diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java | 18 | ||||
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java) | 105 | ||||
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml | 2 |
3 files changed, 65 insertions, 60 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java index 2a7beb3b..e7a5547a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java @@ -24,12 +24,12 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; import lombok.Data; +import org.apache.commons.lang3.builder.EqualsBuilder; @Data public class SimpleMobileSignatureData { private String citizenCountryCode; - private String bpk; private String givenName; private String familyName; @@ -37,19 +37,15 @@ public class SimpleMobileSignatureData { /** * Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS. + * * @param simpleEidasData The extracted eIDAS data * @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise. */ public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) { - if (!simpleEidasData.getGivenName().equals(givenName)) { - return false; - } - if (!simpleEidasData.getFamilyName().equals(familyName)) { - return false; - } - if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) { - return false; - } - return true; + return new EqualsBuilder() + .append(simpleEidasData.getGivenName(), givenName) + .append(simpleEidasData.getFamilyName(), familyName) + .append(simpleEidasData.getDateOfBirth(), dateOfBirth) + .isEquals(); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 81be04b5..0f40b337 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -64,7 +64,6 @@ import org.opensaml.messaging.decoder.MessageDecodingException; import org.opensaml.saml.saml2.core.Response; import org.opensaml.saml.saml2.core.StatusCode; import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; @@ -86,16 +85,12 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.I */ @Slf4j @Component("ReceiveMobilePhoneSignatureResponseTask") -public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask { +public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServletTask { - @Autowired - private SamlVerificationEngine samlVerificationEngine; - @Autowired - private RegisterSearchService registerSearchService; - @Autowired - private IdAustriaClientAuthCredentialProvider credentialProvider; - @Autowired - IdAustriaClientAuthMetadataProvider metadataProvider; + private final SamlVerificationEngine samlVerificationEngine; + private final RegisterSearchService registerSearchService; + private final IdAustriaClientAuthCredentialProvider credentialProvider; + private final IdAustriaClientAuthMetadataProvider metadataProvider; private static final String ERROR_PVP_03 = "sp.pvp2.03"; private static final String ERROR_PVP_05 = "sp.pvp2.05"; @@ -107,9 +102,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends private static final String ERROR_MSG_00 = "Receive INVALID PVP Response from ID Austria system"; private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED."; - private static final String ERROR_MSG_02 = "PVP response decrytion FAILED. No credential found."; + private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found."; private static final String ERROR_MSG_03 = "PVP response validation FAILED."; + /** + * Creates the new task, with autowired dependencies from Spring. + */ + public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine, + RegisterSearchService registerSearchService, + IdAustriaClientAuthCredentialProvider credentialProvider, + IdAustriaClientAuthMetadataProvider metadataProvider) { + this.samlVerificationEngine = samlVerificationEngine; + this.registerSearchService = registerSearchService; + this.credentialProvider = credentialProvider; + this.metadataProvider = metadataProvider; + } + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -118,7 +126,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends IDecoder decoder = loadDecoder(request); EaafUriCompare comparator = loadComparator(request); InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator); - final Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage); + Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage); if (processedMsg.getSecond()) { stopProcessFromUserDecision(executionContext, request, response); return; @@ -138,30 +146,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends * */ - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); MergedRegisterSearchResult initialSearchResult = authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class); SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class); + String bpkZp = extractBpkZp(extractor, authProcessData, eidasData); - SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); - if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { - //TODO User has cheated? - throw new InvalidUserInputException(); - } - - String bpkZp = simpleMobileSignatureData.getBpk(); MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp); if (result.getResultCount() == 0) { - //go to step 16 executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; } else if (result.getResultCount() == 1) { String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq); authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); return; - //node 110 } else if (result.getResultCount() > 1) { - throw new ManualFixNecessaryException("bpkZp: " + bpkZp);// node 108 + throw new ManualFixNecessaryException("bpkZp: " + bpkZp); } // set NeedConsent to false, because user gives consent during authentication @@ -180,7 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends throw new TaskExecutionException(pendingReq, ERROR_MSG_01, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); } catch (final CredentialsNotAvailableException e) { - log.debug("PVP response decrytion FAILED. No credential found.", e); + log.debug("PVP response decryption FAILED. No credential found.", e); throw new TaskExecutionException(pendingReq, ERROR_MSG_02, new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); } catch (final Exception e) { @@ -191,6 +191,17 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } } + private String extractBpkZp(AssertionAttributeExtractor extractor, + AuthProcessDataWrapper authProcessData, + SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException { + SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); + if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { + //TODO User has cheated? + throw new InvalidUserInputException(); + } + return simpleMobileSignatureData.getBpk(); + } + @NotNull private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response, IDecoder decoder, EaafUriCompare comparator) throws Exception { @@ -297,33 +308,31 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends throws EaafBuilderException { List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; SimpleMobileSignatureData result = new SimpleMobileSignatureData(); - try { - if (!extractor.containsAllRequiredAttributes(requiredAttributes)) { - log.warn("PVP Response from 'ID Austria node' contains not all requested attributes."); - throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{MODULE_NAME_FOR_LOGGING}); + if (!extractor.containsAllRequiredAttributes(requiredAttributes)) { + log.warn("PVP Response from 'ID Austria node' contains not all requested attributes."); + AssertionValidationExeption e = new AssertionValidationExeption(ERROR_PVP_06, + new Object[]{MODULE_NAME_FOR_LOGGING}); + throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); + } + final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (final String attrName : includedAttrNames) { + if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { + result.setBpk(extractor.getSingleAttributeValue(attrName)); } - final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); - for (final String attrName : includedAttrNames) { - if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { - result.setBpk(extractor.getSingleAttributeValue(attrName)); - } - if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) { - result.setGivenName(extractor.getSingleAttributeValue(attrName)); - } - if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) { - result.setFamilyName(extractor.getSingleAttributeValue(attrName)); - } - if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) { - result.setDateOfBirth(extractor.getSingleAttributeValue(attrName)); - } - if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { - authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName)); - } + if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) { + result.setGivenName(extractor.getSingleAttributeValue(attrName)); + } + if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) { + result.setFamilyName(extractor.getSingleAttributeValue(attrName)); + } + if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) { + result.setDateOfBirth(extractor.getSingleAttributeValue(attrName)); + } + if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { + authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName)); } - authProcessData.setIssueInstant(extractor.getAssertionIssuingDate()); - } catch (final AssertionValidationExeption e) { - throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e); } + authProcessData.setIssueInstant(extractor.getAssertionIssuingDate()); return result; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 34046e55..ed086493 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -121,7 +121,7 @@ scope="prototype" /> <bean id="ReceiveMobilePhoneSignatureResponseTask" - class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask" scope="prototype" /> <bean id="GenerateAustrianResidenceGuiTask" |