From 332a953758ab2626095ae5bd0169ff2edd9adcae Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 12 May 2022 10:39:31 +0200 Subject: fix(matching): remove prefix from bPK aftern an ID Austria login --- .../ReceiveMobilePhoneSignatureResponseTask.java | 38 +++++++++++++++++----- 1 file changed, 30 insertions(+), 8 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java/at') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 286b63b1..b212d133 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -127,7 +127,9 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED."; private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found."; private static final String ERROR_MSG_03 = "PVP response validation FAILED."; - + private static final String ERROR_GENERIC = "Matching failed, because response from ID Austria was " + + "invalid or contains an error. Detail: {}"; + private static final String MSG_PROP_23 = "module.eidasauth.matching.23"; private static final String MSG_PROP_24 = "module.eidasauth.matching.24"; @@ -155,6 +157,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator); Pair processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage); if (processedMsg.getSecond()) { + log.info("Matching failed, because ID Austria login was stopped by user."); // forward to next matching step in case of ID Autria authentication was stopped by user executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_23); @@ -177,6 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet // check if MDS from ID Austria authentication matchs to eIDAS authentication if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { + log.info("Matching failed, because MDS from ID-Austria login does not match to MDS from initial eIDAS"); executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_24); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); @@ -207,28 +211,27 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet } } catch (final AuthnResponseValidationException e) { + log.info(ERROR_GENERIC, e.getMessage()); throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); } catch (MessageDecodingException | SecurityException | SamlSigningException e) { - //final String samlRequest = request.getParameter("SAMLRequest"); - //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", - // samlRequest, null, e); + log.info(ERROR_GENERIC, e.getMessage()); throw new TaskExecutionException(pendingReq, ERROR_MSG_00, new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); } catch (IOException | MarshallingException | TransformerException e) { - log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + log.info("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); throw new TaskExecutionException(pendingReq, ERROR_MSG_01, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); } catch (final CredentialsNotAvailableException e) { - log.debug("PVP response decryption FAILED. No credential found.", e); + log.info("PVP response decryption FAILED. No credential found.", e); throw new TaskExecutionException(pendingReq, ERROR_MSG_02, new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); } catch (final Exception e) { // todo catch ManualFixNecessaryException in any other way? - log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); + log.info("PVP response validation FAILED. Msg: {}",e.getMessage(), e); throw new TaskExecutionException(pendingReq, ERROR_MSG_03, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); @@ -356,7 +359,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); for (final String attrName : includedAttrNames) { if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { - builder.bpk(extractor.getSingleAttributeValue(attrName)); + builder.bpk(removeTargetPrefixFromBpk(extractor.getSingleAttributeValue(attrName))); } if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) { builder.givenName(extractor.getSingleAttributeValue(attrName)); @@ -377,5 +380,24 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet } + private String removeTargetPrefixFromBpk(String bpkWithPrefix) { + if (StringUtils.isNotEmpty(bpkWithPrefix)) { + final String[] spitted = bpkWithPrefix.split(":"); + if (spitted.length == 2) { + log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.BPK_FRIENDLY_NAME); + return spitted[1]; + + } else { + log.info("Find PVP-Attr: {} without prefix. Use it as it is", PvpAttributeDefinitions.BPK_FRIENDLY_NAME); + return spitted[0]; + + } + } else { + log.warn("Receive no bPK in response from ID Austria System. There is something wrong on IDA side!!!"); + return null; + + } + } + } -- cgit v1.2.3