From 8af25296dddd9cf3c43931f8cb4d552bb94ebf3d Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 10:42:56 +0100 Subject: fix(matching): store pendingRequest and set relayState again in case of ms-connector staging --- .../eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java index b18c6a36..690ce0bd 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java @@ -49,6 +49,7 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.light.impl.LightResponse; import eu.eidas.auth.commons.tx.BinaryLightToken; import eu.eidas.specificcommunication.BinaryLightTokenHelper; import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; @@ -166,18 +167,23 @@ public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask } private void forwardToOtherStage(HttpServletResponse response, ExecutionContext executionContext, - ILightResponse eidasResponse, String stagingEndpoint) throws SpecificCommunicationException, IOException { + ILightResponse eidasResponse, String stagingEndpoint) + throws SpecificCommunicationException, IOException, EaafException { executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, true); - + final SpecificCommunicationService specificConnectorCommunicationService = (SpecificCommunicationService) context.getBean( SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); - BinaryLightToken token = specificConnectorCommunicationService.putResponse(eidasResponse); + BinaryLightToken token = specificConnectorCommunicationService.putResponse( + LightResponse.builder(eidasResponse).relayState(pendingReq.getPendingRequestId()).build()); final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(stagingEndpoint); redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); + // store pendingRequest + requestStoreage.storePendingRequest(pendingReq); + log.debug("Forward to other stage .... "); response.sendRedirect(redirectUrl.build().encode().toString()); -- cgit v1.2.3 From b5d1f18185a738eca10fd9d6298509dfa710d8ce Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 11:13:24 +0100 Subject: fix(matching): remove staging infos to prohibit cycling forwarding --- .../auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java index 690ce0bd..d2bd0128 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java @@ -171,6 +171,9 @@ public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask throws SpecificCommunicationException, IOException, EaafException { executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, true); + //remove staging information because it's still in use + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, null); + final SpecificCommunicationService specificConnectorCommunicationService = (SpecificCommunicationService) context.getBean( SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); -- cgit v1.2.3 From ad7891d0c51adac7498f85558652c6fdf613ccce Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 13:53:12 +0100 Subject: fix(matching): unset flag from ExecutionContext that raise into a loop --- .../auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index c9f043b5..8611be81 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -65,9 +65,10 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe HttpServletResponse response) { try { SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request)); + executionContext.put(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, false); executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection); executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED); - executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON); + executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON); transitionToNextTask(executionContext, selection); } catch (final Exception e) { -- cgit v1.2.3 From 18b7f8ece152958f8c4978c375cc9844335221df Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 14:04:03 +0100 Subject: chore: implement asynch. health-check for IDA metadata --- .../provider/IdAustriaClientAuthHealthCheck.java | 32 +++++++++++++++++++--- 1 file changed, 28 insertions(+), 4 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java index b54b501d..32bbfa54 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java @@ -1,5 +1,11 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider; +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Executors; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; + import org.apache.commons.lang3.StringUtils; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.springframework.beans.factory.annotation.Autowired; @@ -21,6 +27,8 @@ import net.shibboleth.utilities.java.support.resolver.ResolverException; @Slf4j public class IdAustriaClientAuthHealthCheck implements HealthIndicator { + private static final int DEADLINE = 3; + @Autowired IConfiguration authConfig; @Autowired IdAustriaClientAuthMetadataProvider metadataService; @@ -35,19 +43,35 @@ public class IdAustriaClientAuthHealthCheck implements HealthIndicator { } + CompletableFuture asynchTestOperation = new CompletableFuture<>(); + Executors.newCachedThreadPool().submit(() -> runConnectionTest(asynchTestOperation, msNodeEntityID)); + try { + return asynchTestOperation.get(DEADLINE, TimeUnit.SECONDS); + + } catch (InterruptedException | ExecutionException | TimeoutException e) { + log.warn("Receive no respose from Health-Check after {} seconds.", DEADLINE, e); + return Health.outOfService().withException(e).build(); + + } + + + } + + + private void runConnectionTest(CompletableFuture completableFuture, String entityId) { try { EntityDescriptor connectorMetadata = - metadataService.getEntityDescriptor(msNodeEntityID); + metadataService.getEntityDescriptor(entityId); if (connectorMetadata != null) { - return Health.up().build(); + completableFuture.complete(Health.up().build()); } else { - return Health.outOfService().withDetail("Reason", "No SAML2 metadata").build(); + completableFuture.complete(Health.outOfService().withDetail("Reason", "No SAML2 metadata").build()); } } catch (ResolverException e) { - return Health.down(e).build(); + completableFuture.complete(Health.down(e).build()); } -- cgit v1.2.3 From 7405ddcd0bd5326c1a0e2e187086a90caad8ebea Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 14:54:04 +0100 Subject: chore(matching): set REST endpoint for search-address wizerd by GUI model parameter --- .../auth/eidas/v2/controller/AdresssucheController.java | 2 +- .../eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java index 9a42af04..5dc9d3ef 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java @@ -151,7 +151,7 @@ public class AdresssucheController { /** * Performs search for addresses in ZMR. */ - @RequestMapping(value = {"/residency/search"}, method = {RequestMethod.POST}) + @RequestMapping(value = {MsEidasNodeConstants.ENDPOINT_RESIDENCY_SEARCH}, method = {RequestMethod.POST}) public ResponseEntity search( @RequestParam(PARAM_POSTLEITZAHL) String postleitzahl, @RequestParam(PARAM_MUNIPICALITY) String municipality, diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java index 56415f39..120c3189 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java @@ -31,7 +31,6 @@ import org.springframework.stereotype.Component; import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -48,6 +47,8 @@ import lombok.extern.slf4j.Slf4j; @Component("GenerateAustrianResidenceGuiTask") public class GenerateAustrianResidenceGuiTask extends AbstractAuthServletTask { + public static final String PARAM_FORMWIZARDPOINT = "wizardEndpoint"; + @Autowired private ISpringMvcGuiFormBuilder guiBuilder; @Autowired @@ -57,15 +58,20 @@ public class GenerateAustrianResidenceGuiTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - final IGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( + final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( basicConfig, pendingReq, - basicConfig.getBasicConfiguration(//TODO + basicConfig.getBasicConfiguration( MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_RESIDENCY, MsEidasNodeConstants.TEMPLATE_HTML_RESIDENCY), MsEidasNodeConstants.ENDPOINT_RESIDENCY_INPUT, resourceLoader); + // inject REST end-point for wizard + config.putCustomParameterWithOutEscaption(null, + PARAM_FORMWIZARDPOINT, + MsEidasNodeConstants.ENDPOINT_RESIDENCY_SEARCH); + guiBuilder.build(request, response, config, "Query Austrian residency"); } catch (final Exception e) { -- cgit v1.2.3 From 51984cd48762b50cf64fc8f6aa54be1a8e7bf31a Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 15:32:01 +0100 Subject: chore(matching): inject REST endpoint for address wizard by GUI model --- .../modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java index 120c3189..060f9624 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java @@ -70,7 +70,7 @@ public class GenerateAustrianResidenceGuiTask extends AbstractAuthServletTask { // inject REST end-point for wizard config.putCustomParameterWithOutEscaption(null, PARAM_FORMWIZARDPOINT, - MsEidasNodeConstants.ENDPOINT_RESIDENCY_SEARCH); + pendingReq.getAuthUrl() + MsEidasNodeConstants.ENDPOINT_RESIDENCY_SEARCH); guiBuilder.build(request, response, config, "Query Austrian residency"); -- cgit v1.2.3 From 64a7785ffafc39b99d4a5f88adde86effdfb83bc Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 16:22:45 +0100 Subject: fix(matching): remove requested LoA level from matching by alternative IDA login --- .../auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java index 715d3672..26282d5c 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateMobilePhoneSignatureRequestTask.java @@ -139,9 +139,7 @@ public class GenerateMobilePhoneSignatureRequestTask extends AbstractAuthServlet authnReqConfig.setSignCred(credential.getMessageSigningCredential()); authnReqConfig.setSpEntityID( pendingReq.getAuthUrlWithOutSlash() + IdAustriaClientAuthConstants.ENDPOINT_METADATA); - authnReqConfig.setRequestedLoA(authConfig.getBasicConfiguration( - IdAustriaClientAuthConstants.CONFIG_PROPS_REQUIRED_LOA, - IdAustriaClientAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); return authnReqConfig; + } } -- cgit v1.2.3 From 2963c7aa8a6ba57afcbde3028f9fdf56225743c5 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 16:23:11 +0100 Subject: chore(core): change log-level on health check to info --- .../v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java index 32bbfa54..bd5e220b 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/provider/IdAustriaClientAuthHealthCheck.java @@ -49,7 +49,7 @@ public class IdAustriaClientAuthHealthCheck implements HealthIndicator { return asynchTestOperation.get(DEADLINE, TimeUnit.SECONDS); } catch (InterruptedException | ExecutionException | TimeoutException e) { - log.warn("Receive no respose from Health-Check after {} seconds.", DEADLINE, e); + log.info("Receive no respose from Health-Check after {} seconds.", DEADLINE); return Health.outOfService().withException(e).build(); } -- cgit v1.2.3 From 34dff8116290845953e386c6bfd7d17224a6ad34 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 16:49:48 +0100 Subject: chore(matching): remove some PVP attributes from IDA authentication --- .../auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java | 4 ---- .../auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java | 2 ++ 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java index 46d0e77d..67dfd7d8 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/idaustriaclient/IdAustriaClientAuthConstants.java @@ -69,10 +69,6 @@ public class IdAustriaClientAuthConstants { private static final long serialVersionUID = 1L; { - // add PVP Version attribute - add(Triple.newInstance(PvpAttributeDefinitions.PVP_VERSION_NAME, - PvpAttributeDefinitions.PVP_VERSION_FRIENDLY_NAME, true)); - // entity metadata information add(Triple.newInstance(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 514e38ba..286b63b1 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -308,6 +308,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet IdAustriaClientAuthEventConstants.AUTHPROCESS_ID_AUSTRIA_RESPONSE_RECEIVED, response.getID()); return Pair.newInstance(msg, false); + } else { log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.", response.getStatus().getStatusCode().getValue()); StatusCode subStatusCode = getSubStatusCode(response); @@ -315,6 +316,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet && IdAustriaClientAuthConstants.SAML2_STATUSCODE_USERSTOP.equals(subStatusCode.getValue())) { log.info("Find 'User-Stop operation' in SAML2 response. Stopping authentication process ... "); return Pair.newInstance(msg, true); + } revisionsLogger.logEvent(pendingReq, -- cgit v1.2.3 From 08ee18252a84f29913256cfabae835010442586c Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 16:57:55 +0100 Subject: refactor(matching): set other matching option as String to prohibit staging problems --- .../auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index 8611be81..075b23c1 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -66,7 +66,7 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe try { SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request)); executionContext.put(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, false); - executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection); + executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection.name()); executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED); executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON); transitionToNextTask(executionContext, selection); -- cgit v1.2.3 From df962dfa24bf11b67c8ffbca0e581ef36613b004 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 17:31:38 +0100 Subject: fix(matching): add missing controller for search-address wizard --- .../eidas/v2/controller/AdresssucheController.java | 64 +--------------------- 1 file changed, 1 insertion(+), 63 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java index 5dc9d3ef..99754662 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java @@ -29,9 +29,6 @@ import java.util.List; import java.util.Set; import java.util.stream.Collectors; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.builder.CompareToBuilder; import org.jetbrains.annotations.NotNull; @@ -44,7 +41,6 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrAddressSoapClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.gv.bmi.namespace.zmr_su.zrm._20040201_.address.Adressdaten; @@ -54,8 +50,6 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import lombok.AllArgsConstructor; import lombok.Builder; @@ -91,63 +85,7 @@ public class AdresssucheController { @Autowired private IPendingRequestIdGenerationStrategy pendingReqGeneration; - - /** - * Show the "residency.html" directly. - * TODO Remove this after testing. - */ - @RequestMapping(value = {"/test"}, method = {RequestMethod.GET}) - public void test(HttpServletRequest request, HttpServletResponse response) throws GuiBuildException, EaafException { - final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - "http://localhost:8080/ms_connector/", - basicConfig.getBasicConfiguration(//TODO - MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_RESIDENCY, - MsEidasNodeConstants.TEMPLATE_HTML_RESIDENCY), - MsEidasNodeConstants.ENDPOINT_RESIDENCY_INPUT, - resourceLoader); - config.putCustomParameter(null, "pendingid", pendingReqGeneration.generateExternalPendingRequestId()); - guiBuilder.build(request, response, config, "Query Austrian residency"); - } - - /** - * Show the "other_login_method.html" directly. - * TODO Remove this after testing. - */ - @RequestMapping(value = {"/olm"}, method = {RequestMethod.GET}) - public void otherloginmethod(HttpServletRequest request, HttpServletResponse response) throws GuiBuildException, - EaafException { - final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - "http://localhost:8080/ms_connector/", - basicConfig.getBasicConfiguration(//TODO - MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_OTHER_LOGIN_METHOD_SELECTION, - MsEidasNodeConstants.TEMPLATE_HTML_OTHERLOGINMETHODS), - MsEidasNodeConstants.ENDPOINT_OTHER_LOGIN_METHOD_SELECTION, - resourceLoader); - config.putCustomParameter(null, "pendingid", pendingReqGeneration.generateExternalPendingRequestId()); - guiBuilder.build(request, response, config, "Other Login Method"); - } - - /** - * Show the "country_selection.html" directly. - * TODO Remove this after testing. - */ - @RequestMapping(value = {"/country"}, method = {RequestMethod.GET}) - public void countryselection(HttpServletRequest request, HttpServletResponse response) throws GuiBuildException, - EaafException { - final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( - basicConfig, - "http://localhost:8080/ms_connector/", - basicConfig.getBasicConfiguration(//TODO - MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_CCSELECTION, - MsEidasNodeConstants.TEMPLATE_HTML_COUNTRYSELECTION), - MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION, - resourceLoader); - config.putCustomParameter(null, "pendingid", pendingReqGeneration.generateExternalPendingRequestId()); - guiBuilder.build(request, response, config, "Country Selection"); - } - + /** * Performs search for addresses in ZMR. */ -- cgit v1.2.3 From f2df62788d1c47aea5dc16d985fd8b4fd9fa424c Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 10 Mar 2022 18:04:20 +0100 Subject: fix(matching): store pendingRequest before next asynch. step --- .../modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java index 361f049b..62e5c57b 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -88,6 +88,9 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractAuthServletTask { } + // store pending request before next step + requestStoreage.storePendingRequest(pendingReq); + guiBuilder.build(request, response, config, "Other login methods selection form"); } catch (final Exception e) { -- cgit v1.2.3 From 2119f7613a04651d7cc1cb9a8c7ecdc8556d07d9 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 11 Mar 2022 07:09:27 +0100 Subject: fix(matching): unset all matching releated parameters on executioncontext --- .../auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java | 7 +++++-- .../v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java | 11 +++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java index 62e5c57b..f6ca0309 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -84,10 +84,13 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractAuthServletTask { config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS, Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON, executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON).toString()); - } - + } } + // reset executionContext parameters + ReceiveOtherLoginMethodGuiResponseTask.ALL_EXECUTIONCONTEXT_PARAMETERS.forEach( + el -> executionContext.remove(el)); + // store pending request before next step requestStoreage.storePendingRequest(pendingReq); diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index 075b23c1..184ad499 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -24,6 +24,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; import java.util.Enumeration; +import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -31,6 +32,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Component; +import com.google.common.collect.Sets; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -60,6 +63,14 @@ import lombok.extern.slf4j.Slf4j; @Component("ReceiveOtherLoginMethodGuiResponseTask") public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthServletTask { + public static final Set ALL_EXECUTIONCONTEXT_PARAMETERS = Sets.newHashSet( + Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, + Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, + Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, + Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, + Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, + Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); + @Override public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) { -- cgit v1.2.3 From b9cae6d3ac35e962126bed14c870eb813e2a84fb Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 11 Mar 2022 07:46:25 +0100 Subject: chore(matching): make RegisterStatusResult serializable to store as session object --- .../modules/auth/eidas/v2/service/RegisterSearchService.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java index c3bf4309..d4ebae04 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -1,5 +1,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; +import java.io.Serializable; import java.math.BigInteger; import java.util.Collections; import java.util.List; @@ -328,8 +329,10 @@ public class RegisterSearchService { */ @AllArgsConstructor @Getter - public static class RegisterOperationStatus { + public static class RegisterOperationStatus implements Serializable { + private static final long serialVersionUID = -1037357883275379796L; + /** * ZMR internal processId that is required for any further request in the same process. */ @@ -346,7 +349,10 @@ public class RegisterSearchService { */ @Getter @RequiredArgsConstructor - public static class RegisterStatusResults { + public static class RegisterStatusResults implements Serializable { + + private static final long serialVersionUID = -2489125033838373511L; + /** * Operation status for this result. */ -- cgit v1.2.3 From a4bfb6a5aed16784fb14d8ece7bf905e21c1a0f9 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 11 Mar 2022 08:15:39 +0100 Subject: chore(matching): add common log-messages for register results during matching operations --- .../auth/eidas/v2/service/RegisterSearchService.java | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java index d4ebae04..5e1e4839 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -34,7 +34,9 @@ import lombok.extern.slf4j.Slf4j; @Service("registerSearchService") public class RegisterSearchService { - private final IZmrClient zmrClient; + private static final String LOG_MSG_RESULTS = "Matching operation: {} results: ZMR: {} | ERnP: {}"; + + private final IZmrClient zmrClient; private final IErnpClient ernpClient; private final List handlers; @@ -85,6 +87,9 @@ public class RegisterSearchService { final ErnpRegisterResult resultsErnp = ernpClient.searchWithPersonIdentifier( eidasData.getPseudonym(), eidasData.getCitizenCountryCode()); + log.debug(LOG_MSG_RESULTS, "seachByPersonalId", + resultsZmr.getPersonResult().size(), resultsErnp.getPersonResult().size()); + return RegisterStatusResults.fromZmrAndErnp(resultsZmr, resultsErnp); } catch (final EidasSAuthenticationException e) { @@ -113,6 +118,9 @@ public class RegisterSearchService { ernpClient.searchWithMds(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData.getDateOfBirth(), eidasData.getCitizenCountryCode()); + log.debug(LOG_MSG_RESULTS, "seachByMDS", + resultsZmr.getPersonResult().size(), resultsErnp.getPersonResult().size()); + return RegisterStatusResults.fromZmrAndErnp(resultsZmr, resultsErnp); } catch (final EidasSAuthenticationException e) { @@ -149,6 +157,9 @@ public class RegisterSearchService { ErnpRegisterResult resultErnp = ernpClient.searchCountrySpecific( ccSpecificSearchReq, eidasData.getCitizenCountryCode()); + log.debug(LOG_MSG_RESULTS, "seachByCountrySpecifics", + resultsZmr.getPersonResult().size(), resultErnp.getPersonResult().size()); + return RegisterStatusResults.fromZmrAndErnp(resultsZmr, resultErnp); } else { @@ -183,6 +194,9 @@ public class RegisterSearchService { * because we only search for people with Austrian residence and they are in ZMR only */ + log.debug(LOG_MSG_RESULTS, "seachByResidence", + resultsZmr.getPersonResult().size(), 0); + return RegisterStatusResults.fromZmr(resultsZmr); } catch (final EidasSAuthenticationException e) { -- cgit v1.2.3 From d5c3de94f6f24b915e20810f0abd4d99e7836dcd Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 11 Mar 2022 08:16:22 +0100 Subject: fix: remove unused class members to fix code-quality issues --- .../auth/eidas/v2/controller/AdresssucheController.java | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java index 99754662..6f49c700 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/controller/AdresssucheController.java @@ -33,7 +33,6 @@ import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.builder.CompareToBuilder; import org.jetbrains.annotations.NotNull; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -47,8 +46,6 @@ import at.gv.bmi.namespace.zmr_su.zrm._20040201_.address.Adressdaten; import at.gv.e_government.reference.namespace.persondata.de._20040201.PostAdresseTyp; import at.gv.e_government.reference.namespace.persondata.de._20040201.ZustelladresseTyp; import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import lombok.AllArgsConstructor; @@ -71,15 +68,6 @@ public class AdresssucheController { public static final String PARAM_STREET = "street"; public static final String PARAM_NUMBER = "number"; - @Autowired - private ISpringMvcGuiFormBuilder guiBuilder; - - @Autowired - private IConfiguration basicConfig; - - @Autowired - private ResourceLoader resourceLoader; - @Autowired private ZmrAddressSoapClient client; -- cgit v1.2.3 From d9a402c18755d47ad17283c5c52fc2311df56e85 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 2 May 2022 12:24:13 +0200 Subject: fix(gui): fix possible errors on language selection by GUI operation --- .../auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java | 6 +++--- .../auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java index 060f9624..190e28eb 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java @@ -35,7 +35,7 @@ import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; import lombok.extern.slf4j.Slf4j; /** @@ -45,7 +45,7 @@ import lombok.extern.slf4j.Slf4j; */ @Slf4j @Component("GenerateAustrianResidenceGuiTask") -public class GenerateAustrianResidenceGuiTask extends AbstractAuthServletTask { +public class GenerateAustrianResidenceGuiTask extends AbstractLocaleAuthServletTask { public static final String PARAM_FORMWIZARDPOINT = "wizardEndpoint"; @@ -55,7 +55,7 @@ public class GenerateAustrianResidenceGuiTask extends AbstractAuthServletTask { private IConfiguration basicConfig; @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java index f6ca0309..11da4281 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -39,7 +39,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; import lombok.extern.slf4j.Slf4j; /** @@ -53,7 +53,7 @@ import lombok.extern.slf4j.Slf4j; */ @Slf4j @Component("GenerateOtherLoginMethodGuiTask") -public class GenerateOtherLoginMethodGuiTask extends AbstractAuthServletTask { +public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTask { @Autowired private ISpringMvcGuiFormBuilder guiBuilder; @@ -62,7 +62,7 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractAuthServletTask { private IConfiguration basicConfig; @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( -- cgit v1.2.3 From 69aa81016fe20e901a3be02bb6772c9185c0b9ef Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 2 May 2022 17:16:15 +0200 Subject: chore(matching): re-oreder process steps in GUI releated matching --- .../specific/modules/auth/eidas/v2/Constants.java | 7 +++++ .../v2/tasks/GenerateAustrianResidenceGuiTask.java | 26 +++++++++++++++-- .../v2/tasks/GenerateOtherLoginMethodGuiTask.java | 24 ++++++++-------- .../ReceiveAustrianResidenceGuiResponseTask.java | 33 ++++++++++++++-------- .../auth/eidas/v2/utils/MatchingTaskUtils.java | 19 ++++++++++++- 5 files changed, 83 insertions(+), 26 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index fbc211f5..0b5d086d 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -320,6 +320,7 @@ public class Constants { // UI options + public static final String HTML_FORM_CREATE_NEW_ERNP_ENTRY = "createNewErnpEntry"; public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed"; public static final String HTML_FORM_ADVANCED_MATCHING_FAILED_REASON = HTML_FORM_ADVANCED_MATCHING_FAILED + "Reason"; @@ -347,6 +348,12 @@ public class Constants { public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK = "TASK_GenerateAustrianResidenceGuiTask"; + /** + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask}. + */ + public static final String TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK = "TASK_RequestingNewErnpEntryTask"; + + /** * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask}. */ diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java index 190e28eb..dc57dd78 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAustrianResidenceGuiTask.java @@ -31,10 +31,13 @@ import org.springframework.stereotype.Component; import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; import lombok.extern.slf4j.Slf4j; @@ -55,8 +58,8 @@ public class GenerateAustrianResidenceGuiTask extends AbstractLocaleAuthServletT private IConfiguration basicConfig; @Override - public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { + public void executeWithLocale(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( basicConfig, @@ -72,6 +75,25 @@ public class GenerateAustrianResidenceGuiTask extends AbstractLocaleAuthServletT PARAM_FORMWIZARDPOINT, pendingReq.getAuthUrl() + MsEidasNodeConstants.ENDPOINT_RESIDENCY_SEARCH); + + // inject flag to indicate advanced matching error + if (MatchingTaskUtils.getExecutionContextFlag( + executionContext, Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)) { + config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS, + Constants.HTML_FORM_ADVANCED_MATCHING_FAILED, String.valueOf(true)); + + //set detailed error-code + if (executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON) != null) { + config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS, + Constants.HTML_FORM_ADVANCED_MATCHING_FAILED_REASON, + executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON).toString()); + } + } + + // reset executionContext parameters + ReceiveOtherLoginMethodGuiResponseTask.ALL_EXECUTIONCONTEXT_PARAMETERS.forEach( + el -> executionContext.remove(el)); + guiBuilder.build(request, response, config, "Query Austrian residency"); } catch (final Exception e) { diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java index 11da4281..a90c5929 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -23,8 +23,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import java.io.Serializable; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -34,6 +32,7 @@ import org.springframework.stereotype.Component; import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.gui.StaticGuiBuilderConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.gui.ISpringMvcGuiFormBuilder; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -62,8 +61,8 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa private IConfiguration basicConfig; @Override - public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { + public void executeWithLocale(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { final StaticGuiBuilderConfiguration config = new StaticGuiBuilderConfiguration( basicConfig, @@ -75,7 +74,8 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa resourceLoader); // inject flag to indicate advanced matching error - if (getExecutionContextFlag(executionContext, Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)) { + if (MatchingTaskUtils.getExecutionContextFlag( + executionContext, Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)) { config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS, Constants.HTML_FORM_ADVANCED_MATCHING_FAILED, String.valueOf(true)); @@ -87,6 +87,13 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa } } + // inject request to create a new ERnP entry + config.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_UIOPTIONS, + Constants.HTML_FORM_CREATE_NEW_ERNP_ENTRY, + String.valueOf( + MatchingTaskUtils.getExecutionContextFlag( + executionContext,Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK))); + // reset executionContext parameters ReceiveOtherLoginMethodGuiResponseTask.ALL_EXECUTIONCONTEXT_PARAMETERS.forEach( el -> executionContext.remove(el)); @@ -102,11 +109,4 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractLocaleAuthServletTa } } - private boolean getExecutionContextFlag(ExecutionContext executionContext, String key) { - Serializable value = executionContext.get(key); - return value instanceof Boolean && (boolean)value - || value instanceof String && Boolean.parseBoolean((String) value); - - } - } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java index 89a3f350..f335bc2a 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java @@ -25,9 +25,11 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK; import java.util.Enumeration; +import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -37,6 +39,8 @@ import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.NotNull; import org.springframework.stereotype.Component; +import com.google.common.collect.Sets; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.controller.AdresssucheController; import at.asitplus.eidas.specific.modules.auth.eidas.v2.controller.AdresssucheController.AdresssucheOutput; @@ -83,13 +87,19 @@ import lombok.extern.slf4j.Slf4j; @Component("ReceiveAustrianResidenceGuiResponseTask") public class ReceiveAustrianResidenceGuiResponseTask extends AbstractLocaleAuthServletTask { - private static final String MSG_PROP_20 = "module.eidasauth.matching.20"; private static final String MSG_PROP_21 = "module.eidasauth.matching.21"; private static final String MSG_PROP_22 = "module.eidasauth.matching.22"; public static final String HTTP_PARAM_NO_RESIDENCE = "noResidence"; + public static final Set ALL_EXECUTIONCONTEXT_PARAMETERS = Sets.newHashSet( + CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, + CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, + TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, + TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK); + private final RegisterSearchService registerSearchService; + public ReceiveAustrianResidenceGuiResponseTask(RegisterSearchService registerSearchService) { this.registerSearchService = registerSearchService; @@ -104,21 +114,22 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractLocaleAuthS //return to AuswahlScreen if HTTP_PARAM_NO_RESIDENCE was selected final boolean forwardWithOutMandate = parseFlagFromHttpRequest(request, HTTP_PARAM_NO_RESIDENCE, false); if (forwardWithOutMandate) { - log.debug("User selects 'no residence' button. Switch back to 'other matching' selection ... "); - executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); - - executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_20); - executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); + log.debug("User selects 'no residence' button. Switch back to 'insert-into-ERnP' selection ... "); + executionContext.put(TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, true); + executionContext.put(TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, false); return; + } else { + executionContext.put(TRANSITION_TO_REQUESTING_NEW_ERNP_ENTRY_TASK, false); + } //load search parameters from HTML form AdresssucheOutput input = parseHtmlInput(request); if (validateHtmlInput(input)) { // HTML form should ensure that mandatory fields are set => this should never happen - log.warn("HTML form contains no residence information. Switch back to 'other matching' selection ... "); - executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); + log.warn("HTML form contains no residence information. Switch back to 'input residence inputs' ... "); + executionContext.put(TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_21); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); @@ -136,9 +147,9 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractLocaleAuthS // validate matching response from registers if (residencyResult.getResultCount() != 1) { - log.info("Find {} match by using residence information. Forward user to 'other matching' selection ... ", + log.info("Find {} match by using residence information. Forward user to 'input residence infos' ... ", residencyResult.getResultCount() == 0 ? "no" : "more-than-one"); - executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); + executionContext.put(TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_22); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java index ad641841..3c9db9ea 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java @@ -1,5 +1,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; +import java.io.Serializable; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -20,6 +21,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -67,7 +69,7 @@ public class MatchingTaskUtils { RegisterStatusResults.class); } - + /** * Store intermediate matching result into session. * @@ -123,6 +125,21 @@ public class MatchingTaskUtils { } + + /** + * Evaluate a flag on Execution context. + * + * @param executionContext Current execution context. + * @param key Parameter name + * @return true if the parameter exists and evaluates to true, otherwise false + */ + public static boolean getExecutionContextFlag(ExecutionContext executionContext, String key) { + Serializable value = executionContext.get(key); + return value instanceof Boolean && (boolean)value + || value instanceof String && Boolean.parseBoolean((String) value); + + } + /** * Convert attributes from eIDAS Authn Response into a simple map, to be used from * {@link ICcSpecificEidProcessingService#postProcess(Map)}. -- cgit v1.2.3 From 363e8657cd060f9a585b8e1dbac88aa12457238f Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 3 May 2022 14:47:03 +0200 Subject: fix(eidas): catch IndexOutOfBand exception in case of eIDAS Attribute that has no attribute-value --- .../eidas/v2/tasks/CreateIdentityLinkTask.java | 22 +++++++++++++++------- .../auth/eidas/v2/utils/EidasResponseUtils.java | 14 ++++++-------- 2 files changed, 21 insertions(+), 15 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index ce737526..58ab0c6a 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -445,15 +445,23 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } else { final List natPersonIdObj = EidasResponseUtils .translateStringListAttribute(el, attributeMap.get(el)); - final String stringAttr = natPersonIdObj.get(0); - if (StringUtils.isNotEmpty(stringAttr)) { - result.put(el.getFriendlyName(), stringAttr); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); - + if (natPersonIdObj.isEmpty()) { + log.info("Ignore attribute: {}, because no attributeValue was found", + el.getNameUri()); + } else { - log.info("Ignore empty 'String' attribute"); - } + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); + } else { + log.info("Ignore empty 'String' attributeValue for: {}", + el.getNameUri()); + + } + + } } } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java index c8c5a069..ced6ffe6 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java @@ -32,8 +32,6 @@ import javax.annotation.Nullable; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; @@ -46,10 +44,10 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshaller; import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; import eu.eidas.auth.commons.attribute.AttributeValueTransliterator; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class EidasResponseUtils { - private static final Logger log = LoggerFactory.getLogger(EidasResponseUtils.class); - public static final String PERSONALIDENIFIER_VALIDATION_PATTERN = "^[A-Z,a-z]{2}/[A-Z,a-z]{2}/.*"; /** @@ -97,11 +95,11 @@ public class EidasResponseUtils { * @param attributeValues Attributes from eIDAS response * @return Set of attribute values. If more then one value than the first value contains the 'Latin' value. */ - // TODO: check possible problem with nonLatinCharacters + // TODO: check possible problem with nonLatinCharacters public static List translateStringListAttribute(AttributeDefinition attributeDefinition, ImmutableSet> attributeValues) { final List stringListAttribute = new ArrayList<>(); - if (attributeValues != null) { + if (attributeValues != null && !attributeValues.isEmpty()) { final AttributeValueMarshaller attributeValueMarshaller = attributeDefinition .getAttributeValueMarshaller(); for (final AttributeValue attributeValue : attributeValues.asList()) { @@ -129,12 +127,12 @@ public class EidasResponseUtils { } } - log.trace("Extract values: {} for attr: {}", StringUtils.join(stringListAttribute, ","), attributeDefinition.getFriendlyName()); } else { - log.info("Can not extract infos from 'null' attribute value"); + log.info("Can not extract infos from '{}' attributeValue for attribute: {}", + attributeValues != null ? "empty" : "null", attributeDefinition.getNameUri()); } -- cgit v1.2.3 From b3f78f57ff8da8a82af57377eaabea22031582e9 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 5 May 2022 17:26:27 +0200 Subject: chore(szr): optimize error-logging in case of SZR errors --- .../modules/auth/eidas/v2/szr/SzrClient.java | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java index 11ea2843..11b1e589 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -67,8 +67,6 @@ import org.apache.cxf.jaxws.DispatchImpl; import org.apache.cxf.transport.http.HTTPConduit; import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; import org.apache.xpath.XPathAPI; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.Document; @@ -87,6 +85,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import lombok.extern.slf4j.Slf4j; import szrservices.GetBPK; import szrservices.GetBPKResponse; import szrservices.GetIdentityLinkEidas; @@ -102,9 +101,9 @@ import szrservices.SignContentEntry; import szrservices.SignContentResponseType; +@Slf4j @Service("SZRClientForeIDAS") public class SzrClient { - private static final Logger log = LoggerFactory.getLogger(SzrClient.class); private static final String CLIENT_DEFAULT = "DefaultClient"; private static final String CLIENT_RAW = "RawClient"; @@ -187,7 +186,8 @@ public class SzrClient { return idl; } catch (final Exception e) { - log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + log.warn("SZR communication FAILED for operation: {} Reason: {}", + "GetIdentityLinkEidas", e.getMessage(), e); throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } @@ -215,7 +215,8 @@ public class SzrClient { return result.getGetBPKReturn(); } catch (final SZRException_Exception e) { - log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + log.warn("SZR communication FAILED for operation: {} Reason: {}", + "GetBPK", e.getMessage(), e); throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } @@ -235,12 +236,16 @@ public class SzrClient { final String resp; try { resp = this.szr.getStammzahlEncrypted(personInfo, insertErnp); + } catch (SZRException_Exception e) { + log.warn("SZR communication FAILED for operation: {} Reason: {}", + "getStammzahlEncrypted", e.getMessage(), e); throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } - if (StringUtils.isEmpty(resp)) { + if (StringUtils.isEmpty(resp)) { throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling + } return resp; @@ -305,7 +310,8 @@ public class SzrClient { return resp.getOut().get(0).getValue(); } catch (final JsonProcessingException | SZRException_Exception e) { - log.warn("Requesting bcBind by using SZR FAILED. Reason: {}", e.getMessage(), null, e); + log.warn("SZR communication FAILED for operation: {} Reason: {}", + "SignContent", e.getMessage(), e); throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } -- cgit v1.2.3 From 332a953758ab2626095ae5bd0169ff2edd9adcae Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 12 May 2022 10:39:31 +0200 Subject: fix(matching): remove prefix from bPK aftern an ID Austria login --- .../ReceiveMobilePhoneSignatureResponseTask.java | 38 +++++++++++++++++----- 1 file changed, 30 insertions(+), 8 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 286b63b1..b212d133 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -127,7 +127,9 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED."; private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found."; private static final String ERROR_MSG_03 = "PVP response validation FAILED."; - + private static final String ERROR_GENERIC = "Matching failed, because response from ID Austria was " + + "invalid or contains an error. Detail: {}"; + private static final String MSG_PROP_23 = "module.eidasauth.matching.23"; private static final String MSG_PROP_24 = "module.eidasauth.matching.24"; @@ -155,6 +157,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator); Pair processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage); if (processedMsg.getSecond()) { + log.info("Matching failed, because ID Austria login was stopped by user."); // forward to next matching step in case of ID Autria authentication was stopped by user executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_23); @@ -177,6 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet // check if MDS from ID Austria authentication matchs to eIDAS authentication if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { + log.info("Matching failed, because MDS from ID-Austria login does not match to MDS from initial eIDAS"); executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_24); executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); @@ -207,28 +211,27 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet } } catch (final AuthnResponseValidationException e) { + log.info(ERROR_GENERIC, e.getMessage()); throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); } catch (MessageDecodingException | SecurityException | SamlSigningException e) { - //final String samlRequest = request.getParameter("SAMLRequest"); - //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", - // samlRequest, null, e); + log.info(ERROR_GENERIC, e.getMessage()); throw new TaskExecutionException(pendingReq, ERROR_MSG_00, new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); } catch (IOException | MarshallingException | TransformerException e) { - log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + log.info("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); throw new TaskExecutionException(pendingReq, ERROR_MSG_01, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); } catch (final CredentialsNotAvailableException e) { - log.debug("PVP response decryption FAILED. No credential found.", e); + log.info("PVP response decryption FAILED. No credential found.", e); throw new TaskExecutionException(pendingReq, ERROR_MSG_02, new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); } catch (final Exception e) { // todo catch ManualFixNecessaryException in any other way? - log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); + log.info("PVP response validation FAILED. Msg: {}",e.getMessage(), e); throw new TaskExecutionException(pendingReq, ERROR_MSG_03, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); @@ -356,7 +359,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet final Set includedAttrNames = extractor.getAllIncludeAttributeNames(); for (final String attrName : includedAttrNames) { if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) { - builder.bpk(extractor.getSingleAttributeValue(attrName)); + builder.bpk(removeTargetPrefixFromBpk(extractor.getSingleAttributeValue(attrName))); } if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) { builder.givenName(extractor.getSingleAttributeValue(attrName)); @@ -377,5 +380,24 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet } + private String removeTargetPrefixFromBpk(String bpkWithPrefix) { + if (StringUtils.isNotEmpty(bpkWithPrefix)) { + final String[] spitted = bpkWithPrefix.split(":"); + if (spitted.length == 2) { + log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.BPK_FRIENDLY_NAME); + return spitted[1]; + + } else { + log.info("Find PVP-Attr: {} without prefix. Use it as it is", PvpAttributeDefinitions.BPK_FRIENDLY_NAME); + return spitted[0]; + + } + } else { + log.warn("Receive no bPK in response from ID Austria System. There is something wrong on IDA side!!!"); + return null; + + } + } + } -- cgit v1.2.3 From a988c0af75d96fdf03337b47a68b3a7876abfbac Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 12 May 2022 13:56:38 +0200 Subject: refact(ernp): change configuration keys for SSL keystore --- .../specific/modules/auth/eidas/v2/Constants.java | 23 ++++++++++++++++++++++ .../auth/eidas/v2/clients/ernp/ErnpRestClient.java | 12 +++++------ 2 files changed, 29 insertions(+), 6 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/main/java') diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 0b5d086d..588ea912 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -170,6 +170,29 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_ERNPCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".ernpclient"; public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ERNPCLIENT + ".endpoint"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.keyStore.path"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.keyStore.password"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_TYPE = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.keyStore.type"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_NAME = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.keyStore.name"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.key.alias"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.key.password"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.trustStore.path"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.trustStore.password"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_TRUSTSTORE_TYPE = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.trustStore.type"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.trustStore.name"; + + + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_ERNPCLIENT + ".timeout.connection"; public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_ERNPCLIENT diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java index 4c4e3d87..6a732a0d 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java @@ -809,16 +809,16 @@ public class ErnpRestClient implements IErnpClient { // Set keystore configuration config.buildKeyStoreConfig( - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_TYPE), - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_PATH), - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_PASSWORD), - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_NAME)); + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_TYPE), + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PATH), + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PASSWORD), + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_NAME)); // Set key information config.setSslKeyAlias( - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYS_ALIAS)); + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYS_ALIAS)); config.setSslKeyPassword( - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEY_PASSWORD)); + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEY_PASSWORD)); // Set connection parameters // TODO: update EAAF-components to allow custom HTTP Connection-Timeouts -- cgit v1.2.3