aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
authorAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-02-12 11:08:57 +0100
committerAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-02-12 11:08:57 +0100
commitf681c2e66c4913a37505788b270e70b85ed1111e (patch)
tree72256a58b813a363e0814983399d5996553cbaa0 /eidas_modules/authmodule-eIDAS-v2/src/main
parenta22f91cbeb7320bc06d3b50776932de25d9ceecd (diff)
downloadNational_eIDAS_Gateway-f681c2e66c4913a37505788b270e70b85ed1111e.tar.gz
National_eIDAS_Gateway-f681c2e66c4913a37505788b270e70b85ed1111e.tar.bz2
National_eIDAS_Gateway-f681c2e66c4913a37505788b270e70b85ed1111e.zip
compare eiddata with mobile phone signature data
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java66
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java31
2 files changed, 89 insertions, 8 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
new file mode 100644
index 00000000..254b8c70
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2020 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
+import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
+import lombok.Data;
+
+@Data
+public class SimpleMobileSignatureData {
+
+ private String citizenCountryCode;
+
+ private String bpk;
+ private String givenName;
+ private String familyName;
+ private String dateOfBirth;
+
+
+ public boolean equalsSimpleEidasData(SimpleEidasData result) {
+ if (!result.getGivenName().equals(givenName)) {
+ return false;
+ }
+ if (!result.getFamilyName().equals(familyName)) {
+ return false;
+ }
+ if (!result.getDateOfBirth().equals(dateOfBirth)) {
+ return false;
+ }
+ return true;
+ }
+
+ private boolean equals(String a, String b) {
+ if (a == null && b == null) {
+ return true;
+ }
+ if (a == null) {
+ return false;
+ }
+ if (b == null) {
+ return false;
+ }
+ return a.equals(b);
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
index d919d229..101e7c29 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
@@ -27,7 +27,9 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.EidasAuthEventConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
@@ -35,6 +37,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustri
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
@@ -188,12 +191,16 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
}
-
// initialize Attribute extractor
final AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
- String bpkzp = getAuthDataFromInterfederation(extractor, authProcessData);
+ SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
+ if(!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) {
+ //User cheated?
+ throw new InvalidUserInputException();//TODO
+ }
+ String bpkzp = simpleMobileSignatureData.getBpk();
MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp);
if (result.getResultCount() == 0) {
@@ -307,11 +314,12 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
return null;
}
- private String getAuthDataFromInterfederation(AssertionAttributeExtractor extractor,
- AuthProcessDataWrapper authProcessData)
+ private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor,
+ AuthProcessDataWrapper authProcessData)
throws EaafBuilderException {
List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
+ SimpleMobileSignatureData simpleMobileSignatureData = new SimpleMobileSignatureData();
String bpk = null;
try {
// check if all attributes are include
@@ -328,13 +336,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
map.put(attrName, extractor.getSingleAttributeValue(attrName));
if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
- bpk = extractor.getSingleAttributeValue(attrName);
+ simpleMobileSignatureData.setBpk(extractor.getSingleAttributeValue(attrName));
+ }
+ if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
+ simpleMobileSignatureData.setGivenName(extractor.getSingleAttributeValue(attrName));
+ }
+ if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) {
+ simpleMobileSignatureData.setFamilyName(extractor.getSingleAttributeValue(attrName));
+ }
+ if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
+ simpleMobileSignatureData.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
}
if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
}
- //injectAuthInfosIntoSession(session, attrName,
- // extractor.getSingleAttributeValue(attrName));
}
@@ -370,7 +385,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
}
- return bpk;
+ return simpleMobileSignatureData;
}
// private void injectAuthInfosIntoSession(AhAuthProcessDataWrapper session, String attrName, String attrValue)