aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--id/server/doc/handbook/protocol/protocol.html8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java5
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties7
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java14
7 files changed, 56 insertions, 17 deletions
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 3b31dbfc0..8e0260a38 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -851,6 +851,14 @@ Redirect Binding</td>
<td>9007</td>
<td>Der SZR-Gateway Client konnte nicht initialisiert werden.</td>
</tr>
+ <tr>
+ <td>9008</td>
+ <td>Fehler beim Verarbeiten eines Konfigurationsparameters.</td>
+ </tr>
+ <tr>
+ <td>9099</td>
+ <td>Allgemeiner Konfigurationsfehler</td>
+ </tr>
</table>
<h5><a name="statuscodes_91xxx" id="allgemeines_zugangspunkte15"></a>1.3.4.2 Interne Fehler (91xxx)</h5>
<table class="configtable">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 2cb62b993..bca080ba6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -203,12 +203,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
String samlRequest = req.getParameter("SAMLRequest");
Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+
+ } catch (MOAIDException e) {
+ throw e;
} catch (Throwable e) {
String samlRequest = req.getParameter("SAMLRequest");
Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
- throw new MOAIDException(e.getMessage(), new Object[] {});
+ throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
}
}
@@ -254,11 +257,14 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ } catch (MOAIDException e) {
+ throw e;
+
} catch (Throwable e) {
String samlRequest = req.getParameter("SAMLRequest");
Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
- throw new MOAIDException(e.getMessage(), new Object[] {});
+ throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
}
}
@@ -304,12 +310,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
String samlRequest = req.getParameter("SAMLRequest");
Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
-
+
+ } catch (MOAIDException e) {
+ throw e;
+
} catch (Throwable e) {
String samlRequest = req.getParameter("SAMLRequest");
Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
- throw new MOAIDException(e.getMessage(), new Object[] {});
+ throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index 4c9a1e59f..bf4cfd480 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -121,15 +121,15 @@ public abstract class AbstractCredentialProvider {
credentials.setUsageType(UsageType.SIGNING);
if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: "
- + getMetadataKeyAlias() + ") is not found or contains no PrivateKey.", null);
+ throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
+ + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
}
return credentials;
} catch (Exception e) {
Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
e.printStackTrace();
- throw new CredentialsNotAvailableException(e.getMessage(), null);
+ throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
}
}
@@ -146,8 +146,8 @@ public abstract class AbstractCredentialProvider {
credentials.setUsageType(UsageType.SIGNING);
if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: "
- + getSignatureKeyAlias() + ") is not found or contains no PrivateKey.", null);
+ throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
+ + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
}
@@ -155,7 +155,7 @@ public abstract class AbstractCredentialProvider {
} catch (Exception e) {
Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
e.printStackTrace();
- throw new CredentialsNotAvailableException(e.getMessage(), null);
+ throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
}
}
@@ -177,16 +177,17 @@ public abstract class AbstractCredentialProvider {
if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey.");
- throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Encryption credentials (Alias: "
- + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey.", null);
+ throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: "
+ + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
}
return (X509Credential) credentials;
+
} catch (Exception e) {
Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
e.printStackTrace();
- throw new CredentialsNotAvailableException(e.getMessage(), null);
+ throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
index 1e1c37621..85de666c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
@@ -31,6 +31,11 @@ public class CredentialsNotAvailableException extends MOAIDException {
super(messageId, parameters);
}
+ public CredentialsNotAvailableException(String messageId,
+ Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
/**
*
*/
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index c47ec2477..9986d5679 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -87,6 +87,7 @@ config.23=Fehler beim initialisieren von OpenSAML
config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix.
config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt.
config.26=Federated IDP {0} contains no AttributeQuery URL.
+config.27=Fehler beim Verarbeiten eines Konfigurationsparameters. Msg:{0}
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
@@ -279,6 +280,7 @@ pvp2.20=F\u00FCr die im Request angegebene EntityID konnten keine g\u00FCltigen
pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.
pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}).
pvp2.23={0} ist keine gueltige AssertionConsumerServiceURL oder entspricht nicht den Metadaten.
+pvp2.24=Der Request konnte nicht verarbeitet werden (Fehler\={0}).
##add status codes!!!!
@@ -294,6 +296,7 @@ sp.pvp2.08=Receive invalid PVP Response from {0}. Response issuer {1} is not val
sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4}
sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included.
sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED.
+sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1}
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 581037a29..f97ebeeca 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -66,7 +66,8 @@ config.22=9008
config.23=9199
config.24=9199
config.25=9199
-config.26=TODO
+config.26=9099
+config.27=9008
parser.00=1101
parser.01=1101
@@ -114,6 +115,7 @@ sp.pvp2.08=4502
sp.pvp2.09=4503
sp.pvp2.10=4502
sp.pvp2.11=4502
+sp.pvp2.12=4502
validator.00=1102
validator.01=1102
@@ -222,6 +224,9 @@ pvp2.17=6102
pvp2.20=6103
pvp2.21=6104
pvp2.22=6105
+pvp2.23=6105
+pvp2.24=6105
+
oauth20.01=6200
oauth20.06=1000
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index f976793b8..c2ca69238 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -179,12 +179,20 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
String samlRequest = request.getParameter("SAMLRequest");
Logger.warn("Receive INVALID PVP Response from ELGA mandate-service: " + samlRequest, e);
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
- throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from ELGA mandate-service", e);
+ throw new TaskExecutionException(pendingReq,
+ "Receive INVALID PVP Response from ELGA mandate-service",
+ new AuthnResponseValidationException("sp.pvp2.12",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
+ e));
} catch (IOException | MarshallingException | TransformerException e) {
Logger.warn("Processing PVP response from ELGA mandate-service FAILED.", e);
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
- throw new TaskExecutionException(pendingReq, "Processing PVP response from ELGA mandate-service FAILED.", e);
+ throw new TaskExecutionException(pendingReq,
+ "Processing PVP response from ELGA mandate-service FAILED.",
+ new AuthnResponseValidationException("sp.pvp2.12",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
+ e));
} catch (CredentialsNotAvailableException e) {
Logger.error("ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e);
@@ -195,7 +203,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
-
+
} catch (Exception e) {
Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage());
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 09:21:06 +0000