diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main/java')
| -rw-r--r-- | modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java | 38 | 
1 files changed, 30 insertions, 8 deletions
| diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 286b63b1..b212d133 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -127,7 +127,9 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet    private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED.";    private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found.";    private static final String ERROR_MSG_03 = "PVP response validation FAILED."; - +  private static final String ERROR_GENERIC = "Matching failed, because response from ID Austria was " +      + "invalid or contains an error. Detail: {}"; +      private static final String MSG_PROP_23 = "module.eidasauth.matching.23";    private static final String MSG_PROP_24 = "module.eidasauth.matching.24"; @@ -155,6 +157,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet        InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator);        Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);        if (processedMsg.getSecond()) { +        log.info("Matching failed, because ID Austria login was stopped by user.");          // forward to next matching step in case of ID Autria authentication was stopped by user          executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);          executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_23); @@ -177,6 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet        // check if MDS from ID Austria authentication matchs to eIDAS authentication        if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { +        log.info("Matching failed, because MDS from ID-Austria login does not match to MDS from initial eIDAS");          executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);          executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_24);          executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);   @@ -207,28 +211,27 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet        }      } catch (final AuthnResponseValidationException e) { +      log.info(ERROR_GENERIC, e.getMessage());        throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);      } catch (MessageDecodingException | SecurityException | SamlSigningException e) { -      //final String samlRequest = request.getParameter("SAMLRequest"); -      //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", -      //    samlRequest, null, e); +      log.info(ERROR_GENERIC, e.getMessage());        throw new TaskExecutionException(pendingReq, ERROR_MSG_00,            new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e));      } catch (IOException | MarshallingException | TransformerException e) { -      log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); +      log.info("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);        throw new TaskExecutionException(pendingReq, ERROR_MSG_01,            new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));      } catch (final CredentialsNotAvailableException e) { -      log.debug("PVP response decryption FAILED. No credential found.", e); +      log.info("PVP response decryption FAILED. No credential found.", e);        throw new TaskExecutionException(pendingReq, ERROR_MSG_02,            new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));      } catch (final Exception e) {        // todo catch ManualFixNecessaryException in any other way? -      log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); +      log.info("PVP response validation FAILED. Msg: {}",e.getMessage(), e);        throw new TaskExecutionException(pendingReq, ERROR_MSG_03,            new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); @@ -356,7 +359,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet      final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();      for (final String attrName : includedAttrNames) {        if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { -        builder.bpk(extractor.getSingleAttributeValue(attrName)); +        builder.bpk(removeTargetPrefixFromBpk(extractor.getSingleAttributeValue(attrName)));        }        if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {          builder.givenName(extractor.getSingleAttributeValue(attrName)); @@ -377,5 +380,24 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet    } +  private String removeTargetPrefixFromBpk(String bpkWithPrefix) { +    if (StringUtils.isNotEmpty(bpkWithPrefix)) {     +      final String[] spitted = bpkWithPrefix.split(":"); +      if (spitted.length == 2) { +        log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.BPK_FRIENDLY_NAME); +        return spitted[1]; +             +      } else {       +        log.info("Find PVP-Attr: {} without prefix. Use it as it is", PvpAttributeDefinitions.BPK_FRIENDLY_NAME); +        return spitted[0]; +       +      } +    } else { +      log.warn("Receive no bPK in response from ID Austria System. There is something wrong on IDA side!!!"); +      return null;   +       +    }         +  } +  } | 
