diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at')
5 files changed, 117 insertions, 37 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java index 254b8c70..2a7beb3b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java @@ -23,8 +23,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import lombok.Data; @Data @@ -37,30 +35,21 @@ public class SimpleMobileSignatureData { private String familyName; private String dateOfBirth; - - public boolean equalsSimpleEidasData(SimpleEidasData result) { - if (!result.getGivenName().equals(givenName)) { + /** + * Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS. + * @param simpleEidasData The extracted eIDAS data + * @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise. + */ + public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) { + if (!simpleEidasData.getGivenName().equals(givenName)) { return false; } - if (!result.getFamilyName().equals(familyName)) { + if (!simpleEidasData.getFamilyName().equals(familyName)) { return false; } - if (!result.getDateOfBirth().equals(dateOfBirth)) { + if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) { return false; } return true; } - - private boolean equals(String a, String b) { - if (a == null && b == null) { - return true; - } - if (a == null) { - return false; - } - if (b == null) { - return false; - } - return a.equals(b); - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java deleted file mode 100644 index bca04369..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java +++ /dev/null @@ -1,10 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; - -public class EidasAuthEventConstants { - - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200; - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201; - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202; - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203; - public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204; -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java new file mode 100644 index 00000000..03e570fc --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java @@ -0,0 +1,7 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + +public class IdAustriaClientAuthEventConstants { + + public static final int AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED = 6202; + public static final int AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR = 6203; +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java new file mode 100644 index 00000000..5906c7b9 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java @@ -0,0 +1,95 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient; + + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import lombok.extern.slf4j.Slf4j; + +/** + * IdAustria client controller that receives the response from national + * IdAustria node. + * + * @author tlenz + * + */ +@Slf4j +@Controller +public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSignalController { + + public static final String HTTP_PARAM_RELAYSTATE = "RelayState"; + + /** + * Default constructor with logging. + * + */ + public IdAustriaClientAuthSignalController() { + super(); + log.debug("Registering servlet " + getClass().getName() + + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_POST + + "' and '" + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT + "'."); + + } + + /** + * HTTP end-point for incoming SAML2 Response from ID Austria node. + * + * @param req HTTP request + * @param resp HTTP response + * @throws IOException In case of a HTTP communication error + * @throws EaafException In case of a state-validation problem + */ + @RequestMapping(value = { IdAustriaClientAuthConstants.ENDPOINT_POST, + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT }, + method = { RequestMethod.POST, RequestMethod.GET }) + public void performAuthentication(HttpServletRequest req, HttpServletResponse resp) + throws IOException, EaafException { + signalProcessManagement(req, resp); + + } + + /** + * Read the PendingRequestId from SAML2 RelayState parameter. + */ + @Override + public String getPendingRequestId(HttpServletRequest request) { + String relayState = StringEscapeUtils.escapeHtml4(request.getParameter(HTTP_PARAM_RELAYSTATE)); + if (StringUtils.isNotEmpty(relayState)) { + try { + String pendingReqId = transactionStorage.get(relayState, String.class); + if (StringUtils.isNotEmpty(pendingReqId)) { + + return pendingReqId; + + } else { + log.info("SAML2 RelayState from request is unknown. Can NOT restore session ... "); + + } + + } catch (EaafException e) { + log.error("Can NOT map SAML2 RelayState to pendingRequestId", e); + + } finally { + transactionStorage.remove(relayState); + + } + + } else { + log.info("No SAML2 relaystate. Can NOT restore session ... "); + + } + + return null; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 101e7c29..1dc8befd 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -31,13 +31,12 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatur import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.EidasAuthEventConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; -import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; @@ -195,8 +194,9 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); - SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); - if(!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) { + SimpleMobileSignatureData simpleMobileSignatureData = + getAuthDataFromInterfederation(extractor, authProcessData); + if (!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) { //User cheated? throw new InvalidUserInputException();//TODO } @@ -273,7 +273,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends msg.setSamlMessage(Saml2Utils.asDomDocument(samlResp).getDocumentElement()); revisionsLogger.logEvent(pendingReq, - EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED, samlResp.getID()); return Pair.newInstance(msg, false); @@ -289,7 +289,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } revisionsLogger.logEvent(pendingReq, - EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR); + IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR); throw new AuthnResponseValidationException(ERROR_PVP_05, new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), @@ -320,7 +320,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; SimpleMobileSignatureData simpleMobileSignatureData = new SimpleMobileSignatureData(); - String bpk = null; try { // check if all attributes are include if (!extractor.containsAllRequiredAttributes(requiredAttributes)) { |