refactor PVP protocol implementation to resuse code in other modules

5 files changed, 32 insertions, 38 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index d76021bbd..1a9018563 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -174,8 +174,10 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   //AuthnRequest IssueInstant validation
   public static final int TIME_JITTER = 5;  //all 5 minutes time jitter 
   
-  public static final String PROCESSCONTEXT_INTERFEDERATION_ENTITYID = "interfederationIDPEntityID";
+  public static final String PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH = "interfederationAuthentication";
   public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication";
+  public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection";
+  public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest";
   
   //General protocol-request data-store keys
   public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index dbf95f604..8a9999d85 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -104,7 +104,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -127,24 +126,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
 	@Autowired private AttributQueryBuilder attributQueryBuilder;
+	@Autowired private SAMLVerificationEngine samlVerificationEngine;
 	
 	public IAuthData buildAuthenticationData(IRequest protocolRequest, 
-            AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
-		
-		
-		String oaID = protocolRequest.getOAURL();
-		if (oaID == null) {
-			throw new WrongParametersException("StartAuthentication",
-					PARAM_OA, "auth.12");
-		}
-		
-		// check parameter
-		if (!ParamValidatorUtils.isValidOA(oaID))
-			throw new WrongParametersException("StartAuthentication",
-					PARAM_OA, "auth.12");
-		
+            AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		
 		AuthenticationData authdata = null;		
 		
+		//only needed for SAML1 legacy support
 		try {
 			//check if SAML1 authentication module is in Classpath
 			Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
@@ -165,15 +153,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 				authdata = new AuthenticationData();
 							
 			}
-			
-			
+						
 		} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {			
 			authdata = new AuthenticationData();
 			
 		}
 		
-		//reuse some parameters if it is a reauthentication 
-		OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
+		//reuse some parameters if it is a Service-Provider reauthentication
+		OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, protocolRequest.getOAURL(), protocolRequest.requestedModule());
 		if (activeOA != null) {
 			authdata.setSessionIndex(activeOA.getAssertionSessionID());
 			authdata.setNameID(activeOA.getUserNameID());
@@ -193,7 +180,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 				}				
 			}
 		}
-				
+		
+		//search federated IDP information in MOASession
 		InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
 		
 		IOAAuthParameters oaParam = null;				
@@ -201,20 +189,22 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			//get OnlineApplication from MOA-ID-Auth configuration
 			oaParam = protocolRequest.getOnlineApplicationConfiguration();
 
-			//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
+			//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway			 
 			if (oaParam.isSTORKPVPGateway())
 				oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest);
 						
 		} else {
-			//build OnlineApplication dynamic from requested attributes
+			//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request)
 			oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP);
 			
 		}
 		
-		if (interfIDP != null ) {			
-			//IDP is a chained interfederated IDP and Authentication is requested
+		if (interfIDP != null ) {
+			//authentication by using a federated IDP
 			if (oaParam.isInderfederationIDP() && protocolRequest instanceof PVPTargetConfiguration &&
 					!(((PVPTargetConfiguration)protocolRequest).getRequest() instanceof AttributeQuery)) {
+				//IDP is a chained interfederated IDP and Authentication is requested
+				
 				//only set minimal response attributes
 				authdata.setQAALevel(interfIDP.getQAALevel());
 				authdata.setBPK(interfIDP.getUserNameID());
@@ -290,12 +280,15 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 				
 			}
 
+			//get SAML2 Response from federated IDP 
 			Response intfResp = 
 					(Response) req.getGenericData(
 							RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse();
-			AssertionAttributeExtractor extractor = 
-					new AssertionAttributeExtractor(intfResp);			
-						
+			
+			//initialize Attribute extractor
+			AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(intfResp);			
+
+			//check if SAML2 Assertion contains already all required attributes
 			if (!extractor.containsAllRequiredAttributes()) {
 				Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ...");
 				//collect attributes by using BackChannel communication
@@ -323,8 +316,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 				
 					//validate PVP 2.1 response
 					try {
-						SAMLVerificationEngine engine = new SAMLVerificationEngine();
-						engine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+						samlVerificationEngine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
 				
 						//TODO: find better solution
 						//SAMLVerificationEngine.validateAssertion(intfResp, false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index 8b02a5bf6..c96167e71 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
@@ -44,7 +45,7 @@ public class BKUSelectionModuleImpl implements AuthModule {
 	@Override
 	public String selectProcess(ExecutionContext context) {
 		boolean performBKUSelection = false;
-		Object performBKUSelectionObj = context.get("performBKUSelection");
+		Object performBKUSelectionObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION);
 		if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
 			performBKUSelection = (boolean) performBKUSelectionObj;
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
index ed88c2aff..bd8dd709f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -62,6 +62,9 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
 				
 			}
     	    
+			//remove BKU-selection flag from context
+			executionContext.remove(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION);
+			
 			Logger.info("BKU is selected finished -> Start BKU selection evaluation ...");
 	    	    			
 		} catch (Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
index e0403f242..ddda86ecc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
@@ -64,11 +64,7 @@ public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
 				
 			}
 			
-			//remove BKU selection flag
-			newec.remove("performBKUSelection");
-			
-
-			Logger.debug("Swicht to specific authentication process after BKU is selected");
+			Logger.debug("Select new auth.-process and restart restart process-engine ... ");
 			
 			// select and create new process instance
 			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
@@ -91,8 +87,8 @@ public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
 				throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() });
 				
 			}
-
-			Logger.info("BKU is selected -> Start BKU communication ...");
+			
+			Logger.info("Restart process-engine with auth.process:" + processDefinitionId);
 			
 			// start process
 			processEngine.start(pendingReq);