diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java')
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java | 202 |
1 files changed, 202 insertions, 0 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java new file mode 100644 index 00000000..2341b733 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -0,0 +1,202 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import eu.eidas.auth.commons.light.ILightResponse; +import lombok.extern.slf4j.Slf4j; +import org.jetbrains.annotations.NotNull; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Map; + +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; + +/** + * Searches registers (ERnP and ZMR) after initial user auth, before adding person to SZR. + * Input: + * <ul> + * <li>{@link Constants#DATA_FULL_EIDAS_RESPONSE}</li> + * </ul> + * Output: + * <ul> + * <li>{@link Constants#DATA_SIMPLE_EIDAS} converted from Full eIDAS Response</li> + * <li>{@link Constants#DATA_INTERMEDIATE_RESULT} results from first search in registers with + * PersonIdentifier</li> + * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} results after second search in registers with MDS</li> + * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> + * </ul> + * Transitions: + * <ul> + * <li>{@link CreateNewErnpEntryTask} if no results in registers where found for this user</li> + * <li>{@link GenerateOtherLoginMethodGuiTask} if search with MDS returns more than one match, user may provide + * alternative login methods to get an unique match</li> + * <li>{@link CreateIdentityLinkTask} if search in register returned one match, user is uniquely identified</li> + * </ul> + * + * @author amarsalek + * @author ckollmann + * @author tlenz + */ +@Slf4j +@Component("InitialSearchTask") +@SuppressWarnings("PMD.TooManyStaticImports") +public class InitialSearchTask extends AbstractAuthServletTask { + + private final RegisterSearchService registerSearchService; + private final ICcSpecificEidProcessingService eidPostProcessor; + + /** + * Constructor. + * + * @param registerSearchService Service for register search access + * @param eidPostProcessor Country-Specific post processing of attributes + */ + public InitialSearchTask(RegisterSearchService registerSearchService, + ICcSpecificEidProcessingService eidPostProcessor) { + this.registerSearchService = registerSearchService; + this.eidPostProcessor = eidPostProcessor; + } + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final SimpleEidasData eidasData = convertEidasAttrToSimpleData(); + MatchingTaskUtils.storeInitialEidasData(pendingReq, eidasData); + step2RegisterSearchWithPersonIdentifier(executionContext, eidasData); + } catch (WorkflowException e) { + throw new TaskExecutionException(pendingReq, "Initial search failed", e); + } catch (final Exception e) { + log.error("Initial search failed", e); + throw new TaskExecutionException(pendingReq, "Initial search failed with a generic error", e); + } + } + + private void step2RegisterSearchWithPersonIdentifier( + ExecutionContext executionContext, SimpleEidasData eidasData) throws WorkflowException, EaafStorageException { + try { + log.trace("Starting step2RegisterSearchWithPersonIdentifier"); + RegisterStatusResults searchResult = registerSearchService.searchWithPersonIdentifier(eidasData); + int resultCount = searchResult.getResultCount(); + if (resultCount == 0) { + step6CountrySpecificSearch(executionContext, searchResult.getOperationStatus(), eidasData); + } else if (resultCount == 1) { + foundMatchFinalizeTask(searchResult, eidasData); + } else { + throw new WorkflowException("step2RegisterSearchWithPersonIdentifier", + "More than one entry with unique personal-identifier", true); + } + } catch (WorkflowException e) { + //TODO: what we do in case of a workflow error and manual matching are necessary?? + log.warn("Workflow error during matching step: {}. Reason: {}", e.getProcessStepName(), e.getErrorReason()); + throw e; + } + } + + private void step6CountrySpecificSearch( + ExecutionContext executionContext, RegisterOperationStatus registerOperationStatus, SimpleEidasData eidasData) + throws EaafStorageException, WorkflowException { + log.trace("Starting 'step6CountrySpecificSearch' ... "); + RegisterStatusResults searchResult = registerSearchService.searchWithCountrySpecifics( + registerOperationStatus, eidasData); + if (searchResult.getResultCount() == 0) { + log.trace("'step6CountrySpecificSearch' ends with no result. Forward to next matching step ... "); + step8RegisterSearchWithMds(executionContext, searchResult.getOperationStatus(), eidasData); + } else if (searchResult.getResultCount() == 1) { + log.trace("'step6CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... "); + registerSearchService.step7aKittProcess(searchResult, eidasData); + foundMatchFinalizeTask(searchResult, eidasData); + } else { + throw new WorkflowException("step6CountrySpecificSearch", + "More than one entry with unique country-specific information", true); + } + } + + private void step8RegisterSearchWithMds(ExecutionContext executionContext, + RegisterOperationStatus registerOperationStatus, SimpleEidasData eidasData) + throws EaafStorageException, WorkflowException { + log.trace("Starting step8RegisterSearchWithMds"); + RegisterStatusResults registerData = registerSearchService.searchWithMds(registerOperationStatus, eidasData); + if (registerData.getResultCount() == 0) { + log.debug("Matching step: 'step8RegisterSearchWithMds' has no result. Forward to create new ERnP entry ... "); + executionContext.put(TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); + } else { + log.debug("Matching step: 'step8RegisterSearchWithMds' has #{} results. " + + "Forward to GUI based matching steps ... ", registerData.getResultCount()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerData); + executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); + } + } + + private void foundMatchFinalizeTask(RegisterStatusResults searchResult, SimpleEidasData eidasData) + throws WorkflowException, EaafStorageException { + RegisterResult updatedResult = step3CheckRegisterUpdateNecessary(searchResult.getResult(), eidasData); + MatchedPersonResult result = MatchedPersonResult.generateFormMatchingResult( + updatedResult, eidasData.getCitizenCountryCode()); + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result); + } + + private RegisterResult step3CheckRegisterUpdateNecessary(RegisterResult searchResult, + SimpleEidasData eidasData) throws WorkflowException { + log.trace("Starting step3CheckRegisterUpdateNecessary"); + if (!eidasData.equalsRegisterData(searchResult)) { + log.info("Skipping update-register-information step, because it's not supported yet"); + //TODO: return updated search result if updates are allowed + return searchResult; + } else { + log.debug("Register information match to eIDAS information. No update required"); + return searchResult; + } + } + + @NotNull + private SimpleEidasData convertEidasAttrToSimpleData() + throws EidasAttributeException, EidPostProcessingException { + final ILightResponse eidasResponse = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq) + .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + Map<String, Object> simpleMap = MatchingTaskUtils.convertEidasAttrToSimpleMap( + eidasResponse.getAttributes().getAttributeMap(), log); + return eidPostProcessor.postProcess(simpleMap); + } + +} |