diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java')
-rw-r--r-- | modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java | 118 |
1 files changed, 65 insertions, 53 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java index c918b7a4..cba25e58 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseTask.java @@ -19,7 +19,7 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Component; @@ -38,6 +39,7 @@ import at.asitplus.eidas.specific.core.MsConnectorEventCodes; import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; @@ -55,30 +57,45 @@ import eu.eidas.specificcommunication.exception.SpecificCommunicationException; import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; import lombok.extern.slf4j.Slf4j; + +/** + * Receives the authn response from the eIDAS Node, containing the (initial) eIDAS authentication. + * Input: + * <ul> + * <li>none</li> + * </ul> + * Output: + * <ul> + * <li>{@link Constants#DATA_FULL_EIDAS_RESPONSE} the full response details</li> + * </ul> + * Transitions: + * <ul> + * <li>{@link InitialSearchTask} to perform search in registers</li> + * </ul> + * + * @author tlenz + * @author ckollmann + */ @Slf4j -@Component("ReceiveResponseFromeIDASNodeTask") +@Component("ReceiveAuthnResponseTask") public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") + @Autowired ApplicationContext context; @Autowired private IConfiguration basicConfig; + @Autowired private EidasAttributeRegistry attrRegistry; @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, - HttpServletResponse response) throws TaskExecutionException { + HttpServletResponse response) throws TaskExecutionException { try { - final ILightResponse eidasResponse = (ILightResponse) request.getAttribute( - Constants.DATA_FULL_EIDAS_RESPONSE); - if (eidasResponse == null) { - log.warn("NO eIDAS response-message found."); - throw new EidasSAuthenticationException("eidas.01", null); - - } - + final ILightResponse eidasResponse = extractEidasResponse(request); String stagingEndpoint = pendingReq.getRawData( MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class); if (StringUtils.isNotEmpty(stagingEndpoint)) { @@ -87,20 +104,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } else { executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, false); - processResponseOnThatStage(executionContext, eidasResponse); - + checkStatusCode(eidasResponse); + validateMsSpecificResponse(executionContext, eidasResponse); + storeInSession(eidasResponse); } + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID); } catch (final EaafException e) { revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); - } catch (final Exception e) { log.warn("eIDAS Response processing FAILED.", e); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_NOT_VALID); throw new TaskExecutionException(pendingReq, e.getMessage(), - new EidasSAuthenticationException("eidas.05", new Object[] { e.getMessage() }, e)); - + new EidasSAuthenticationException("eidas.05", new Object[]{e.getMessage()}, e)); } } @@ -121,56 +138,51 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { response.sendRedirect(redirectUrl.build().encode().toString()); } + + @NotNull + private ILightResponse extractEidasResponse(HttpServletRequest request) throws EidasSAuthenticationException { + final ILightResponse eidasResponse = (ILightResponse) request.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE); + if (eidasResponse == null) { + log.warn("NO eIDAS response-message found."); + throw new EidasSAuthenticationException("eidas.01", null); + } + log.debug("Receive eIDAS response with RespId: {} for ReqId: {}", + eidasResponse.getId(), eidasResponse.getInResponseToId()); + log.trace("Full eIDAS-Resp: {}", eidasResponse); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse.getId()); + return eidasResponse; + } - private void processResponseOnThatStage(ExecutionContext executionContext, ILightResponse eidasResponse) - throws EaafException { - log.debug("Receive eIDAS response with RespId:" + eidasResponse.getId() + " for ReqId:" + eidasResponse - .getInResponseToId()); - log.trace("Full eIDAS-Resp: " + eidasResponse.toString()); - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE, eidasResponse - .getId()); - - // check response StatusCode + private void checkStatusCode(ILightResponse eidasResponse) throws EidasSAuthenticationException { if (!eidasResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { - log.info("Receice eIDAS Response with StatusCode:" + eidasResponse.getStatus().getStatusCode() - + " Subcode:" + eidasResponse.getStatus().getSubStatusCode() + " Msg:" + eidasResponse.getStatus() - .getStatusMessage()); - throw new EidasSAuthenticationException("eidas.02", new Object[] { eidasResponse.getStatus() - .getStatusCode(), eidasResponse.getStatus().getStatusMessage() }); - + log.info("Receive eIDAS Response with StatusCode: {} Subcode: {} Msg: {}", + eidasResponse.getStatus().getStatusCode(), + eidasResponse.getStatus().getSubStatusCode(), + eidasResponse.getStatus().getStatusMessage()); + throw new EidasSAuthenticationException("eidas.02", new Object[]{eidasResponse.getStatus() + .getStatusCode(), eidasResponse.getStatus().getStatusMessage()}); } + } - // extract all Attributes from response - - // ********************************************************** - // ******* MS-specificresponse validation ********** - // ********************************************************** - final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, - "AT"); - final String citizenCountryCode = (String) executionContext.get( - MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); - EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, - attrRegistry); - - // ********************************************************** - // ******* Store resonse infos into session object ********** - // ********************************************************** + private void validateMsSpecificResponse(ExecutionContext executionContext, ILightResponse eidasResponse) + throws EidasValidationException { + final String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + final String citizenCountryCode = (String) executionContext.get(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + } - // update MOA-Session data with received information + private void storeInSession(ILightResponse eidasResponse) throws EaafException { log.debug("Store eIDAS response information into pending-request."); final EidAuthProcessDataWrapper authProcessData = pendingReq.getSessionData(EidAuthProcessDataWrapper.class); authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); - authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); - //inject set flag to inject authProcessData.setTestIdentity( basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_IS_TEST_IDENTITY, false)); - - // store MOA-session to database - requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_NODE_VALID); + + authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); + requestStoreage.storePendingRequest(pendingReq); } |