aboutsummaryrefslogtreecommitdiff
path: root/modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
authorThomas <>2022-05-17 20:47:53 +0200
committerThomas <>2022-05-17 20:47:53 +0200
commit7100b253fe4712f6c820d11ed341366b3ec67623 (patch)
tree71cb1d3125d9f1703f51e70f64fbada3b6785f3c /modules/authmodule-eIDAS-v2/src/main
parentb0869317938810db6bd79e3ccc2e84b9d18097b2 (diff)
parentac8b7edeefc1850fdcab859ee6f544aa4f614471 (diff)
downloadNational_eIDAS_Gateway-7100b253fe4712f6c820d11ed341366b3ec67623.tar.gz
National_eIDAS_Gateway-7100b253fe4712f6c820d11ed341366b3ec67623.tar.bz2
National_eIDAS_Gateway-7100b253fe4712f6c820d11ed341366b3ec67623.zip
Merge branch 'nightlybuild' into feature/ms_proxy_before_refactoring
# Conflicts: # build_reporting/pom.xml # modules/authmodule-eIDAS-v2/pom.xml
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java7
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/BmiSoapTransactionHeaderInterceptor.java87
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java31
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java37
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties7
5 files changed, 146 insertions, 23 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java
index a039881c..20f6d2b1 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java
@@ -183,17 +183,20 @@ public class AbstractSoapClient {
log.trace("Adding JAX-WS request/response trace handler to client: " + clientType);
List<Handler> handlerList = bindingProvider.getBinding().getHandlerChain();
if (handlerList == null) {
- handlerList = new ArrayList<>();
- bindingProvider.getBinding().setHandlerChain(handlerList);
+ handlerList = new ArrayList<>();
}
+ // add unique TransactionId into SOAP header
+ handlerList.add(new BmiSoapTransactionHeaderInterceptor());
+
// add logging handler to trace messages if required
if (enableTraceLogging) {
final LoggingHandler loggingHandler = new LoggingHandler();
handlerList.add(loggingHandler);
}
+
bindingProvider.getBinding().setHandlerChain(handlerList);
}
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/BmiSoapTransactionHeaderInterceptor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/BmiSoapTransactionHeaderInterceptor.java
new file mode 100644
index 00000000..86568796
--- /dev/null
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/BmiSoapTransactionHeaderInterceptor.java
@@ -0,0 +1,87 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients;
+
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPElement;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPFactory;
+import javax.xml.soap.SOAPHeader;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.ws.handler.MessageContext;
+import javax.xml.ws.handler.soap.SOAPHandler;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
+import lombok.extern.slf4j.Slf4j;
+
+
+/**
+ * Intercepter to set unique transactionId into Apache CXF clients.
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class BmiSoapTransactionHeaderInterceptor implements SOAPHandler<SOAPMessageContext> {
+ private static final String ELEMENT = "Client-Request-Id";
+
+ @Override
+ public boolean handleMessage(SOAPMessageContext context) {
+ if (((Boolean) context.get(SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY)).booleanValue()) {
+ if (StringUtils.isNotEmpty(TransactionIdUtils.getTransactionId())) {
+ injectTransactionId(context);
+
+ } else {
+ log.debug("No unique transactionId. Sending message without Id ...");
+
+ }
+ }
+
+ return true;
+
+ }
+
+ @Override
+ public boolean handleFault(SOAPMessageContext context) {
+ return true;
+
+ }
+
+ @Override
+ public void close(MessageContext context) {
+
+ }
+
+ @Override
+ public Set<QName> getHeaders() {
+ return null;
+
+ }
+
+ private void injectTransactionId(SOAPMessageContext context) {
+ try {
+ SOAPMessage message = context.getMessage();
+ SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
+ SOAPFactory soapFactory = SOAPFactory.newInstance();
+
+ // create header element
+ SOAPElement transactionIdElm = soapFactory.createElement(ELEMENT);
+ transactionIdElm.setTextContent(TransactionIdUtils.getTransactionId());
+
+ // inject header
+ SOAPHeader header = envelope.getHeader();
+ if (header == null) {
+ header = envelope.addHeader();
+
+ }
+ header.addChildElement(transactionIdElm);
+
+ } catch (Exception e) {
+ log.warn("Can NOT inject TransactionId into SOAP message. Sending message without Id ...", e);
+
+ }
+ }
+
+}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
index 6a732a0d..119a7c60 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
@@ -135,7 +135,7 @@ public class ErnpRestClient implements IErnpClient {
throws EidasSAuthenticationException {
try {
// build generic request metadata
- final GenericRequestParams generic = buildGenericRequestParameters("stepId");
+ final GenericRequestParams generic = buildGenericRequestParameters();
// build search request
final SuchEidas eidasInfos = new SuchEidas();
@@ -177,7 +177,7 @@ public class ErnpRestClient implements IErnpClient {
String citizenCountryCode) throws EidasSAuthenticationException {
try {
// build generic request metadata
- final GenericRequestParams generic = buildGenericRequestParameters("stepMDS");
+ final GenericRequestParams generic = buildGenericRequestParameters();
// build search request
final Suchdaten searchInfos = new Suchdaten();
@@ -218,7 +218,7 @@ public class ErnpRestClient implements IErnpClient {
try {
// build generic request metadata
- final GenericRequestParams generic = buildGenericRequestParameters("stepCC");
+ final GenericRequestParams generic = buildGenericRequestParameters();
// build search request
final PersonSuchen personSuchen = new PersonSuchen();
@@ -291,7 +291,7 @@ public class ErnpRestClient implements IErnpClient {
public ErnpRegisterResult add(SimpleEidasData eidData) throws EidasSAuthenticationException {
try {
// build generic request metadata
- final GenericRequestParams generic = buildGenericRequestParameters("stepNew");
+ final GenericRequestParams generic = buildGenericRequestParameters();
// build update request
PersonAnlegen ernpReq = new PersonAnlegen();
@@ -459,7 +459,7 @@ public class ErnpRestClient implements IErnpClient {
Collection<? extends Eidas> eidasDocumentToAdd, SimpleEidasData mdsToUpdate, String citizenCountryCode)
throws ServiceFault {
// build generic request metadata
- final GenericRequestParams generic = buildGenericRequestParameters("stepKittUpdate");
+ final GenericRequestParams generic = buildGenericRequestParameters();
// build update request
PersonAendern ernpReq = new PersonAendern();
@@ -562,7 +562,7 @@ public class ErnpRestClient implements IErnpClient {
private Person searchPersonForUpdate(RegisterResult registerResult) throws WorkflowException {
// build generic request metadata
- final GenericRequestParams generic = buildGenericRequestParameters("stepKittSearch");
+ final GenericRequestParams generic = buildGenericRequestParameters();
// build search request
final Suchdaten searchInfos = new Suchdaten();
@@ -762,10 +762,25 @@ public class ErnpRestClient implements IErnpClient {
final RestTemplate springClient = new RestTemplate(requestFactory);
springClient.setErrorHandler(buildErrorHandler());
springClient.getMessageConverters().add(0, buildCustomJacksonObjectMapper());
+ //springClient.getInterceptors().add(buildTransactionIdInterceptor());
return springClient;
}
+
+ //private ClientHttpRequestInterceptor buildTransactionIdInterceptor() {
+ // return new ClientHttpRequestInterceptor() {
+ //
+ // @Override
+ // public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution)
+ // throws IOException {
+ // request.getHeaders().add("dfafsafafsaf", TransactionIdUtils.getTransactionId());
+ // return execution.execute(request, body);
+ //
+ // }
+ // };
+ //}
+
private HttpMessageConverter<?> buildCustomJacksonObjectMapper() {
final MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
converter.setSupportedMediaTypes(Collections.singletonList(MediaType.APPLICATION_JSON));
@@ -833,13 +848,13 @@ public class ErnpRestClient implements IErnpClient {
}
- private GenericRequestParams buildGenericRequestParameters(String operationIdentifier) {
+ private GenericRequestParams buildGenericRequestParameters() {
return GenericRequestParams.builder()
.clientBehkz(basicConfig.getBasicConfiguration(
Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_ORGANIZATION_NR))
.clientName(MessageFormat.format(Constants.CLIENT_INFO, versionHolder.getVersion()))
.clientRequestTime(OffsetDateTime.now())
- .clientRequestId(TransactionIdUtils.getTransactionId() + "_" + operationIdentifier)
+ .clientRequestId(TransactionIdUtils.getTransactionId())
.build();
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java
index 96aa9c51..e8fb5b6b 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java
@@ -81,6 +81,7 @@ import lombok.extern.slf4j.Slf4j;
public class AlternativeSearchTask extends AbstractAuthServletTask {
private static final String MSG_PROP_25 = "module.eidasauth.matching.25";
+ private static final String MSG_PROP_26 = "module.eidasauth.matching.26";
private final RegisterSearchService registerSearchService;
private final ICcSpecificEidProcessingService eidPostProcessor;
@@ -107,11 +108,17 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
MatchingTaskUtils.getIntermediateMatchingResult(pendingReq);
//pre-validation of eIDAS data
- preVerifyAlternativeEidasData(altEidasData, initialEidasData, intermediateMatchingState);
-
- //perform register search operation based on alterantive eIDAS data
- step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData,
- intermediateMatchingState, initialEidasData);
+ if (!preVerifyAlternativeEidasData(altEidasData, initialEidasData,
+ intermediateMatchingState, executionContext)) {
+ executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
+ executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
+
+ } else {
+ //perform register search operation based on alterantive eIDAS data
+ step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData,
+ intermediateMatchingState, initialEidasData);
+
+ }
} catch (WorkflowException e) {
throw new TaskExecutionException(pendingReq, "Initial search failed", e);
@@ -131,10 +138,12 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
* @param altEidasData eIDAS data from alternative authentication
* @param initialEidasData eIDAS data from initial authentication
* @param intermediateMatchingState Intermediate matching result
+ * @param executionContext Current execution context state
+ * @return <code>true</code> if the current state is valid, otherwise <code>false</code>
* @throws WorkflowException In case of a validation error
*/
- private void preVerifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData,
- RegisterStatusResults intermediateMatchingState) throws WorkflowException {
+ private boolean preVerifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData,
+ RegisterStatusResults intermediateMatchingState, ExecutionContext executionContext) throws WorkflowException {
if (initialEidasData == null) {
throw new WorkflowException("step11", "No initial eIDAS authn data", true);
@@ -146,14 +155,22 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
}
if (!Objects.equals(altEidasData.getCitizenCountryCode(), initialEidasData.getCitizenCountryCode())) {
- throw new WorkflowException("step11", "Country Code of alternative eIDAS authn not matching", true);
+ log.warn("CountryCode: {} from alternative eIDAS authentication DOES NOT match to initial countryCode: {}",
+ altEidasData.getCitizenCountryCode(), initialEidasData.getCitizenCountryCode());
+ executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_26);
+ return false;
+
}
if (!altEidasData.equalsMds(initialEidasData)) {
- throw new WorkflowException("step11", "MDS of alternative eIDAS authn does not match initial authn", true);
+ log.warn("MDS from alternative eIDAS authentication DOES NOT match to initial MDS");
+ executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_26);
+ return false;
}
+
+ return true;
}
private void step11RegisterSearchWithPersonIdentifier(
@@ -229,7 +246,7 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result);
//remove intermediate matching-state
- MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, null);
+ //MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, null);
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
index bd05fef2..6d73c43a 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
@@ -23,11 +23,12 @@ module.eidasauth.matching.04=An error occurred while loading your data from offi
module.eidasauth.matching.11=Matching failed, because of an ERnP communication error. Reason: {0}
module.eidasauth.matching.12=Matching failed, because ERnP response contains historic information which is not supported.
-module.eidasauth.matching.21=Matching be using residence information failed by missing input information. Use another method for matching or create a new Austrian identity.
-module.eidasauth.matching.22=Can not find an unique match by using residence information. Provide more or other data, use another method for matching, or create a new Austrian identity.
+module.eidasauth.matching.21=Matching be using residence information failed by missing input information. Use another method for matching.
+module.eidasauth.matching.22=Can not find an unique match by using residence information. Provide more or other data or use another method for matching.
module.eidasauth.matching.23=Matching be using Austrian Identity was canceled. Use another method for matching or create a new Austrian identity.
module.eidasauth.matching.24=Matching be using Austrian Identity not possible. Use another method for matching or create a new Austrian identity.
-module.eidasauth.matching.25=Matching be using alternative eIDAS authentication not possible. Provide more or other data, use another method for matching, or create a new Austrian identity.
+module.eidasauth.matching.25=Matching be using alternative eIDAS authentication not possible. Provide more or other data or use another method for matching.
+module.eidasauth.matching.26=Matching be using alternative eIDAS authentication not possible, because Name or Country not matched. Provide more or other data or use another method for matching.
module.eidasauth.matching.99=Matching failed, because of an unexpected processing error. Reason: {0}