From e443168b481bb88fecbad73084147e7e8c882908 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 10 Dec 2019 07:39:27 +0100
Subject: refactoring to new EGIZ code requirements

---
 .../modules/auth/eidas/v2/EidasSignalServlet.java  | 161 +++++++++++++++++++++
 1 file changed, 161 insertions(+)
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java')

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java
new file mode 100644
index 00000000..e9302f6d
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/EidasSignalServlet.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.modules.auth.eidas.v2;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import com.google.common.collect.ImmutableSortedSet;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import eu.eidas.auth.commons.EidasParameterKeys;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl;
+
+/**
+ * Controler implementation for eIDAS Node communication.
+ * 
+ * @author tlenz
+ *
+ */
+@Controller
+public class EidasSignalServlet extends AbstractProcessEngineSignalController {
+
+  private static final Logger log = LoggerFactory.getLogger(EidasSignalServlet.class);
+  @Autowired
+  private ApplicationContext context;
+  @Autowired
+  private EidasAttributeRegistry attrRegistry;
+
+  /**
+   * eIDAS Node communication end-point implementation.
+   * 
+   */
+  public EidasSignalServlet() {
+    super();
+    log.debug("Registering servlet {} with mappings '{}' and '{}'.", 
+        getClass().getName(), Constants.eIDAS_HTTP_ENDPOINT_SP_POST, 
+        Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT);
+
+  }
+
+  @RequestMapping(value = { 
+      Constants.eIDAS_HTTP_ENDPOINT_SP_POST,
+      Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT
+      },
+      method = { RequestMethod.POST, RequestMethod.GET })
+  public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException,
+      EaafException {
+    signalProcessManagement(req, resp);
+  }
+
+  /**
+   * Protocol specific implementation to get the pending-requestID from http
+   * request object.
+   *
+   * @param request The http Servlet-Request object
+   * @return The Pending-request id
+   *
+   */
+  @Override
+  public String getPendingRequestId(HttpServletRequest request) {
+    // String sessionId = super.getPendingRequestId(request);
+
+    try {
+      // get token from Request
+      final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString());
+      if (StringUtils.isEmpty(tokenBase64)) {
+        log.warn("NO eIDAS message token found.");
+        throw new EidasSAuthenticationException("eidas.04", null);
+
+      }
+      log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... ");
+
+      final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService =
+          (SpecificConnectorCommunicationServiceImpl) context.getBean(
+              SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
+      final ILightResponse eidasResponse = specificConnectorCommunicationService.getAndRemoveResponse(
+          tokenBase64,
+          ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));
+
+      String pendingReqId = null;
+      if (StringUtils.isEmpty(eidasResponse.getRelayState())) {
+        log.debug("eIDAS Node returns no RelayState. ");
+
+        if (authConfig.getBasicConfigurationBoolean(
+            Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER,
+            false)) {
+          log.trace("Use lightRequestId to recover session ... ");
+          pendingReqId = transactionStorage.get(eidasResponse.getInResponseToId(), String.class);
+          if (StringUtils.isNotEmpty(pendingReqId)) {
+            log.debug("Restoring session with lightRequestId ... ");
+            transactionStorage.remove(eidasResponse.getInResponseToId());
+
+          }
+        }
+
+      } else {
+        log.debug("Find transaction identifier in SAML2 'RelayState': " + eidasResponse.getRelayState());
+        pendingReqId = eidasResponse.getRelayState();
+
+      }
+
+      if (StringUtils.isNotEmpty(pendingReqId)) {
+        request.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse);
+        return pendingReqId;
+
+      }
+
+      log.info("NO transaction identifier found! Stopping process ....");
+      log.trace("FullResponse: " + eidasResponse.toString());
+
+    } catch (final SpecificCommunicationException e) {
+      log.warn("Can NOT load eIDAS Response from cache.", e);
+      log.debug("eIDAS response token was: " + request.getParameter(EidasParameterKeys.TOKEN.toString()));
+
+    } catch (final Exception e) {
+      log.warn("Unable to retrieve moa session id.", e);
+
+    }
+
+    return null;
+  }
+
+}
-- 
cgit v1.2.3