aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java28
1 files changed, 24 insertions, 4 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index fd7a19be8..7ba5aee1e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -24,6 +24,7 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EidasStringUtil;
import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
+import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance;
import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
@@ -73,13 +74,29 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()});
}
+
+ // **********************************************************
+ // ******* MOA-ID specific response validation **********
+ // **********************************************************
+
+ //validate received LoA against minimum required LoA
+ LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel());
+ LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance());
+ if (respLoA.numericValue() < reqLoA.numericValue()) {
+ Logger.error("eIDAS Response LevelOfAssurance is lower than the required! "
+ + "(Resp-LoA:" + respLoA.getValue() + " Req-LoA:" + reqLoA.getValue() + ")");
+ throw new MOAIDException("eIDAS.14", new Object[]{respLoA.getValue()});
+
+ }
+
- //MOA-ID specific response validation
- //TODO: implement MOA-ID specific response validation
+ // **********************************************************
+ // ******* Store resonse infos into session object **********
+ // **********************************************************
//update MOA-Session data with received information
Logger.debug("Store eIDAS response information into MOA-session.");
-
+
moasession.setQAALevel(samlResp.getLevelOfAssurance());
moasession.setGenericDataToSession(
@@ -99,12 +116,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
samlResp.getId());
+
+ } catch (MOAIDException e) {
+ throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
}catch (EIDASSAMLEngineException e) {
Logger.error("eIDAS AuthnRequest generation FAILED.", e);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
- throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
+ throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
} catch (MOADatabaseException e) {