diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java')
| -rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java | 165 |
1 files changed, 59 insertions, 106 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 41bf4409..35717ae0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -25,18 +25,13 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; import java.io.IOException; import java.io.InputStream; -import java.util.HashMap; import java.util.List; -import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; -import org.apache.commons.lang3.StringUtils; -import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; -import org.joda.time.DateTime; import org.jose4j.lang.JoseException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -45,19 +40,17 @@ import org.w3c.dom.Node; import org.xml.sax.SAXException; import com.fasterxml.jackson.core.JsonProcessingException; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; @@ -66,17 +59,13 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import eu.eidas.auth.commons.attribute.AttributeDefinition; -import eu.eidas.auth.commons.attribute.AttributeValue; -import eu.eidas.auth.commons.light.ILightResponse; -import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.Data; import lombok.extern.slf4j.Slf4j; import szrservices.IdentityLinkType; @@ -112,8 +101,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { @Autowired private SzrClient szrClient; @Autowired - private ICcSpecificEidProcessingService eidPostProcessor; - @Autowired private AuthBlockSigningService authBlockSigner; private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; @@ -129,63 +116,68 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try { + try { - /*TODO: needs refactoring because we has to be operate on national identifiers - * because matching and insert ERnP was already done!! + /*TODO: needs more re-factoring if we finalize CreateNewErnpEntryTask and we know how add entries into ERnP + * Maybe, we can fully replace eidData by matchedPersonData, + * because matchedPersonData holds the result after a successful matching process. + * + * Currently, we only add a work-around to operate without new ERnP implementation. */ - final ILightResponse eidasResponse = getAuthProcessDataWrapper() - .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - final Map<String, Object> eidasAttributes = convertEidasAttrToSimpleMap( - eidasResponse.getAttributes().getAttributeMap()); - final SimpleEidasData eidData = eidPostProcessor.postProcess(eidasAttributes); - //final SimpleEidasData eidData = - // getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); - final String personalIdentifier = (String) eidasAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + final SimpleEidasData eidData = MatchingTaskUtils.getInitialEidasData(pendingReq); + MatchedPersonResult matchedPersonData = MatchingTaskUtils.getFinalMatchingResult(pendingReq); + writeMdsLogInformation(eidData); if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { buildDummyIdentityLink(eidData); + } else { //request SZR based on IDL or E-ID mode if (pendingReq.getServiceProviderConfiguration() .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) { - executeEidMode(eidData, personalIdentifier); + executeEidMode(eidData, matchedPersonData); + } else { - executeIdlMode(eidData, personalIdentifier); - } + executeIdlMode(eidData, matchedPersonData); + + } } + storeGenericInfoToSession(eidData); requestStoreage.storePendingRequest(pendingReq); + } catch (final EidasAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); + } catch (final EaafException e) { throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + } catch (final Exception e) { log.error("IdentityLink generation for foreign person FAILED.", e); throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + } } private void storeGenericInfoToSession(SimpleEidasData eidData) throws EaafStorageException { - AuthProcessDataWrapper authProcessData = getAuthProcessDataWrapper(); + AuthProcessDataWrapper authProcessData = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq); authProcessData.setForeigner(true); authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode()); } - private void executeIdlMode(SimpleEidasData eidData, String personalIdentifier) throws EaafException { + private void executeIdlMode(SimpleEidasData eidData, MatchedPersonResult matchedPersonData) throws EaafException { //request SZR - SzrResultHolder idlResult = requestSzrForIdentityLink(eidData); + SzrResultHolder idlResult = requestSzrForIdentityLink(eidData, matchedPersonData); //write revision-Log entry for personal-identifier mapping - writeExtendedRevisionLogEntry(eidData, personalIdentifier); - + writeExtendedRevisionLogEntry(eidData, eidData.getPersonalIdentifier()); //check result-data and write revision-log based on current state checkStateAndWriteRevisionLog(idlResult); //inject personal-data into session - AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper(); + AuthProcessDataWrapper authProcessDataWrapper = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq); authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink()); authProcessDataWrapper.setEidProcess(false); @@ -197,20 +189,29 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { .getAreaSpecificTargetIdentifier()); } - private void executeEidMode(SimpleEidasData eidData, String personalIdentifier) + private void executeEidMode(SimpleEidasData eidData, MatchedPersonResult matchedPersonData) throws JsonProcessingException, EaafException, JoseException { // get encrypted baseId - String vsz = szrClient.getEncryptedStammzahl(eidData); - + String vsz; + if (matchedPersonData != null) { + log.debug("Requesting encrypted baseId by already matched person information ... "); + vsz = szrClient.getEncryptedStammzahl(matchedPersonData); + + } else { + log.debug("Requesting encrypted baseId by using eIDAS information directly ... "); + vsz = szrClient.createNewErnpEntry(eidData); + + } + //write revision-Log entry and extended infos personal-identifier mapping revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED); - writeExtendedRevisionLogEntry(eidData, personalIdentifier); + writeExtendedRevisionLogEntry(eidData, eidData.getPersonalIdentifier()); // get eIDAS bind String signedEidasBind = szrClient .getEidasBind(vsz, authBlockSigner.getBase64EncodedPublicKey(), EID_STATUS, eidData); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); - AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper(); + AuthProcessDataWrapper authProcessDataWrapper = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq); authProcessDataWrapper.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); //get signed AuthBlock @@ -220,11 +221,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //inject personal-data into session authProcessDataWrapper.setEidProcess(true); + } private void buildDummyIdentityLink(SimpleEidasData eidData) throws ParserConfigurationException, SAXException, IOException, EaafException { - AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper(); + AuthProcessDataWrapper authProcessDataWrapper = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq); SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData); //inject personal-data into session authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink()); @@ -247,10 +249,22 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData) throws EaafException { + private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData, + MatchedPersonResult matchedPersonData) throws EaafException { //request IdentityLink from SZR - final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(eidData); + IdentityLinkType result; + if (matchedPersonData != null) { + log.debug("Requesting encrypted baseId by already matched person information ... "); + result = szrClient.getIdentityLinkInRawMode(matchedPersonData); + + } else { + log.debug("Requesting encrypted baseId by using eIDAS information directly ... "); + result = szrClient.getIdentityLinkInRawMode(eidData); + + } + + final Element idlFromSzr = (Element) result.getAssertion(); final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); @@ -322,68 +336,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - private Map<String, Object> convertEidasAttrToSimpleMap( - ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { - final Map<String, Object> result = new HashMap<>(); - for (final AttributeDefinition<?> el : attributeMap.keySet()) { - final Class<?> parameterizedType = el.getParameterizedType(); - if (DateTime.class.equals(parameterizedType)) { - convertDateTime(attributeMap, result, el); - } else if (PostalAddress.class.equals(parameterizedType)) { - convertPostalAddress(attributeMap, result, el); - } else { - convertString(attributeMap, result, el); - } - } - - log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); - return result; - } - - private void convertString(ImmutableMap<AttributeDefinition<?>, - ImmutableSet<? extends AttributeValue<?>>> attributeMap, - Map<String, Object> result, AttributeDefinition<?> el) { - final List<String> natPersonIdObj = EidasResponseUtils - .translateStringListAttribute(el, attributeMap.get(el)); - final String stringAttr = natPersonIdObj.get(0); - if (StringUtils.isNotEmpty(stringAttr)) { - result.put(el.getFriendlyName(), stringAttr); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); - } else { - log.info("Ignore empty 'String' attribute"); - } - } - - private void convertPostalAddress(ImmutableMap<AttributeDefinition<?>, - ImmutableSet<? extends AttributeValue<?>>> attributeMap, - Map<String, Object> result, AttributeDefinition<?> el) { - final PostalAddress addressAttribute = EidasResponseUtils - .translateAddressAttribute(el, attributeMap.get(el).asList()); - if (addressAttribute != null) { - result.put(el.getFriendlyName(), addressAttribute); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString()); - } else { - log.info("Ignore empty 'PostalAddress' attribute"); - } - } - - private void convertDateTime(ImmutableMap<AttributeDefinition<?>, - ImmutableSet<? extends AttributeValue<?>>> attributeMap, - Map<String, Object> result, AttributeDefinition<?> el) { - final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); - if (attribute != null) { - result.put(el.getFriendlyName(), attribute); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString()); - } else { - log.info("Ignore empty 'DateTime' attribute"); - } - } - - @NotNull - private AuthProcessDataWrapper getAuthProcessDataWrapper() { - return pendingReq.getSessionData(AuthProcessDataWrapper.class); - } - + /** * write MDS into technical log and revision log. */ |