aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java77
1 files changed, 55 insertions, 22 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 8c7815be..57531493 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -37,6 +37,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchSe
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
@@ -73,15 +74,30 @@ import java.io.IOException;
import java.util.List;
import java.util.Set;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_INITIAL_REGISTER_RESULT;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.DATA_SIMPLE_EIDAS;
import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING;
/**
* Task that receives the SAML2 response from ID Austria system.
* This corresponds to Step 15 in the eIDAS Matching Concept.
*
+ * Input:
+ * <ul>
+ * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li>
+ * <li>{@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier</li>
+ * </ul>
+ * Output:
+ * <ul>
+ * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
+ * </ul>
+ * Transitions:
+ * <ul>
+ * <li>{@link GenerateAustrianResidenceGuiTask}</li> if no results in registers were found
+ * <li>{@link CreateIdentityLinkTask}</li> if one exact match between initial register search (with MDS) data and
+ * register search with MPS data exists
+ * </ul>
+ *
* @author tlenz
+ * @author ckollmann
*/
@Slf4j
@Component("ReceiveMobilePhoneSignatureResponseTask")
@@ -108,6 +124,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
/**
* Creates the new task, with autowired dependencies from Spring.
*/
+ @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine,
RegisterSearchService registerSearchService,
IdAustriaClientAuthCredentialProvider credentialProvider,
@@ -146,22 +163,24 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
*
*/
- AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- MergedRegisterSearchResult initialSearchResult =
- authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class);
- SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class);
- String bpkZp = extractBpkZp(extractor, authProcessData, eidasData);
+ MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult();
+ SimpleEidasData eidasData = getInitialEidasData();
+ String bpkZp = extractBpkZp(extractor, eidasData);
- MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp);
- if (result.getResultCount() == 0) {
+ // TODO Hier ist wohl keine Register-Suche notwendig, denn das ergibt sicher einen Treffer
+ // TODO Soll: In den Ergebnissen aus Step8 matchen! Über BPK matchen, und dann schauen, ob zumindest
+ // Geburtsdatum passt
+ MergedRegisterSearchResult registerResult = registerSearchService.searchWithBpkZp(bpkZp);
+ if (registerResult.getResultCount() == 0) {
executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
return;
- } else if (result.getResultCount() == 1) {
- String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq);
- authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
+ } else if (registerResult.getResultCount() == 1) {
+ String bpk = registerSearchService
+ .step7aKittProcess(initialSearchResult, registerResult, eidasData, pendingReq);
+ storeMatchingBpk(bpk);
return;
- } else if (result.getResultCount() > 1) {
- throw new ManualFixNecessaryException("bpkZp: " + bpkZp);
+ } else if (registerResult.getResultCount() > 1) {
+ throw new ManualFixNecessaryException(eidasData);
}
// set NeedConsent to false, because user gives consent during authentication
@@ -192,16 +211,31 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
}
private String extractBpkZp(AssertionAttributeExtractor extractor,
- AuthProcessDataWrapper authProcessData,
SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException {
- SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
+ SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor);
if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
- //TODO User has cheated?
- throw new InvalidUserInputException();
+ throw new InvalidUserInputException(); // user has cheated!?
}
return simpleMobileSignatureData.getBpk();
}
+ private SimpleEidasData getInitialEidasData() {
+ return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
+ }
+
+ private MergedRegisterSearchResult getInitialRegisterResult() {
+ return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
+ MergedRegisterSearchResult.class);
+ }
+
+ private void storeMatchingBpk(String bpk) throws EaafStorageException {
+ getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
+ }
+
+ private AuthProcessDataWrapper getAuthProcessDataWrapper() {
+ return pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ }
+
@NotNull
private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response,
IDecoder decoder, EaafUriCompare comparator) throws Exception {
@@ -303,8 +337,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
return null;
}
- private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor,
- AuthProcessDataWrapper authProcessData)
+ private SimpleMobileSignatureData getAuthDataFromInterfederation(AssertionAttributeExtractor extractor)
throws EaafBuilderException {
List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
SimpleMobileSignatureData result = new SimpleMobileSignatureData();
@@ -329,10 +362,10 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
}
if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
- authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
+ getAuthProcessDataWrapper().setQaaLevel(extractor.getSingleAttributeValue(attrName));
}
}
- authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
+ getAuthProcessDataWrapper().setIssueInstant(extractor.getAssertionIssuingDate());
return result;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-14 04:34:11 +0000