1 files changed, 65 insertions, 53 deletions

diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
index 35cb6015..5e4075de 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java
@@ -19,7 +19,7 @@
  * file for details on the various modules and licenses.
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
+ */
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
 
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Component;
@@ -38,6 +39,7 @@ import at.asitplus.eidas.specific.core.MsConnectorEventCodes;
 import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
@@ -56,30 +58,45 @@ import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
 import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
 import lombok.extern.slf4j.Slf4j;
 
+
+/**
+ * Receives the authn response from the eIDAS Node, containing the (initial) eIDAS authentication.
+ * Input:
+ * <ul>
+ *     <li>none</li>
+ * </ul>
+ * Output:
+ * <ul>
+ *     <li>{@link Constants#DATA_FULL_EIDAS_RESPONSE} the full response details</li>
+ * </ul>
+ * Transitions:
+ * <ul>
+ *     <li>{@link InitialSearchTask} to perform search in registers</li>
+ * </ul>
+ *
+ * @author tlenz
+ * @author ckollmann
+ */
 @Slf4j
-@Component("ReceiveResponseFromeIDASNodeTask")
+@Component("ReceiveAuthnResponseTask")
 public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 
+  @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
+  
   @Autowired
   ApplicationContext context;
   
   @Autowired
   private IConfiguration basicConfig;
+
   @Autowired
   private EidasAttributeRegistry attrRegistry;
 
   @Override
   public void execute(ExecutionContext executionContext, HttpServletRequest request,
-      HttpServletResponse response) throws TaskExecutionException {
+                      HttpServletResponse response) throws TaskExecutionException {
     try {
-      final ILightResponse eidasResponse = (ILightResponse) request.getAttribute(
-          Constants.DATA_FULL_EIDAS_RESPONSE);
-      if (eidasResponse == null) {
-        log.warn("NO eIDAS response-message found.");
-        throw new EidasSAuthenticationException("eidas.01", null);
-
-      }
-
+      final ILightResponse eidasResponse = extractEidasResponse(request);
       String stagingEndpoint = pendingReq.getRawData(
           MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class);      
       if (StringUtils.isNotEmpty(stagingEndpoint)) {
@@ -88,20 +105,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
                 
       } else {
         executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, false);
-        processResponseOnThatStage(executionContext, eidasResponse);
-        
+        checkStatusCode(eidasResponse);
+        validateMsSpecificResponse(executionContext, eidasResponse);
+        storeInSession(eidasResponse);        
       }
       
+      revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID);
     } catch (final EaafException e) {
       revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID);
       throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
-
     } catch (final Exception e) {
       log.warn("eIDAS Response processing FAILED.", e);
       revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID);
       throw new TaskExecutionException(pendingReq, e.getMessage(),
-          new EidasSAuthenticationException("eidas.05", new Object[] { e.getMessage() }, e));
-
+          new EidasSAuthenticationException("eidas.05", new Object[]{e.getMessage()}, e));
     }
   }
 
@@ -130,56 +147,51 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
     response.sendRedirect(redirectUrl.build().encode().toString());
        
   }
+  
+  @NotNull
+  private ILightResponse extractEidasResponse(HttpServletRequest request) throws EidasSAuthenticationException {
+    final ILightResponse eidasResponse = (ILightResponse) request.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE);
+    if (eidasResponse == null) {
+      log.warn("NO eIDAS response-message found.");
+      throw new EidasSAuthenticationException("eidas.01", null);
+    }
+    log.debug("Receive eIDAS response with RespId: {} for ReqId: {}",
+        eidasResponse.getId(), eidasResponse.getInResponseToId());
+    log.trace("Full eIDAS-Resp: {}", eidasResponse);
+    revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse.getId());
+    return eidasResponse;
+  }
 
-  private void processResponseOnThatStage(ExecutionContext executionContext, ILightResponse eidasResponse) 
-      throws EaafException {
-    log.debug("Receive eIDAS response with RespId:" + eidasResponse.getId() + " for ReqId:" + eidasResponse
-        .getInResponseToId());
-    log.trace("Full eIDAS-Resp: " + eidasResponse.toString());
-    revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse
-        .getId());
-
-    // check response StatusCode
+  private void checkStatusCode(ILightResponse eidasResponse) throws EidasSAuthenticationException {
     if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) {
-      log.info("Receice eIDAS Response with StatusCode:" + eidasResponse.getStatus().getStatusCode()
-          + " Subcode:" + eidasResponse.getStatus().getSubStatusCode() + " Msg:" + eidasResponse.getStatus()
-              .getStatusMessage());
-      throw new EidasSAuthenticationException("eidas.02", new Object[] { eidasResponse.getStatus()
-          .getStatusCode(), eidasResponse.getStatus().getStatusMessage() });
-
+      log.info("Receive eIDAS Response with StatusCode: {} Subcode: {} Msg: {}",
+          eidasResponse.getStatus().getStatusCode(),
+          eidasResponse.getStatus().getSubStatusCode(),
+          eidasResponse.getStatus().getStatusMessage());
+      throw new EidasSAuthenticationException("eidas.02", new Object[]{eidasResponse.getStatus()
+          .getStatusCode(), eidasResponse.getStatus().getStatusMessage()});
     }
+  }
 
-    // extract all Attributes from response
-
-    // **********************************************************
-    // ******* MS-specificresponse validation **********
-    // **********************************************************
-    final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE,
-        "AT");
-    final String citizenCountryCode = (String) executionContext.get(
-        MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
-    EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode,
-        attrRegistry);
-
-    // **********************************************************
-    // ******* Store resonse infos into session object **********
-    // **********************************************************
+  private void validateMsSpecificResponse(ExecutionContext executionContext, ILightResponse eidasResponse)
+      throws EidasValidationException {
+    final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT");
+    final String citizenCountryCode = (String) executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY);
+    EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry);
+  }
 
-    // update MOA-Session data with received information
+  private void storeInSession(ILightResponse eidasResponse) throws EaafException {
     log.debug("Store eIDAS response information into pending-request.");
     final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
     authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
-    authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
-
     
     //inject set flag to inject 
     authProcessData.setTestIdentity(
         basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false));
-          
-    // store MOA-session to database
-    requestStoreage.storePendingRequest(pendingReq);
 
-    revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID);
+    
+    authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+    requestStoreage.storePendingRequest(pendingReq);
     
   }