diff options
author | Thomas <> | 2022-02-07 15:19:56 +0100 |
---|---|---|
committer | Thomas <> | 2022-02-08 09:37:25 +0100 |
commit | 5b0a9142a0e00fa528f86f8fe432c0e44ed4ae8e (patch) | |
tree | d297360ad4fd1ec54e699779e0afcd0a7df8b836 /eidas_modules/authmodule-eIDAS-v2/src/main | |
parent | b430405209fb61d7de7dec19fe9b2da780a575ac (diff) | |
download | National_eIDAS_Gateway-5b0a9142a0e00fa528f86f8fe432c0e44ed4ae8e.tar.gz National_eIDAS_Gateway-5b0a9142a0e00fa528f86f8fe432c0e44ed4ae8e.tar.bz2 National_eIDAS_Gateway-5b0a9142a0e00fa528f86f8fe432c0e44ed4ae8e.zip |
refactor(matching): change 'kitt' and 'update' steps in 'InitialSearchTask'
- Update MDS in case of changes eIDAS data and already existing ERnP entry
- Add additional attributes in case of new eIDAS attributes outside of MDS
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
3 files changed, 59 insertions, 27 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java index 5ad92507..e76768b6 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java @@ -23,10 +23,11 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; +import org.apache.commons.lang3.builder.EqualsBuilder; + import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; import lombok.Builder; import lombok.Data; -import org.apache.commons.lang3.builder.EqualsBuilder; @Data @Builder @@ -68,8 +69,11 @@ public class SimpleEidasData { .append(result.getGivenName(), givenName) .append(result.getFamilyName(), familyName) .append(result.getDateOfBirth(), dateOfBirth) - .isEquals() - && result.getPseudonym().stream().anyMatch(el -> el.equals(pseudonym)); + .appendSuper(result.getPseudonym().stream().anyMatch(el -> el.equals(pseudonym))) + .appendSuper(checkOptionalAttributes(result.getPlaceOfBirth(), placeOfBirth)) + .appendSuper(checkOptionalAttributes(result.getBirthName(), birthName)) + .isEquals(); + } /** @@ -84,5 +88,17 @@ public class SimpleEidasData { .isEquals(); } + /** + * Check if eIDAS attribute is available. + * + * @param registerData Attribute value from register + * @param eidasData Attribute value from eIDAS + * @return <code>true</code> if eidasData is <code>null</code> or eidasData does not match to register value, + * otherwise <code>false</code> + */ + private static boolean checkOptionalAttributes(String registerData, String eidasData) { + return eidasData == null || eidasData.equals(registerData); + + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java index 488b571b..85ea942c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -7,6 +7,7 @@ import java.util.List; import javax.annotation.Nonnull; import org.jetbrains.annotations.Nullable; +import org.springframework.lang.NonNull; import org.springframework.stereotype.Service; import com.google.common.collect.Streams; @@ -186,34 +187,49 @@ public class RegisterSearchService { * @param initialEidasData Received eidas data from initial authn * @return */ + @NonNull public RegisterStatusResults step7aKittProcess(RegisterStatusResults registerResult, SimpleEidasData initialEidasData) throws WorkflowException { log.trace("Starting step7aKittProcess"); - // TODO verify with which data this method gets called + + // check if only one single result was found if (registerResult.getResultCount() != 1) { throw new WorkflowException("step7aKittProcess", "getResultCount() != 1"); + } + + // perform updated operation in respect to register results try { if (registerResult.getResultsZmr().size() == 1) { RegisterResult entryZmr = registerResult.getResultsZmr().get(0); ZmrRegisterResult updateZmr = zmrClient .update(registerResult.getOperationStatus().getZmrProcessId(), entryZmr, initialEidasData); return RegisterStatusResults.fromZmr(updateZmr); + } else { RegisterResult entryErnp = registerResult.getResultsErnp().get(0); ErnpRegisterResult updateErnp = ernpClient.update(entryErnp, initialEidasData); return RegisterStatusResults.fromErnp(registerResult.operationStatus, updateErnp); + } } catch (final EidasSAuthenticationException e) { throw new WorkflowException("kittMatchedIdentitiess", e.getMessage(), !(e instanceof ZmrCommunicationException), e); + } } - //TODO: check this method, because it's different to 'step7aKittProcess'??? /** * Automatic process to fix the register entries. * Called when the alternative eIDAS authn leads to a match in a register. + * + * <p>This method perform two additional operations: + * <ul> + * <li>Use bPK to check if <i>altSearchResult</i> is part of <i>initialSearchResult</i>.</li> + * <li>Update register entry twice, be using information from alternative authentication <i>altEidasData</i> + * and from initial authentication <i>initialEidasData</i>.</li> + * </ul> + * </p> * * @param initialSearchResult Register results from initial authentication * @param initialEidasData Received eIDAS data from initial authentication @@ -273,7 +289,7 @@ public class RegisterSearchService { // update ZMR entry by using eIDAS information from alternative authentication ErnpRegisterResult updateAlt = ernpClient.update(entryErnp, altEidasData); - return RegisterStatusResults.fromErnp(altSearchResult.operationStatus, updateAlt); + return RegisterStatusResults.fromErnp(altSearchResult.getOperationStatus(), updateAlt); } } catch (final EidasSAuthenticationException e) { throw new WorkflowException("kittMatchedIdentitiess", e.getMessage(), diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index c720cb7f..9564a8fc 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -122,8 +122,9 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (resultCount == 0) { step6CountrySpecificSearch(executionContext, searchResult.getOperationStatus(), eidasData); - } else if (resultCount == 1) { - foundMatchFinalizeTask(searchResult, eidasData); + } else if (resultCount == 1) { + RegisterResult updatedResult = step3CheckRegisterUpdateNecessary(searchResult, eidasData); + foundMatchFinalizeTask(updatedResult, eidasData); } else { throw new WorkflowException("step2RegisterSearchWithPersonIdentifier", @@ -146,10 +147,12 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (searchResult.getResultCount() == 0) { log.trace("'step6CountrySpecificSearch' ends with no result. Forward to next matching step ... "); step8RegisterSearchWithMds(executionContext, searchResult.getOperationStatus(), eidasData); + } else if (searchResult.getResultCount() == 1) { log.trace("'step6CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... "); - registerSearchService.step7aKittProcess(searchResult, eidasData); - foundMatchFinalizeTask(searchResult, eidasData); + RegisterStatusResults updatedResult = registerSearchService.step7aKittProcess(searchResult, eidasData); + foundMatchFinalizeTask(updatedResult.getResult(), eidasData); + } else { throw new WorkflowException("step6CountrySpecificSearch", "More than one entry with unique country-specific information", true); @@ -172,29 +175,26 @@ public class InitialSearchTask extends AbstractAuthServletTask { } } - private void foundMatchFinalizeTask(RegisterStatusResults searchResult, SimpleEidasData eidasData) - throws WorkflowException, EaafStorageException { - RegisterResult updatedResult = step3CheckRegisterUpdateNecessary(searchResult.getResult(), eidasData); - MatchedPersonResult result = MatchedPersonResult.generateFormMatchingResult( - updatedResult, eidasData.getCitizenCountryCode()); - MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result); - } - - private RegisterResult step3CheckRegisterUpdateNecessary(RegisterResult searchResult, - SimpleEidasData eidasData) { + private RegisterResult step3CheckRegisterUpdateNecessary( + RegisterStatusResults searchResult, SimpleEidasData eidasData) throws WorkflowException { log.trace("Starting step3CheckRegisterUpdateNecessary"); - if (!eidasData.equalsRegisterData(searchResult)) { - log.info("Skipping update-register-information step, because it's not supported yet"); - - //TODO: update of ERnP information are allowed. Add ERnP update-step. Maybe we can use regular KITT steps - + if (!eidasData.equalsRegisterData(searchResult.getResult())) { + log.debug("PersonalIdentifier match but MDS or other information changed. Starting update process ... "); + return registerSearchService.step7aKittProcess(searchResult, eidasData).getResult(); - return searchResult; } else { log.debug("Register information match to eIDAS information. No update required"); - return searchResult; + return searchResult.getResult(); } } + + private void foundMatchFinalizeTask(RegisterResult updatedResult, SimpleEidasData eidasData) + throws WorkflowException, EaafStorageException { + MatchedPersonResult result = + MatchedPersonResult.generateFormMatchingResult(updatedResult, eidasData.getCitizenCountryCode()); + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result); + + } @NotNull private SimpleEidasData convertEidasAttrToSimpleData() |