aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-19 12:32:27 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-19 12:32:27 +0100
commit99676a6020efe37d4df4ba8d33c1e1d6a1c5aa78 (patch)
tree78ac4e6fe3bd6224c3790cd0f7f325a3cd06b5ae
parent15ed0195ac3819a1a8e872401517df522ac2c04c (diff)
downloadmoa-id-spss-99676a6020efe37d4df4ba8d33c1e1d6a1c5aa78.tar.gz
moa-id-spss-99676a6020efe37d4df4ba8d33c1e1d6a1c5aa78.tar.bz2
moa-id-spss-99676a6020efe37d4df4ba8d33c1e1d6a1c5aa78.zip
refactor eIDAS tasks to new task-execution process-implementation
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java51
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java53
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java59
3 files changed, 14 insertions, 149 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index ed2de77ad..052d18b0f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -22,8 +22,6 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
import java.io.IOException;
import java.io.InputStream;
import java.text.ParseException;
@@ -33,15 +31,12 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -51,12 +46,10 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.XPathUtils;
import eu.eidas.auth.commons.IPersonalAttributeList;
@@ -75,48 +68,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try{
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- request.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- //load service-provider configuration
- IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
-
+ defaultTaskInitialization(request, executionContext);
+
//get eIDAS attributes from MOA-Session
IPersonalAttributeList eIDASAttributes = moasession.getGenericDataFromSession(
AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST,
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 2f7e4eb28..6053c8aa2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,8 +22,6 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
import java.io.IOException;
import java.io.StringWriter;
import java.util.Collection;
@@ -31,9 +29,7 @@ import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.BooleanUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
@@ -48,14 +44,12 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EIDASAuthnRequest;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.commons.EidasLoaCompareType;
@@ -82,46 +76,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
- try{
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- request.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
+ try{
//get service-provider configuration
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
@@ -130,7 +85,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
- throw new AuthenticationException("stork.22", new Object[] { pendingRequestID });
+ throw new AuthenticationException("stork.22", new Object[] { pendingReq.getRequestID() });
}
CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
@@ -197,7 +152,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
context.put(actionType, SAMLRequest);
Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
- context.put("RelayState", pendingRequestID);
+ context.put("RelayState", pendingReq.getRequestID());
Logger.debug("Using assertion consumer url as action: " + destination);
context.put("action", destination);
@@ -227,7 +182,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
new EIDASEngineException("Could not generate token for Saml Request", e));
- } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+ } catch (EIDASEngineException | MOAIDException e) {
throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 5a7e77bc7..19666326a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -1,15 +1,10 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.stereotype.Service;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -19,7 +14,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineExcepti
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -34,56 +28,19 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
- try{
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- request.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- //load service-provider configuration
- IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
-
- //get SAML Response and decode it
+ try{
+ //get SAML Response
String base64SamlToken = request.getParameter("SAMLResponse");
if (MiscUtil.isEmpty(base64SamlToken)) {
Logger.warn("No eIDAS SAMLReponse found in http request.");
throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null);
- }
+ }
+
+ //get MOASession
+ defaultTaskInitialization(request, executionContext);
+
+ //decode SAML response
byte[] decSamlToken = EIDASUtil.decodeSAMLToken(base64SamlToken);
//get eIDAS SAML-engine