aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java96
1 files changed, 50 insertions, 46 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index b519354c..65e9028f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -85,6 +85,10 @@ import szrservices.TravelDocumentType;
* Task that creates the IdentityLink for an eIDAS authenticated person.
*
* @author tlenz
+ *
+ * TODO Take Constants#DATA_SIMPLE_EIDAS and Constants#DATA_RESULT_MATCHING_BPK
+ * TODO Only do VSZ Erstellung and eidasBind -- this is always the end of the whole process
+ * TODO Move Eintragung to separate Task, as it does not happen every time
*/
@Slf4j
@Component("CreateIdentityLinkTask")
@@ -96,12 +100,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
private SzrClient szrClient;
@Autowired
private ICcSpecificEidProcessingService eidPostProcessor;
-
+
@Autowired
private AuthBlockSigningService authBlockSigner;
private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas";
-
+
/*
* (non-Javadoc)
*
@@ -131,81 +135,81 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData);
//inject personal-data into session
- authProcessData.setIdentityLink(idlResult.getIdentityLink());
-
+ authProcessData.setIdentityLink(idlResult.getIdentityLink());
+
// set bPK and bPKType into auth session
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
pendingReq.getServiceProviderConfiguration()
.getAreaSpecificTargetIdentifier());
-
+
} else {
- //build SZR request from eIDAS data
+ //build SZR request from eIDAS data
final PersonInfoType personInfo = generateSzrRequest(eidData);
-
+
//request SZR based on IDL or E-ID mode
if (pendingReq.getServiceProviderConfiguration()
.isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) {
// get encrypted baseId
String vsz = szrClient.getEncryptedStammzahl(personInfo);
-
+
//write revision-Log entry and extended infos personal-identifier mapping
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED);
writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
-
-
+
+
// get eIDAS bind
- String signedEidasBind = szrClient.getEidsaBind(vsz,
- authBlockSigner.getBase64EncodedPublicKey(),
+ String signedEidasBind = szrClient.getEidsaBind(vsz,
+ authBlockSigner.getBase64EncodedPublicKey(),
EID_STATUS, eidData);
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED);
authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
-
+
//get signed AuthBlock
String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq);
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED);
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
-
+
//inject personal-data into session
authProcessData.setEidProcess(true);
-
+
} else {
//request SZR
SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo);
-
+
//write revision-Log entry for personal-identifier mapping
writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
-
+
//check result-data and write revision-log based on current state
checkStateAndWriteRevisionLog(idlResult);
-
+
//inject personal-data into session
- authProcessData.setIdentityLink(idlResult.getIdentityLink());
+ authProcessData.setIdentityLink(idlResult.getIdentityLink());
authProcessData.setEidProcess(false);
-
+
// set bPK and bPKType into auth session
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
pendingReq.getServiceProviderConfiguration()
.getAreaSpecificTargetIdentifier());
-
+
}
}
-
+
//add generic info's into session
authProcessData.setForeigner(true);
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
.parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
.getFirst());
authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
-
+
// store pending-request
requestStoreage.storePendingRequest(pendingReq);
-
-
+
+
} catch (final EidasAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
@@ -229,7 +233,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
-
+
private PersonInfoType generateSzrRequest(ErnbEidData eidData) {
log.debug("Starting connecting SZR Gateway");
final PersonInfoType personInfo = new PersonInfoType();
@@ -278,16 +282,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
-
+
return personInfo;
-
+
}
- private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo)
+ private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo)
throws SzrCommunicationException, EaafException {
//request IdentityLink from SZR
final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
-
+
final Element idlFromSzr = (Element) result.getAssertion();
IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
@@ -301,9 +305,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"));
if (!bpkList.isEmpty()) {
bpk = bpkList.get(0);
-
+
}
-
+
} else {
log.debug("Calculating bPK from baseId ... ");
@@ -316,11 +320,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
bpk = bpkCalc.getFirst();
}
-
+
return new SzrResultHolder(identityLink, bpk);
-
+
}
-
+
private void checkStateAndWriteRevisionLog(SzrResultHolder idlResult) throws SzrCommunicationException {
// write some infos into revision log
if (idlResult.getIdentityLink() == null) {
@@ -341,9 +345,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
log.debug("ERnB communication was successfull");
-
+
}
-
+
private String extendBpkByPrefix(String bpk, String type) {
String bpkType = null;
@@ -433,20 +437,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
-
+
@Data
- private static class SzrResultHolder {
+ private static class SzrResultHolder {
final IIdentityLink identityLink;
final String bpK;
-
+
}
-
+
/**
* Build a dummy IdentityLink and a dummy bPK based on eIDAS information.
- *
+ *
* <br><br>
* <b>FOR LOCAL TESTING ONLY!!!</b>
- *
+ *
* @param eidData Information from eIDAS response
* @return IdentityLink and bPK
* @throws ParserConfigurationException In case of an IDL processing error
@@ -454,7 +458,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
* @throws IOException In case of an IDL processing error
* @throws EaafException In case of a bPK generation error
*/
- private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData)
+ private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData)
throws ParserConfigurationException, SAXException, IOException, EaafException {
log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!");
// create fake IdL
@@ -495,9 +499,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
.generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
identityLink.getIdentificationType(),
pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
+ .getAreaSpecificTargetIdentifier());
return new SzrResultHolder(identityLink, bpkCalc.getFirst());
-
+
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-02 12:19:55 +0000