diff options
author | Thomas <> | 2021-06-15 18:15:19 +0200 |
---|---|---|
committer | Thomas <> | 2021-06-15 18:15:19 +0200 |
commit | 6e1a69773284177a0f6c7233c4bcdf7f4bd96681 (patch) | |
tree | 0729c907f8902618bb980eeaa3c6e17c3eac0bd4 /eidas_modules/authmodule-eIDAS-v2/src/main/java | |
parent | 1c6eba08f2a1c8008b85a71bc2c5d0a9d5e50361 (diff) | |
download | National_eIDAS_Gateway-6e1a69773284177a0f6c7233c4bcdf7f4bd96681.tar.gz National_eIDAS_Gateway-6e1a69773284177a0f6c7233c4bcdf7f4bd96681.tar.bz2 National_eIDAS_Gateway-6e1a69773284177a0f6c7233c4bcdf7f4bd96681.zip |
further optimizations and bug fixing in matching code
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java')
17 files changed, 359 insertions, 238 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 3e20a132..48c114a8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -49,14 +49,14 @@ public class Constants { public static final String DATA_SIMPLE_EIDAS = "matching_simple_eidas_data"; /** - * Stored after Step 2 from Matching Concept, first results from search with Person Identifier. + * Stored intermediate mathing results where matching is still on-going. */ - public static final String DATA_INITIAL_REGISTER_RESULT = "matching_initial_register_result"; + public static final String DATA_INTERMEDIATE_RESULT = "matching_intermediate_result"; /** * Stored after Step 8 from Matching Concept, results from search in registers with MDS. */ - public static final String DATA_FURTHER_REGISTER_RESULT = "matching_further_register_result"; + public static final String DATA_PERSON_MATCH_RESULT = "matching_result"; // templates for post-binding forwarding public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html"; @@ -224,6 +224,10 @@ public class Constants { public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER = eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PERSONALIDENTIFIER; + public static final String eIDAS_ATTRURN_PLACEOFBIRTH = + eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PLACEOFBIRTH; + public static final String eIDAS_ATTRURN_BIRTHNAME = + eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_BIRTHNAME; public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java index 2230f30a..397cbe46 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java @@ -60,11 +60,14 @@ import com.fasterxml.jackson.databind.ObjectMapper; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient.HttpClientConfig.HttpClientConfigBuilder; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; +import at.gv.e_government.reference.namespace.persondata._20020228.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; @@ -122,55 +125,38 @@ public class SzrClient extends AbstractSoapClient { final GetIdentityLinkEidas getIdl = new GetIdentityLinkEidas(); getIdl.setPersonInfo(generateSzrRequest(eidData)); - final JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class); - final Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); + return getIdentityLinkGeneric(getIdl); - final ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - jaxbMarshaller.marshal(getIdl, outputStream); - outputStream.flush(); - - final Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray())); - outputStream.close(); - - log.trace("Requesting SZR ... "); - final Source response = dispatch.invoke(source); - log.trace("Receive RAW response from SZR"); - - final byte[] szrResponse = sourceToByteArray(response); - final GetIdentityLinkEidasResponse jaxbElement = (GetIdentityLinkEidasResponse) jaxbContext - .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse)); - - // build response - log.trace(new String(szrResponse, StandardCharsets.UTF_8)); - - // ok, we have success - final Document doc = DomUtils.parseDocument( - new ByteArrayInputStream(szrResponse), - true, - XmlNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS, - null, null); - final String xpathExpression = "//saml:Assertion"; - final Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode"); + } catch (final Exception e) { + log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); - log.trace("Selecting signed doc " + xpathExpression); - final Element documentNode = (Element) XPathAPI.selectSingleNode(doc, - xpathExpression, nsNode); - log.trace("Signed document: " + DomUtils.serializeNode(documentNode)); + } + } - final IdentityLinkType idl = new IdentityLinkType(); - idl.setAssertion(documentNode); - idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo()); + /** + * Get IdentityLink of a person. + * + * + * @param matchedPersonData eID information of an already matched person. + * @return IdentityLink + * @throws SzrCommunicationException In case of a SZR error + */ + public IdentityLinkType getIdentityLinkInRawMode(MatchedPersonResult matchedPersonData) + throws SzrCommunicationException { + try { + final GetIdentityLinkEidas getIdl = new GetIdentityLinkEidas(); + getIdl.setPersonInfo(generateSzrRequest(matchedPersonData)); - return idl; + return getIdentityLinkGeneric(getIdl); } catch (final Exception e) { log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } - } - + /** * Get bPK of person. * @@ -247,7 +233,33 @@ public class SzrClient extends AbstractSoapClient { return resp; } + + /** + * Request a encrypted baseId from SZR. + * + * @param matchedPersonData eID information of an already matched person. + * @return encrypted baseId + * @throws SzrCommunicationException In case of a SZR error + */ + public String getEncryptedStammzahl(MatchedPersonResult matchedPersonData) throws SzrCommunicationException { + final String resp; + try { + resp = this.szr.getStammzahlEncrypted(generateSzrRequest(matchedPersonData), false); + + } catch (SZRException_Exception e) { + throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); + + } + + if (StringUtils.isEmpty(resp)) { + throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling + + } + return resp; + + } + /** * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status. * @@ -300,8 +312,29 @@ public class SzrClient extends AbstractSoapClient { } } + private PersonInfoType generateSzrRequest(MatchedPersonResult matchedPersonData) { + log.trace("Starting connecting SZR Gateway"); + final PersonInfoType personInfo = new PersonInfoType(); + final PersonNameType personName = new PersonNameType(); + final PhysicalPersonType naturalPerson = new PhysicalPersonType(); + IdentificationType bpk = new IdentificationType(); + + naturalPerson.setName(personName); + personInfo.setPerson(naturalPerson); + naturalPerson.setIdentification(bpk); + + // person information + personName.setFamilyName(matchedPersonData.getFamilyName()); + personName.setGivenName(matchedPersonData.getGivenName()); + naturalPerson.setDateOfBirth(matchedPersonData.getDateOfBirth()); + bpk.setValue(matchedPersonData.getBpk()); + bpk.setType(EaafConstants.URN_PREFIX_CDID + "ZP"); + + return personInfo; + } + private PersonInfoType generateSzrRequest(SimpleEidasData eidData) { - log.debug("Starting connecting SZR Gateway"); + log.trace("Starting connecting SZR Gateway"); final PersonInfoType personInfo = new PersonInfoType(); final PersonNameType personName = new PersonNameType(); final PhysicalPersonType naturalPerson = new PhysicalPersonType(); @@ -315,6 +348,8 @@ public class SzrClient extends AbstractSoapClient { personName.setFamilyName(eidData.getFamilyName()); personName.setGivenName(eidData.getGivenName()); naturalPerson.setDateOfBirth(eidData.getDateOfBirth()); + + //TODO: need to be updated to new eIDAS document interface!!!! eDocument.setIssuingCountry(eidData.getCitizenCountryCode()); eDocument.setDocumentNumber(eidData.getPseudonym()); @@ -351,6 +386,50 @@ public class SzrClient extends AbstractSoapClient { return personInfo; } + private IdentityLinkType getIdentityLinkGeneric(GetIdentityLinkEidas getIdl) throws Exception { + final JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class); + final Marshaller jaxbMarshaller = jaxbContext.createMarshaller(); + + final ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + jaxbMarshaller.marshal(getIdl, outputStream); + outputStream.flush(); + + final Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray())); + outputStream.close(); + + log.trace("Requesting SZR ... "); + final Source response = dispatch.invoke(source); + log.trace("Receive RAW response from SZR"); + + final byte[] szrResponse = sourceToByteArray(response); + final GetIdentityLinkEidasResponse jaxbElement = (GetIdentityLinkEidasResponse) jaxbContext + .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse)); + + // build response + log.trace(new String(szrResponse, StandardCharsets.UTF_8)); + + // ok, we have success + final Document doc = DomUtils.parseDocument( + new ByteArrayInputStream(szrResponse), + true, + XmlNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS, + null, null); + final String xpathExpression = "//saml:Assertion"; + final Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode"); + + log.trace("Selecting signed doc " + xpathExpression); + final Element documentNode = (Element) XPathAPI.selectSingleNode(doc, + xpathExpression, nsNode); + log.trace("Signed document: " + DomUtils.serializeNode(documentNode)); + + final IdentityLinkType idl = new IdentityLinkType(); + idl.setAssertion(documentNode); + idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo()); + + return idl; + + } + @PostConstruct private void initialize() throws EaafConfigurationException { log.info("Starting SZR-Client initialization .... "); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java index 18bcbacc..e98573d4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java @@ -41,12 +41,13 @@ public interface IZmrClient { * * @param zmrProzessId ProcessId from ZMR or <code>null</code> if no processId exists * @param personIdentifier Full eIDAS personal identifier with prefix + * @param citizenCountryCode CountryCode of the eIDAS proxy-service * @return Search result but never <code>null</code> * @throws EidasSAuthenticationException In case of a communication error */ @Nonnull - ZmrRegisterResult searchWithPersonIdentifier(@Nullable BigInteger zmrProzessId, @Nonnull String personIdentifier) - throws EidasSAuthenticationException; + ZmrRegisterResult searchWithPersonIdentifier(@Nullable BigInteger zmrProzessId, @Nonnull String personIdentifier, + @Nonnull String citizenCountryCode) throws EidasSAuthenticationException; /** * Search person based on eIDSA MDS information. diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java index 014d202b..60e88dca 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java @@ -24,7 +24,6 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder; import at.gv.bmi.namespace.zmr_su.base._20040201.ClientInfoType; import at.gv.bmi.namespace.zmr_su.base._20040201.Organisation; @@ -100,8 +99,8 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { } @Override - public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier) - throws EidasSAuthenticationException { + public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personPseudonym, + String citizenCountryCode) throws EidasSAuthenticationException { try { // build search request @@ -113,7 +112,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { final EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); searchPersonReq.setEidasSuchdaten(eidasInfos); eidasInfos.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER); - eidasInfos.setEidasNummer(personIdentifier); + eidasInfos.setEidasNummer(personPseudonym); // set work-flow client information req.setWorkflowInfoClient(generateWorkFlowInfos(PROCESS_SEARCH_PERSONAL_IDENTIFIER, null)); @@ -127,9 +126,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { final ResponseType resp = zmrClient.service(req, null); // parse ZMR response - return processZmrResponse(resp, EidasResponseUtils.parseEidasPersonalIdentifier(personIdentifier) - .getFirst(), - true, PROCESS_SEARCH_PERSONAL_IDENTIFIER); + return processZmrResponse(resp, citizenCountryCode, true, PROCESS_SEARCH_PERSONAL_IDENTIFIER); } catch (final ServiceFault e) { final String errorMsg = extractReasonFromError(e); @@ -496,9 +493,9 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { .dateOfBirth(person.getNatuerlichePerson().getGeburtsdatum()) .bpk(extractBpkZp(person.getNatuerlichePerson())) .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode, - Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER)) + Constants.eIDAS_ATTRURN_PLACEOFBIRTH)) .birthName(selectSingleEidasDocument(person, citizenCountryCode, - Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER)) + Constants.eIDAS_ATTRURN_BIRTHNAME)) .build(); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MatchedPersonResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MatchedPersonResult.java new file mode 100644 index 00000000..1e8fcecf --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MatchedPersonResult.java @@ -0,0 +1,41 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +import lombok.Builder; +import lombok.Getter; + +/** + * Information about a natural person that is already matched. + * + * @author tlenz + * + */ +@Getter +@Builder +public class MatchedPersonResult { + + /** + * Matched person result from matching result. + * + * @param matchingResult Result of the matching process + * @param citizenCountryCode Country-Code of the eIDAS Proxy-Service + */ + public static MatchedPersonResult generateFormMatchingResult(RegisterResult matchingResult, + String citizenCountryCode) { + return MatchedPersonResult.builder() + .familyName(matchingResult.getFamilyName()) + .givenName(matchingResult.getGivenName()) + .dateOfBirth(matchingResult.getDateOfBirth()) + .bpk(matchingResult.getBpk()) + .countryCode(citizenCountryCode) + .build(); + } + + private final String countryCode; + private final String givenName; + private final String familyName; + private final String dateOfBirth; + private final String bpk; + + private String vsz; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java index 4959d72f..aa82d806 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java @@ -32,7 +32,7 @@ import lombok.Getter; @Builder @Getter public class RegisterResult { - + // MDS private final List<String> pseudonym; private final String givenName; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java index ab84a45f..cedf01e3 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java @@ -26,7 +26,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; import org.apache.commons.lang3.builder.EqualsBuilder; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult; import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import lombok.Builder; import lombok.Data; @@ -67,20 +66,20 @@ public class SimpleEidasData { * @return true or false depending of the data matches * @throws WorkflowException if multiple results have been found */ - public boolean equalsRegisterData(RegisterSearchResult result) throws WorkflowException { + public boolean equalsRegisterData(RegisterResult result) throws WorkflowException { /*TODO: maybe this is check is not valid, because only the minimum data-set (personalIdentifer, givenName, * familyName, dateOfBirth) has to be always available. Any other attributes are optional. * This check will always evaluate to false if register has more information as current eIDAS process!!! */ return new EqualsBuilder() - .append(result.getResult().getGivenName(), givenName) - .append(result.getResult().getFamilyName(), familyName) - .append(result.getResult().getDateOfBirth(), dateOfBirth) - .append(result.getResult().getPlaceOfBirth(), placeOfBirth) - .append(result.getResult().getBirthName(), birthName) - .append(result.getResult().getTaxNumber(), taxNumber) - .isEquals() && result.getResult().getPseudonym().stream() + .append(result.getGivenName(), givenName) + .append(result.getFamilyName(), familyName) + .append(result.getDateOfBirth(), dateOfBirth) + .append(result.getPlaceOfBirth(), placeOfBirth) + .append(result.getBirthName(), birthName) + .append(result.getTaxNumber(), taxNumber) + .isEquals() && result.getPseudonym().stream() .filter(el -> el.equals(pseudonym)) .findFirst() .isPresent(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java index 802fde14..471cb115 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java @@ -29,6 +29,8 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType; import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; +import at.gv.e_government.reference.namespace.persondata.de._20040201.NatuerlichePersonTyp; +import at.gv.e_government.reference.namespace.persondata.de._20040201.PersonenNameTyp; public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSearchProcessor { @@ -46,15 +48,23 @@ public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSea } @Override - public PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData) { - + public PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData) { PersonSuchenRequest req = new PersonSuchenRequest(); - EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); - req.setEidasSuchdaten(eidasInfos); + + //set basic MDS information + final NatuerlichePersonTyp searchNatPerson = new NatuerlichePersonTyp(); + req.setNatuerlichePerson(searchNatPerson); + final PersonenNameTyp searchNatPersonName = new PersonenNameTyp(); + searchNatPerson.setPersonenName(searchNatPersonName); + searchNatPersonName.setFamilienname(eidData.getFamilyName()); + searchNatPersonName.setVorname(eidData.getGivenName()); + searchNatPerson.setGeburtsdatum(eidData.getDateOfBirth()); //TODO: how we can search for more than one eIDAS attribute as a Set - + EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); + req.setEidasSuchdaten(eidasInfos); + return req; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java index 166ffafb..bcee0f0f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -21,7 +21,6 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificD import lombok.AllArgsConstructor; import lombok.Getter; import lombok.RequiredArgsConstructor; -import lombok.Setter; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -60,7 +59,7 @@ public class RegisterSearchService { throws WorkflowException { try { final ZmrRegisterResult resultsZmr = zmrClient.searchWithPersonIdentifier( - null, eidasData.getPersonalIdentifier()); + null, eidasData.getPseudonym(), eidasData.getCitizenCountryCode()); final List<RegisterResult> resultsErnp = ernpClient.searchWithPersonIdentifier( eidasData.getPersonalIdentifier()); @@ -235,14 +234,7 @@ public class RegisterSearchService { */ @Getter @RequiredArgsConstructor - public static class RegisterSearchResult { - - /** - * Mark the register result finished. - */ - @Setter - private boolean matchingFinished = false; - + public static class RegisterSearchResult { /** * Operation status for this result. */ @@ -272,12 +264,11 @@ public class RegisterSearchService { * Verifies that there is only one match and returns the bpk. * * @return bpk bpk of the match - * @throws WorkflowException if multiple results have been found or matching is not marked as finished + * @throws WorkflowException if multiple results have been found */ public String getBpk() throws WorkflowException { - if (getResultCount() != 1 || !matchingFinished) { - throw new WorkflowException("readRegisterResults", - matchingFinished ? "getResultCount() != 1" : "matching prozess not finished yet"); + if (getResultCount() != 1) { + throw new WorkflowException("readRegisterResults", "getResultCount() != 1"); } return getResult().getBpk(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 41bf4409..35717ae0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -25,18 +25,13 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; import java.io.IOException; import java.io.InputStream; -import java.util.HashMap; import java.util.List; -import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; -import org.apache.commons.lang3.StringUtils; -import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; -import org.joda.time.DateTime; import org.jose4j.lang.JoseException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -45,19 +40,17 @@ import org.w3c.dom.Node; import org.xml.sax.SAXException; import com.fasterxml.jackson.core.JsonProcessingException; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; @@ -66,17 +59,13 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.AttributeValue; -import eu.eidas.auth.commons.light.ILightResponse; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.Data; import lombok.extern.slf4j.Slf4j; import szrservices.IdentityLinkType; @@ -112,8 +101,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { @Autowired private SzrClient szrClient; @Autowired - private ICcSpecificEidProcessingService eidPostProcessor; - @Autowired private AuthBlockSigningService authBlockSigner; private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; @@ -129,63 +116,68 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try { + try { - /*TODO: needs refactoring because we has to be operate on national identifiers - * because matching and insert ERnP was already done!! + /*TODO: needs more re-factoring if we finalize CreateNewErnpEntryTask and we know how add entries into ERnP + * Maybe, we can fully replace eidData by matchedPersonData, + * because matchedPersonData holds the result after a successful matching process. + * + * Currently, we only add a work-around to operate without new ERnP implementation. */ - final ILightResponse eidasResponse = getAuthProcessDataWrapper() - .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - final Map<String, Object> eidasAttributes = convertEidasAttrToSimpleMap( - eidasResponse.getAttributes().getAttributeMap()); - final SimpleEidasData eidData = eidPostProcessor.postProcess(eidasAttributes); - //final SimpleEidasData eidData = - // getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); - final String personalIdentifier = (String) eidasAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final SimpleEidasData eidData = MatchingTaskUtils.getInitialEidasData(pendingReq); + MatchedPersonResult matchedPersonData = MatchingTaskUtils.getFinalMatchingResult(pendingReq); + writeMdsLogInformation(eidData); if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { buildDummyIdentityLink(eidData); + } else { //request SZR based on IDL or E-ID mode if (pendingReq.getServiceProviderConfiguration() .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) { - executeEidMode(eidData, personalIdentifier); + executeEidMode(eidData, matchedPersonData); + } else { - executeIdlMode(eidData, personalIdentifier); - } + executeIdlMode(eidData, matchedPersonData); + + } } + storeGenericInfoToSession(eidData); requestStoreage.storePendingRequest(pendingReq); + } catch (final EidasAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); + } catch (final EaafException e) { throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + } catch (final Exception e) { log.error("IdentityLink generation for foreign person FAILED.", e); throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + } } private void storeGenericInfoToSession(SimpleEidasData eidData) throws EaafStorageException { - AuthProcessDataWrapper authProcessData = getAuthProcessDataWrapper(); + AuthProcessDataWrapper authProcessData = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq); authProcessData.setForeigner(true); authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode()); } - private void executeIdlMode(SimpleEidasData eidData, String personalIdentifier) throws EaafException { + private void executeIdlMode(SimpleEidasData eidData, MatchedPersonResult matchedPersonData) throws EaafException { //request SZR - SzrResultHolder idlResult = requestSzrForIdentityLink(eidData); + SzrResultHolder idlResult = requestSzrForIdentityLink(eidData, matchedPersonData); //write revision-Log entry for personal-identifier mapping - writeExtendedRevisionLogEntry(eidData, personalIdentifier); - + writeExtendedRevisionLogEntry(eidData, eidData.getPersonalIdentifier()); //check result-data and write revision-log based on current state checkStateAndWriteRevisionLog(idlResult); //inject personal-data into session - AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper(); + AuthProcessDataWrapper authProcessDataWrapper = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq); authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink()); authProcessDataWrapper.setEidProcess(false); @@ -197,20 +189,29 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { .getAreaSpecificTargetIdentifier()); } - private void executeEidMode(SimpleEidasData eidData, String personalIdentifier) + private void executeEidMode(SimpleEidasData eidData, MatchedPersonResult matchedPersonData) throws JsonProcessingException, EaafException, JoseException { // get encrypted baseId - String vsz = szrClient.getEncryptedStammzahl(eidData); - + String vsz; + if (matchedPersonData != null) { + log.debug("Requesting encrypted baseId by already matched person information ... "); + vsz = szrClient.getEncryptedStammzahl(matchedPersonData); + + } else { + log.debug("Requesting encrypted baseId by using eIDAS information directly ... "); + vsz = szrClient.createNewErnpEntry(eidData); + + } + //write revision-Log entry and extended infos personal-identifier mapping revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED); - writeExtendedRevisionLogEntry(eidData, personalIdentifier); + writeExtendedRevisionLogEntry(eidData, eidData.getPersonalIdentifier()); // get eIDAS bind String signedEidasBind = szrClient .getEidasBind(vsz, authBlockSigner.getBase64EncodedPublicKey(), EID_STATUS, eidData); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); - AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper(); + AuthProcessDataWrapper authProcessDataWrapper = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq); authProcessDataWrapper.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); //get signed AuthBlock @@ -220,11 +221,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //inject personal-data into session authProcessDataWrapper.setEidProcess(true); + } private void buildDummyIdentityLink(SimpleEidasData eidData) throws ParserConfigurationException, SAXException, IOException, EaafException { - AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper(); + AuthProcessDataWrapper authProcessDataWrapper = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq); SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData); //inject personal-data into session authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink()); @@ -247,10 +249,22 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData) throws EaafException { + private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData, + MatchedPersonResult matchedPersonData) throws EaafException { //request IdentityLink from SZR - final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(eidData); + IdentityLinkType result; + if (matchedPersonData != null) { + log.debug("Requesting encrypted baseId by already matched person information ... "); + result = szrClient.getIdentityLinkInRawMode(matchedPersonData); + + } else { + log.debug("Requesting encrypted baseId by using eIDAS information directly ... "); + result = szrClient.getIdentityLinkInRawMode(eidData); + + } + + final Element idlFromSzr = (Element) result.getAssertion(); final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); @@ -322,68 +336,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - private Map<String, Object> convertEidasAttrToSimpleMap( - ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { - final Map<String, Object> result = new HashMap<>(); - for (final AttributeDefinition<?> el : attributeMap.keySet()) { - final Class<?> parameterizedType = el.getParameterizedType(); - if (DateTime.class.equals(parameterizedType)) { - convertDateTime(attributeMap, result, el); - } else if (PostalAddress.class.equals(parameterizedType)) { - convertPostalAddress(attributeMap, result, el); - } else { - convertString(attributeMap, result, el); - } - } - - log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); - return result; - } - - private void convertString(ImmutableMap<AttributeDefinition<?>, - ImmutableSet<? extends AttributeValue<?>>> attributeMap, - Map<String, Object> result, AttributeDefinition<?> el) { - final List<String> natPersonIdObj = EidasResponseUtils - .translateStringListAttribute(el, attributeMap.get(el)); - final String stringAttr = natPersonIdObj.get(0); - if (StringUtils.isNotEmpty(stringAttr)) { - result.put(el.getFriendlyName(), stringAttr); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); - } else { - log.info("Ignore empty 'String' attribute"); - } - } - - private void convertPostalAddress(ImmutableMap<AttributeDefinition<?>, - ImmutableSet<? extends AttributeValue<?>>> attributeMap, - Map<String, Object> result, AttributeDefinition<?> el) { - final PostalAddress addressAttribute = EidasResponseUtils - .translateAddressAttribute(el, attributeMap.get(el).asList()); - if (addressAttribute != null) { - result.put(el.getFriendlyName(), addressAttribute); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString()); - } else { - log.info("Ignore empty 'PostalAddress' attribute"); - } - } - - private void convertDateTime(ImmutableMap<AttributeDefinition<?>, - ImmutableSet<? extends AttributeValue<?>>> attributeMap, - Map<String, Object> result, AttributeDefinition<?> el) { - final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); - if (attribute != null) { - result.put(el.getFriendlyName(), attribute); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString()); - } else { - log.info("Ignore empty 'DateTime' attribute"); - } - } - - @NotNull - private AuthProcessDataWrapper getAuthProcessDataWrapper() { - return pendingReq.getSessionData(AuthProcessDataWrapper.class); - } - + /** * write MDS into technical log and revision log. */ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java index 69b127d8..6fc6d499 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java @@ -29,9 +29,6 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -56,27 +53,37 @@ import lombok.extern.slf4j.Slf4j; @Component("CreateNewErnbEntryTask") public class CreateNewErnpEntryTask extends AbstractAuthServletTask { - private final SzrClient szrClient; + //private final SzrClient szrClient; - /** - * Constructor. - * @param szrClient SZR client for creating a new ERnP entry - */ - public CreateNewErnpEntryTask(SzrClient szrClient) { - this.szrClient = szrClient; - } + ///** + // * Constructor. + // * @param szrClient SZR client for creating a new ERnP entry + // */ + //public CreateNewErnpEntryTask(SzrClient szrClient) { + // this.szrClient = szrClient; + //} @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - SimpleEidasData simpleEidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); + //SimpleEidasData simpleEidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); - // TODO When to do eidPostProcessor.postProcess on the eidas attributes? - String vsz = szrClient.createNewErnpEntry(simpleEidasData); + // insert person into ERnP + //TODO: should we insert it directly into ERnP? + //TODO: has to updated to new eIDAS document model in ERnP + //String vsz = szrClient.createNewErnpEntry(simpleEidasData); + + // finish matching process, because new user-entry uniquly matches + //log.info("User successfully registerred into ERnP and matching tasks are finished "); + //MatchingTaskUtils.storeFinalMatchingResult(pendingReq, + // MatchedPersonResult.builder() + // .vsz(vsz) + // .build()); + + log.warn("Skipping new insert ERnP task, because it's currently unknown who we should it"); + - // TODO what to do with the VSZ now - log.info("VSZ: {}", vsz); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index 1563d6df..01497f8d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -42,6 +42,8 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; @@ -71,9 +73,9 @@ import lombok.extern.slf4j.Slf4j; * Output: * <ul> * <li>{@link Constants#DATA_SIMPLE_EIDAS} converted from Full eIDAS Response</li> - * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from first search in registers with + * <li>{@link Constants#DATA_INTERMEDIATE_RESULT} results from first search in registers with * PersonIdentifier</li> - * <li>{@link Constants#DATA_FURTHER_REGISTER_RESULT} results after second search in registers with MDS</li> + * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} results after second search in registers with MDS</li> * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> * </ul> * Transitions: @@ -135,8 +137,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { step6CountrySpecificSearch(executionContext, initialSearchResult.getOperationStatus(), eidasData); } else if (resultCount == 1) { - // find person by PersonalIdentifier --> finalize first matching task - initialSearchResult.setMatchingFinished(true); + // find person by PersonalIdentifier --> finalize first matching task foundMatchFinializeTask(initialSearchResult, eidasData); } else { @@ -169,8 +170,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { log.trace("'step6CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... "); registerSearchService.step7aKittProcess(countrySpecificResult, eidasData); - // find person by country-specific information --> finalize first matching task - countrySpecificResult.setMatchingFinished(true); + // find person by country-specific information --> finalize first matching task foundMatchFinializeTask(countrySpecificResult, eidasData); } else { @@ -194,7 +194,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { log.debug("Matching step: 'step8RegisterSearchWithMds' has #{} results. " + "Forward to GUI based matching steps ... ", registerData.getResultCount()); - MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerData); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerData); executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); } @@ -205,22 +205,26 @@ public class InitialSearchTask extends AbstractAuthServletTask { private void foundMatchFinializeTask(RegisterSearchResult searchResult, SimpleEidasData eidasData) throws WorkflowException, EaafStorageException { // check if register update is required - step3CheckRegisterUpdateNecessary(searchResult, eidasData); - + RegisterResult updatedResult = step3CheckRegisterUpdateNecessary(searchResult.getResult(), eidasData); + // store search result - MatchingTaskUtils.storeInitialRegisterResult(pendingReq, searchResult); + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, + MatchedPersonResult.generateFormMatchingResult(updatedResult, eidasData.getCitizenCountryCode())); } - private void step3CheckRegisterUpdateNecessary(RegisterSearchResult initialSearchResult, + private RegisterResult step3CheckRegisterUpdateNecessary(RegisterResult searchResult, SimpleEidasData eidasData) throws WorkflowException { log.trace("Starting step3CheckRegisterUpdateNecessary"); - if (!eidasData.equalsRegisterData(initialSearchResult)) { - // TODO Update "initialSearchResult" in register with "eidasData" from login not possible for now + if (!eidasData.equalsRegisterData(searchResult)) { log.info("Skipping update-register-information step, because it's not supported yet"); + + //TODO: return updated search result if updates are allowed + return searchResult; } else { - log.debug("Register information match to eIDAS information. No update requird"); + log.debug("Register information match to eIDAS information. No update requird"); + return searchResult; } @@ -233,6 +237,7 @@ public class InitialSearchTask extends AbstractAuthServletTask { .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); Map<String, Object> simpleMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap()); return eidPostProcessor.postProcess(simpleMap); + } private Map<String, Object> convertEidasAttrToSimpleMap( diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java index b18104fa..b71d86c8 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java @@ -33,6 +33,7 @@ import org.jetbrains.annotations.NotNull; import org.springframework.stereotype.Component; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; @@ -56,7 +57,7 @@ import lombok.extern.slf4j.Slf4j; * Input: * <ul> * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li> - * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li> + * <li>{@link Constants#DATA_INTERMEDIATE_RESULT} results from search in registers with personIdentifier</li> * </ul> * Output: * <ul> @@ -125,7 +126,7 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet try { SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); - RegisterSearchResult initialSearchResult = MatchingTaskUtils.getInitialRegisterResult(pendingReq); + RegisterSearchResult initialSearchResult = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq); RegisterSearchResult residencyResult = registerSearchService.searchWithResidence(initialSearchResult.getOperationStatus(), @@ -160,13 +161,14 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet /*TODO: check 'equalsRegisterData' because this method maybe this method evaluate to an invalid result. * See TODO in methods body */ - if (eidasData.equalsRegisterData(residencyResult)) { + if (eidasData.equalsRegisterData(residencyResult.getResult())) { // update register information registerSearchService.step7aKittProcess(residencyResult, eidasData); // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS - residencyResult.setMatchingFinished(true); - MatchingTaskUtils.storeInitialRegisterResult(pendingReq, residencyResult); + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, + MatchedPersonResult.generateFormMatchingResult( + residencyResult.getResult(), eidasData.getCitizenCountryCode())); } else { moveToNextTask(executionContext); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index fd469f49..e0b05892 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -45,6 +45,7 @@ import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; import org.springframework.stereotype.Component; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData; @@ -86,7 +87,7 @@ import lombok.extern.slf4j.Slf4j; * Input: * <ul> * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li> - * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li> + * <li>{@link Constants#DATA_INTERMEDIATE_RESULT} results from search in registers with personIdentifier</li> * </ul> * Output: * <ul> @@ -160,7 +161,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet // load already existing information from session SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); - RegisterSearchResult initialSearchResult = MatchingTaskUtils.getInitialRegisterResult(pendingReq); + RegisterSearchResult initialSearchResult = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq); // extract user information from ID Austria authentication AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); @@ -188,9 +189,10 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet // perform kit operation registerSearchService.step7aKittProcess(registerResult, eidasData); - // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS - registerResult.setMatchingFinished(true); - MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerResult); + // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, + MatchedPersonResult.generateFormMatchingResult(registerResult.getResult(), + eidasData.getCitizenCountryCode())); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index 59a6886a..0eb56d0b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -45,7 +45,7 @@ import lombok.extern.slf4j.Slf4j; * Input: * <ul> * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li> - * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li> + * <li>{@link Constants#DATA_INTERMEDIATE_RESULT} results from search in registers with personIdentifier</li> * </ul> * Output: * <ul> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java index 5625a30d..ae4dfb30 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java @@ -5,6 +5,7 @@ import javax.annotation.Nullable; import org.springframework.lang.NonNull; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult; import at.gv.egiz.eaaf.core.api.IRequest; @@ -41,34 +42,62 @@ public class MatchingTaskUtils { } /** - * Get Matching result from session. + * Get intermediate matching result from session. * * @param pendingReq Current pendingRequest - * @return Matching result or <code>null</code> if not exist + * @return Intermediate matching result or <code>null</code> if not exist */ @Nullable - public static RegisterSearchResult getInitialRegisterResult(IRequest pendingReq) { - return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT, + public static RegisterSearchResult getIntermediateMatchingResult(IRequest pendingReq) { + return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession(Constants.DATA_INTERMEDIATE_RESULT, RegisterSearchResult.class); } /** - * Store matching result into session. + * Store intermediate matching result into session. * * @param pendingReq Current pendingRequest - * @param registerData Matching result information + * @param registerData Intermediate matching result information * @throws EaafStorageException In case of data can not be add into session */ @Nullable - public static void storeInitialRegisterResult(IRequest pendingReq, RegisterSearchResult registerData) + public static void storeIntermediateMatchingResult(IRequest pendingReq, RegisterSearchResult registerData) throws EaafStorageException { getAuthProcessDataWrapper(pendingReq).setGenericDataToSession( - Constants.DATA_INITIAL_REGISTER_RESULT, registerData); + Constants.DATA_INTERMEDIATE_RESULT, registerData); } /** + * Get intermediate matching result from session. + * + * @param pendingReq Current pendingRequest + * @return Intermediate matching result or <code>null</code> if not exist + */ + @Nullable + public static MatchedPersonResult getFinalMatchingResult(IRequest pendingReq) { + return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession(Constants.DATA_PERSON_MATCH_RESULT, + MatchedPersonResult.class); + + } + + /** + * Store intermediate matching result into session. + * + * @param pendingReq Current pendingRequest + * @param personInfos Person information after a successful match + * @throws EaafStorageException In case of data can not be add into session + */ + @Nullable + public static void storeFinalMatchingResult(IRequest pendingReq, MatchedPersonResult personInfos) + throws EaafStorageException { + getAuthProcessDataWrapper(pendingReq).setGenericDataToSession( + Constants.DATA_PERSON_MATCH_RESULT, personInfos); + + } + + /** * Get holder for authentication information for the current process. * * @param pendingReq Current pendingRequest diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java index 30a801a4..b39281c2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java @@ -39,7 +39,8 @@ import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; public class DummyZmrClient implements IZmrClient { @Override - public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier) { + public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier, + String citizenCountryCode) { return new ZmrRegisterResult(Collections.emptyList(), null); } |