From 31bc1246bb56fcd8807678e3f7516023bdfaed44 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 20 Jul 2018 10:56:04 +0200
Subject: add SZR client add different logging backends define errorcodes and
 error messages update to eIDAS Ref. impl 2.1

---
 .../authmodule_eIDASv2/eIDASSignalServlet.java     | 89 +++++++++++++++++-----
 1 file changed, 69 insertions(+), 20 deletions(-)

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java')

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java
index 51d1bd0c..77f799e7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java
@@ -8,14 +8,25 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.text.StringEscapeUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import com.google.common.collect.ImmutableSortedSet;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
+import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry;
+import eu.eidas.auth.commons.EidasParameterKeys;
+import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl;
+
 
 /**
  * @author tlenz
@@ -25,9 +36,10 @@ import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalControll
 public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
 	
 	private static final Logger log = LoggerFactory.getLogger(eIDASSignalServlet.class);
+	@Autowired private ApplicationContext context;
+	@Autowired private eIDASAttributeRegistry attrRegistry;
 	
-
-	public eIDASSignalServlet() {
+	public eIDASSignalServlet() { 
 		super();
 		log.debug("Registering servlet " + getClass().getName() + 
 				" with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + 
@@ -39,11 +51,11 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
 							  Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT
 							}, 
 					method = {RequestMethod.POST, RequestMethod.GET})
-	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+	public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 		signalProcessManagement(req, resp);
 	}
 	
-	@Override
+	
 	/**
 	 * Protocol specific implementation to get the pending-requestID 
 	 * from http request object
@@ -52,31 +64,68 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
 	 * @return The Pending-request id 
 	 * 
 	 */
+	@Override
 	public String getPendingRequestId(HttpServletRequest request) {
-		String sessionId = super.getPendingRequestId(request);
+		//String sessionId = super.getPendingRequestId(request);
 		
 		try {
-
-			// use SAML2 relayState
-			if (sessionId == null) {
-				log.trace("No transaction identifier from pendingReq. Search for SAML2 'RelayState' ...");
-				sessionId = StringEscapeUtils.escapeHtml4(request.getParameter("RelayState"));
-				
-				if (StringUtils.isEmpty(sessionId))
-						log.info("NO transaction identifier found! Stopping process ....");
-				else
-					log.debug("Find transaction identifier in SAML2 'RelayState': " + sessionId);
+			//get token from Request
+			final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString());			
+			if (StringUtils.isEmpty(tokenBase64)) {
+				log.warn("NO eIDAS message token found.");
+				throw new eIDASAuthenticationException("eidas.04", null);
 				
+			}
+			log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... ");
 			
-			} else
-				log.trace("Find transaction identifier from pendingReq.");
+			
+			
+			final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService =
+	                (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
+			ILightResponse eIDASResponse = specificConnectorCommunicationService.getAndRemoveResponse(tokenBase64, 
+    			ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes()));
+				
+			String pendingReqId = null;
+			if (StringUtils.isEmpty(eIDASResponse.getRelayState())) {
+				log.debug("eIDAS Node returns no RelayState. ");
+				
+				if (authConfig.getBasicMOAIDConfigurationBoolean(
+						Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, 
+						false)) {
+					log.trace("Use lightRequestId to recover session ... ");
+					pendingReqId = transactionStorage.get(eIDASResponse.getInResponseToId(), String.class);
+					if (StringUtils.isNotEmpty(pendingReqId)) {
+						log.debug("Restoring session with lightRequestId ... ");
+						transactionStorage.remove(eIDASResponse.getInResponseToId());
+						
+					}		
+				} 
+											
+			} else {			
+				log.debug("Find transaction identifier in SAML2 'RelayState': " + eIDASResponse.getRelayState());
+				pendingReqId = eIDASResponse.getRelayState();
+				 				
+			}
 
+			if (StringUtils.isNotEmpty(pendingReqId)) {
+				request.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse);
+				return pendingReqId;
+				
+			}
+
+			log.info("NO transaction identifier found! Stopping process ....");
+			log.trace("FullResponse: " + eIDASResponse.toString());
+			
+		} catch (SpecificCommunicationException e) {
+			log.warn("Can NOT load eIDAS Response from cache.", e);
+			log.debug("eIDAS response token was: " + request.getParameter(EidasParameterKeys.TOKEN.toString()));
+			
 		} catch (Exception e) {
 			log.warn("Unable to retrieve moa session id.", e);
 			
 		}
 
-		return sessionId;
+		return null;
 	}
 	
 }
-- 
cgit v1.2.3