aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-sl20_authentication
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-sl20_authentication')
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java44
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java4
2 files changed, 32 insertions, 16 deletions
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 9262e43e9..03db52695 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -49,15 +49,16 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws TaskExecutionException {
+ throws TaskExecutionException {
+ String sl20Result = null;
try {
Logger.debug("Receiving SL2.0 response process .... ");
- JsonObject sl20ReqObj = null;
+ JsonObject sl20ReqObj = null;
try {
//get SL2.0 command or result from HTTP request
Map<String, String> reqParams = getParameters(request);
- String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
+ sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
if (MiscUtil.isEmpty(sl20Result)) {
@@ -103,10 +104,15 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools,
authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
- if (payLoadContainer.isValidSigned() == null ||
- !payLoadContainer.isValidSigned()) {
- Logger.info("SL20 result from VDA was not valid signed");
- throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
+ if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
+ if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
+ Logger.info("SL20 result from VDA was not valid signed");
+ throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
+
+ } else {
+ Logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!");
+
+ }
}
@@ -158,6 +164,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
} catch (MOAIDException e) {
Logger.warn("SL2.0 processing error:", e);
+ if (sl20Result != null)
+ Logger.debug("Received SL2.0 result: " + sl20Result);
pendingReq.setGenericDataToSession(
Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
@@ -165,6 +173,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
} catch (Exception e) {
Logger.warn("ERROR:", e);
Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
+ if (sl20Result != null)
+ Logger.debug("Received SL2.0 result: " + sl20Result);
pendingReq.setGenericDataToSession(
Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
new TaskExecutionException(pendingReq, e.getMessage(), e));
@@ -182,8 +192,10 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
}
} catch (Exception e) {
- //write internal server errror 500 according to SL2.0 specification, chapter https transport binding
+ //write internal server errror 500 according to SL2.0 specification, chapter https transport binding
Logger.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e);
+ if (sl20Result != null)
+ Logger.debug("Received SL2.0 result: " + sl20Result);
try {
response.sendError(500, "Internal Server Error.");
@@ -207,7 +219,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
error ,
null);
- Logger.debug("Client request containts 'native client' header ... ");
+ Logger.debug("Client request containts 'native client' header ... ");
+ Logger.trace("SL20 response to VDA: " + respContainer);
StringWriter writer = new StringWriter();
writer.write(respContainer.toString());
final byte[] content = writer.toString().getBytes("UTF-8");
@@ -230,13 +243,14 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams);
//build first redirect command for app
- JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true);
+ JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("",
+ callCommand, null, true);
JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
//build second redirect command for IDP
JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null),
- redirectOneCommand, null, true);
+ redirectOneCommand, null, false);
JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
//build generic SL2.0 response container
@@ -247,10 +261,12 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
redirectTwoCommand,
null);
- //workaround for SIC VDA
+ //workaround for A-Trust
if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null &&
- request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
- Logger.debug("Client request containts 'native client' header ... ");
+ request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)
+ || true) {
+ Logger.debug("Client request containts 'native client' header ... ");
+ Logger.trace("SL20 response to VDA: " + respContainer);
StringWriter writer = new StringWriter();
writer.write(respContainer.toString());
final byte[] content = writer.toString().getBytes("UTF-8");
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
index 52743c9da..365152f66 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
@@ -50,7 +50,7 @@ public abstract class eIDDataVerifierTest {
}
- @Test
+ //@Test
public void parseAuthBlock() throws Exception {
String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
if (MiscUtil.isEmpty(authBlockB64))
@@ -61,7 +61,7 @@ public abstract class eIDDataVerifierTest {
}
- @Test
+ //@Test
public void checkIDLAgainstAuthblock() throws Exception {
String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);