diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java')
| -rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java | 117 |
1 files changed, 86 insertions, 31 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java index 4705c56b..e0273d10 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java @@ -23,6 +23,17 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; + +import java.util.Map; +import java.util.Objects; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.jetbrains.annotations.NotNull; +import org.springframework.stereotype.Component; + import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; @@ -40,15 +51,6 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import eu.eidas.auth.commons.light.ILightResponse; import lombok.extern.slf4j.Slf4j; -import org.jetbrains.annotations.NotNull; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.Map; -import java.util.Objects; - -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; /** * Searches registers (ERnP and ZMR) after alternative eIDAS authn, before adding person to SZR. @@ -96,74 +98,123 @@ public class AlternativeSearchTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - final SimpleEidasData altEidasData = convertEidasAttrToSimpleData(); + final SimpleEidasData altEidasData = convertEidasAttrToSimpleData(); final SimpleEidasData initialEidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); - verifyAlternativeEidasData(altEidasData, initialEidasData); - step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData, initialEidasData); + final RegisterStatusResults intermediateMatchingState = + MatchingTaskUtils.getIntermediateMatchingResult(pendingReq); + + //pre-validation of eIDAS data + preVerifyAlternativeEidasData(altEidasData, initialEidasData, intermediateMatchingState); + + //perform register search operation based on alterantive eIDAS data + step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData, + intermediateMatchingState, initialEidasData); + } catch (WorkflowException e) { throw new TaskExecutionException(pendingReq, "Initial search failed", e); + } catch (final Exception e) { log.error("Initial search failed", e); throw new TaskExecutionException(pendingReq, "Initial search failed with a generic error", e); + } } - private void verifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData) - throws WorkflowException { + /** + * Pre-validation of eIDAS information. + * + * <p>Check if country-code and MDS (givenName, familyName, dateOfBirth) matches.</p> + * + * @param altEidasData eIDAS data from alternative authentication + * @param initialEidasData eIDAS data from initial authentication + * @param intermediateMatchingState Intermediate matching result + * @throws WorkflowException In case of a validation error + */ + private void preVerifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData, + RegisterStatusResults intermediateMatchingState) throws WorkflowException { if (initialEidasData == null) { - throw new WorkflowException("step11", "No initial eIDAS authn data"); + throw new WorkflowException("step11", "No initial eIDAS authn data", true); + + } + + if (intermediateMatchingState == null) { + throw new WorkflowException("step11", "No intermediate matching-state", true); + } + if (!Objects.equals(altEidasData.getCitizenCountryCode(), initialEidasData.getCitizenCountryCode())) { throw new WorkflowException("step11", "Country Code of alternative eIDAS authn not matching", true); + } + if (!altEidasData.equalsMds(initialEidasData)) { throw new WorkflowException("step11", "MDS of alternative eIDAS authn does not match initial authn", true); + } } private void step11RegisterSearchWithPersonIdentifier( - ExecutionContext executionContext, SimpleEidasData initialEidasData, SimpleEidasData altEidasData) + ExecutionContext executionContext, SimpleEidasData altEidasData, + RegisterStatusResults intermediateMatchingState, SimpleEidasData initialEidasData) throws WorkflowException, EaafStorageException { try { log.trace("Starting step11RegisterSearchWithPersonIdentifier"); - RegisterStatusResults searchResult = registerSearchService.searchWithPersonIdentifier(altEidasData); - int resultCount = searchResult.getResultCount(); + RegisterStatusResults altSearchResult = registerSearchService.searchWithPersonIdentifier( + intermediateMatchingState.getOperationStatus(), altEidasData); + + int resultCount = altSearchResult.getResultCount(); if (resultCount == 0) { - step12CountrySpecificSearch(executionContext, searchResult.getOperationStatus(), initialEidasData, - altEidasData); + step12CountrySpecificSearch(executionContext, intermediateMatchingState, initialEidasData, + altSearchResult.getOperationStatus(), altEidasData); + } else if (resultCount == 1) { - foundMatchFinalizeTask(searchResult, altEidasData); + log.debug("step11RegisterSearchWithPersonIdentifier find single result. Starting KITT operation ... "); + RegisterStatusResults matchtedResult = registerSearchService.step7bKittProcess( + intermediateMatchingState, initialEidasData, altSearchResult, altEidasData); + + log.debug("KITT operation finished. Finalize matching process ... "); + foundMatchFinalizeTask(matchtedResult, altEidasData); + } else { throw new WorkflowException("step11RegisterSearchWithPersonIdentifier", "More than one entry with unique personal-identifier", true); + } } catch (WorkflowException e) { - //TODO: what we do in case of a workflow error and manual matching are necessary?? log.warn("Workflow error during matching step: {}. Reason: {}", e.getProcessStepName(), e.getErrorReason()); throw e; + } } private void step12CountrySpecificSearch(ExecutionContext executionContext, - RegisterOperationStatus registerOperationStatus, + RegisterStatusResults intermediateMatchingState, SimpleEidasData initialEidasData, + RegisterOperationStatus registerOperationStatus, SimpleEidasData altEidasData) throws EaafStorageException, WorkflowException { - log.trace("Starting 'step12CountrySpecificSearch' ... "); - RegisterStatusResults searchResult = registerSearchService.searchWithCountrySpecifics( + log.trace("Starting 'step12CountrySpecificSearch' ... "); + RegisterStatusResults ccAltSearchResult = registerSearchService.searchWithCountrySpecifics( registerOperationStatus, altEidasData); - if (searchResult.getResultCount() == 0) { + + if (ccAltSearchResult.getResultCount() == 0) { log.trace("'step12CountrySpecificSearch' ends with no result. Forward to GUI based matching step ... "); log.debug("Forward to GUI based matching steps ... "); executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); - } else if (searchResult.getResultCount() == 1) { - log.trace("'step12CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... "); - registerSearchService.step7bKittProcess(searchResult, initialEidasData, altEidasData); - foundMatchFinalizeTask(searchResult, altEidasData); + + } else if (ccAltSearchResult.getResultCount() == 1) { + log.debug("'step12CountrySpecificSearch' find single result. Starting KITT operation ... "); + RegisterStatusResults matchtedResult = registerSearchService.step7bKittProcess( + intermediateMatchingState, initialEidasData, ccAltSearchResult, altEidasData); + + log.debug("KITT operation finished. Finalize matching process ... "); + foundMatchFinalizeTask(matchtedResult, altEidasData); + } else { throw new WorkflowException("step12CountrySpecificSearch", "More than one entry with unique country-specific information", true); - } + + } } private void foundMatchFinalizeTask(RegisterStatusResults searchResult, SimpleEidasData eidasData) @@ -171,6 +222,10 @@ public class AlternativeSearchTask extends AbstractAuthServletTask { MatchedPersonResult result = MatchedPersonResult.generateFormMatchingResult( searchResult.getResult(), eidasData.getCitizenCountryCode()); MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result); + + //remove intermediate matching-state + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, null); + } @NotNull |