From fda1a8333b9bd11d0457125c3156a39f03d74bd6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 2 Aug 2019 12:02:35 +0200 Subject: Refactoring to eIDASNode 2.2, eaaf-components 1.0.8 --- .../modules/authmodule_eIDASv2/eIDASSignalServlet.java | 5 +++-- .../authmodule_eIDASv2/service/eIDASAttributeRegistry.java | 2 +- .../specific/modules/authmodule_eIDASv2/szr/SZRClient.java | 4 ++-- .../authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java | 14 +++++++------- .../authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java | 12 ++++++------ .../authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java | 4 +++- .../validator/eIDASResponseValidator.java | 8 ++++---- 7 files changed, 26 insertions(+), 23 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java index 0939bffd..113fc3e7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java @@ -42,6 +42,7 @@ import com.google.common.collect.ImmutableSortedSet; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.light.ILightResponse; @@ -73,7 +74,7 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT }, method = {RequestMethod.POST, RequestMethod.GET}) - public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } @@ -111,7 +112,7 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { if (StringUtils.isEmpty(eIDASResponse.getRelayState())) { log.debug("eIDAS Node returns no RelayState. "); - if (authConfig.getBasicMOAIDConfigurationBoolean( + if (authConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, false)) { log.trace("Use lightRequestId to recover session ... "); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java index 52572199..762bf4d4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASAttributeRegistry.java @@ -104,7 +104,7 @@ public class eIDASAttributeRegistry { * legal persons on the same time, because it's not possible to represent both simultaneously. */ Map configAttributes = - basicConfig.getBasicMOAIDConfigurationWithPrefix( + basicConfig.getBasicConfigurationWithPrefix( Constants.CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_ONLYNATURAL); for (String el: configAttributes.values()) { if (StringUtils.isNotEmpty(el.trim())) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java index 2003a5eb..a3d28304 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java @@ -198,7 +198,7 @@ public class SZRClient { log.info("Starting SZR-Client initialization .... "); URL url = SZRClient.class.getResource("/szr_client/SZR-1.1.WSDL"); - boolean useTestSZR = basicConfig.getBasicMOAIDConfigurationBoolean( + boolean useTestSZR = basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, true); @@ -305,7 +305,7 @@ public class SZRClient { } //add logging handler to trace messages if required - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, false)) { LoggingHandler loggingHandler = new LoggingHandler(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java index 481f9e1d..cc1d6ae4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java @@ -114,7 +114,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { writeMDSLogInformation(eIDData); //connect SZR-Gateway - if(basicConfig.getBasicMOAIDConfigurationBoolean( + if(basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!"); // create fake IdL @@ -185,7 +185,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //set PlaceOfBirth if available if (eIDData.getPlaceOfBirth() != null) { log.trace("Find 'PlaceOfBirth' attribute: " + eIDData.getPlaceOfBirth()); - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, true)) { naturalPerson.setPlaceOfBirth(eIDData.getPlaceOfBirth()); @@ -197,7 +197,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //set BirthName if available if (eIDData.getBirthName() != null) { log.trace("Find 'BirthName' attribute: " + eIDData.getBirthName()); - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, true)) { AlternativeNameType alternativeName = new AlternativeNameType(); @@ -215,7 +215,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); //write ERnB inputdata into revisionlog - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, @@ -226,7 +226,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } //get bPK from SZR - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { bPK = szrClient.getBPK( personInfo, @@ -370,7 +370,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { private void writeMDSLogInformation(ERnBeIDData eIDData) { //log MDS and country code into technical log - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( MSeIDASNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) log.info("eIDAS Auth. for user: " + eIDData.getGivenName() + " " @@ -379,7 +379,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { + "from " + eIDData.getCitizenCountryCode()); //log MDS and country code into revision log - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( MSeIDASNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, false)) revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA, "{" + eIDData.getGivenName() + "," diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java index 0020a222..ea5ec25f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/GenerateAuthnRequestTask.java @@ -156,7 +156,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //TODO: only for eIDAS ref. node 2.0 and 2.1 because it need 'Providername' for any SPType String providerName = pendingReq.getRawData(Constants.DATA_PROVIDERNAME, String.class); if (StringUtils.isNotEmpty(providerName) - && basicConfig.getBasicMOAIDConfigurationBoolean( + && basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME, false) ) @@ -195,7 +195,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); //Workaround, because eIDAS node ref. impl. does not return relayState - if (basicConfig.getBasicMOAIDConfigurationBoolean( + if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, false)) { log.trace("Put lightRequestId into transactionstore as session-handling backup"); @@ -236,13 +236,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { Constants.TEMPLATE_POST_FORWARD_NAME, null); - config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL); - config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_ENDPOINT, forwardURL); + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_NAME, EidasParameterKeys.TOKEN.toString()); - config.putCustomParameter(Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, + config.putCustomParameter(null, Constants.TEMPLATE_POST_FORWARD_TOKEN_VALUE, tokenBase64); - guiBuilder.build(response, config, "BKU-Selection form"); + guiBuilder.build(request, response, config, "BKU-Selection form"); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java index 93e25102..2698d4ea 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java @@ -33,6 +33,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.asitplus.eidas.specific.connector.MSConnectorEventCodes; +import at.asitplus.eidas.specific.connector.MSeIDASNodeConstants; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; @@ -83,7 +84,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ******* MS-specificresponse validation ********** // ********************************************************** String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); - eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, attrRegistry); + String citizenCountryCode = (String) executionContext.get(MSeIDASNodeConstants.REQ_PARAM_SELECTED_COUNTRY); + eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, citizenCountryCode, attrRegistry); // ********************************************************** diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java index a659f337..f974232b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/validator/eIDASResponseValidator.java @@ -48,7 +48,7 @@ import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; public class eIDASResponseValidator { private static final Logger log = LoggerFactory.getLogger(eIDASResponseValidator.class); - public static void validateResponse(IRequest pendingReq, ILightResponse eIDASResponse, String spCountry, eIDASAttributeRegistry attrRegistry) throws eIDASValidationException { + public static void validateResponse(IRequest pendingReq, ILightResponse eIDASResponse, String spCountry, String citizenCountryCode, eIDASAttributeRegistry attrRegistry) throws eIDASValidationException { /*-----------------------------------------------------| * validate received LoA against minimum required LoA | @@ -139,11 +139,11 @@ public class eIDASResponseValidator { "No or empty citizen country"}); } - if (!split.getSecond().equalsIgnoreCase(spCountry)) { + if (!split.getFirst().equalsIgnoreCase(citizenCountryCode)) { log.warn("eIDAS attribute value for " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER - + " includes a relaying-party country that does not match to service-provider country. " + + " includes a citizen country that does not match to service-provider country. " + " Value:" + natPersId - + " SP Country:" + spCountry); + + " citiczen Country:" + spCountry); throw new eIDASValidationException("eidas.07", new Object[]{ Constants.eIDAS_ATTR_PERSONALIDENTIFIER, -- cgit v1.2.3