aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java9
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java29
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java29
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java66
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java68
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java53
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java128
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java)14
9 files changed, 297 insertions, 101 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 5166f090d..d1de2e96b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -72,4 +72,13 @@ public class Constants {
public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect";
public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata";
+ //Event-Codes for Revisionslog
+ public static final int eIDAS_REVERSIONSLOG_METADATA = 3400;
+ public static final int eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST = 3401;
+ public static final int eIDAS_REVERSIONSLOG_IDP_AUTHRESPONSE = 3402;
+ public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403;
+ public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404;
+
+ public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country";
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
new file mode 100644
index 000000000..384516711
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java
@@ -0,0 +1,29 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthSpringResourceProvider;
+
+public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider {
+
+ @Override
+ public String getName() {
+ return "MOA-ID eIDAS-Authentication SpringResourceProvider";
+ }
+
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Resource[] getResourcesToLoad() {
+ ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_auth.beans.xml", MOAIDAuthSpringResourceProvider.class);
+
+ return new Resource[] {eIDASAuthConfig};
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 49f0451cb..2c0f1cf8c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -22,22 +22,26 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas;
+import java.io.IOException;
+
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
-import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
+import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
*
*/
-@WebServlet(urlPatterns = { "/eidas/sp/post", "/eidas/sp/redirect"}, loadOnStartup = 1)
-public class eIDASSignalServlet extends ProcessEngineSignalServlet {
-
- private static final long serialVersionUID = 8215688005533754459L;
+@Controller
+public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
public eIDASSignalServlet() {
super();
@@ -46,18 +50,25 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet {
}
+ @RequestMapping(value = { "/eidas/sp/post",
+ "/eidas/sp/redirect"
+ },
+ method = {RequestMethod.POST, RequestMethod.GET})
+ public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ signalProcessManagement(req, resp);
+ }
@Override
/**
- * Protocol specific implementation to get the sessionID
+ * Protocol specific implementation to get the pending-requestID
* from http request object
*
* @param request The http Servlet-Request object
- * @return The SessionId
+ * @return The Pending-request id
*
*/
- public String getMoaSessionId(HttpServletRequest request) {
- String sessionId = super.getMoaSessionId(request);
+ public String getPendingRequestId(HttpServletRequest request) {
+ String sessionId = super.getPendingRequestId(request);
try {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index f4d6c4ad4..22dcf0bf3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -22,6 +22,8 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
+
import java.io.IOException;
import java.io.InputStream;
import java.text.ParseException;
@@ -31,14 +33,14 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.ObjectUtils;
+import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
-import eu.eidas.auth.commons.IPersonalAttributeList;
-
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -50,22 +52,21 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.XPathUtils;
+import eu.eidas.auth.commons.IPersonalAttributeList;
/**
* @author tlenz
*
*/
+@Service("CreateIdentityLinkTask")
public class CreateIdentityLinkTask extends AbstractAuthServletTask {
/* (non-Javadoc)
@@ -76,19 +77,47 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try{
- String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);
- String pendingRequestID = (String) executionContext.get("pendingRequestID");
-
- //load pending request
- IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+ String pendingRequestID = StringEscapeUtils.escapeHtml(
+ ObjectUtils.defaultIfNull(
+ request.getParameter(PARAM_TARGET_PENDINGREQUESTID),
+ (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
+
+ if (MiscUtil.isEmpty(pendingRequestID)) {
+ Logger.info("No PendingRequestID received");
+ throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
+ }
+
+ IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
+
if (pendingReq == null) {
Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+
+ }
+
+ //change pending-request ID
+ String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+ executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+
+ AuthenticationSession moasession = null;;
+ try {
+ moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+ if (moasession == null) {
+ Logger.warn("MOASessionID is empty.");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
}
-
- //load MOASession object and OA-configuration
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
+ //load service-provider configuration
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
//get eIDAS attributes from MOA-Session
@@ -96,7 +125,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST,
IPersonalAttributeList.class);
- AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
IdentityLink identityLink = null;
//connect SZR-Gateway
@@ -146,7 +174,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
//resign IDL
IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
- Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), config.getStorkFakeIdLResigningKey());
+ Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey());
identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
} else {
@@ -164,13 +192,13 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
throw new MOAIDException("stork.10", null);
}
- MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);
moasession.setForeigner(true);
moasession.setIdentityLink(identityLink);
moasession.setBkuURL("Not applicable (eIDASAuthentication)");
//store MOA-session to database
- AuthenticationSessionStoreage.storeSession(moasession);
+ authenticatedSessionStorage.storeSession(moasession);
} catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) {
throw new TaskExecutionException("IdentityLink generation for foreign person FAILED.", e);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 06643ec53..5af6a294b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,6 +22,8 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
+
import java.io.IOException;
import java.io.StringWriter;
import java.util.Collection;
@@ -29,11 +31,14 @@ import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.BooleanUtils;
+import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -45,17 +50,14 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EIDASAuthnRequest;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.commons.EidasLoaCompareType;
@@ -71,6 +73,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
* @author tlenz
*
*/
+@Service("GenerateAuthnRequestTask")
public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
/* (non-Javadoc)
@@ -82,31 +85,58 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try{
- String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);
- String pendingRequestID = (String) executionContext.get("pendingRequestID");
-
- //load pending request
- IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+ String pendingRequestID = StringEscapeUtils.escapeHtml(
+ ObjectUtils.defaultIfNull(
+ request.getParameter(PARAM_TARGET_PENDINGREQUESTID),
+ (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
+
+ if (MiscUtil.isEmpty(pendingRequestID)) {
+ Logger.info("No PendingRequestID received");
+ throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
+ }
+
+ IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
+
if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: '{}' Maybe, a transaction timeout occure.", new Object[] {pendingRequestID});
+ Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+
+ }
+
+ //change pending-request ID
+ String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+ executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+
+ AuthenticationSession moasession = null;;
+ try {
+ moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+ if (moasession == null) {
+ Logger.warn("MOASessionID is empty.");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
}
- //load MOASession object, configuration and OA-configuration
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+ //get service-provider configuration
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
- AuthConfiguration moaconfig = AuthConfigurationProviderFactory.getInstance();
// get target country
String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
- throw new AuthenticationException("stork.22", new Object[] { moasessionid });
+ throw new AuthenticationException("stork.22", new Object[] { pendingRequestID });
}
- CPEPS cpeps = moaconfig.getStorkConfig().getCPEPS(citizenCountryCode);
+ CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
if(null == cpeps) {
Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
@@ -127,7 +157,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
newAttribute.setName(current.getName());
boolean globallyMandatory = false;
- for (StorkAttribute currentGlobalAttribute : moaconfig.getStorkConfig().getStorkAttributes())
+ for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes())
if (current.getName().equals(currentGlobalAttribute.getName())) {
globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
break;
@@ -144,7 +174,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
authnRequest.setProviderName(pendingReq.getAuthURL());
authnRequest.setPersonalAttributeList(pAttList);
- authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+ authnRequest.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
authnRequest.setDestination(destination);
authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED);
@@ -170,7 +200,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
context.put(actionType, SAMLRequest);
Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
- context.put("RelayState", moasessionid);
+ context.put("RelayState", pendingRequestID);
Logger.debug("Using assertion consumer url as action: " + destination);
context.put("action", destination);
@@ -200,7 +230,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.",
new EIDASEngineException("Could not generate token for Saml Request", e));
- } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+ } catch (EIDASEngineException | MOAIDException e) {
throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 693807d63..84b20dc25 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -1,8 +1,14 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.ObjectUtils;
+import org.springframework.stereotype.Service;
+
import eu.eidas.auth.commons.EIDASAuthnResponse;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.engine.EIDASSAMLEngine;
@@ -28,25 +34,54 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("ReceiveAuthnResponseTask")
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
try{
- String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);
- String pendingRequestID = (String) executionContext.get("pendingRequestID");
-
- //load pending request
- IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+ String pendingRequestID = StringEscapeUtils.escapeHtml(
+ ObjectUtils.defaultIfNull(
+ request.getParameter(PARAM_TARGET_PENDINGREQUESTID),
+ (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
+
+ if (MiscUtil.isEmpty(pendingRequestID)) {
+ Logger.info("No PendingRequestID received");
+ throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
+ }
+
+ IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
+
if (pendingReq == null) {
Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+
+ }
+
+ //change pending-request ID
+ String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+ executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+
+ AuthenticationSession moasession = null;;
+ try {
+ moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+ if (moasession == null) {
+ Logger.warn("MOASessionID is empty.");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
}
-
- //load MOASession object and OA-configuration
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
+ //load service-provider configuration
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
//get SAML Response and decode it
@@ -92,7 +127,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/");
//store MOA-session to database
- AuthenticationSessionStoreage.storeSession(moasession);
+ authenticatedSessionStorage.storeSession(moasession);
}catch (EIDASSAMLEngineException e) {
Logger.error("eIDAS AuthnRequest generation FAILED.", e);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index b652503f8..5c2ed4148 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -22,14 +22,21 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.eidas;
+import java.io.IOException;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -37,6 +44,10 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
+import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.MetadataAction;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EIDASAuthnRequest;
@@ -44,26 +55,15 @@ import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.engine.EIDASSAMLEngine;
/**
- * Stork 2 Protocol Support
+ * eIDAS Protocol Support for outbound authentication
*
- * @author bsuzic
+ * @author tlenz
*/
-public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
+public class EIDASProtocol extends AbstractProtocolModulController {
public static final String NAME = EIDASProtocol.class.getName();
public static final String PATH = "eidas";
- public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
- public static final String METADATAREQUEST = "MetadataRequest";
-
- private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
-
- static {
- actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
- actions.put(METADATAREQUEST, new EidasMetaDataRequest());
-
- }
-
public String getName() {
return NAME;
}
@@ -72,20 +72,70 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
return PATH;
}
- public IAction getAction(String action) {
- return actions.get(action);
- }
-
- public EIDASProtocol() {
- super();
- }
-
+ //eIDAS metadata end-point
+ @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
+ public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+
+ //create pendingRequest object
+ EIDASData pendingReq = new EIDASData(req);
+ pendingReq.setModule(NAME);
+ pendingReq.setNeedAuthentication(false);
+ pendingReq.setAuthenticated(false);
+
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ MOAIDEventConstants.TRANSACTION_IP,
+ req.getRemoteAddr());
+
+
+ EidasMetaDataRequest metadataAction = applicationContext.getBean(EidasMetaDataRequest.class);
+ metadataAction.processRequest(pendingReq,
+ req, resp, null);
+
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ Constants.eIDAS_REVERSIONSLOG_METADATA);
+ }
+
+
+ //PVP2.x IDP POST-Binding end-point
+ @RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST})
+ public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+
+ //create pending-request object
+ EIDASData pendingReq = new EIDASData(req);
+ pendingReq.setModule(NAME);
+
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+ revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ MOAIDEventConstants.TRANSACTION_IP,
+ req.getRemoteAddr());
+
+ //preProcess eIDAS request
+ preProcess(req, resp, pendingReq);
+
+ revisionsLogger.logEvent(pendingReq, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+
+ //AuthnRequest needs authentication
+ pendingReq.setNeedAuthentication(true);
+
+ //set protocol action, which should be executed after authentication
+ pendingReq.setAction(eIDASAuthenticationRequest.class.getName());
+
+ //switch to session authentication
+ performAuthentication(req, resp, pendingReq);
+ }
+
/*
First request step - send it to BKU selection for user authentication. After the user credentials
and other info are obtained, in the second step the request will be processed and the user redirected
*/
- public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action,
- String sessionId, String transactionId) throws MOAIDException {
+ public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
Logger.info("received an eIDaS request");
@@ -104,42 +154,36 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
//validate SAML token
EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
- // memorize important stuff
- EIDASData result = new EIDASData(request);
-
// - memorize remote ip
- result.setRemoteAddress(request.getRemoteAddr());
+ pendingReq.setRemoteAddress(request.getRemoteAddr());
// - memorize country code of target country
- result.setTarget(samlReq.getCountry());
+ pendingReq.setGenericDataToSession(
+ Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
// - memorize requested attributes
- result.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
+ pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList()));
// - memorize whole request
- samlReq.setPersonalAttributeList(result.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
- result.setEidasRequest(samlReq);
+ samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
+ pendingReq.setEidasRequest(samlReq);
// - memorize OA url
- result.setOAURL(samlReq.getIssuer());
-
+ pendingReq.setOAURL(samlReq.getIssuer());
+
// - memorize OA config
- OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(result.getOAURL());
+ OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
if (oaConfig == null)
- throw new AuthenticationException("stork.12", new Object[]{result.getOAURL()});
- result.setOnlineApplicationConfiguration(oaConfig);
+ throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
+ pendingReq.setOnlineApplicationConfiguration(oaConfig);
- return result;
} catch(Exception e) {
Logger.error("error in preprocessing step", e);
throw new MOAIDException("error in preprocessing step", null);
+
}
}
- public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
- return null;
- }
-
public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
return false;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index c8795302f..4e34902e2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -39,6 +40,7 @@ import eu.eidas.engine.exceptions.SAMLEngineException;
/**
* First version to provide some valid metadata to an asking eIDaS node
*/
+@Service("EidasMetaDataRequest")
public class EidasMetaDataRequest implements IAction {
private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 09287e6d4..0702c34d5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -32,8 +32,11 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -59,11 +62,14 @@ import eu.eidas.auth.engine.metadata.MetadataUtil;
* Second request step - after authentication of the user is done and moasession obtained,
* process request and forward the user further to PEPS and/or other entities
*
- * @author bsuzic
+ * @author tlenz
*/
-public class AuthenticationRequest implements IAction {
+@Service("eIDASAuthenticationRequest")
+public class eIDASAuthenticationRequest implements IAction {
+ @Autowired protected MOAReversionLogger revisionsLogger;
+
@Override
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
EIDASData eidasRequest;
@@ -85,7 +91,7 @@ public class AuthenticationRequest implements IAction {
case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break;
case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break;
case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(),
- eidasRequest.getTarget()); break;
+ eidasRequest.getGenericData(Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class)); break;
}
if("".equals(newValue))
@@ -129,6 +135,8 @@ public class AuthenticationRequest implements IAction {
e.printStackTrace();
}
+ revisionsLogger.logEvent(req, Constants.eIDAS_REVERSIONSLOG_IDP_AUTHREQUEST);
+
// send the response
try {
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();