Prevent SZRClient from creating ERnP entry if person does not exist

4 files changed, 57 insertions, 68 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index dc6df967..5bad738b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -27,6 +27,7 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.net.URL;
+import java.nio.charset.StandardCharsets;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -34,7 +35,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
 import java.util.ArrayList;
-import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -117,6 +118,7 @@ public class SzrClient {
   private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind";
   public static final String ATTR_NAME_MDS = "urn:eidgvat:mds";
 
+  @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
   @Autowired
   private IConfiguration basicConfig;
 
@@ -126,10 +128,6 @@ public class SzrClient {
   // RAW client is needed for identitylink
   private Dispatch<Source> dispatch = null;
 
-  private SzrService szrService = null;
-  private String szrUrl = null;
-  private QName qname = null;
-
   final ObjectMapper mapper = new ObjectMapper();
 
   /**
@@ -164,7 +162,7 @@ public class SzrClient {
           .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse));
 
       // build response
-      log.trace(new String(szrResponse, "UTF-8"));
+      log.trace(new String(szrResponse, StandardCharsets.UTF_8));
 
       // ok, we have success
       final Document doc = DomUtils.parseDocument(
@@ -223,7 +221,11 @@ public class SzrClient {
   }
 
   /**
-   * Request a encryped baseId from SRZ.
+   * Request a encrypted baseId from SZR.
+   *
+   * <b>Note</b>: Previously, this method did create a new ERnP entry, if it did not exist. This is
+   * <b>not</b> the case any more. See
+   * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask} for that functionality.
    *
    * @param personInfo Minimum dataset of person
    * @return encrypted baseId
@@ -234,10 +236,7 @@ public class SzrClient {
 
     final String resp;
     try {
-      //TODO wirklich immer "insertERnP=true"?
-      // wenn insertErnP=false dann returns vsz oder fehler
-      // wenn insertErnp = true dann returns vsz, ggf vom neuen Eintrag
-      resp = this.szr.getStammzahlEncrypted(personInfo, true);
+      resp = this.szr.getStammzahlEncrypted(personInfo, false);
     } catch (SZRException_Exception e) {
       throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
     }
@@ -253,8 +252,8 @@ public class SzrClient {
   /**
    * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status.
    *
-   * @param vsz encryped baseId
-   * @param bindingPubKey  binding PublikKey as PKCS1# (ASN.1) container
+   * @param vsz encrypted baseId
+   * @param bindingPubKey  binding PublicKey as PKCS1# (ASN.1) container
    * @param eidStatus Status of the E-ID
    * @param eidData eID information that was used for ERnP registration
    * @return bPK for this person
@@ -266,7 +265,7 @@ public class SzrClient {
     final Map<String, Object> eidsaBindMap = new HashMap<>();
     eidsaBindMap.put(ATTR_NAME_VSZ, vsz);
     eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus);
-    eidsaBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey));
+    eidsaBindMap.put(ATTR_NAME_PUBKEYS, Collections.singletonList(bindingPubKey));
     eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode());
     injectMdsIfAvailableAndActive(eidsaBindMap, eidData);
 
@@ -296,7 +295,7 @@ public class SzrClient {
       return resp.getOut().get(0).getValue();
 
     } catch (final JsonProcessingException | SZRException_Exception e) {
-      log.warn("Requesting bcBind by using SZR FAILED. Reason: {}", e.getMessage(), null, e);
+      log.warn("Requesting bcBind by using SZR FAILED.", e);
       throw new SzrCommunicationException("ernb.02",
           new Object[]{e.getMessage()}, e);
     }
@@ -311,6 +310,9 @@ public class SzrClient {
         Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE,
         true);
 
+    SzrService szrService;
+    QName qname;
+    String szrUrl;
     if (useTestSzr) {
       log.debug("Initializing SZR test environment configuration.");
       qname = SzrService.SZRTestumgebung;
@@ -350,20 +352,20 @@ public class SzrClient {
 
     // inject handler
     log.info("Use SZR service-URL: " + szrUrl);
-    injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT);
-    injectBindingProvider(dispatch, CLIENT_RAW);
+    injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT, szrUrl);
+    injectBindingProvider(dispatch, CLIENT_RAW, szrUrl);
 
     // inject http parameters and SSL context
     log.debug("Inject HTTP client settings ... ");
-    injectHttpClient(szr, CLIENT_DEFAULT);
-    injectHttpClient(dispatch, CLIENT_RAW);
+    injectHttpClient(szr, CLIENT_DEFAULT, szrUrl);
+    injectHttpClient(dispatch, CLIENT_RAW, szrUrl);
 
     log.info("SZR-Client initialization successfull");
   }
 
-  private void injectHttpClient(Object raw, String clientType) {
+  private void injectHttpClient(Object raw, String clientType, String szrUrl) {
     // extract client from implementation
-    Client client = null;
+    Client client;
     if (raw instanceof DispatchImpl<?>) {
       client = ((DispatchImpl<?>) raw).getClient();
     } else if (raw instanceof Client) {
@@ -378,14 +380,12 @@ public class SzrClient {
 
     // set timeout policy
     final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-    httpClientPolicy.setConnectionTimeout(
-        Integer.parseInt(basicConfig.getBasicConfiguration(
-            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION,
-            Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) * 1000);
-    httpClientPolicy.setReceiveTimeout(
-        Integer.parseInt(basicConfig.getBasicConfiguration(
-            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE,
-            Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) * 1000);
+    String connectionTimeout = basicConfig.getBasicConfiguration(
+        Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION);
+    httpClientPolicy.setConnectionTimeout(Integer.parseInt(connectionTimeout) * 1000L);
+    String responseTimeout = basicConfig.getBasicConfiguration(
+        Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE);
+    httpClientPolicy.setReceiveTimeout(Integer.parseInt(responseTimeout) * 1000L);
     http.setClient(httpClientPolicy);
 
     // inject SSL context in case of https
@@ -400,7 +400,7 @@ public class SzrClient {
 
   }
 
-  private void injectBindingProvider(BindingProvider bindingProvider, String clientType) {
+  private void injectBindingProvider(BindingProvider bindingProvider, String clientType, String szrUrl) {
     final Map<String, Object> requestContext = bindingProvider.getRequestContext();
     requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrUrl);
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
index 99c221d8..5deb5f31 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
@@ -28,10 +28,10 @@ import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.Mockito.when;
 
 import java.io.IOException;
-import java.security.InvalidKeyException;
+import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
-import java.security.NoSuchProviderException;
 import java.util.List;
+import java.util.Objects;
 
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
@@ -44,7 +44,6 @@ import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.binding.soap.SoapFault;
 import org.joda.time.DateTime;
-import org.jose4j.lang.JoseException;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Ignore;
@@ -60,9 +59,6 @@ import org.springframework.util.Base64Utils;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.skjolberg.mockito.soap.SoapServiceRule;
 
 import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
@@ -102,8 +98,6 @@ public class SzrClientTest {
   @Autowired SzrClient szrClient;
   @Autowired MsConnectorDummyConfigMap basicConfig;
 
-  private static ObjectMapper mapper = new ObjectMapper();
-
   private static final String givenName = "Franz";
   private static final String familyName = "Mustermann";
   private static final String dateOfBirth = "1989-05-05";
@@ -139,7 +133,7 @@ public class SzrClientTest {
 
 
   @Test
-  public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception, SzrCommunicationException {
+  public void getStammzahlenEcryptedTest() throws SZRException_Exception, SzrCommunicationException {
     final GetBPKFromStammzahlEncryptedResponse szrResponse = new GetBPKFromStammzahlEncryptedResponse();
     final GetBPKFromStammzahlEncryptedResponseType result1 = new GetBPKFromStammzahlEncryptedResponseType();
     szrResponse.getOut().add(result1);
@@ -156,7 +150,7 @@ public class SzrClientTest {
 
     when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(null);
     try {
-      stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType());
+      szrClient.getEncryptedStammzahl(new PersonInfoType());
     } catch (SzrCommunicationException e) {
       Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01"));
     }
@@ -234,8 +228,7 @@ public class SzrClientTest {
   }
 
   @Test
-  public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException, JsonMappingException,
-      JsonProcessingException, JoseException {
+  public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException {
     final SignContentResponse szrResponse = new SignContentResponse();
     final SignContentEntry result1 = new SignContentEntry();
     final SignContentResponseType content = new SignContentResponseType();
@@ -257,8 +250,7 @@ public class SzrClientTest {
   }
 
   @Test
-  public void eidasBindValidWithMds() throws SZRException_Exception, SzrCommunicationException, JoseException,
-      JsonMappingException, JsonProcessingException {
+  public void eidasBindValidWithMds() throws SZRException_Exception, SzrCommunicationException {
     basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "true");
 
     final SignContentResponse szrResponse = new SignContentResponse();
@@ -283,7 +275,7 @@ public class SzrClientTest {
 
   @Test
   public void getIdentityLinkRawModeValidResponse()
-      throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException,
+      throws SZRException_Exception, EaafParserException,
       EidasSAuthenticationException, JAXBException {
     setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml");
 
@@ -317,8 +309,8 @@ public class SzrClientTest {
 
   @Test
   public void getIdentityLinkRawModeErrorTravelerDocExists()
-      throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException,
-      EidasSAuthenticationException, JAXBException, ParserConfigurationException, SAXException {
+      throws SZRException_Exception, IOException,
+      EidasSAuthenticationException, ParserConfigurationException, SAXException {
     setSzrExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml");
 
     try {
@@ -342,7 +334,7 @@ public class SzrClientTest {
 
   @Ignore
   @Test
-  public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException {
+  public void getBpkTest() throws EidasSAuthenticationException {
     final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, basicConfig
         .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"));
 
@@ -363,6 +355,7 @@ public class SzrClientTest {
 
   }
 
+  @SuppressWarnings("SameParameterValue")
   private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception {
     final JAXBContext jaxbContext = JAXBContext
         .newInstance(szrservices.ObjectFactory.class, org.w3._2001._04.xmldsig_more.ObjectFactory.class,
@@ -375,8 +368,9 @@ public class SzrClientTest {
 
   }
 
+  @SuppressWarnings("SameParameterValue")
   private void setSzrExceptionIdentityLink(String responseXmlPath)
-      throws JAXBException, ParserConfigurationException, SAXException, IOException, SZRException_Exception {
+      throws ParserConfigurationException, SAXException, IOException, SZRException_Exception {
     final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(responseXmlPath));
     final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344");
     final SoapFault fault = new SoapFault(
@@ -391,9 +385,8 @@ public class SzrClientTest {
   private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException {
     try {
       final MessageDigest md = MessageDigest.getInstance("SHA-256");
-      final byte[] hash = md.digest(uniqueId.getBytes("UTF-8"));
-      final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", "");
-      return hashBase64;
+      final byte[] hash = md.digest(uniqueId.getBytes(StandardCharsets.UTF_8));
+      return new String(Base64Utils.encode(hash), StandardCharsets.UTF_8).replaceAll("\r\n", "");
 
     } catch (final Exception ex) {
       throw new EidasSAuthenticationException("internal.03", new Object[]{}, ex);
@@ -413,7 +406,7 @@ public class SzrClientTest {
 
     // parse some eID attributes
     final Triple<String, String, String> eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID);
-    final String uniqueId = createHashFromUniqueId(eIdentifier.getThird());
+    final String uniqueId = createHashFromUniqueId(Objects.requireNonNull(eIdentifier).getThird());
     final String citizenCountry = eIdentifier.getFirst();
 
     // person information
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
index abebf0da..38829d67 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
@@ -23,11 +23,10 @@
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.test;
 
-import java.io.IOException;
-import java.security.InvalidKeyException;
+import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
-import java.security.NoSuchProviderException;
 import java.util.List;
+import java.util.Objects;
 
 import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -63,7 +62,6 @@ import at.gv.egiz.eaaf.core.impl.data.Triple;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
 import szrservices.IdentityLinkType;
 import szrservices.PersonInfoType;
-import szrservices.SZRException_Exception;
 import szrservices.TravelDocumentType;
 
 
@@ -98,14 +96,14 @@ public class SzrClientTestProduction {
   }
 
   @Test
-  public void getVsz() throws SzrCommunicationException, EidasSAuthenticationException {
+  public void getVsz() throws EidasSAuthenticationException {
     String vsz = szrClient.getEncryptedStammzahl(getPersonInfo());
     Assert.assertNotNull("vsz", vsz);
 
   }
 
   @Test
-  public void getEidasBind() throws SzrCommunicationException, EidasSAuthenticationException {
+  public void getEidasBind() throws EidasSAuthenticationException {
     String vsz = RandomStringUtils.randomAlphanumeric(10);
     String bindingPubKey = Base64.toBase64String(RandomStringUtils.random(20).getBytes());
     String eidStatus = "urn:eidgvat:eid.status.eidas";
@@ -125,8 +123,7 @@ public class SzrClientTestProduction {
 
 
   @Test
-  public void getIdentityLinkRawMode() throws SZRException_Exception, EaafParserException,
-      NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException {
+  public void getIdentityLinkRawMode() throws EaafParserException, EidasSAuthenticationException {
     log.debug("Starting connecting SZR Gateway");
     final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(
         getPersonInfo());
@@ -173,7 +170,7 @@ public class SzrClientTestProduction {
 
   @Ignore
   @Test
-  public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException {
+  public void getBpkTest() throws EidasSAuthenticationException {
     final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,
         basicConfig.getBasicConfiguration(
             Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
@@ -193,9 +190,8 @@ public class SzrClientTestProduction {
   private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException {
     try {
       final MessageDigest md = MessageDigest.getInstance("SHA-256");
-      final byte[] hash = md.digest(uniqueId.getBytes("UTF-8"));
-      final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", "");
-      return hashBase64;
+      final byte[] hash = md.digest(uniqueId.getBytes(StandardCharsets.UTF_8));
+      return new String(Base64Utils.encode(hash), StandardCharsets.UTF_8).replaceAll("\r\n", "");
 
     } catch (final Exception ex) {
       throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex);
@@ -216,7 +212,7 @@ public class SzrClientTestProduction {
     // parse some eID attributes
     final Triple<String, String, String> eIdentifier =
         EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID);
-    final String uniqueId = createHashFromUniqueId(eIdentifier.getThird());
+    final String uniqueId = createHashFromUniqueId(Objects.requireNonNull(eIdentifier).getThird());
     final String citizenCountry = eIdentifier.getFirst();
 
     // person information
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index c29c82c7..ee7d2ebd 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -227,7 +227,7 @@ public class CreateIdentityLinkTaskEidNewTest {
     verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture());
 
     Boolean param5 = argument5.getValue();
-    Assert.assertTrue("insertERnP flag", param5);
+    Assert.assertFalse("insertERnP flag", param5);
     PersonInfoType person = argument4.getValue();
     Assert.assertEquals("FamilyName",
         response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue(
@@ -344,7 +344,7 @@ public class CreateIdentityLinkTaskEidNewTest {
     verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture());
 
     Boolean param5 = argument5.getValue();
-    Assert.assertTrue("insertERnP flag", param5);
+    Assert.assertFalse("insertERnP flag", param5);
     PersonInfoType person = argument4.getValue();
     Assert.assertEquals("FamilyName",
         response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue(