation **********
+ // ******* MS-specificresponse validation **********
// **********************************************************
- String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT");
- eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry);
+ String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT");
+ eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, attrRegistry);
// **********************************************************
@@ -90,51 +84,24 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
// **********************************************************
//update MOA-Session data with received information
- Logger.debug("Store eIDAS response information into MOA-session.");
-
- moasession.setQAALevel(samlResp.getLevelOfAssurance());
-
- moasession.setGenericDataToSession(
- AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST,
- samlResp.getAttributes());
-
- moasession.setGenericDataToSession(
- AuthenticationSessionStorageConstants.eIDAS_RESPONSE,
- decSamlToken);
+ log.debug("Store eIDAS response information into pending-request.");
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ authProcessData.setQAALevel(eIDASResponse.getLevelOfAssurance());
+ authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse);
- //set issuer nation as PVP attribute into MOASession
- moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
-
//store MOA-session to database
requestStoreage.storePendingRequest(pendingReq);
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
- MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
- samlResp.getId());
+ revisionsLogger.logEvent(pendingReq, -1, eIDASResponse.getId());
- } catch (MOAIDException e) {
+ } catch (EAAFException e) {
throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
-
- }catch (EIDASSAMLEngineException e) {
- Logger.warn("eIDAS Response validation FAILED.", e);
- Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse"));
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
- MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
- throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
- new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
- } catch (MOADatabaseException e) {
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
- MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
- throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
- new MOAIDException("init.04", new Object[]{""}, e));
-
} catch (Exception e) {
- Logger.warn("eIDAS Response processing FAILED.", e);
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
- MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+ log.warn("eIDAS Response processing FAILED.", e);
+ revisionsLogger.logEvent(pendingReq, -1);
throw new TaskExecutionException(pendingReq, e.getMessage(),
- new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e));
+ new eIDASAuthenticationException("eidas.05", new Object[]{e.getMessage()}, e));
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 04:09:35 +0000