aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
authorChristian Kollmann <christian.kollmann@a-sit.at>2021-03-04 14:00:53 +0100
committerChristian Kollmann <christian.kollmann@a-sit.at>2021-03-04 14:18:15 +0100
commitb9bc937ff9471c60ced2ef9ed7df526cf31059db (patch)
tree6cbd58a098a457797ab85f816efc7bb05404470c /eidas_modules/authmodule-eIDAS-v2
parent2c49670334049a065d86defc8524f2e5eae6ca78 (diff)
downloadNational_eIDAS_Gateway-b9bc937ff9471c60ced2ef9ed7df526cf31059db.tar.gz
National_eIDAS_Gateway-b9bc937ff9471c60ced2ef9ed7df526cf31059db.tar.bz2
National_eIDAS_Gateway-b9bc937ff9471c60ced2ef9ed7df526cf31059db.zip
Document input, output, transitions for each task
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java42
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java22
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java96
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java38
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java1
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java112
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java90
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java77
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java15
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml28
10 files changed, 329 insertions, 192 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index c2fc44b9..76c026ae 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -34,9 +34,26 @@ public class Constants {
public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA";
public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision";
public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse";
- public static final String DATA_RESULT_MATCHING_BPK = "matching-result-bpk";
- public static final String DATA_SIMPLE_EIDAS = "simple_eidas_data";
- public static final String DATA_INITIAL_REGISTER_RESULT = "initial_register_result";
+
+ /**
+ * Stored when one match from register was found
+ */
+ public static final String DATA_RESULT_MATCHING_BPK = "matching_result_bpk";
+
+ /**
+ * Stored before Step 2 from Matching Concept, input from user eIDAS authn
+ */
+ public static final String DATA_SIMPLE_EIDAS = "matching_simple_eidas_data";
+
+ /**
+ * Stored after Step 2 from Matching Concept, first results from search with Person Identifier
+ */
+ public static final String DATA_INITIAL_REGISTER_RESULT = "matching_initial_register_result";
+
+ /**
+ * Stored after Step 8 from Matching Concept, results from search in registers with MDS
+ */
+ public static final String DATA_FURTHER_REGISTER_RESULT = "matching_further_register_result";
// templates for post-binding forwarding
public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html";
@@ -183,13 +200,32 @@ public class Constants {
public static final String COUNTRY_CODE_DE = "DE";
public static final String COUNTRY_CODE_IT = "IT";
+ /**
+ * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask}
+ */
public static final String TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK = "TASK_CreateNewErnpEntryTask";
+
+ /**
+ * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask}
+ */
public static final String TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK =
"TASK_GenerateOtherLoginMethodGuiTask";
+
+ /**
+ * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAustrianResidenceGuiTask}
+ */
public static final String TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK =
"TASK_GenerateAustrianResidenceGuiTask";
+
+ /**
+ * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask}
+ */
public static final String TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK =
"TASK_GenerateMobilePhoneSignatureRequestTask";
+
+ /**
+ * TODO Second eidas login
+ */
public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO";
public static final String REQ_SELECTED_LOGIN_METHOD_PARAMETER = "loginSelection";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
index fad985c2..6b524e36 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
@@ -30,30 +30,32 @@ public class RegisterSearchService {
* Automatic process to fix the register entries.
*
* @param initialSearchResult Result of initial register search
- * @param specificDetailSearchResult Result of last register search
+ * @param specificSearchResult Result of last register search
* @param eidasData Received eidas data
* @param pendingReq Pending request
* @return The bpk
* @throws TaskExecutionException if an error occurs during the register update
*/
public String step7aKittProcess(MergedRegisterSearchResult initialSearchResult,
- MergedRegisterSearchResult specificDetailSearchResult,
- SimpleEidasData eidasData, IRequest pendingReq) throws TaskExecutionException {
+ MergedRegisterSearchResult specificSearchResult,
+ SimpleEidasData eidasData,
+ IRequest pendingReq) throws TaskExecutionException {
+ log.trace("Starting step7aKittProcess");
// TODO verify with which data this method gets called
try {
if (initialSearchResult.getResultCount() != 0) {
throw new WorkflowException("initialSearchResult.getResultCount() != 0");
}
- if (specificDetailSearchResult.getResultCount() != 1) {
- throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1");
+ if (specificSearchResult.getResultCount() != 1) {
+ throw new WorkflowException("specificSearchResult.getResultCount() != 1");
}
- if (specificDetailSearchResult.getResultsZmr().size() == 1) {
- zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidasData);
+ if (specificSearchResult.getResultsZmr().size() == 1) {
+ zmrClient.update(specificSearchResult.getResultsZmr().get(0), eidasData);
}
- if (specificDetailSearchResult.getResultsErnp().size() == 1) {
- ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidasData);
+ if (specificSearchResult.getResultsErnp().size() == 1) {
+ ernpClient.update(specificSearchResult.getResultsErnp().get(0), eidasData);
}
- return specificDetailSearchResult.getBpk();
+ return specificSearchResult.getBpk();
} catch (WorkflowException e) {
throw new TaskExecutionException(pendingReq, "Step7a failed.", e);
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index b519354c..65e9028f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -85,6 +85,10 @@ import szrservices.TravelDocumentType;
* Task that creates the IdentityLink for an eIDAS authenticated person.
*
* @author tlenz
+ *
+ * TODO Take Constants#DATA_SIMPLE_EIDAS and Constants#DATA_RESULT_MATCHING_BPK
+ * TODO Only do VSZ Erstellung and eidasBind -- this is always the end of the whole process
+ * TODO Move Eintragung to separate Task, as it does not happen every time
*/
@Slf4j
@Component("CreateIdentityLinkTask")
@@ -96,12 +100,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
private SzrClient szrClient;
@Autowired
private ICcSpecificEidProcessingService eidPostProcessor;
-
+
@Autowired
private AuthBlockSigningService authBlockSigner;
private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas";
-
+
/*
* (non-Javadoc)
*
@@ -131,81 +135,81 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData);
//inject personal-data into session
- authProcessData.setIdentityLink(idlResult.getIdentityLink());
-
+ authProcessData.setIdentityLink(idlResult.getIdentityLink());
+
// set bPK and bPKType into auth session
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
pendingReq.getServiceProviderConfiguration()
.getAreaSpecificTargetIdentifier());
-
+
} else {
- //build SZR request from eIDAS data
+ //build SZR request from eIDAS data
final PersonInfoType personInfo = generateSzrRequest(eidData);
-
+
//request SZR based on IDL or E-ID mode
if (pendingReq.getServiceProviderConfiguration()
.isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) {
// get encrypted baseId
String vsz = szrClient.getEncryptedStammzahl(personInfo);
-
+
//write revision-Log entry and extended infos personal-identifier mapping
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED);
writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
-
-
+
+
// get eIDAS bind
- String signedEidasBind = szrClient.getEidsaBind(vsz,
- authBlockSigner.getBase64EncodedPublicKey(),
+ String signedEidasBind = szrClient.getEidsaBind(vsz,
+ authBlockSigner.getBase64EncodedPublicKey(),
EID_STATUS, eidData);
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED);
authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
-
+
//get signed AuthBlock
String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq);
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED);
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
-
+
//inject personal-data into session
authProcessData.setEidProcess(true);
-
+
} else {
//request SZR
SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo);
-
+
//write revision-Log entry for personal-identifier mapping
writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
-
+
//check result-data and write revision-log based on current state
checkStateAndWriteRevisionLog(idlResult);
-
+
//inject personal-data into session
- authProcessData.setIdentityLink(idlResult.getIdentityLink());
+ authProcessData.setIdentityLink(idlResult.getIdentityLink());
authProcessData.setEidProcess(false);
-
+
// set bPK and bPKType into auth session
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
pendingReq.getServiceProviderConfiguration()
.getAreaSpecificTargetIdentifier());
-
+
}
}
-
+
//add generic info's into session
authProcessData.setForeigner(true);
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
.parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
.getFirst());
authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
-
+
// store pending-request
requestStoreage.storePendingRequest(pendingReq);
-
-
+
+
} catch (final EidasAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
@@ -229,7 +233,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
-
+
private PersonInfoType generateSzrRequest(ErnbEidData eidData) {
log.debug("Starting connecting SZR Gateway");
final PersonInfoType personInfo = new PersonInfoType();
@@ -278,16 +282,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
-
+
return personInfo;
-
+
}
- private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo)
+ private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo)
throws SzrCommunicationException, EaafException {
//request IdentityLink from SZR
final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
-
+
final Element idlFromSzr = (Element) result.getAssertion();
IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
@@ -301,9 +305,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"));
if (!bpkList.isEmpty()) {
bpk = bpkList.get(0);
-
+
}
-
+
} else {
log.debug("Calculating bPK from baseId ... ");
@@ -316,11 +320,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
bpk = bpkCalc.getFirst();
}
-
+
return new SzrResultHolder(identityLink, bpk);
-
+
}
-
+
private void checkStateAndWriteRevisionLog(SzrResultHolder idlResult) throws SzrCommunicationException {
// write some infos into revision log
if (idlResult.getIdentityLink() == null) {
@@ -341,9 +345,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
log.debug("ERnB communication was successfull");
-
+
}
-
+
private String extendBpkByPrefix(String bpk, String type) {
String bpkType = null;
@@ -433,20 +437,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
-
+
@Data
- private static class SzrResultHolder {
+ private static class SzrResultHolder {
final IIdentityLink identityLink;
final String bpK;
-
+
}
-
+
/**
* Build a dummy IdentityLink and a dummy bPK based on eIDAS information.
- *
+ *
* <br><br>
* <b>FOR LOCAL TESTING ONLY!!!</b>
- *
+ *
* @param eidData Information from eIDAS response
* @return IdentityLink and bPK
* @throws ParserConfigurationException In case of an IDL processing error
@@ -454,7 +458,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
* @throws IOException In case of an IDL processing error
* @throws EaafException In case of a bPK generation error
*/
- private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData)
+ private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData)
throws ParserConfigurationException, SAXException, IOException, EaafException {
log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!");
// create fake IdL
@@ -495,9 +499,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
.generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
identityLink.getIdentificationType(),
pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
+ .getAreaSpecificTargetIdentifier());
return new SzrResultHolder(identityLink, bpkCalc.getFirst());
-
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java
index bab1945a..b89af3a0 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java
@@ -23,6 +23,7 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -30,18 +31,29 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import lombok.extern.slf4j.Slf4j;
-import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS;
-
/**
- * Task that searches ErnB and ZMR before adding person to SZR.
+ * Task that searches ERnP and ZMR before adding person to SZR.
+ * This corresponds to Step 9 in the eIDAS Matching Concept.
+ *
+ * Input:
+ * <ul>
+ * <li>{@link Constants#DATA_SIMPLE_EIDAS}</li>
+ * </ul>
+ * Output:
+ * <ul>
+ * <li>TODO MDS, BPK of new entry</li>
+ * </ul>
+ *
+ * TODO Import code from CreateIdentityLinkTask
+ * TODO Nicht mit BMI abgestimmt: ERnP Eintrag über SZR anzulegen?
*
* @author amarsalek
+ * @author ckollmann
*/
@Slf4j
@Component("CreateNewErnbEntryTask")
@@ -61,25 +73,21 @@ public class CreateNewErnpEntryTask extends AbstractAuthServletTask {
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try {
- // TODO really the correct key?
- SimpleEidasData simpleEidasData = getAuthProcessData().getGenericDataFromSession(DATA_SIMPLE_EIDAS,
- SimpleEidasData.class);
- step9CreateNewErnpEntry(simpleEidasData);
+ SimpleEidasData simpleEidasData = getInitialEidasData();
+ //TODO Does this return the BPK?
+ ernpClient.createNewEntry(simpleEidasData);
} catch (final Exception e) {
log.error("Initial search FAILED.", e);
throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e);
}
}
- @NotNull
- private AuthProcessDataWrapper getAuthProcessData() {
- return pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ private SimpleEidasData getInitialEidasData() {
+ return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
}
- private void step9CreateNewErnpEntry(SimpleEidasData simpleEidasData) {
-
- //TODO can i get bpk from response?
- ernpClient.createNewEntry(simpleEidasData);
+ private AuthProcessDataWrapper getAuthProcessDataWrapper() {
+ return pendingReq.getSessionData(AuthProcessDataWrapper.class);
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
index 56aaa2db..8c3cc994 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java
@@ -53,6 +53,7 @@ public class GenerateOtherLoginMethodGuiTask extends AbstractAuthServletTask {
@Autowired
private ISpringMvcGuiFormBuilder guiBuilder;
+
@Autowired
private IConfiguration basicConfig;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
index 81035f6d..d7bec42b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
@@ -23,6 +23,7 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
@@ -55,10 +56,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_FULL_EIDAS_RESPONSE;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_RESULT_MATCHING_BPK;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS;
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK;
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK;
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.eIDAS_ATTR_BIRTHNAME;
@@ -72,6 +69,27 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.eIDAS_A
/**
* Task that searches registers (ERnP and ZMR) before adding person to SZR.
+ * <p>
+ * Input:
+ * <ul>
+ * <li>{@link Constants#DATA_FULL_EIDAS_RESPONSE}</li>
+ * </ul>
+ * Output:
+ * <ul>
+ * <li>{@link Constants#DATA_SIMPLE_EIDAS} converted from Full eIDAS Response</li>
+ * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from first search in registers with
+ * PersonIdentifier</li>
+ * <li>{@link Constants#DATA_FURTHER_REGISTER_RESULT} results after second search in registers with MDS</li>
+ * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
+ * </ul>
+ * <p>
+ * Transitions:
+ * <ul>
+ * <li>{@link CreateNewErnpEntryTask} if no results in registers where found for this user</li>
+ * <li>{@link GenerateOtherLoginMethodGuiTask} if search with MDS returns more than one match, user may provide
+ * alternative login methods to get an unique match</li>
+ * <li>{@link CreateIdentityLinkTask} if search in register returned one match, user is uniquely identified</li>
+ * </ul>
*
* @author amarsalek
* @author ckollmann
@@ -102,11 +120,8 @@ public class InitialSearchTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try {
final SimpleEidasData eidasData = convertEidasAttrToSimpleData();
- storeSimpleEidasData(eidasData);
+ storeInitialEidasData(eidasData);
step2RegisterSearchWithPersonIdentifier(executionContext, eidasData);
- } catch (final TaskExecutionException e) {
- log.error("Initial search failed", e);
- throw e;
} catch (final Exception e) {
log.error("Initial search failed", e);
throw new TaskExecutionException(pendingReq, "Initial search failed", e);
@@ -117,52 +132,41 @@ public class InitialSearchTask extends AbstractAuthServletTask {
ExecutionContext executionContext, SimpleEidasData eidasData)
throws TaskExecutionException, EaafStorageException, ManualFixNecessaryException {
log.trace("Starting step2RegisterSearchWithPersonIdentifier");
- String personIdentifier = eidasData.getPseudonym();
- MergedRegisterSearchResult registerData = registerSearchService.searchWithPersonIdentifier(eidasData);
- storeInitialRegisterResult(registerData);
- int resultCount = registerData.getResultCount();
+ MergedRegisterSearchResult initialSearchResult = registerSearchService.searchWithPersonIdentifier(eidasData);
+ storeInitialRegisterResult(initialSearchResult);
+ int resultCount = initialSearchResult.getResultCount();
if (resultCount == 0) {
- step5CheckAndPerformCountrySpecificSearchIfPossible(executionContext, registerData, eidasData);
+ step5CountrySpecificSearchCheck(executionContext, initialSearchResult, eidasData);
} else if (resultCount == 1) {
- step3CheckRegisterUpdateNecessary(registerData, eidasData);
+ step3CheckRegisterUpdateNecessary(initialSearchResult, eidasData);
} else {
- throw new ManualFixNecessaryException(personIdentifier);
+ throw new ManualFixNecessaryException(eidasData);
}
}
- private void step3CheckRegisterUpdateNecessary(MergedRegisterSearchResult registerData, SimpleEidasData eidasData)
+ private void step3CheckRegisterUpdateNecessary(
+ MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData)
throws ManualFixNecessaryException {
log.trace("Starting step3CheckRegisterUpdateNecessary");
try {
- if (eidasData.equalsRegisterData(registerData)) {
- String bpk = registerData.getBpk();
- storeMatchingBpk(bpk);
+ if (eidasData.equalsRegisterData(initialSearchResult)) {
+ storeMatchingBpk(initialSearchResult.getBpk());
} else {
- step4UpdateRegisterData(registerData, eidasData);
+ // TODO Update "initialSearchResult" in register with "eidasData" from login not possible for now
+ storeMatchingBpk(initialSearchResult.getBpk());
}
} catch (WorkflowException | EaafStorageException e) {
throw new ManualFixNecessaryException(eidasData);
}
}
- private void step4UpdateRegisterData(MergedRegisterSearchResult registerData, SimpleEidasData eidasData)
- throws WorkflowException, EaafStorageException {
- log.trace("Starting step4UpdateRegisterData");
- log.debug("Update {} with {}", registerData, eidasData);
- //TODO wann rechtlich möglich?
-
- String bpk = registerData.getBpk();
- storeMatchingBpk(bpk);
- }
-
- private void step5CheckAndPerformCountrySpecificSearchIfPossible(
- ExecutionContext executionContext, MergedRegisterSearchResult registerData,
- SimpleEidasData eidasData)
+ private void step5CountrySpecificSearchCheck(
+ ExecutionContext executionContext, MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData)
throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException {
log.trace("Starting step5CheckAndPerformCountrySpecificSearchIfPossible");
CountrySpecificDetailSearchProcessor specificHandler = findSpecificProcessor(eidasData);
if (specificHandler != null) {
- step6CountrySpecificSearch(executionContext, specificHandler, registerData, eidasData);
+ step6CountrySpecificSearch(executionContext, specificHandler, initialSearchResult, eidasData);
} else {
step8RegisterSearchWithMds(executionContext, eidasData);
}
@@ -182,7 +186,7 @@ public class InitialSearchTask extends AbstractAuthServletTask {
private void step6CountrySpecificSearch(ExecutionContext executionContext,
CountrySpecificDetailSearchProcessor processor,
- MergedRegisterSearchResult registerData,
+ MergedRegisterSearchResult initialSearchResult,
SimpleEidasData eidasData)
throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException {
log.trace("Starting step6CountrySpecificSearch");
@@ -191,57 +195,51 @@ public class InitialSearchTask extends AbstractAuthServletTask {
if (resultCount == 0) {
step8RegisterSearchWithMds(executionContext, eidasData);
} else if (resultCount == 1) {
- step7aKittProcess(registerData, countrySearchResult, eidasData);
+ String bpk = registerSearchService
+ .step7aKittProcess(initialSearchResult, countrySearchResult, eidasData, pendingReq);
+ storeMatchingBpk(bpk);
} else {
throw new ManualFixNecessaryException(eidasData);
}
}
- private void step7aKittProcess(MergedRegisterSearchResult registerData,
- MergedRegisterSearchResult countrySpecificDetailSearchResult,
- SimpleEidasData eidasData)
- throws TaskExecutionException, EaafStorageException {
- log.trace("Starting step7aKittProcess");
- String bpk = registerSearchService.step7aKittProcess(registerData, countrySpecificDetailSearchResult,
- eidasData, pendingReq);
- storeMatchingBpk(bpk);
- }
-
private void step8RegisterSearchWithMds(ExecutionContext executionContext, SimpleEidasData eidasData)
throws EaafStorageException {
log.trace("Starting step8RegisterSearchWithMds");
MergedRegisterSearchResult registerData = registerSearchService.searchWithMds(eidasData);
if (registerData.getResultCount() == 0) {
- // TODO really the correct key to store data?
- storeSimpleEidasData(eidasData);
executionContext.put(TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true);
} else {
+ storeFurtherRegisterResults(registerData);
executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
}
}
- private void storeSimpleEidasData(SimpleEidasData eidasData) throws EaafStorageException {
- getAuthProcessData().setGenericDataToSession(DATA_SIMPLE_EIDAS, eidasData);
+ private void storeInitialRegisterResult(MergedRegisterSearchResult registerData) throws EaafStorageException {
+ getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_INITIAL_REGISTER_RESULT, registerData);
}
- private void storeInitialRegisterResult(MergedRegisterSearchResult registerData) throws EaafStorageException {
- getAuthProcessData().setGenericDataToSession(DATA_INITIAL_REGISTER_RESULT, registerData);
+ private void storeFurtherRegisterResults(MergedRegisterSearchResult registerData) throws EaafStorageException {
+ getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_FURTHER_REGISTER_RESULT, registerData);
+ }
+
+ private void storeInitialEidasData(SimpleEidasData eidasData) throws EaafStorageException {
+ getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidasData);
}
private void storeMatchingBpk(String bpk) throws EaafStorageException {
- getAuthProcessData().setGenericDataToSession(DATA_RESULT_MATCHING_BPK, bpk);
+ getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
}
- @NotNull
- private AuthProcessDataWrapper getAuthProcessData() {
+ private AuthProcessDataWrapper getAuthProcessDataWrapper() {
return pendingReq.getSessionData(AuthProcessDataWrapper.class);
}
@NotNull
private SimpleEidasData convertEidasAttrToSimpleData()
throws EidasAttributeException {
- final ILightResponse eidasResponse = getAuthProcessData()
- .getGenericDataFromSession(DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
+ final ILightResponse eidasResponse = getAuthProcessDataWrapper()
+ .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
Map<String, Object> simpleMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap());
return convertSimpleMapToSimpleData(simpleMap);
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
index d565c329..6d050dc1 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
@@ -31,6 +31,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNeces
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -46,12 +47,26 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Enumeration;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS;
/**
* Task receives the response of {@link GenerateAustrianResidenceGuiTask} and handles it.
* This corresponds to Steps 17B, 18, 19 in the eIDAS Matching Concept.
+ * <p>
+ * Input:
+ * <ul>
+ * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li>
+ * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li>
+ * </ul>
+ * Output:
+ * <ul>
+ * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
+ * </ul>
+ * Transitions:
+ * <ul>
+ * <li>{@link CreateNewErnpEntryTask}</li> if no results from search with residency data in registers
+ * <li>{@link CreateIdentityLinkTask}</li> if one exact match between initial register search (with MDS) and results
+ * from search with residency data in registers exists
+ * </ul>
*
* @author amarsalek
* @author ckollmann
@@ -85,45 +100,68 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet
throws TaskExecutionException {
log.trace("Starting ReceiveAustrianResidenceGuiResponseTask");
UserInput input = parseHtmlInput(request);
- if (input.isFormerResidenceAvailable()) {
- if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) {
- // form should ensure that mandatory fields are field => this should never happen
- throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException());
- }
- // TODO Also search with MDS?
- MergedRegisterSearchResult result = registerSearchService
+ if (!input.isFormerResidenceAvailable()) {
+ moveToNextTask(executionContext);
+ return;
+ }
+ if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) {
+ // HTML form should ensure that mandatory fields are set => this should never happen
+ throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException());
+ }
+ // TODO Also search with MDS? But MDS Search has already happened?
+ try {
+ SimpleEidasData eidasData = getInitialEidasData();
+ MergedRegisterSearchResult residencyResult = registerSearchService
.searchWithResidence(input.zipcode, input.city, input.street);
- if (result.getResultCount() == 0) {
+ if (residencyResult.getResultCount() == 0) {
moveToNextTask(executionContext);
- return;
- } else if (result.getResultCount() == 1) {
- compareSearchResultWithInitialData(executionContext, result);
+ } else if (residencyResult.getResultCount() == 1) {
+ compareSearchResultWithInitialData(executionContext, residencyResult, eidasData);
} else {
- throw new TaskExecutionException(pendingReq, "Manual Fix necessary", new ManualFixNecessaryException("todo"));
+ throw new TaskExecutionException(pendingReq,
+ "Manual Fix necessary", new ManualFixNecessaryException(eidasData));
}
- } else {
- moveToNextTask(executionContext);
+ } catch (EaafStorageException e) {
+ log.error("Search with residency data failed", e);
+ throw new TaskExecutionException(pendingReq, "Search with residency data failed", e);
}
}
- private void compareSearchResultWithInitialData(ExecutionContext executionContext, MergedRegisterSearchResult result)
- throws TaskExecutionException {
+ private void compareSearchResultWithInitialData(ExecutionContext executionContext,
+ MergedRegisterSearchResult residencyResult, SimpleEidasData eidasData)
+ throws TaskExecutionException, EaafStorageException {
try {
- AuthProcessDataWrapper authProcessDataWrapper = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- MergedRegisterSearchResult initialSearchResult = authProcessDataWrapper
- .getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class);
- SimpleEidasData simpleEidasData = authProcessDataWrapper
- .getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class);
- if (simpleEidasData.equalsRegisterData(result)) {
- registerSearchService.step7aKittProcess(initialSearchResult, result, simpleEidasData, pendingReq);
+ MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult();
+ // TODO search "residencyResult" in "initialSearchResult"!?
+ if (eidasData.equalsRegisterData(residencyResult)) {
+ String bpk = registerSearchService
+ .step7aKittProcess(initialSearchResult, residencyResult, eidasData, pendingReq);
+ storeMatchingBpk(bpk);
} else {
moveToNextTask(executionContext);
}
} catch (WorkflowException e) {
- throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException("todo"));
+ throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException(eidasData));
}
}
+ private SimpleEidasData getInitialEidasData() {
+ return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
+ }
+
+ private MergedRegisterSearchResult getInitialRegisterResult() {
+ return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
+ MergedRegisterSearchResult.class);
+ }
+
+ private void storeMatchingBpk(String bpk) throws EaafStorageException {
+ getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
+ }
+
+ private AuthProcessDataWrapper getAuthProcessDataWrapper() {
+ return pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ }
+
private void moveToNextTask(ExecutionContext executionContext) {
// Later on, this should transition to Step 20
executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 8c7815be..57531493 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -37,6 +37,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchSe
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
@@ -73,15 +74,30 @@ import java.io.IOException;
import java.util.List;
import java.util.Set;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS;
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING;
/**
* Task that receives the SAML2 response from ID Austria system.
* This corresponds to Step 15 in the eIDAS Matching Concept.
*
+ * Input:
+ * <ul>
+ * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li>
+ * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li>
+ * </ul>
+ * Output:
+ * <ul>
+ * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
+ * </ul>
+ * Transitions:
+ * <ul>
+ * <li>{@link GenerateAustrianResidenceGuiTask}</li> if no results in registers were found
+ * <li>{@link CreateIdentityLinkTask}</li> if one exact match between initial register search (with MDS) data and
+ * register search with MPS data exists
+ * </ul>
+ *
* @author tlenz
+ * @author ckollmann
*/
@Slf4j
@Component("ReceiveMobilePhoneSignatureResponseTask")
@@ -108,6 +124,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
/**
* Creates the new task, with autowired dependencies from Spring.
*/
+ @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine,
RegisterSearchService registerSearchService,
IdAustriaClientAuthCredentialProvider credentialProvider,
@@ -146,22 +163,24 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
*
*/
- AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- MergedRegisterSearchResult initialSearchResult =
- authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class);
- SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class);
- String bpkZp = extractBpkZp(extractor, authProcessData, eidasData);
+ MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult();
+ SimpleEidasData eidasData = getInitialEidasData();
+ String bpkZp = extractBpkZp(extractor, eidasData);
- MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp);
- if (result.getResultCount() == 0) {
+ // TODO Hier ist wohl keine Register-Suche notwendig, denn das ergibt sicher einen Treffer
+ // TODO Soll: In den Ergebnissen aus Step8 matchen! Über BPK matchen, und dann schauen, ob zumindest
+ // Geburtsdatum passt
+ MergedRegisterSearchResult registerResult = registerSearchService.searchWithBpkZp(bpkZp);
+ if (registerResult.getResultCount() == 0) {
executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
return;
- } else if (result.getResultCount() == 1) {
- String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq);
- authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
+ } else if (registerResult.getResultCount() == 1) {
+ String bpk = registerSearchService
+ .step7aKittProcess(initialSearchResult, registerResult, eidasData, pendingReq);
+ storeMatchingBpk(bpk);
return;
- } else if (result.getResultCount() > 1) {
- throw new ManualFixNecessaryException("bpkZp: " + bpkZp);
+ } else if (registerResult.getResultCount() > 1) {
+ throw new ManualFixNecessaryException(eidasData);
}
// set NeedConsent to false, because user gives consent during authentication
@@ -192,16 +211,31 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
}
private String extractBpkZp(AssertionAttributeExtractor extractor,
- AuthProcessDataWrapper authProcessData,
SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException {
- SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
+ SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor);
if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
- //TODO User has cheated?
- throw new InvalidUserInputException();
+ throw new InvalidUserInputException(); // user has cheated!?
}
return simpleMobileSignatureData.getBpk();
}
+ private SimpleEidasData getInitialEidasData() {
+ return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
+ }
+
+ private MergedRegisterSearchResult getInitialRegisterResult() {
+ return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
+ MergedRegisterSearchResult.class);
+ }
+
+ private void storeMatchingBpk(String bpk) throws EaafStorageException {
+ getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
+ }
+
+ private AuthProcessDataWrapper getAuthProcessDataWrapper() {
+ return pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ }
+
@NotNull
private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response,
IDecoder decoder, EaafUriCompare comparator) throws Exception {
@@ -303,8 +337,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
return null;
}
- private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor,
- AuthProcessDataWrapper authProcessData)
+ private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor)
throws EaafBuilderException {
List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
SimpleMobileSignatureData result = new SimpleMobileSignatureData();
@@ -329,10 +362,10 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
}
if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
- authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
+ getAuthProcessDataWrapper().setQaaLevel(extractor.getSingleAttributeValue(attrName));
}
}
- authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
+ getAuthProcessDataWrapper().setIssueInstant(extractor.getAssertionIssuingDate());
return result;
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index 12eb7a83..b3c994c9 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -41,6 +41,21 @@ import java.util.Enumeration;
* Handles user's selection from {@link GenerateOtherLoginMethodGuiTask}.
* This corresponds to Steps 10, 14, 16 in the eIDAS Matching Concept.
*
+ * Input:
+ * <ul>
+ * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li>
+ * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li>
+ * </ul>
+ * Output:
+ * <ul>
+ * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
+ * </ul>
+ * Transitions:
+ * <ul>
+ * <li>{@link GenerateMobilePhoneSignatureRequestTask}</li> if selected by user
+ * <li>{@link GenerateAustrianResidenceGuiTask}</li> if selected by user
+ * </ul>
+ *
* @author amarsalek
* @author ckollmann
*/
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
index f60bb5f9..369af4c4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
@@ -44,37 +44,39 @@
<pd:Transition from="initialRegisterSearch"
to="generateOtherLoginMethodGuiTask"
conditionExpression="ctx['TASK_GenerateOtherLoginMethodGuiTask']"/>
+ <pd:Transition from="initialRegisterSearch"
+ to="generateIdentityLink" />
<pd:Transition from="generateOtherLoginMethodGuiTask"
to="receiveOtherLoginMethodGuiResponseTask" />
<pd:Transition from="receiveOtherLoginMethodGuiResponseTask"
to="generateMobilePhoneSignatureRequestTask"
conditionExpression="ctx['TASK_GenerateMobilePhoneSignatureRequestTask']"/>
- <pd:Transition from="generateMobilePhoneSignatureRequestTask"
- to="receiveMobilePhoneSignatureResponseTask" />
- <pd:Transition from="receiveMobilePhoneSignatureResponseTask"
- to="createNewErnpEntryTask" />
-
+ <pd:Transition from="receiveOtherLoginMethodGuiResponseTask"
+ to="generateAustrianResidenceGuiTask"
+ conditionExpression="ctx['TASK_GenerateAustrianResidenceGuiTask']"/>
<!-- TRANSITION_TO_GENERATE_EIDAS_LOGIN -->
<!-- <pd:Transition from="receiveOtherLoginMethodGuiResponseTask" -->
<!-- to="generateAustrianResidenceGuiTask" -->
<!-- conditionExpression="ctx['TASK_TODO']"/> -->
- <pd:Transition from="receiveOtherLoginMethodGuiResponseTask"
+ <pd:Transition from="generateMobilePhoneSignatureRequestTask"
+ to="receiveMobilePhoneSignatureResponseTask" />
+
+ <pd:Transition from="receiveMobilePhoneSignatureResponseTask"
to="generateAustrianResidenceGuiTask"
- conditionExpression="ctx['TASK_GenerateAustrianResidenceGuiTask']"/>
+ conditionExpression="ctx['TASK_GenerateAustrianResidenceGuiTask']" />
+ <pd:Transition from="receiveMobilePhoneSignatureResponseTask"
+ to="generateIdentityLink" />
<pd:Transition from="generateAustrianResidenceGuiTask"
to="receiveAustrianResidenceGuiResponseTask" />
<pd:Transition from="receiveAustrianResidenceGuiResponseTask"
- to="generateIdentityLink"
- conditionExpression="ctx['TASK_TODO']"/>
-
- <pd:Transition from="receiveAustrianResidenceGuiResponseTask"
to="createNewErnpEntryTask"
- conditionExpression="ctx['TASK_TODO']"/>
-
+ conditionExpression="ctx['TASK_CreateNewErnpEntryTask']"/>
+ <pd:Transition from="receiveAustrianResidenceGuiResponseTask"
+ to="generateIdentityLink"/>
<pd:Transition from="createNewErnpEntryTask"
to="generateIdentityLink" />