aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
authorThomas <>2022-02-07 15:19:56 +0100
committerThomas <>2022-02-08 09:37:25 +0100
commit5b0a9142a0e00fa528f86f8fe432c0e44ed4ae8e (patch)
treed297360ad4fd1ec54e699779e0afcd0a7df8b836 /eidas_modules/authmodule-eIDAS-v2/src/main
parentb430405209fb61d7de7dec19fe9b2da780a575ac (diff)
downloadNational_eIDAS_Gateway-5b0a9142a0e00fa528f86f8fe432c0e44ed4ae8e.tar.gz
National_eIDAS_Gateway-5b0a9142a0e00fa528f86f8fe432c0e44ed4ae8e.tar.bz2
National_eIDAS_Gateway-5b0a9142a0e00fa528f86f8fe432c0e44ed4ae8e.zip
refactor(matching): change 'kitt' and 'update' steps in 'InitialSearchTask'
- Update MDS in case of changes eIDAS data and already existing ERnP entry - Add additional attributes in case of new eIDAS attributes outside of MDS
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java22
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java22
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java42
3 files changed, 59 insertions, 27 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
index 5ad92507..e76768b6 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
@@ -23,10 +23,11 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
+import org.apache.commons.lang3.builder.EqualsBuilder;
+
import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
import lombok.Builder;
import lombok.Data;
-import org.apache.commons.lang3.builder.EqualsBuilder;
@Data
@Builder
@@ -68,8 +69,11 @@ public class SimpleEidasData {
.append(result.getGivenName(), givenName)
.append(result.getFamilyName(), familyName)
.append(result.getDateOfBirth(), dateOfBirth)
- .isEquals()
- && result.getPseudonym().stream().anyMatch(el -> el.equals(pseudonym));
+ .appendSuper(result.getPseudonym().stream().anyMatch(el -> el.equals(pseudonym)))
+ .appendSuper(checkOptionalAttributes(result.getPlaceOfBirth(), placeOfBirth))
+ .appendSuper(checkOptionalAttributes(result.getBirthName(), birthName))
+ .isEquals();
+
}
/**
@@ -84,5 +88,17 @@ public class SimpleEidasData {
.isEquals();
}
+ /**
+ * Check if eIDAS attribute is available.
+ *
+ * @param registerData Attribute value from register
+ * @param eidasData Attribute value from eIDAS
+ * @return <code>true</code> if eidasData is <code>null</code> or eidasData does not match to register value,
+ * otherwise <code>false</code>
+ */
+ private static boolean checkOptionalAttributes(String registerData, String eidasData) {
+ return eidasData == null || eidasData.equals(registerData);
+
+ }
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
index 488b571b..85ea942c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
@@ -7,6 +7,7 @@ import java.util.List;
import javax.annotation.Nonnull;
import org.jetbrains.annotations.Nullable;
+import org.springframework.lang.NonNull;
import org.springframework.stereotype.Service;
import com.google.common.collect.Streams;
@@ -186,34 +187,49 @@ public class RegisterSearchService {
* @param initialEidasData Received eidas data from initial authn
* @return
*/
+ @NonNull
public RegisterStatusResults step7aKittProcess(RegisterStatusResults registerResult,
SimpleEidasData initialEidasData) throws WorkflowException {
log.trace("Starting step7aKittProcess");
- // TODO verify with which data this method gets called
+
+ // check if only one single result was found
if (registerResult.getResultCount() != 1) {
throw new WorkflowException("step7aKittProcess", "getResultCount() != 1");
+
}
+
+ // perform updated operation in respect to register results
try {
if (registerResult.getResultsZmr().size() == 1) {
RegisterResult entryZmr = registerResult.getResultsZmr().get(0);
ZmrRegisterResult updateZmr = zmrClient
.update(registerResult.getOperationStatus().getZmrProcessId(), entryZmr, initialEidasData);
return RegisterStatusResults.fromZmr(updateZmr);
+
} else {
RegisterResult entryErnp = registerResult.getResultsErnp().get(0);
ErnpRegisterResult updateErnp = ernpClient.update(entryErnp, initialEidasData);
return RegisterStatusResults.fromErnp(registerResult.operationStatus, updateErnp);
+
}
} catch (final EidasSAuthenticationException e) {
throw new WorkflowException("kittMatchedIdentitiess", e.getMessage(),
!(e instanceof ZmrCommunicationException), e);
+
}
}
- //TODO: check this method, because it's different to 'step7aKittProcess'???
/**
* Automatic process to fix the register entries.
* Called when the alternative eIDAS authn leads to a match in a register.
+ *
+ * <p>This method perform two additional operations:
+ * <ul>
+ * <li>Use bPK to check if <i>altSearchResult</i> is part of <i>initialSearchResult</i>.</li>
+ * <li>Update register entry twice, be using information from alternative authentication <i>altEidasData</i>
+ * and from initial authentication <i>initialEidasData</i>.</li>
+ * </ul>
+ * </p>
*
* @param initialSearchResult Register results from initial authentication
* @param initialEidasData Received eIDAS data from initial authentication
@@ -273,7 +289,7 @@ public class RegisterSearchService {
// update ZMR entry by using eIDAS information from alternative authentication
ErnpRegisterResult updateAlt = ernpClient.update(entryErnp, altEidasData);
- return RegisterStatusResults.fromErnp(altSearchResult.operationStatus, updateAlt);
+ return RegisterStatusResults.fromErnp(altSearchResult.getOperationStatus(), updateAlt);
}
} catch (final EidasSAuthenticationException e) {
throw new WorkflowException("kittMatchedIdentitiess", e.getMessage(),
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
index c720cb7f..9564a8fc 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
@@ -122,8 +122,9 @@ public class InitialSearchTask extends AbstractAuthServletTask {
if (resultCount == 0) {
step6CountrySpecificSearch(executionContext, searchResult.getOperationStatus(), eidasData);
- } else if (resultCount == 1) {
- foundMatchFinalizeTask(searchResult, eidasData);
+ } else if (resultCount == 1) {
+ RegisterResult updatedResult = step3CheckRegisterUpdateNecessary(searchResult, eidasData);
+ foundMatchFinalizeTask(updatedResult, eidasData);
} else {
throw new WorkflowException("step2RegisterSearchWithPersonIdentifier",
@@ -146,10 +147,12 @@ public class InitialSearchTask extends AbstractAuthServletTask {
if (searchResult.getResultCount() == 0) {
log.trace("'step6CountrySpecificSearch' ends with no result. Forward to next matching step ... ");
step8RegisterSearchWithMds(executionContext, searchResult.getOperationStatus(), eidasData);
+
} else if (searchResult.getResultCount() == 1) {
log.trace("'step6CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... ");
- registerSearchService.step7aKittProcess(searchResult, eidasData);
- foundMatchFinalizeTask(searchResult, eidasData);
+ RegisterStatusResults updatedResult = registerSearchService.step7aKittProcess(searchResult, eidasData);
+ foundMatchFinalizeTask(updatedResult.getResult(), eidasData);
+
} else {
throw new WorkflowException("step6CountrySpecificSearch",
"More than one entry with unique country-specific information", true);
@@ -172,29 +175,26 @@ public class InitialSearchTask extends AbstractAuthServletTask {
}
}
- private void foundMatchFinalizeTask(RegisterStatusResults searchResult, SimpleEidasData eidasData)
- throws WorkflowException, EaafStorageException {
- RegisterResult updatedResult = step3CheckRegisterUpdateNecessary(searchResult.getResult(), eidasData);
- MatchedPersonResult result = MatchedPersonResult.generateFormMatchingResult(
- updatedResult, eidasData.getCitizenCountryCode());
- MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result);
- }
-
- private RegisterResult step3CheckRegisterUpdateNecessary(RegisterResult searchResult,
- SimpleEidasData eidasData) {
+ private RegisterResult step3CheckRegisterUpdateNecessary(
+ RegisterStatusResults searchResult, SimpleEidasData eidasData) throws WorkflowException {
log.trace("Starting step3CheckRegisterUpdateNecessary");
- if (!eidasData.equalsRegisterData(searchResult)) {
- log.info("Skipping update-register-information step, because it's not supported yet");
-
- //TODO: update of ERnP information are allowed. Add ERnP update-step. Maybe we can use regular KITT steps
-
+ if (!eidasData.equalsRegisterData(searchResult.getResult())) {
+ log.debug("PersonalIdentifier match but MDS or other information changed. Starting update process ... ");
+ return registerSearchService.step7aKittProcess(searchResult, eidasData).getResult();
- return searchResult;
} else {
log.debug("Register information match to eIDAS information. No update required");
- return searchResult;
+ return searchResult.getResult();
}
}
+
+ private void foundMatchFinalizeTask(RegisterResult updatedResult, SimpleEidasData eidasData)
+ throws WorkflowException, EaafStorageException {
+ MatchedPersonResult result =
+ MatchedPersonResult.generateFormMatchingResult(updatedResult, eidasData.getCitizenCountryCode());
+ MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result);
+
+ }
@NotNull
private SimpleEidasData convertEidasAttrToSimpleData()