aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java29
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java10
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java7
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java95
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java13
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml3
6 files changed, 120 insertions, 37 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
index 254b8c70..2a7beb3b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
@@ -23,8 +23,6 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
-import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
import lombok.Data;
@Data
@@ -37,30 +35,21 @@ public class SimpleMobileSignatureData {
private String familyName;
private String dateOfBirth;
-
- public boolean equalsSimpleEidasData(SimpleEidasData result) {
- if (!result.getGivenName().equals(givenName)) {
+ /**
+ * Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS.
+ * @param simpleEidasData The extracted eIDAS data
+ * @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise.
+ */
+ public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) {
+ if (!simpleEidasData.getGivenName().equals(givenName)) {
return false;
}
- if (!result.getFamilyName().equals(familyName)) {
+ if (!simpleEidasData.getFamilyName().equals(familyName)) {
return false;
}
- if (!result.getDateOfBirth().equals(dateOfBirth)) {
+ if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) {
return false;
}
return true;
}
-
- private boolean equals(String a, String b) {
- if (a == null && b == null) {
- return true;
- }
- if (a == null) {
- return false;
- }
- if (b == null) {
- return false;
- }
- return a.equals(b);
- }
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java
deleted file mode 100644
index bca04369..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
-
-public class EidasAuthEventConstants {
-
- public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200;
- public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201;
- public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202;
- public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203;
- public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204;
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java
new file mode 100644
index 00000000..03e570fc
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java
@@ -0,0 +1,7 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+public class IdAustriaClientAuthEventConstants {
+
+ public static final int AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED = 6202;
+ public static final int AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR = 6203;
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java
new file mode 100644
index 00000000..5906c7b9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java
@@ -0,0 +1,95 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * IdAustria client controller that receives the response from national
+ * IdAustria node.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+@Controller
+public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSignalController {
+
+ public static final String HTTP_PARAM_RELAYSTATE = "RelayState";
+
+ /**
+ * Default constructor with logging.
+ *
+ */
+ public IdAustriaClientAuthSignalController() {
+ super();
+ log.debug("Registering servlet " + getClass().getName()
+ + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_POST
+ + "' and '" + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT + "'.");
+
+ }
+
+ /**
+ * HTTP end-point for incoming SAML2 Response from ID Austria node.
+ *
+ * @param req HTTP request
+ * @param resp HTTP response
+ * @throws IOException In case of a HTTP communication error
+ * @throws EaafException In case of a state-validation problem
+ */
+ @RequestMapping(value = { IdAustriaClientAuthConstants.ENDPOINT_POST,
+ IdAustriaClientAuthConstants.ENDPOINT_REDIRECT },
+ method = { RequestMethod.POST, RequestMethod.GET })
+ public void performAuthentication(HttpServletRequest req, HttpServletResponse resp)
+ throws IOException, EaafException {
+ signalProcessManagement(req, resp);
+
+ }
+
+ /**
+ * Read the PendingRequestId from SAML2 RelayState parameter.
+ */
+ @Override
+ public String getPendingRequestId(HttpServletRequest request) {
+ String relayState = StringEscapeUtils.escapeHtml4(request.getParameter(HTTP_PARAM_RELAYSTATE));
+ if (StringUtils.isNotEmpty(relayState)) {
+ try {
+ String pendingReqId = transactionStorage.get(relayState, String.class);
+ if (StringUtils.isNotEmpty(pendingReqId)) {
+
+ return pendingReqId;
+
+ } else {
+ log.info("SAML2 RelayState from request is unknown. Can NOT restore session ... ");
+
+ }
+
+ } catch (EaafException e) {
+ log.error("Can NOT map SAML2 RelayState to pendingRequestId", e);
+
+ } finally {
+ transactionStorage.remove(relayState);
+
+ }
+
+ } else {
+ log.info("No SAML2 relaystate. Can NOT restore session ... ");
+
+ }
+
+ return null;
+
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
index 101e7c29..1dc8befd 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
@@ -31,13 +31,12 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatur
import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.EidasAuthEventConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
@@ -195,8 +194,9 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
final AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
- SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
- if(!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) {
+ SimpleMobileSignatureData simpleMobileSignatureData =
+ getAuthDataFromInterfederation(extractor, authProcessData);
+ if (!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) {
//User cheated?
throw new InvalidUserInputException();//TODO
}
@@ -273,7 +273,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
msg.setSamlMessage(Saml2Utils.asDomDocument(samlResp).getDocumentElement());
revisionsLogger.logEvent(pendingReq,
- EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED,
+ IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED,
samlResp.getID());
return Pair.newInstance(msg, false);
@@ -289,7 +289,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
}
revisionsLogger.logEvent(pendingReq,
- EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);
+ IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR);
throw new AuthnResponseValidationException(ERROR_PVP_05,
new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
samlResp.getIssuer().getValue(),
@@ -320,7 +320,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
SimpleMobileSignatureData simpleMobileSignatureData = new SimpleMobileSignatureData();
- String bpk = null;
try {
// check if all attributes are include
if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index b5001d77..019cb03c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -143,6 +143,9 @@
<bean id="idAustriaClientAuthMetadataController"
class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
+ <bean id="idAustriaClientAuthSignalController"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthSignalController" />
+