From 31bc1246bb56fcd8807678e3f7516023bdfaed44 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 20 Jul 2018 10:56:04 +0200 Subject: add SZR client add different logging backends define errorcodes and error messages update to eIDAS Ref. impl 2.1 --- .../tasks/ReceiveAuthnResponseTask.java | 163 ++++++++------------- 1 file changed, 65 insertions(+), 98 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java index 055c402f..f0b37ede 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/tasks/ReceiveAuthnResponseTask.java @@ -5,84 +5,78 @@ package at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.tasks; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.opensaml.saml2.core.StatusCode; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; -import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; -import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; -import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import eu.eidas.auth.commons.EidasStringUtil; -import eu.eidas.auth.commons.protocol.IAuthenticationResponse; -import eu.eidas.auth.engine.ProtocolEngineI; -import eu.eidas.engine.exceptions.EIDASSAMLEngineException; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.validator.eIDASResponseValidator; +import eu.eidas.auth.commons.light.ILightResponse; -@Component("ReceiveAuthnResponseTask") +@Component("ReceiveResponseFromeIDASNodeTask") public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { - - @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; + private static final Logger log = LoggerFactory.getLogger(ReceiveAuthnResponseTask.class); - @Override + @Autowired private ApplicationContext context; + @Autowired private IConfiguration basicConfig; + @Autowired private eIDASAttributeRegistry attrRegistry; + + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - - try{ - //get SAML Response - String base64SamlToken = request.getParameter("SAMLResponse"); - if (MiscUtil.isEmpty(base64SamlToken)) { - Logger.warn("No eIDAS SAMLReponse found in http request."); - throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null); + try{ + +// //get token from Request +// final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString()); +// if (StringUtils.isEmpty(tokenBase64)) { +// log.warn("NO eIDAS message token found."); +// throw new eIDASAuthenticationException("TODO", null, +// "NO eIDAS message token found."); +// +// } +// +// //get eIDAS response from cache +// final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService = +// (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); +// ILightResponse eIDASResponse = specificConnectorCommunicationService.getAndRemoveResponse(tokenBase64, +// ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + + ILightResponse eIDASResponse = (ILightResponse) request.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE); + if (eIDASResponse == null) { + log.warn("NO eIDAS response-message found."); + throw new eIDASAuthenticationException("eidas.01", null); } - //get MOASession - defaultTaskInitialization(request, executionContext); + log.debug("Receive eIDAS response with RespId:" + eIDASResponse.getId() + " for ReqId:" + eIDASResponse.getInResponseToId()); - //decode SAML response - byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); - - //get eIDAS SAML-engine - ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); - - //validate SAML token - IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, - request.getRemoteHost(), - Constants.CONFIG_PROPS_SKEWTIME_BEFORE, - Constants.CONFIG_PROPS_SKEWTIME_AFTER, - pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); - - if (samlResp.isEncrypted()) { - Logger.info("Received encrypted eIDAS SAML-Response."); - //TODO: check if additional decryption operation is required - - } - - - //check response StatusCode - if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) { - Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode() - + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getStatusMessage()); - throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()}); + + //check response StatusCode + if (!eIDASResponse.getStatus().getStatusCode().equals(Constants.SUCCESS_URI)) { + log.info("Receice eIDAS Response with StatusCode:" + eIDASResponse.getStatus().getStatusCode() + + " Subcode:" + eIDASResponse.getStatus().getSubStatusCode() + " Msg:" + eIDASResponse.getStatus().getStatusMessage()); + throw new eIDASAuthenticationException("eidas.02", new Object[]{eIDASResponse.getStatus().getStatusCode(), eIDASResponse.getStatus().getStatusMessage()}); } + // extract all Attributes from response + + + // ********************************************************** - // ******* MOA-ID specific response validation ********** + // ******* MS-specificresponse validation ********** // ********************************************************** - String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); - eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); + String spCountry = basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + eIDASResponseValidator.validateResponse(pendingReq, eIDASResponse, spCountry, attrRegistry); // ********************************************************** @@ -90,51 +84,24 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** //update MOA-Session data with received information - Logger.debug("Store eIDAS response information into MOA-session."); - - moasession.setQAALevel(samlResp.getLevelOfAssurance()); - - moasession.setGenericDataToSession( - AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, - samlResp.getAttributes()); - - moasession.setGenericDataToSession( - AuthenticationSessionStorageConstants.eIDAS_RESPONSE, - decSamlToken); + log.debug("Store eIDAS response information into pending-request."); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + authProcessData.setQAALevel(eIDASResponse.getLevelOfAssurance()); + authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse); - //set issuer nation as PVP attribute into MOASession - moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); - //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, - MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, - samlResp.getId()); + revisionsLogger.logEvent(pendingReq, -1, eIDASResponse.getId()); - } catch (MOAIDException e) { + } catch (EAAFException e) { throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); - - }catch (EIDASSAMLEngineException e) { - Logger.warn("eIDAS Response validation FAILED.", e); - Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, - MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); - throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", - new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); - } catch (MOADatabaseException e) { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, - MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); - throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", - new MOAIDException("init.04", new Object[]{""}, e)); - } catch (Exception e) { - Logger.warn("eIDAS Response processing FAILED.", e); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, - MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + log.warn("eIDAS Response processing FAILED.", e); + revisionsLogger.logEvent(pendingReq, -1); throw new TaskExecutionException(pendingReq, e.getMessage(), - new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); + new eIDASAuthenticationException("eidas.05", new Object[]{e.getMessage()}, e)); } -- cgit v1.2.3