From eeecdd8e6063298bb6414b9f6a8b0bc4cee2eba4 Mon Sep 17 00:00:00 2001
From: Alexander Marsalek <amarsalek@iaik.tugraz.at>
Date: Fri, 12 Feb 2021 14:31:04 +0100
Subject: tests working, added IdAustriaClientAuthSignalController

---
 .../eidas/v2/dao/SimpleMobileSignatureData.java    | 29 ++-----
 .../idaustriaclient/EidasAuthEventConstants.java   | 10 ---
 .../IdAustriaClientAuthEventConstants.java         |  7 ++
 .../IdAustriaClientAuthSignalController.java       | 95 ++++++++++++++++++++++
 ...eSignatureResponseAndSearchInRegistersTask.java | 13 ++-
 .../src/main/resources/eidas_v2_auth.beans.xml     |  3 +
 6 files changed, 120 insertions(+), 37 deletions(-)
 delete mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
index 254b8c70..2a7beb3b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
@@ -23,8 +23,6 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
-import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
 import lombok.Data;
 
 @Data
@@ -37,30 +35,21 @@ public class SimpleMobileSignatureData {
   private String familyName;
   private String dateOfBirth;
 
-
-  public boolean equalsSimpleEidasData(SimpleEidasData result) {
-    if (!result.getGivenName().equals(givenName)) {
+  /**
+   * Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS.
+   * @param simpleEidasData The extracted eIDAS data
+   * @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise.
+   */
+  public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) {
+    if (!simpleEidasData.getGivenName().equals(givenName)) {
       return false;
     }
-    if (!result.getFamilyName().equals(familyName)) {
+    if (!simpleEidasData.getFamilyName().equals(familyName)) {
       return false;
     }
-    if (!result.getDateOfBirth().equals(dateOfBirth)) {
+    if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) {
       return false;
     }
     return true;
   }
-
-  private boolean equals(String a, String b) {
-    if (a == null && b == null) {
-      return true;
-    }
-    if (a == null) {
-      return false;
-    }
-    if (b == null) {
-      return false;
-    }
-    return a.equals(b);
-  }
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java
deleted file mode 100644
index bca04369..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/EidasAuthEventConstants.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
-
-public class EidasAuthEventConstants {
-
-  public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200;
-  public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201;
-  public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202;
-  public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203;
-  public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204;
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java
new file mode 100644
index 00000000..03e570fc
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthEventConstants.java
@@ -0,0 +1,7 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+public class IdAustriaClientAuthEventConstants {
+
+  public static final int AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED = 6202;
+  public static final int AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR = 6203;
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java
new file mode 100644
index 00000000..5906c7b9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthSignalController.java
@@ -0,0 +1,95 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient;
+
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * IdAustria client controller that receives the response from national
+ * IdAustria node.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+@Controller
+public class IdAustriaClientAuthSignalController extends AbstractProcessEngineSignalController {
+
+  public static final String HTTP_PARAM_RELAYSTATE = "RelayState";
+
+  /**
+   * Default constructor with logging.
+   *
+   */
+  public IdAustriaClientAuthSignalController() {
+    super();
+    log.debug("Registering servlet " + getClass().getName()
+        + " with mappings '" + IdAustriaClientAuthConstants.ENDPOINT_POST
+        + "' and '" + IdAustriaClientAuthConstants.ENDPOINT_REDIRECT + "'.");
+
+  }
+
+  /**
+   * HTTP end-point for incoming SAML2 Response from ID Austria node.
+   *
+   * @param req HTTP request
+   * @param resp HTTP response
+   * @throws IOException In case of a HTTP communication error
+   * @throws EaafException In case of a state-validation problem
+   */
+  @RequestMapping(value = { IdAustriaClientAuthConstants.ENDPOINT_POST,
+      IdAustriaClientAuthConstants.ENDPOINT_REDIRECT },
+      method = { RequestMethod.POST, RequestMethod.GET })
+  public void performAuthentication(HttpServletRequest req, HttpServletResponse resp)
+      throws IOException, EaafException {
+    signalProcessManagement(req, resp);
+
+  }
+
+  /**
+   * Read the PendingRequestId from SAML2 RelayState parameter.
+   */
+  @Override
+  public String getPendingRequestId(HttpServletRequest request) {
+    String relayState = StringEscapeUtils.escapeHtml4(request.getParameter(HTTP_PARAM_RELAYSTATE));
+    if (StringUtils.isNotEmpty(relayState)) {
+      try {
+        String pendingReqId = transactionStorage.get(relayState, String.class);
+        if (StringUtils.isNotEmpty(pendingReqId)) {
+
+          return pendingReqId;
+
+        } else {
+          log.info("SAML2 RelayState from request is unknown. Can NOT restore session ... ");
+
+        }
+
+      } catch (EaafException e) {
+        log.error("Can NOT map SAML2 RelayState to pendingRequestId", e);
+
+      } finally {
+        transactionStorage.remove(relayState);
+
+      }
+
+    } else {
+      log.info("No SAML2 relaystate. Can NOT restore session ... ");
+
+    }
+
+    return null;
+
+  }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
index 101e7c29..1dc8befd 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
@@ -31,13 +31,12 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatur
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.EidasAuthEventConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
@@ -195,8 +194,9 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
         final AssertionAttributeExtractor extractor =
             new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
 
-        SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
-        if(!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) {
+        SimpleMobileSignatureData simpleMobileSignatureData =
+            getAuthDataFromInterfederation(extractor, authProcessData);
+        if (!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) {
           //User cheated?
           throw new InvalidUserInputException();//TODO
         }
@@ -273,7 +273,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
 
       msg.setSamlMessage(Saml2Utils.asDomDocument(samlResp).getDocumentElement());
       revisionsLogger.logEvent(pendingReq,
-          EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED,
+          IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED,
           samlResp.getID());
       return Pair.newInstance(msg, false);
 
@@ -289,7 +289,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
       }
 
       revisionsLogger.logEvent(pendingReq,
-          EidasAuthEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);
+          IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED_ERROR);
       throw new AuthnResponseValidationException(ERROR_PVP_05,
           new Object[]{IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING,
               samlResp.getIssuer().getValue(),
@@ -320,7 +320,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
 
     List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
     SimpleMobileSignatureData simpleMobileSignatureData = new SimpleMobileSignatureData();
-    String bpk = null;
     try {
       // check if all attributes are include
       if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index b5001d77..019cb03c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -143,6 +143,9 @@
   <bean id="idAustriaClientAuthMetadataController"
         class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataController" />
 
+  <bean id="idAustriaClientAuthSignalController"
+        class="at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthSignalController" />
+
 
 
 
-- 
cgit v1.2.3