diff options
author | Christian Kollmann <christian.kollmann@a-sit.at> | 2021-03-04 14:00:53 +0100 |
---|---|---|
committer | Christian Kollmann <christian.kollmann@a-sit.at> | 2021-03-04 14:18:15 +0100 |
commit | b9bc937ff9471c60ced2ef9ed7df526cf31059db (patch) | |
tree | 6cbd58a098a457797ab85f816efc7bb05404470c | |
parent | 2c49670334049a065d86defc8524f2e5eae6ca78 (diff) | |
download | National_eIDAS_Gateway-b9bc937ff9471c60ced2ef9ed7df526cf31059db.tar.gz National_eIDAS_Gateway-b9bc937ff9471c60ced2ef9ed7df526cf31059db.tar.bz2 National_eIDAS_Gateway-b9bc937ff9471c60ced2ef9ed7df526cf31059db.zip |
Document input, output, transitions for each task
11 files changed, 330 insertions, 192 deletions
diff --git a/connector/src/test/resources/config/templates/other_login_method.html b/connector/src/test/resources/config/templates/other_login_method.html index 3a3f9a4a..56c368c6 100644 --- a/connector/src/test/resources/config/templates/other_login_method.html +++ b/connector/src/test/resources/config/templates/other_login_method.html @@ -231,6 +231,7 @@ <input type="hidden" name="selectedCountry" value="NONE"> <input type="hidden" name="pendingid" value="$pendingid" th:attr="value=${pendingid}"/> </form> + <!-- todo wohnsitz --> </div> <!-- Abbrechen Button --> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index c2fc44b9..76c026ae 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -34,9 +34,26 @@ public class Constants { public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; - public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk"; - public static final String DATA_SIMPLE_EIDAS = "simple_eidas_data"; - public static final String DATA_INITIAL_REGISTER_RESULT = "initial_register_result"; + + /** + * Stored when one match from register was found + */ + public static final String DATA_RESULT_MATCHING_BPK = "matching_result_bpk"; + + /** + * Stored before Step 2 from Matching Concept, input from user eIDAS authn + */ + public static final String DATA_SIMPLE_EIDAS = "matching_simple_eidas_data"; + + /** + * Stored after Step 2 from Matching Concept, first results from search with Person Identifier + */ + public static final String DATA_INITIAL_REGISTER_RESULT = "matching_initial_register_result"; + + /** + * Stored after Step 8 from Matching Concept, results from search in registers with MDS + */ + public static final String DATA_FURTHER_REGISTER_RESULT = "matching_further_register_result"; // templates for post-binding forwarding public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; @@ -183,13 +200,32 @@ public class Constants { public static final String COUNTRY_CODE_DE = "DE"; public static final String COUNTRY_CODE_IT = "IT"; + /** + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask} + */ public static final String TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK = "TASK_CreateNewErnpEntryTask"; + + /** + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask} + */ public static final String TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK = "TASK_GenerateOtherLoginMethodGuiTask"; + + /** + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAustrianResidenceGuiTask} + */ public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK = "TASK_GenerateAustrianResidenceGuiTask"; + + /** + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask} + */ public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK = "TASK_GenerateMobilePhoneSignatureRequestTask"; + + /** + * TODO Second eidas login + */ public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO"; public static final String REQ_SELECTED_LOGIN_METHOD_PARAMETER = "loginSelection"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java index fad985c2..6b524e36 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -30,30 +30,32 @@ public class RegisterSearchService { * Automatic process to fix the register entries. * * @param initialSearchResult Result of initial register search - * @param specificDetailSearchResult Result of last register search + * @param specificSearchResult Result of last register search * @param eidasData Received eidas data * @param pendingReq Pending request * @return The bpk * @throws TaskExecutionException if an error occurs during the register update */ public String step7aKittProcess(MergedRegisterSearchResult initialSearchResult, - MergedRegisterSearchResult specificDetailSearchResult, - SimpleEidasData eidasData, IRequest pendingReq) throws TaskExecutionException { + MergedRegisterSearchResult specificSearchResult, + SimpleEidasData eidasData, + IRequest pendingReq) throws TaskExecutionException { + log.trace("Starting step7aKittProcess"); // TODO verify with which data this method gets called try { if (initialSearchResult.getResultCount() != 0) { throw new WorkflowException("initialSearchResult.getResultCount() != 0"); } - if (specificDetailSearchResult.getResultCount() != 1) { - throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); + if (specificSearchResult.getResultCount() != 1) { + throw new WorkflowException("specificSearchResult.getResultCount() != 1"); } - if (specificDetailSearchResult.getResultsZmr().size() == 1) { - zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidasData); + if (specificSearchResult.getResultsZmr().size() == 1) { + zmrClient.update(specificSearchResult.getResultsZmr().get(0), eidasData); } - if (specificDetailSearchResult.getResultsErnp().size() == 1) { - ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidasData); + if (specificSearchResult.getResultsErnp().size() == 1) { + ernpClient.update(specificSearchResult.getResultsErnp().get(0), eidasData); } - return specificDetailSearchResult.getBpk(); + return specificSearchResult.getBpk(); } catch (WorkflowException e) { throw new TaskExecutionException(pendingReq, "Step7a failed.", e); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index b519354c..65e9028f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -85,6 +85,10 @@ import szrservices.TravelDocumentType; * Task that creates the IdentityLink for an eIDAS authenticated person. * * @author tlenz + * + * TODO Take Constants#DATA_SIMPLE_EIDAS and Constants#DATA_RESULT_MATCHING_BPK + * TODO Only do VSZ Erstellung and eidasBind -- this is always the end of the whole process + * TODO Move Eintragung to separate Task, as it does not happen every time */ @Slf4j @Component("CreateIdentityLinkTask") @@ -96,12 +100,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { private SzrClient szrClient; @Autowired private ICcSpecificEidProcessingService eidPostProcessor; - + @Autowired private AuthBlockSigningService authBlockSigner; private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; - + /* * (non-Javadoc) * @@ -131,81 +135,81 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData); //inject personal-data into session - authProcessData.setIdentityLink(idlResult.getIdentityLink()); - + authProcessData.setIdentityLink(idlResult.getIdentityLink()); + // set bPK and bPKType into auth session authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, pendingReq.getServiceProviderConfiguration() .getAreaSpecificTargetIdentifier()); - + } else { - //build SZR request from eIDAS data + //build SZR request from eIDAS data final PersonInfoType personInfo = generateSzrRequest(eidData); - + //request SZR based on IDL or E-ID mode if (pendingReq.getServiceProviderConfiguration() .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) { // get encrypted baseId String vsz = szrClient.getEncryptedStammzahl(personInfo); - + //write revision-Log entry and extended infos personal-identifier mapping revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED); writeExtendedRevisionLogEntry(simpleAttrMap, eidData); - - + + // get eIDAS bind - String signedEidasBind = szrClient.getEidsaBind(vsz, - authBlockSigner.getBase64EncodedPublicKey(), + String signedEidasBind = szrClient.getEidsaBind(vsz, + authBlockSigner.getBase64EncodedPublicKey(), EID_STATUS, eidData); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); - + //get signed AuthBlock String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED); authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); - + //inject personal-data into session authProcessData.setEidProcess(true); - + } else { //request SZR SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo); - + //write revision-Log entry for personal-identifier mapping writeExtendedRevisionLogEntry(simpleAttrMap, eidData); - + //check result-data and write revision-log based on current state checkStateAndWriteRevisionLog(idlResult); - + //inject personal-data into session - authProcessData.setIdentityLink(idlResult.getIdentityLink()); + authProcessData.setIdentityLink(idlResult.getIdentityLink()); authProcessData.setEidProcess(false); - + // set bPK and bPKType into auth session authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, pendingReq.getServiceProviderConfiguration() .getAreaSpecificTargetIdentifier()); - + } } - + //add generic info's into session authProcessData.setForeigner(true); authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) .getFirst()); authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); - + // store pending-request requestStoreage.storePendingRequest(pendingReq); - - + + } catch (final EidasAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); @@ -229,7 +233,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - + private PersonInfoType generateSzrRequest(ErnbEidData eidData) { log.debug("Starting connecting SZR Gateway"); final PersonInfoType personInfo = new PersonInfoType(); @@ -278,16 +282,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - + return personInfo; - + } - private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo) + private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo) throws SzrCommunicationException, EaafException { //request IdentityLink from SZR final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); - + final Element idlFromSzr = (Element) result.getAssertion(); IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); @@ -301,9 +305,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")); if (!bpkList.isEmpty()) { bpk = bpkList.get(0); - + } - + } else { log.debug("Calculating bPK from baseId ... "); @@ -316,11 +320,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { bpk = bpkCalc.getFirst(); } - + return new SzrResultHolder(identityLink, bpk); - + } - + private void checkStateAndWriteRevisionLog(SzrResultHolder idlResult) throws SzrCommunicationException { // write some infos into revision log if (idlResult.getIdentityLink() == null) { @@ -341,9 +345,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED); log.debug("ERnB communication was successfull"); - + } - + private String extendBpkByPrefix(String bpk, String type) { String bpkType = null; @@ -433,20 +437,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - + @Data - private static class SzrResultHolder { + private static class SzrResultHolder { final IIdentityLink identityLink; final String bpK; - + } - + /** * Build a dummy IdentityLink and a dummy bPK based on eIDAS information. - * + * * <br><br> * <b>FOR LOCAL TESTING ONLY!!!</b> - * + * * @param eidData Information from eIDAS response * @return IdentityLink and bPK * @throws ParserConfigurationException In case of an IDL processing error @@ -454,7 +458,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { * @throws IOException In case of an IDL processing error * @throws EaafException In case of a bPK generation error */ - private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData) + private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData) throws ParserConfigurationException, SAXException, IOException, EaafException { log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!"); // create fake IdL @@ -495,9 +499,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), identityLink.getIdentificationType(), pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); + .getAreaSpecificTargetIdentifier()); return new SzrResultHolder(identityLink, bpkCalc.getFirst()); - + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java index bab1945a..b89af3a0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java @@ -23,6 +23,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -30,18 +31,29 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import lombok.extern.slf4j.Slf4j; -import org.jetbrains.annotations.NotNull; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; - /** - * Task that searches ErnB and ZMR before adding person to SZR. + * Task that searches ERnP and ZMR before adding person to SZR. + * This corresponds to Step 9 in the eIDAS Matching Concept. + * + * Input: + * <ul> + * <li>{@link Constants#DATA_SIMPLE_EIDAS}</li> + * </ul> + * Output: + * <ul> + * <li>TODO MDS, BPK of new entry</li> + * </ul> + * + * TODO Import code from CreateIdentityLinkTask + * TODO Nicht mit BMI abgestimmt: ERnP Eintrag über SZR anzulegen? * * @author amarsalek + * @author ckollmann */ @Slf4j @Component("CreateNewErnbEntryTask") @@ -61,25 +73,21 @@ public class CreateNewErnpEntryTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - // TODO really the correct key? - SimpleEidasData simpleEidasData = getAuthProcessData().getGenericDataFromSession(DATA_SIMPLE_EIDAS, - SimpleEidasData.class); - step9CreateNewErnpEntry(simpleEidasData); + SimpleEidasData simpleEidasData = getInitialEidasData(); + //TODO Does this return the BPK? + ernpClient.createNewEntry(simpleEidasData); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); } } - @NotNull - private AuthProcessDataWrapper getAuthProcessData() { - return pendingReq.getSessionData(AuthProcessDataWrapper.class); + private SimpleEidasData getInitialEidasData() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); } - private void step9CreateNewErnpEntry(SimpleEidasData simpleEidasData) { - - //TODO can i get bpk from response? - ernpClient.createNewEntry(simpleEidasData); + private AuthProcessDataWrapper getAuthProcessDataWrapper() { + return pendingReq.getSessionData(AuthProcessDataWrapper.class); } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java index 56aaa2db..8c3cc994 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -53,6 +53,7 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractAuthServletTask { @Autowired private ISpringMvcGuiFormBuilder guiBuilder; + @Autowired private IConfiguration basicConfig; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 81035f6d..d7bec42b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -23,6 +23,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; @@ -55,10 +56,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_FULL_EIDAS_RESPONSE; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_RESULT_MATCHING_BPK; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.eIDAS_ATTR_BIRTHNAME; @@ -72,6 +69,27 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.eIDAS_A /** * Task that searches registers (ERnP and ZMR) before adding person to SZR. + * <p> + * Input: + * <ul> + * <li>{@link Constants#DATA_FULL_EIDAS_RESPONSE}</li> + * </ul> + * Output: + * <ul> + * <li>{@link Constants#DATA_SIMPLE_EIDAS} converted from Full eIDAS Response</li> + * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from first search in registers with + * PersonIdentifier</li> + * <li>{@link Constants#DATA_FURTHER_REGISTER_RESULT} results after second search in registers with MDS</li> + * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> + * </ul> + * <p> + * Transitions: + * <ul> + * <li>{@link CreateNewErnpEntryTask} if no results in registers where found for this user</li> + * <li>{@link GenerateOtherLoginMethodGuiTask} if search with MDS returns more than one match, user may provide + * alternative login methods to get an unique match</li> + * <li>{@link CreateIdentityLinkTask} if search in register returned one match, user is uniquely identified</li> + * </ul> * * @author amarsalek * @author ckollmann @@ -102,11 +120,8 @@ public class InitialSearchTask extends AbstractAuthServletTask { throws TaskExecutionException { try { final SimpleEidasData eidasData = convertEidasAttrToSimpleData(); - storeSimpleEidasData(eidasData); + storeInitialEidasData(eidasData); step2RegisterSearchWithPersonIdentifier(executionContext, eidasData); - } catch (final TaskExecutionException e) { - log.error("Initial search failed", e); - throw e; } catch (final Exception e) { log.error("Initial search failed", e); throw new TaskExecutionException(pendingReq, "Initial search failed", e); @@ -117,52 +132,41 @@ public class InitialSearchTask extends AbstractAuthServletTask { ExecutionContext executionContext, SimpleEidasData eidasData) throws TaskExecutionException, EaafStorageException, ManualFixNecessaryException { log.trace("Starting step2RegisterSearchWithPersonIdentifier"); - String personIdentifier = eidasData.getPseudonym(); - MergedRegisterSearchResult registerData = registerSearchService.searchWithPersonIdentifier(eidasData); - storeInitialRegisterResult(registerData); - int resultCount = registerData.getResultCount(); + MergedRegisterSearchResult initialSearchResult = registerSearchService.searchWithPersonIdentifier(eidasData); + storeInitialRegisterResult(initialSearchResult); + int resultCount = initialSearchResult.getResultCount(); if (resultCount == 0) { - step5CheckAndPerformCountrySpecificSearchIfPossible(executionContext, registerData, eidasData); + step5CountrySpecificSearchCheck(executionContext, initialSearchResult, eidasData); } else if (resultCount == 1) { - step3CheckRegisterUpdateNecessary(registerData, eidasData); + step3CheckRegisterUpdateNecessary(initialSearchResult, eidasData); } else { - throw new ManualFixNecessaryException(personIdentifier); + throw new ManualFixNecessaryException(eidasData); } } - private void step3CheckRegisterUpdateNecessary(MergedRegisterSearchResult registerData, SimpleEidasData eidasData) + private void step3CheckRegisterUpdateNecessary( + MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData) throws ManualFixNecessaryException { log.trace("Starting step3CheckRegisterUpdateNecessary"); try { - if (eidasData.equalsRegisterData(registerData)) { - String bpk = registerData.getBpk(); - storeMatchingBpk(bpk); + if (eidasData.equalsRegisterData(initialSearchResult)) { + storeMatchingBpk(initialSearchResult.getBpk()); } else { - step4UpdateRegisterData(registerData, eidasData); + // TODO Update "initialSearchResult" in register with "eidasData" from login not possible for now + storeMatchingBpk(initialSearchResult.getBpk()); } } catch (WorkflowException | EaafStorageException e) { throw new ManualFixNecessaryException(eidasData); } } - private void step4UpdateRegisterData(MergedRegisterSearchResult registerData, SimpleEidasData eidasData) - throws WorkflowException, EaafStorageException { - log.trace("Starting step4UpdateRegisterData"); - log.debug("Update {} with {}", registerData, eidasData); - //TODO wann rechtlich möglich? - - String bpk = registerData.getBpk(); - storeMatchingBpk(bpk); - } - - private void step5CheckAndPerformCountrySpecificSearchIfPossible( - ExecutionContext executionContext, MergedRegisterSearchResult registerData, - SimpleEidasData eidasData) + private void step5CountrySpecificSearchCheck( + ExecutionContext executionContext, MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData) throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException { log.trace("Starting step5CheckAndPerformCountrySpecificSearchIfPossible"); CountrySpecificDetailSearchProcessor specificHandler = findSpecificProcessor(eidasData); if (specificHandler != null) { - step6CountrySpecificSearch(executionContext, specificHandler, registerData, eidasData); + step6CountrySpecificSearch(executionContext, specificHandler, initialSearchResult, eidasData); } else { step8RegisterSearchWithMds(executionContext, eidasData); } @@ -182,7 +186,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { private void step6CountrySpecificSearch(ExecutionContext executionContext, CountrySpecificDetailSearchProcessor processor, - MergedRegisterSearchResult registerData, + MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData) throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException { log.trace("Starting step6CountrySpecificSearch"); @@ -191,57 +195,51 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (resultCount == 0) { step8RegisterSearchWithMds(executionContext, eidasData); } else if (resultCount == 1) { - step7aKittProcess(registerData, countrySearchResult, eidasData); + String bpk = registerSearchService + .step7aKittProcess(initialSearchResult, countrySearchResult, eidasData, pendingReq); + storeMatchingBpk(bpk); } else { throw new ManualFixNecessaryException(eidasData); } } - private void step7aKittProcess(MergedRegisterSearchResult registerData, - MergedRegisterSearchResult countrySpecificDetailSearchResult, - SimpleEidasData eidasData) - throws TaskExecutionException, EaafStorageException { - log.trace("Starting step7aKittProcess"); - String bpk = registerSearchService.step7aKittProcess(registerData, countrySpecificDetailSearchResult, - eidasData, pendingReq); - storeMatchingBpk(bpk); - } - private void step8RegisterSearchWithMds(ExecutionContext executionContext, SimpleEidasData eidasData) throws EaafStorageException { log.trace("Starting step8RegisterSearchWithMds"); MergedRegisterSearchResult registerData = registerSearchService.searchWithMds(eidasData); if (registerData.getResultCount() == 0) { - // TODO really the correct key to store data? - storeSimpleEidasData(eidasData); executionContext.put(TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); } else { + storeFurtherRegisterResults(registerData); executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); } } - private void storeSimpleEidasData(SimpleEidasData eidasData) throws EaafStorageException { - getAuthProcessData().setGenericDataToSession(DATA_SIMPLE_EIDAS, eidasData); + private void storeInitialRegisterResult(MergedRegisterSearchResult registerData) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_INITIAL_REGISTER_RESULT, registerData); } - private void storeInitialRegisterResult(MergedRegisterSearchResult registerData) throws EaafStorageException { - getAuthProcessData().setGenericDataToSession(DATA_INITIAL_REGISTER_RESULT, registerData); + private void storeFurtherRegisterResults(MergedRegisterSearchResult registerData) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_FURTHER_REGISTER_RESULT, registerData); + } + + private void storeInitialEidasData(SimpleEidasData eidasData) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidasData); } private void storeMatchingBpk(String bpk) throws EaafStorageException { - getAuthProcessData().setGenericDataToSession(DATA_RESULT_MATCHING_BPK, bpk); + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); } - @NotNull - private AuthProcessDataWrapper getAuthProcessData() { + private AuthProcessDataWrapper getAuthProcessDataWrapper() { return pendingReq.getSessionData(AuthProcessDataWrapper.class); } @NotNull private SimpleEidasData convertEidasAttrToSimpleData() throws EidasAttributeException { - final ILightResponse eidasResponse = getAuthProcessData() - .getGenericDataFromSession(DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + final ILightResponse eidasResponse = getAuthProcessDataWrapper() + .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); Map<String, Object> simpleMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap()); return convertSimpleMapToSimpleData(simpleMap); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java index d565c329..6d050dc1 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java @@ -31,6 +31,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNeces import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -46,12 +47,26 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Enumeration; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; /** * Task receives the response of {@link GenerateAustrianResidenceGuiTask} and handles it. * This corresponds to Steps 17B, 18, 19 in the eIDAS Matching Concept. + * <p> + * Input: + * <ul> + * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li> + * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li> + * </ul> + * Output: + * <ul> + * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> + * </ul> + * Transitions: + * <ul> + * <li>{@link CreateNewErnpEntryTask}</li> if no results from search with residency data in registers + * <li>{@link CreateIdentityLinkTask}</li> if one exact match between initial register search (with MDS) and results + * from search with residency data in registers exists + * </ul> * * @author amarsalek * @author ckollmann @@ -85,45 +100,68 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet throws TaskExecutionException { log.trace("Starting ReceiveAustrianResidenceGuiResponseTask"); UserInput input = parseHtmlInput(request); - if (input.isFormerResidenceAvailable()) { - if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) { - // form should ensure that mandatory fields are field => this should never happen - throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); - } - // TODO Also search with MDS? - MergedRegisterSearchResult result = registerSearchService + if (!input.isFormerResidenceAvailable()) { + moveToNextTask(executionContext); + return; + } + if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) { + // HTML form should ensure that mandatory fields are set => this should never happen + throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException()); + } + // TODO Also search with MDS? But MDS Search has already happened? + try { + SimpleEidasData eidasData = getInitialEidasData(); + MergedRegisterSearchResult residencyResult = registerSearchService .searchWithResidence(input.zipcode, input.city, input.street); - if (result.getResultCount() == 0) { + if (residencyResult.getResultCount() == 0) { moveToNextTask(executionContext); - return; - } else if (result.getResultCount() == 1) { - compareSearchResultWithInitialData(executionContext, result); + } else if (residencyResult.getResultCount() == 1) { + compareSearchResultWithInitialData(executionContext, residencyResult, eidasData); } else { - throw new TaskExecutionException(pendingReq, "Manual Fix necessary", new ManualFixNecessaryException("todo")); + throw new TaskExecutionException(pendingReq, + "Manual Fix necessary", new ManualFixNecessaryException(eidasData)); } - } else { - moveToNextTask(executionContext); + } catch (EaafStorageException e) { + log.error("Search with residency data failed", e); + throw new TaskExecutionException(pendingReq, "Search with residency data failed", e); } } - private void compareSearchResultWithInitialData(ExecutionContext executionContext, MergedRegisterSearchResult result) - throws TaskExecutionException { + private void compareSearchResultWithInitialData(ExecutionContext executionContext, + MergedRegisterSearchResult residencyResult, SimpleEidasData eidasData) + throws TaskExecutionException, EaafStorageException { try { - AuthProcessDataWrapper authProcessDataWrapper = pendingReq.getSessionData(AuthProcessDataWrapper.class); - MergedRegisterSearchResult initialSearchResult = authProcessDataWrapper - .getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class); - SimpleEidasData simpleEidasData = authProcessDataWrapper - .getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class); - if (simpleEidasData.equalsRegisterData(result)) { - registerSearchService.step7aKittProcess(initialSearchResult, result, simpleEidasData, pendingReq); + MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult(); + // TODO search "residencyResult" in "initialSearchResult"!? + if (eidasData.equalsRegisterData(residencyResult)) { + String bpk = registerSearchService + .step7aKittProcess(initialSearchResult, residencyResult, eidasData, pendingReq); + storeMatchingBpk(bpk); } else { moveToNextTask(executionContext); } } catch (WorkflowException e) { - throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException("todo")); + throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException(eidasData)); } } + private SimpleEidasData getInitialEidasData() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); + } + + private MergedRegisterSearchResult getInitialRegisterResult() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, + MergedRegisterSearchResult.class); + } + + private void storeMatchingBpk(String bpk) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + } + + private AuthProcessDataWrapper getAuthProcessDataWrapper() { + return pendingReq.getSessionData(AuthProcessDataWrapper.class); + } + private void moveToNextTask(ExecutionContext executionContext) { // Later on, this should transition to Step 20 executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 8c7815be..57531493 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -37,6 +37,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchSe import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; @@ -73,15 +74,30 @@ import java.io.IOException; import java.util.List; import java.util.Set; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING; /** * Task that receives the SAML2 response from ID Austria system. * This corresponds to Step 15 in the eIDAS Matching Concept. * + * Input: + * <ul> + * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li> + * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li> + * </ul> + * Output: + * <ul> + * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> + * </ul> + * Transitions: + * <ul> + * <li>{@link GenerateAustrianResidenceGuiTask}</li> if no results in registers were found + * <li>{@link CreateIdentityLinkTask}</li> if one exact match between initial register search (with MDS) data and + * register search with MPS data exists + * </ul> + * * @author tlenz + * @author ckollmann */ @Slf4j @Component("ReceiveMobilePhoneSignatureResponseTask") @@ -108,6 +124,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet /** * Creates the new task, with autowired dependencies from Spring. */ + @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine, RegisterSearchService registerSearchService, IdAustriaClientAuthCredentialProvider credentialProvider, @@ -146,22 +163,24 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet * */ - AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - MergedRegisterSearchResult initialSearchResult = - authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class); - SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class); - String bpkZp = extractBpkZp(extractor, authProcessData, eidasData); + MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult(); + SimpleEidasData eidasData = getInitialEidasData(); + String bpkZp = extractBpkZp(extractor, eidasData); - MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp); - if (result.getResultCount() == 0) { + // TODO Hier ist wohl keine Register-Suche notwendig, denn das ergibt sicher einen Treffer + // TODO Soll: In den Ergebnissen aus Step8 matchen! Über BPK matchen, und dann schauen, ob zumindest + // Geburtsdatum passt + MergedRegisterSearchResult registerResult = registerSearchService.searchWithBpkZp(bpkZp); + if (registerResult.getResultCount() == 0) { executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; - } else if (result.getResultCount() == 1) { - String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq); - authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + } else if (registerResult.getResultCount() == 1) { + String bpk = registerSearchService + .step7aKittProcess(initialSearchResult, registerResult, eidasData, pendingReq); + storeMatchingBpk(bpk); return; - } else if (result.getResultCount() > 1) { - throw new ManualFixNecessaryException("bpkZp: " + bpkZp); + } else if (registerResult.getResultCount() > 1) { + throw new ManualFixNecessaryException(eidasData); } // set NeedConsent to false, because user gives consent during authentication @@ -192,16 +211,31 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet } private String extractBpkZp(AssertionAttributeExtractor extractor, - AuthProcessDataWrapper authProcessData, SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException { - SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); + SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor); if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { - //TODO User has cheated? - throw new InvalidUserInputException(); + throw new InvalidUserInputException(); // user has cheated!? } return simpleMobileSignatureData.getBpk(); } + private SimpleEidasData getInitialEidasData() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); + } + + private MergedRegisterSearchResult getInitialRegisterResult() { + return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, + MergedRegisterSearchResult.class); + } + + private void storeMatchingBpk(String bpk) throws EaafStorageException { + getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); + } + + private AuthProcessDataWrapper getAuthProcessDataWrapper() { + return pendingReq.getSessionData(AuthProcessDataWrapper.class); + } + @NotNull private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response, IDecoder decoder, EaafUriCompare comparator) throws Exception { @@ -303,8 +337,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet return null; } - private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, - AuthProcessDataWrapper authProcessData) + private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor) throws EaafBuilderException { List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES; SimpleMobileSignatureData result = new SimpleMobileSignatureData(); @@ -329,10 +362,10 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet result.setDateOfBirth(extractor.getSingleAttributeValue(attrName)); } if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { - authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName)); + getAuthProcessDataWrapper().setQaaLevel(extractor.getSingleAttributeValue(attrName)); } } - authProcessData.setIssueInstant(extractor.getAssertionIssuingDate()); + getAuthProcessDataWrapper().setIssueInstant(extractor.getAssertionIssuingDate()); return result; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index 12eb7a83..b3c994c9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -41,6 +41,21 @@ import java.util.Enumeration; * Handles user's selection from {@link GenerateOtherLoginMethodGuiTask}. * This corresponds to Steps 10, 14, 16 in the eIDAS Matching Concept. * + * Input: + * <ul> + * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li> + * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li> + * </ul> + * Output: + * <ul> + * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> + * </ul> + * Transitions: + * <ul> + * <li>{@link GenerateMobilePhoneSignatureRequestTask}</li> if selected by user + * <li>{@link GenerateAustrianResidenceGuiTask}</li> if selected by user + * </ul> + * * @author amarsalek * @author ckollmann */ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index f60bb5f9..369af4c4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -44,37 +44,39 @@ <pd:Transition from="initialRegisterSearch" to="generateOtherLoginMethodGuiTask" conditionExpression="ctx['TASK_GenerateOtherLoginMethodGuiTask']"/> + <pd:Transition from="initialRegisterSearch" + to="generateIdentityLink" /> <pd:Transition from="generateOtherLoginMethodGuiTask" to="receiveOtherLoginMethodGuiResponseTask" /> <pd:Transition from="receiveOtherLoginMethodGuiResponseTask" to="generateMobilePhoneSignatureRequestTask" conditionExpression="ctx['TASK_GenerateMobilePhoneSignatureRequestTask']"/> - <pd:Transition from="generateMobilePhoneSignatureRequestTask" - to="receiveMobilePhoneSignatureResponseTask" /> - <pd:Transition from="receiveMobilePhoneSignatureResponseTask" - to="createNewErnpEntryTask" /> - + <pd:Transition from="receiveOtherLoginMethodGuiResponseTask" + to="generateAustrianResidenceGuiTask" + conditionExpression="ctx['TASK_GenerateAustrianResidenceGuiTask']"/> <!-- TRANSITION_TO_GENERATE_EIDAS_LOGIN --> <!-- <pd:Transition from="receiveOtherLoginMethodGuiResponseTask" --> <!-- to="generateAustrianResidenceGuiTask" --> <!-- conditionExpression="ctx['TASK_TODO']"/> --> - <pd:Transition from="receiveOtherLoginMethodGuiResponseTask" + <pd:Transition from="generateMobilePhoneSignatureRequestTask" + to="receiveMobilePhoneSignatureResponseTask" /> + + <pd:Transition from="receiveMobilePhoneSignatureResponseTask" to="generateAustrianResidenceGuiTask" - conditionExpression="ctx['TASK_GenerateAustrianResidenceGuiTask']"/> + conditionExpression="ctx['TASK_GenerateAustrianResidenceGuiTask']" /> + <pd:Transition from="receiveMobilePhoneSignatureResponseTask" + to="generateIdentityLink" /> <pd:Transition from="generateAustrianResidenceGuiTask" to="receiveAustrianResidenceGuiResponseTask" /> <pd:Transition from="receiveAustrianResidenceGuiResponseTask" - to="generateIdentityLink" - conditionExpression="ctx['TASK_TODO']"/> - - <pd:Transition from="receiveAustrianResidenceGuiResponseTask" to="createNewErnpEntryTask" - conditionExpression="ctx['TASK_TODO']"/> - + conditionExpression="ctx['TASK_CreateNewErnpEntryTask']"/> + <pd:Transition from="receiveAustrianResidenceGuiResponseTask" + to="generateIdentityLink"/> <pd:Transition from="createNewErnpEntryTask" to="generateIdentityLink" /> |