aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-08-16 10:22:49 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-08-16 10:22:49 +0200
commit3139b9126ae10976848be640d2b8648401e36137 (patch)
tree2f37cadd1a7fe9264cc2440ac533ff18f12aeff6 /id
parent54c45296f9782803f261f6c25409a32dad86d75c (diff)
downloadmoa-id-spss-3139b9126ae10976848be640d2b8648401e36137.tar.gz
moa-id-spss-3139b9126ae10976848be640d2b8648401e36137.tar.bz2
moa-id-spss-3139b9126ae10976848be640d2b8648401e36137.zip
add eIDAS response LoA validation
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties1
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java28
3 files changed, 26 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 226e4ac98..36f1392d5 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -270,6 +270,7 @@ eIDAS.10=Internal server error. Reason:{0}
eIDAS.11=Received eIDAS Error-Response. Reason:{0}
eIDAS.12=Received eIDAS AuthnRequest is not valid. Reason:{0}
eIDAS.13=Generation of eIDAS Response FAILED. Reason:{0}
+eIDAS.14=eIDAS Response validation FAILED: LevelOfAssurance {0} is to low.
pvp2.01=Fehler beim kodieren der PVP2 Antwort
pvp2.02=Ungueltiges Datumsformat
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index aa30073f0..e72a28046 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -227,6 +227,7 @@ eIDAS.10=9199
eIDAS.11=1302
eIDAS.12=1305
eIDAS.13=1307
+eIDAS.14=1301
pvp2.01=6100
pvp2.06=6100
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index fd7a19be8..7ba5aee1e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -24,6 +24,7 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EidasStringUtil;
import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@@ -73,13 +74,29 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()});
}
+
+ // **********************************************************
+ // ******* MOA-ID specific response validation **********
+ // **********************************************************
+
+ //validate received LoA against minimum required LoA
+ LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel());
+ LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance());
+ if (respLoA.numericValue() < reqLoA.numericValue()) {
+ Logger.error("eIDAS Response LevelOfAssurance is lower than the required! "
+ + "(Resp-LoA:" + respLoA.getValue() + " Req-LoA:" + reqLoA.getValue() + ")");
+ throw new MOAIDException("eIDAS.14", new Object[]{respLoA.getValue()});
+
+ }
+
- //MOA-ID specific response validation
- //TODO: implement MOA-ID specific response validation
+ // **********************************************************
+ // ******* Store resonse infos into session object **********
+ // **********************************************************
//update MOA-Session data with received information
Logger.debug("Store eIDAS response information into MOA-session.");
-
+
moasession.setQAALevel(samlResp.getLevelOfAssurance());
moasession.setGenericDataToSession(
@@ -99,12 +116,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
samlResp.getId());
+
+ } catch (MOAIDException e) {
+ throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
}catch (EIDASSAMLEngineException e) {
Logger.error("eIDAS AuthnRequest generation FAILED.", e);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
- throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
+ throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
} catch (MOADatabaseException e) {