aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java64
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java197
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java)220
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrService.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java)4
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java89
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java560
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java75
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java67
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java28
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java4
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java9
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java4
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java5
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java10
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java65
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ZmrCommunicationException.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java)32
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java17
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java15
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java41
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java30
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java328
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java57
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java25
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java229
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java104
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java159
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java30
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java46
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java88
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/VersionHolder.java40
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java50
31 files changed, 1902 insertions, 790 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 3a267d29..3e20a132 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -27,6 +27,9 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants;
public class Constants {
+ //TODO: should we make it configurable?
+ public static final String MATCHING_INTERNAL_BPK_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP";
+
public static final String ERRORCODE_00 = "module.eidasauth.00";
public static final String DATA_REQUESTERID = "req_requesterId";
@@ -91,6 +94,42 @@ public class Constants {
public static final String FORWARD_METHOD_POST = "POST";
public static final String FORWARD_METHOD_GET = "GET";
+ // ZMR Client configuration properties
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".zmrclient";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".endpoint";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_DEBUG_TRACEMESSAGES = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".debug.logfullmessages";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".timeout.connection";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".timeout.response";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.keyStore.path";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.keyStore.password";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_TYPE = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.keyStore.type";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_NAME = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.keyStore.name";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.key.alias";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.key.password";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.trustStore.path";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.trustStore.password";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_TYPE = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.trustStore.type";
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".ssl.trustStore.name";
+
+ public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_ORGANIZATION_NR = CONIG_PROPS_EIDAS_ZMRCLIENT
+ + ".req.organisation.behoerdennr";
+
+
+ // SZR Client configuration properties
public static final String CONIG_PROPS_EIDAS_SZRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".szrclient";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE = CONIG_PROPS_EIDAS_SZRCLIENT
+ ".useTestService";
@@ -112,11 +151,23 @@ public class Constants {
+ ".ssl.keyStore.path";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT
+ ".ssl.keyStore.password";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_TYPE = CONIG_PROPS_EIDAS_SZRCLIENT
+ + ".ssl.keyStore.type";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_NAME = CONIG_PROPS_EIDAS_SZRCLIENT
+ + ".ssl.keyStore.name";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_SZRCLIENT
+ + ".ssl.key.alias";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT
+ + ".ssl.key.password";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT
+ ".ssl.trustStore.path";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT
+ ".ssl.trustStore.password";
-
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_TYPE = CONIG_PROPS_EIDAS_SZRCLIENT
+ + ".ssl.trustStore.type";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_SZRCLIENT
+ + ".ssl.trustStore.name";
+
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE = CONIG_PROPS_EIDAS_SZRCLIENT
+ ".params.documenttype";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ = CONIG_PROPS_EIDAS_SZRCLIENT
@@ -153,7 +204,7 @@ public class Constants {
// eIDAS request parameters
public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
- // eIDAS attribute names
+ // eIDAS attribute names
public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier";
public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth";
public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName";
@@ -166,6 +217,15 @@ public class Constants {
public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier";
public static final String eIDAS_ATTR_LEGALNAME = "LegalName";
+
+ //eIDAS attribute URN
+ public static final String eIDAS_ATTRURN_PREFIX = "http://eidas.europa.eu/attributes/";
+ public static final String eIDAS_ATTRURN_PREFIX_NATURAL = eIDAS_ATTRURN_PREFIX + "naturalperson/";
+
+ public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER =
+ eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PERSONALIDENTIFIER;
+
+
public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public";
public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java
new file mode 100644
index 00000000..bfdf3991
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/AbstractSoapClient.java
@@ -0,0 +1,197 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients;
+
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.net.ssl.SSLContext;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.handler.Handler;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.jaxws.DispatchImpl;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.Nullable;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class AbstractSoapClient {
+
+ @Autowired
+ protected IConfiguration basicConfig;
+ @Autowired
+ EaafKeyStoreFactory keyStoreFactory;
+
+ @Builder
+ @Getter
+ public static class HttpClientConfig {
+
+ private final String clientName;
+
+ private final String clientUrl;
+ private final String clientType;
+
+ private final String connectionTimeout;
+ private final String responseTimeout;
+
+ private final KeyStoreConfiguration keyStoreConfig;
+ private final String keyAlias;
+ private final String keyPassword;
+
+ private final KeyStoreConfiguration trustStoreConfig;
+
+ @Builder.Default
+ private final boolean trustAll = false;
+
+ }
+
+ /**
+ * Build a validated KeyStore Configuration-Object from configuration keys.
+ *
+ * @param keyStoreTypeKey Configuration key for type
+ * @param keyStorePathKey Configuration key for path
+ * @param keyStorePasswordKey Configuration key for password
+ * @param keyStoreNameKey Configuration key for name
+ * @param friendlyName Friendlyname for logging and errorhandling
+ * @return Valid KeyStore configuration or <code>null</code> if no type was
+ * defined
+ * @throws EaafConfigurationException In case of validation error
+ */
+ @Nullable
+ protected KeyStoreConfiguration buildKeyStoreConfiguration(String keyStoreTypeKey, String keyStorePathKey,
+ String keyStorePasswordKey, String keyStoreNameKey, String friendlyName)
+ throws EaafConfigurationException {
+ if (StringUtils.isNotEmpty(basicConfig.getBasicConfiguration(keyStoreTypeKey))) {
+ final KeyStoreConfiguration config = new KeyStoreConfiguration();
+ config.setFriendlyName(friendlyName);
+ config.setKeyStoreType(basicConfig.getBasicConfiguration(keyStoreTypeKey, KeyStoreType.PKCS12.name()));
+ config.setKeyStoreName(basicConfig.getBasicConfiguration(keyStoreNameKey));
+ config.setSoftKeyStoreFilePath(basicConfig.getBasicConfiguration(keyStorePathKey));
+ config.setSoftKeyStorePassword(basicConfig.getBasicConfiguration(keyStorePasswordKey));
+
+ // validate keystore configuration
+ config.validate();
+
+ return config;
+
+ } else {
+ return null;
+
+ }
+
+ }
+
+ protected void injectHttpClient(Object raw, HttpClientConfig config) {
+ // extract client from implementation
+ Client client;
+ if (raw instanceof DispatchImpl<?>) {
+ client = ((DispatchImpl<?>) raw).getClient();
+ } else if (raw instanceof Client) {
+ client = ClientProxy.getClient(raw);
+ } else {
+ throw new RuntimeException("SOAP Client for SZR connection is of UNSUPPORTED type: " + raw.getClass()
+ .getName());
+ }
+
+ // set basic connection policies
+ final HTTPConduit http = (HTTPConduit) client.getConduit();
+
+ // set timeout policy
+ final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+ httpClientPolicy.setConnectionTimeout(Integer.parseInt(config.getConnectionTimeout()) * 1000L);
+ httpClientPolicy.setReceiveTimeout(Integer.parseInt(config.getResponseTimeout()) * 1000L);
+ http.setClient(httpClientPolicy);
+
+ // inject SSL context in case of https
+ if (config.getClientUrl().toLowerCase().startsWith("https")) {
+ try {
+ log.debug("Adding SSLContext to client: " + config.getClientType() + " ... ");
+
+ final TLSClientParameters tlsParams = new TLSClientParameters();
+ if (config.getKeyStoreConfig() != null) {
+ final SSLContext sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(
+ keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig()),
+ config.getKeyAlias(),
+ config.getKeyPassword(),
+ loadTrustStore(config.getTrustStoreConfig(), config.getClientName()),
+ config.isTrustAll(),
+ config.getClientName());
+ tlsParams.setSSLSocketFactory(sslContext.getSocketFactory());
+
+ } else {
+ log.debug(
+ "No KeyStore for SSL Client Auth. found. Initializing SSLContext for: {} without authentication ... ",
+ config.getClientName());
+ tlsParams.setSSLSocketFactory(SSLContextBuilder.create().build().getSocketFactory());
+
+ }
+
+ http.setTlsClientParameters(tlsParams);
+ log.info("SSLContext initialized for client: " + config.getClientType());
+
+ } catch (EaafException | KeyManagementException | NoSuchAlgorithmException e) {
+ log.error("SSLContext initialization FAILED.", e);
+ throw new RuntimeException("SSLContext initialization FAILED.", e);
+
+ }
+ }
+ }
+
+ private Pair<KeyStore, Provider> loadTrustStore(KeyStoreConfiguration trustStoreConfig, String friendlyName)
+ throws EaafException {
+ if (trustStoreConfig != null) {
+ log.info("Build custom SSL truststore for: {}", friendlyName);
+ return keyStoreFactory.buildNewKeyStore(trustStoreConfig);
+
+ } else {
+ log.info("Use default SSL truststore for: {}", friendlyName);
+ return null;
+
+ }
+
+ }
+
+ protected void injectBindingProvider(BindingProvider bindingProvider, String clientType, String szrUrl,
+ boolean enableTraceLogging) {
+ final Map<String, Object> requestContext = bindingProvider.getRequestContext();
+ requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrUrl);
+
+ log.trace("Adding JAX-WS request/response trace handler to client: " + clientType);
+ List<Handler> handlerList = bindingProvider.getBinding().getHandlerChain();
+ if (handlerList == null) {
+ handlerList = new ArrayList<>();
+ bindingProvider.getBinding().setHandlerChain(handlerList);
+
+ }
+
+ // add logging handler to trace messages if required
+ if (enableTraceLogging) {
+ final LoggingHandler loggingHandler = new LoggingHandler();
+ handlerList.add(loggingHandler);
+
+ }
+ bindingProvider.getBinding().setHandlerChain(handlerList);
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java
index 2d612f0c..2230f30a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java
@@ -21,31 +21,18 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.szr;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
-import java.io.IOException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
import javax.xml.XMLConstants;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
@@ -58,23 +45,11 @@ import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
-import javax.xml.ws.handler.Handler;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType;
-import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
-import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
import org.apache.commons.lang3.StringUtils;
-import org.apache.cxf.configuration.jsse.TLSClientParameters;
-import org.apache.cxf.endpoint.Client;
-import org.apache.cxf.frontend.ClientProxy;
-import org.apache.cxf.jaxws.DispatchImpl;
-import org.apache.cxf.transport.http.HTTPConduit;
-import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.apache.xpath.XPathAPI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -83,14 +58,17 @@ import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient.HttpClientConfig.HttpClientConfigBuilder;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler;
+import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType;
+import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
+import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
import szrservices.GetBPK;
import szrservices.GetBPKResponse;
import szrservices.GetIdentityLinkEidas;
@@ -108,7 +86,7 @@ import szrservices.TravelDocumentType;
@Service("SZRClientForeIDAS")
-public class SzrClient {
+public class SzrClient extends AbstractSoapClient {
private static final Logger log = LoggerFactory.getLogger(SzrClient.class);
private static final String CLIENT_DEFAULT = "DefaultClient";
@@ -121,11 +99,7 @@ public class SzrClient {
private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype";
private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind";
public static final String ATTR_NAME_MDS = "urn:eidgvat:mds";
-
- @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
- @Autowired
- private IConfiguration basicConfig;
-
+
// client for anything, without identitylink
private SZR szr = null;
@@ -378,9 +352,9 @@ public class SzrClient {
}
@PostConstruct
- private void initialize() {
+ private void initialize() throws EaafConfigurationException {
log.info("Starting SZR-Client initialization .... ");
- final URL url = SzrClient.class.getResource("/szr_client/SZR_v4.0.wsdl");
+ final URL url = SzrClient.class.getResource("/wsdl/szr_client/SZR_v4.0.wsdl");
final boolean useTestSzr = basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE,
@@ -428,150 +402,44 @@ public class SzrClient {
// inject handler
log.info("Use SZR service-URL: " + szrUrl);
- injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT, szrUrl);
- injectBindingProvider(dispatch, CLIENT_RAW, szrUrl);
+ injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT, szrUrl,
+ basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, false));
+ injectBindingProvider(dispatch, CLIENT_RAW, szrUrl,
+ basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES, false));
// inject http parameters and SSL context
- log.debug("Inject HTTP client settings ... ");
- injectHttpClient(szr, CLIENT_DEFAULT, szrUrl);
- injectHttpClient(dispatch, CLIENT_RAW, szrUrl);
+ log.debug("Inject HTTP client settings ... ");
+ HttpClientConfigBuilder httpClientBuilder = HttpClientConfig.builder()
+ .clientName("SZR Client")
+ .clientUrl(szrUrl)
+ .connectionTimeout(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION,
+ Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION))
+ .responseTimeout(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE,
+ Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE))
+ .keyStoreConfig(buildKeyStoreConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_TYPE,
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH,
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD,
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_NAME,
+ "SZR SSL Client-Authentication KeyStore"))
+ .keyAlias(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYS_ALIAS))
+ .keyPassword(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEY_PASSWORD))
+ .trustAll(false)
+ .trustStoreConfig(buildKeyStoreConfiguration(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_TYPE,
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH,
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD,
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_NAME,
+ "SZR SSL Client-Authentication KeyStore"));
+
+ injectHttpClient(szr, httpClientBuilder.clientType(CLIENT_DEFAULT).build());
+ injectHttpClient(dispatch, httpClientBuilder.clientType(CLIENT_RAW).build());
log.info("SZR-Client initialization successfull");
}
- private void injectHttpClient(Object raw, String clientType, String szrUrl) {
- // extract client from implementation
- Client client;
- if (raw instanceof DispatchImpl<?>) {
- client = ((DispatchImpl<?>) raw).getClient();
- } else if (raw instanceof Client) {
- client = ClientProxy.getClient(raw);
- } else {
- throw new RuntimeException("SOAP Client for SZR connection is of UNSUPPORTED type: " + raw.getClass()
- .getName());
- }
-
- // set basic connection policies
- final HTTPConduit http = (HTTPConduit) client.getConduit();
-
- // set timeout policy
- final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
- String connectionTimeout = basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION);
- httpClientPolicy.setConnectionTimeout(Integer.parseInt(connectionTimeout) * 1000L);
- String responseTimeout = basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE);
- httpClientPolicy.setReceiveTimeout(Integer.parseInt(responseTimeout) * 1000L);
- http.setClient(httpClientPolicy);
-
- // inject SSL context in case of https
- if (szrUrl.toLowerCase().startsWith("https")) {
- log.debug("Adding SSLContext to client: " + clientType + " ... ");
- final TLSClientParameters tlsParams = new TLSClientParameters();
- tlsParams.setSSLSocketFactory(createSslContext(clientType).getSocketFactory());
- http.setTlsClientParameters(tlsParams);
- log.info("SSLContext initialized for client: " + clientType);
-
- }
-
- }
-
- private void injectBindingProvider(BindingProvider bindingProvider, String clientType, String szrUrl) {
- final Map<String, Object> requestContext = bindingProvider.getRequestContext();
- requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrUrl);
-
- log.trace("Adding JAX-WS request/response trace handler to client: " + clientType);
- List<Handler> handlerList = bindingProvider.getBinding().getHandlerChain();
- if (handlerList == null) {
- handlerList = new ArrayList<>();
- bindingProvider.getBinding().setHandlerChain(handlerList);
-
- }
-
- // add logging handler to trace messages if required
- if (basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_TRACEMESSAGES,
- false)) {
- final LoggingHandler loggingHandler = new LoggingHandler();
- handlerList.add(loggingHandler);
-
- }
- bindingProvider.getBinding().setHandlerChain(handlerList);
- }
-
- private SSLContext createSslContext(String clientType) {
- try {
- final SSLContext context = SSLContext.getInstance("TLS");
-
- // initialize key-mangager for SSL client-authentication
- KeyManager[] keyManager = null;
- final String keyStorePath = basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PATH);
- final String keyStorePassword = basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYSTORE_PASSWORD);
- if (StringUtils.isNotEmpty(keyStorePath)) {
- log.trace("Find keyStore path: " + keyStorePath + " Injecting SSL client certificate ... ");
- try {
- final KeyStore keyStore = KeyStoreUtils.loadKeyStore(
- FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory()),
- keyStorePassword);
-
- final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
- kmf.init(keyStore, keyStorePassword.toCharArray());
- keyManager = kmf.getKeyManagers();
- log.debug("SSL client certificate injected to client: " + clientType);
-
- } catch (KeyStoreException | IOException | UnrecoverableKeyException e) {
- log.error("Can NOT load SSL client certificate from path: " + keyStorePath);
- throw new RuntimeException("Can NOT load SSL client certificate from path: " + keyStorePath, e);
-
- }
- } else {
- log.debug(
- "No KeyStore for SSL Client Auth. found. Initializing SSLContext without authentication ... ");
-
- }
-
- // initialize SSL TrustStore
- TrustManager[] trustManager = null;
- final String trustStorePath = basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH);
- final String trustStorePassword = basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD);
- if (StringUtils.isNotEmpty(trustStorePath)) {
- log.trace("Find trustStore path: " + trustStorePath + " Injecting SSL TrustStore ... ");
- try {
- final KeyStore trustStore = KeyStoreUtils.loadKeyStore(
- FileUtils.makeAbsoluteUrl(trustStorePath, basicConfig.getConfigurationRootDirectory()),
- trustStorePassword);
-
- final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
- tmf.init(trustStore);
- trustManager = tmf.getTrustManagers();
- log.debug("SSL TrustStore injected to client: " + clientType);
-
- } catch (KeyStoreException | IOException e) {
- log.error("Can NOT open SSL TrustStore from path: " + trustStorePath);
- throw new RuntimeException("Can NOT open SSL TrustStore from path: " + trustStorePath, e);
-
- }
-
- } else {
- log.debug("No custom SSL TrustStore found. Initializing SSLContext with JVM default truststore ... ");
-
- }
-
- context.init(keyManager, trustManager, new SecureRandom());
- return context;
-
- } catch (NoSuchAlgorithmException | KeyManagementException e) {
- log.error("SSLContext initialization FAILED.", e);
- throw new RuntimeException("SSLContext initialization FAILED.", e);
-
- }
-
- }
-
private void injectMdsIfAvailableAndActive(Map<String, Object> eidsaBindMap, SimpleEidasData eidData) {
if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND, false)) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrService.java
index dde868b1..590f88a4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrService.java
@@ -21,7 +21,7 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.szr;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr;
import java.net.URL;
@@ -52,7 +52,7 @@ public class SzrService extends Service {
"SZRBusinesspartnerTestumgebung");
static {
- URL url = SzrService.class.getResource("./src/main/resources/szr_client/SZR-1.WSDL");
+ URL url = SzrService.class.getResource("./src/main/resources/wsdl/szr_client/SZR-1.WSDL");
if (url == null) {
url = SzrService.class.getClassLoader().getResource("/szr_client/SZR-1.WSDL");
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java
new file mode 100644
index 00000000..18bcbacc
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2020 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr;
+
+import java.math.BigInteger;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
+
+public interface IZmrClient {
+
+ /**
+ * Search person based on eIDAS personal identifier.
+ *
+ * @param zmrProzessId ProcessId from ZMR or <code>null</code> if no processId exists
+ * @param personIdentifier Full eIDAS personal identifier with prefix
+ * @return Search result but never <code>null</code>
+ * @throws EidasSAuthenticationException In case of a communication error
+ */
+ @Nonnull
+ ZmrRegisterResult searchWithPersonIdentifier(@Nullable BigInteger zmrProzessId, @Nonnull String personIdentifier)
+ throws EidasSAuthenticationException;
+
+ /**
+ * Search person based on eIDSA MDS information.
+ *
+ * @param zmrProzessId ProcessId from ZMR or <code>null</code> if no processId exists
+ * @param givenName eIDAS given name
+ * @param familyName eIDAS principle name
+ * @param dateOfBirth eIDAS date-of-birth
+ * @param citizenCountryCode CountryCode of the eIDAS proxy-service
+ * @return Search result but never <code>null</code>
+ * @throws EidasSAuthenticationException In case of a communication error
+ */
+ @Nonnull
+ ZmrRegisterResult searchWithMds(@Nullable BigInteger zmrProzessId, @Nonnull String givenName,
+ @Nonnull String familyName, @Nonnull String dateOfBirth, @Nonnull String citizenCountryCode)
+ throws EidasSAuthenticationException;
+
+ /**
+ * Search person based on country-specific natural person set.
+ *
+ * @param zmrProzessId ProcessId from ZMR or <code>null</code> if no processId exists
+ * @param personSearchDao Specific set of natural person informations.
+ * @param citizenCountryCode CountryCode of the eIDAS proxy-service
+ * @return Search result but never <code>null</code>
+ * @throws EidasSAuthenticationException In case of a communication error
+ */
+ @Nonnull
+ ZmrRegisterResult searchCountrySpecific(@Nullable BigInteger zmrProzessId,
+ @Nonnull PersonSuchenRequest personSearchDao, @Nonnull String citizenCountryCode)
+ throws EidasSAuthenticationException;
+
+
+ void update(@Nullable BigInteger zmrProzessId, RegisterResult registerResult, SimpleEidasData eidData);
+
+ ZmrRegisterResult searchWithBpkZp(@Nullable BigInteger zmrProzessId, String bpkzp);
+
+ ZmrRegisterResult searchWithResidenceData(@Nullable BigInteger zmrProzessId, String givenName, String familyName,
+ String dateOfBirth, String zipcode, String city, String street);
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
new file mode 100644
index 00000000..014d202b
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
@@ -0,0 +1,560 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr;
+
+import java.math.BigInteger;
+import java.net.URL;
+import java.text.MessageFormat;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import javax.annotation.Nonnull;
+import javax.annotation.PostConstruct;
+import javax.xml.ws.BindingProvider;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.NonNull;
+import org.springframework.lang.Nullable;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder;
+import at.gv.bmi.namespace.zmr_su.base._20040201.ClientInfoType;
+import at.gv.bmi.namespace.zmr_su.base._20040201.Organisation;
+import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType;
+import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType;
+import at.gv.bmi.namespace.zmr_su.base._20040201.WorkflowInfoClient;
+import at.gv.bmi.namespace.zmr_su.base._20040201.WorkflowInfoServer;
+import at.gv.bmi.namespace.zmr_su.base._20040201_.Service;
+import at.gv.bmi.namespace.zmr_su.base._20040201_.ServiceFault;
+import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.ErgebniskriterienType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.NatuerlichePersonErgebnisType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisSatzType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenResponse;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonensucheInfoType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.SuchkriterienType;
+import at.gv.e_government.reference.namespace.persondata.de._20040201.NatuerlichePersonTyp;
+import at.gv.e_government.reference.namespace.persondata.de._20040201.PersonenNameTyp;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * ZMR client implementation for eIDAS matching operations.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
+
+ private static final String ERROR_MATCHING_00 = "module.eidasauth.matching.00";
+ private static final String ERROR_MATCHING_01 = "module.eidasauth.matching.01";
+ private static final String ERROR_MATCHING_02 = "module.eidasauth.matching.02";
+ private static final String ERROR_MATCHING_99 = "module.eidasauth.matching.99";
+
+ private static final String LOGMSG_MISSING_CONFIG = "Missing configuration with key: {0}";
+
+ private static final String LOGMSG_ZMR_ERROR =
+ "Receive an error from ZMR during '{}' operation with msg: {}";
+ private static final String LOGMSG_ZMR_RESP_PROCESS =
+ "Proces ZMR response during '{}' operation failes with msg: {}";
+
+ private static final String LOGMSG_ZMR_SOAP_ERROR =
+ "ZMR anwser for transaction: {} with code: {} and message: {}";
+
+ private static final String PROCESS_GENERAL = "eIDAS_Matching";
+ private static final String PROCESS_SEARCH_PERSONAL_IDENTIFIER =
+ "Searching " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER;
+ private static final String PROCESS_SEARCH_MDS_ONLY = "Searching with MDS only";
+ private static final String PROCESS_SEARCH_COUNTRY_SPECIFIC = "Searching {} specific";
+
+ private static final String CLIENT_INFO = "eIDAS MS-Connector v{0}";
+ private static final String CLIENT_DEFAULT = "ZMR Client";
+
+
+ @Autowired VersionHolder versionHolder;
+
+ private ServicePort zmrClient;
+
+
+ @AllArgsConstructor
+ @Getter
+ public static class ZmrRegisterResult {
+ private final List<RegisterResult> personResult;
+ private final BigInteger processId;
+
+ }
+
+ @Override
+ public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier)
+ throws EidasSAuthenticationException {
+
+ try {
+ // build search request
+ final RequestType req = new RequestType();
+
+ // set eIDAS person information
+ final PersonSuchenRequest searchPersonReq = new PersonSuchenRequest();
+ req.setPersonSuchenRequest(searchPersonReq);
+ final EidasSuchdatenType eidasInfos = new EidasSuchdatenType();
+ searchPersonReq.setEidasSuchdaten(eidasInfos);
+ eidasInfos.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER);
+ eidasInfos.setEidasNummer(personIdentifier);
+
+ // set work-flow client information
+ req.setWorkflowInfoClient(generateWorkFlowInfos(PROCESS_SEARCH_PERSONAL_IDENTIFIER, null));
+ req.setClientInfo(generateClientInfos());
+
+ // set additionl search parameters
+ searchPersonReq.setPersonensucheInfo(generateSearchCriteria(false, true, false));
+
+ // request ZMR
+ log.trace("Requesting ZMR for '{}' operation", PROCESS_SEARCH_PERSONAL_IDENTIFIER);
+ final ResponseType resp = zmrClient.service(req, null);
+
+ // parse ZMR response
+ return processZmrResponse(resp, EidasResponseUtils.parseEidasPersonalIdentifier(personIdentifier)
+ .getFirst(),
+ true, PROCESS_SEARCH_PERSONAL_IDENTIFIER);
+
+ } catch (final ServiceFault e) {
+ final String errorMsg = extractReasonFromError(e);
+ log.warn(LOGMSG_ZMR_ERROR, PROCESS_SEARCH_PERSONAL_IDENTIFIER, errorMsg);
+ throw new ZmrCommunicationException(ERROR_MATCHING_01, new Object[] { errorMsg }, e);
+
+ } catch (final EaafAuthenticationException e) {
+ log.warn(LOGMSG_ZMR_RESP_PROCESS, PROCESS_SEARCH_PERSONAL_IDENTIFIER, e.getMessage());
+ throw new EidasSAuthenticationException(ERROR_MATCHING_99, new Object[] { e.getMessage() }, e);
+
+ }
+ }
+
+ @Override
+ public ZmrRegisterResult searchWithMds(BigInteger zmrProzessId, String givenName, String familyName,
+ String dateOfBirth, String citizenCountryCode) throws EidasSAuthenticationException {
+ try {
+ // build search request
+ final RequestType req = new RequestType();
+
+ // set eIDAS person information
+ final PersonSuchenRequest searchPersonReq = new PersonSuchenRequest();
+ req.setPersonSuchenRequest(searchPersonReq);
+
+ final NatuerlichePersonTyp searchNatPerson = new NatuerlichePersonTyp();
+ searchPersonReq.setNatuerlichePerson(searchNatPerson);
+ final PersonenNameTyp searchNatPersonName = new PersonenNameTyp();
+ searchNatPerson.setPersonenName(searchNatPersonName);
+
+ searchNatPersonName.setFamilienname(familyName);
+ searchNatPersonName.setVorname(givenName);
+ searchNatPerson.setGeburtsdatum(dateOfBirth);
+
+ // set work-flow client information
+ req.setWorkflowInfoClient(generateWorkFlowInfos(PROCESS_SEARCH_MDS_ONLY, zmrProzessId));
+ req.setClientInfo(generateClientInfos());
+
+ // set additionl search parameters
+ searchPersonReq.setPersonensucheInfo(generateSearchCriteria(false, true, false));
+
+ // request ZMR
+ log.trace("Requesting ZMR for '{}' operation", PROCESS_SEARCH_MDS_ONLY);
+ final ResponseType resp = zmrClient.service(req, null);
+
+ // parse ZMR response
+ return processZmrResponse(resp, citizenCountryCode, false, PROCESS_SEARCH_MDS_ONLY);
+
+ } catch (final ServiceFault e) {
+ final String errorMsg = extractReasonFromError(e);
+ log.warn(LOGMSG_ZMR_ERROR, PROCESS_SEARCH_MDS_ONLY, errorMsg);
+ throw new ZmrCommunicationException(ERROR_MATCHING_01, new Object[] { errorMsg }, e);
+
+ } catch (final EaafAuthenticationException e) {
+ log.warn(LOGMSG_ZMR_RESP_PROCESS, PROCESS_SEARCH_MDS_ONLY, e.getMessage());
+ throw new EidasSAuthenticationException(ERROR_MATCHING_99, new Object[] { e.getMessage() }, e);
+
+ }
+
+ }
+
+ @Override
+ public ZmrRegisterResult searchCountrySpecific(BigInteger zmrProzessId, PersonSuchenRequest personSearchDao,
+ String citizenCountryCode)
+ throws EidasSAuthenticationException {
+ final String friendlyMsg = MessageFormat.format(PROCESS_SEARCH_COUNTRY_SPECIFIC, citizenCountryCode);
+
+ try {
+ // build search request
+ final RequestType req = new RequestType();
+
+ // set eIDAS person information
+ req.setPersonSuchenRequest(personSearchDao);
+
+ // set work-flow client information
+ req.setWorkflowInfoClient(generateWorkFlowInfos(friendlyMsg, zmrProzessId));
+ req.setClientInfo(generateClientInfos());
+
+ // set additionl search parameters
+ personSearchDao.setPersonensucheInfo(generateSearchCriteria(false, true, false));
+
+ // request ZMR
+ log.trace("Requesting ZMR for '{}' operation", friendlyMsg);
+ final ResponseType resp = zmrClient.service(req, null);
+
+ // parse ZMR response
+ return processZmrResponse(resp, citizenCountryCode, true,
+ friendlyMsg);
+
+ } catch (final ServiceFault e) {
+ final String errorMsg = extractReasonFromError(e);
+ log.warn(LOGMSG_ZMR_ERROR, friendlyMsg, errorMsg);
+ throw new ZmrCommunicationException(ERROR_MATCHING_01, new Object[] { errorMsg }, e);
+
+ } catch (final EaafAuthenticationException e) {
+ log.warn(LOGMSG_ZMR_RESP_PROCESS, friendlyMsg, e.getMessage());
+ throw new EidasSAuthenticationException(ERROR_MATCHING_99, new Object[] { e.getMessage() }, e);
+
+ }
+ }
+
+ @Override
+ public void update(BigInteger zmrProzessId, RegisterResult registerResult, SimpleEidasData eidData) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public ZmrRegisterResult searchWithBpkZp(BigInteger zmrProzessId, String bpkzp) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ZmrRegisterResult searchWithResidenceData(BigInteger zmrProzessId, String givenName, String familyName,
+ String dateOfBirth, String zipcode, String city, String street) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @PostConstruct
+ private void initialize() throws EaafConfigurationException {
+ // set-up the ZMR client
+ initializeTechnicalZmrClient();
+
+ // validate additional ZMR communication parameters
+ valdiateAdditionalConfigParameters();
+
+ }
+
+ private void initializeTechnicalZmrClient() throws EaafConfigurationException {
+ log.info("Starting ZMR-Client initialization .... ");
+ final URL url = ZmrSoapClient.class.getResource("/wsdl/zmr_client/wsdl/Service.wsdl");
+ final Service zmrService = new Service(url);
+ zmrClient = zmrService.getService();
+
+ final String zmrServiceUrl = basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_ENDPOINT);
+ if (StringUtils.isEmpty(zmrServiceUrl)) {
+ log.error("No ZMR service-URL found. ZMR-Client initalisiation failed.");
+ throw new RuntimeException("No ZMR service URL found. ZMR-Client initalisiation failed.");
+
+ }
+
+ // inject handler
+ log.info("Use ZMR service-URL: " + zmrServiceUrl);
+ injectBindingProvider((BindingProvider) zmrClient, CLIENT_DEFAULT, zmrServiceUrl,
+ basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_DEBUG_TRACEMESSAGES,
+ false));
+
+ // inject http parameters and SSL context
+ log.debug("Inject HTTP client settings ... ");
+ injectHttpClient(zmrClient, HttpClientConfig.builder()
+ .clientName(CLIENT_DEFAULT)
+ .clientType(CLIENT_DEFAULT)
+ .clientUrl(zmrServiceUrl)
+ .connectionTimeout(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_TIMEOUT_CONNECTION,
+ Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION))
+ .responseTimeout(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_TIMEOUT_RESPONSE,
+ Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE))
+ .keyStoreConfig(buildKeyStoreConfiguration(
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_TYPE,
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_PATH,
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_PASSWORD,
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYSTORE_NAME,
+ "ZMR SSL Client-Authentication KeyStore"))
+ .keyAlias(basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYS_ALIAS))
+ .keyPassword(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEY_PASSWORD))
+ .trustAll(false)
+ .trustStoreConfig(buildKeyStoreConfiguration(
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_TYPE,
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PATH,
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PASSWORD,
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_NAME,
+ "ZMR SSL Client-Authentication TrustStore"))
+ .build());
+
+ }
+
+ private void valdiateAdditionalConfigParameters() {
+ checkConfigurationValue(Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_ORGANIZATION_NR);
+
+ }
+
+ private void checkConfigurationValue(String key) {
+ if (StringUtils.isEmpty(basicConfig.getBasicConfiguration(key))) {
+ throw new RuntimeException(MessageFormat.format(LOGMSG_MISSING_CONFIG, key));
+
+ }
+ }
+
+ @Nonnull
+ private WorkflowInfoClient generateWorkFlowInfos(@Nonnull String subStepName,
+ @Nullable BigInteger prozessInstanzId) {
+ final WorkflowInfoClient infos = new WorkflowInfoClient();
+ infos.setProzessName(PROCESS_GENERAL);
+ infos.setVorgangName(subStepName);
+
+ //set processId that we received from ZMR before, if already available
+ if (prozessInstanzId != null) {
+ infos.setProzessInstanzID(prozessInstanzId);
+
+ }
+
+ return infos;
+
+ }
+
+ @Nonnull
+ private PersonensucheInfoType generateSearchCriteria(boolean searchInErnp,
+ boolean searchInZmrHistory, boolean includeHistoryResults) {
+ final PersonensucheInfoType personSearchInfo = new PersonensucheInfoType();
+ final SuchkriterienType searchCriteria = new SuchkriterienType();
+ final ErgebniskriterienType resultCriteria = new ErgebniskriterienType();
+ personSearchInfo.setSuchkriterien(searchCriteria);
+ personSearchInfo.setErgebniskriterien(resultCriteria);
+
+ // TODO: are these flags valid?
+ searchCriteria.setInclusivERnP(searchInErnp);
+ searchCriteria.setInclusivHistorie(searchInZmrHistory);
+
+ // TODO: check 'processSearchPersonResponse' if we change this to 'true'
+ resultCriteria.setInclusivHistorie(includeHistoryResults);
+
+ return personSearchInfo;
+
+ }
+
+ @Nonnull
+ private ClientInfoType generateClientInfos() {
+ final ClientInfoType clientInfo = new ClientInfoType();
+ final Organisation clientOrganisation = new Organisation();
+ clientInfo.setOrganisation(clientOrganisation);
+
+ // set client information
+ clientInfo.setClient(MessageFormat.format(CLIENT_INFO, versionHolder.getVersion()));
+
+ // set Behoerdennummer as organization identifier
+ clientOrganisation.setBehoerdenNr(basicConfig.getBasicConfiguration(
+ Constants.CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_ORGANIZATION_NR));
+
+ return clientInfo;
+ }
+
+ @Nonnull
+ private String extractReasonFromError(ServiceFault e) {
+ if (e.getFaultInfo() != null) {
+ return MessageFormat.format(LOGMSG_ZMR_SOAP_ERROR,
+ e.getFaultInfo().getServerTransaktionNr(),
+ e.getFaultInfo().getErrorCode(),
+ e.getFaultInfo().getErrorMessage());
+
+ } else {
+ log.error("ZMR response without error code", e);
+ return e.getMessage();
+
+ }
+ }
+
+ @Nonnull
+ private ZmrRegisterResult processZmrResponse(@Nonnull ResponseType resp,
+ @Nonnull String citizenCountryCode,
+ boolean forceSinglePersonMatch, @Nonnull String processStepFiendlyname)
+ throws EaafAuthenticationException {
+ final PersonSuchenResponse searchPersonResp = resp.getPersonSuchenResponse();
+ if (searchPersonResp.getPersonensuchergebnis() == null
+ || searchPersonResp.getPersonensuchergebnis().getPersonErgebnisSatz().isEmpty()) {
+ log.debug("ZMR result contains NO 'Personensuchergebnis' or 'PersonErgebnisSatz' is empty");
+ return new ZmrRegisterResult(Collections.emptyList(), extractZmrProcessId(resp.getWorkflowInfoServer()));
+
+ } else {
+ // TODO: what we to with ERnP results?
+ log.debug("Get #{} person results from '{}' operation",
+ searchPersonResp.getPersonensuchergebnis().getGefundeneSaetze(), processStepFiendlyname);
+
+ if (forceSinglePersonMatch) {
+ return new ZmrRegisterResult(processSearchPersonResponseSingleResult(
+ searchPersonResp.getPersonensuchergebnis().getPersonErgebnisSatz(), citizenCountryCode),
+ extractZmrProcessId(resp.getWorkflowInfoServer()));
+
+ } else {
+ return new ZmrRegisterResult(processSearchPersonResponse(
+ searchPersonResp.getPersonensuchergebnis().getPersonErgebnisSatz(), citizenCountryCode),
+ extractZmrProcessId(resp.getWorkflowInfoServer()));
+
+ }
+ }
+ }
+
+ private BigInteger extractZmrProcessId(WorkflowInfoServer workflowInfoServer) {
+ return workflowInfoServer != null ? workflowInfoServer.getProzessInstanzID() : null;
+
+ }
+
+ @Nonnull
+ private List<RegisterResult> processSearchPersonResponse(
+ @Nonnull List<PersonErgebnisSatzType> personErgebnisSatz,
+ @Nonnull String citizenCountryCode) throws EaafAuthenticationException {
+
+ return personErgebnisSatz.stream()
+ .map(el -> {
+ try {
+ return processPersonResult(el, citizenCountryCode);
+
+ } catch (final EaafAuthenticationException e) {
+ log.warn("Skip ZMR person result by reason: {}", e.getMessage(), e);
+ return null;
+
+ }
+ })
+ .filter(Objects::nonNull)
+ .collect(Collectors.toList());
+
+ }
+
+ @NonNull
+ private List<RegisterResult> processSearchPersonResponseSingleResult(
+ @Nonnull List<PersonErgebnisSatzType> personErgebnisSatz,
+ @Nonnull String citizenCountryCode) throws EaafAuthenticationException {
+ if (personErgebnisSatz.size() > 1) {
+ log.error("Find more than on person with eIDAS personalIdentifier.");
+ throw new EaafAuthenticationException(ERROR_MATCHING_00, null);
+
+ } else {
+ return Arrays.asList(processPersonResult(personErgebnisSatz.get(0), citizenCountryCode));
+
+ }
+ }
+
+ @Nonnull
+ private RegisterResult processPersonResult(
+ @Nonnull PersonErgebnisSatzType personEl, @Nonnull String citizenCountryCode)
+ throws EaafAuthenticationException {
+ // TODO: maybe check on 'null' if ERnP data is also allowed
+ log.debug("Find #{} data sets in person information",
+ personEl.getPersonendaten().getPersonErgebnis().size());
+
+ if (personEl.getPersonendaten().getPersonErgebnis().size() > 1) {
+ log.error("Find more than on person with eIDAS personalIdentifier.");
+ throw new EaafAuthenticationException(ERROR_MATCHING_02, null);
+
+ } else {
+ return mapZmrResponseToRegisterResult(
+ personEl.getPersonendaten().getPersonErgebnis().get(0), citizenCountryCode);
+
+ }
+
+ }
+
+ @Nonnull
+ private RegisterResult mapZmrResponseToRegisterResult(@Nonnull PersonErgebnisType person,
+ @Nonnull String citizenCountryCode) {
+ // TODO: kann ich bei historischen daten davon ausgehen dass die Reihenfolge der
+ // Ergebnisse von aktuell --> alt ist?
+
+ // build result
+ return RegisterResult.builder()
+ .pseudonym(selectAllEidasDocument(person, citizenCountryCode,
+ Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
+ .familyName(person.getNatuerlichePerson().getPersonenName().getFamilienname())
+ .givenName(person.getNatuerlichePerson().getPersonenName().getVorname())
+ .dateOfBirth(person.getNatuerlichePerson().getGeburtsdatum())
+ .bpk(extractBpkZp(person.getNatuerlichePerson()))
+ .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode,
+ Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
+ .birthName(selectSingleEidasDocument(person, citizenCountryCode,
+ Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
+ .build();
+
+ }
+
+ private String extractBpkZp(NatuerlichePersonErgebnisType natuerlichePerson) {
+ String bpk = natuerlichePerson.getIdentification().stream()
+ .filter(el -> Constants.MATCHING_INTERNAL_BPK_TARGET.equals(el.getType()))
+ .findFirst()
+ .map(el -> el.getValue())
+ .orElse(null);
+ if (StringUtils.isEmpty(bpk)) {
+ log.warn("ZMR response contains no 'bPK' for target: 'ZP'");
+
+ }
+ return bpk;
+
+ }
+
+ /**
+ * Get all eIDAS document with the specified country code and document type.
+ *
+ * @param person Person information from ZMR
+ * @param citizenCountryCode Country code of the eIDAS attribute
+ * @param eidasAttrurnPersonalidentifier eIDAS attribute identifier
+ * @return {@link List} of eIDAS attribute values or an empty list if's not
+ * found
+ */
+ @NonNull
+ private List<String> selectAllEidasDocument(PersonErgebnisType person, String citizenCountryCode,
+ String eidasAttrurnPersonalidentifier) {
+ return person.getEidasIdentitaet().stream()
+ .filter(el -> eidasAttrurnPersonalidentifier.equals(el.getEidasArt())
+ && el.getStaatscode3().equals(citizenCountryCode))
+ .map(el -> el.getDokumentNummer())
+ .collect(Collectors.toList());
+
+ }
+
+ /**
+ * Get the first eIDAS document with the specified country code and document
+ * type.
+ *
+ * @param person Person information from ZMR
+ * @param citizenCountryCode Country code of the eIDAS attribute
+ * @param eidasAttrurnPersonalidentifier eIDAS attribute identifier
+ * @return Value of this eIDAS attribute or <code>null</code> if's not found
+ */
+ @Nullable
+ private String selectSingleEidasDocument(PersonErgebnisType person, String citizenCountryCode,
+ String eidasAttrurnPersonalidentifier) {
+ return person.getEidasIdentitaet().stream()
+ .filter(el -> eidasAttrurnPersonalidentifier.equals(el.getEidasArt())
+ && el.getStaatscode3().equals(citizenCountryCode))
+ .findFirst()
+ .map(el -> el.getDokumentNummer())
+ .orElse(null);
+
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java
deleted file mode 100644
index 0c977016..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MergedRegisterSearchResult.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2020 A-SIT Plus GmbH
- * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
- * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "License");
- * You may not use this work except in compliance with the License.
- * You may obtain a copy of the License at:
- * https://joinup.ec.europa.eu/news/understanding-eupl-v12
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
-
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
-import lombok.Data;
-
-import java.util.List;
-
-@Data
-public class MergedRegisterSearchResult {
-
- private final List<RegisterResult> resultsZmr;
- private final List<RegisterResult> resultsErnp;
-
- public MergedRegisterSearchResult(List<RegisterResult> resultsZmr, List<RegisterResult> resultsErnp) {
- this.resultsZmr = resultsZmr;
- this.resultsErnp = resultsErnp;
- }
-
- public int getResultCount() {
- return resultsZmr.size() + resultsErnp.size();
- }
-
- /**
- * Verifies that there is only one match and returns the bpk.
- *
- * @return bpk bpk of the match
- * @throws WorkflowException if multiple results have been found
- */
- public String getBpk() throws WorkflowException {
- if (getResultCount() != 1) {
- throw new WorkflowException("getResultCount() != 1");
- }
- return getResult().getBpk();
- }
-
- /**
- * Returns the results, if there is exactly one, throws exception otherwise.
- *
- * @return The result
- * @throws WorkflowException Results does not contain exactly one result
- */
- public RegisterResult getResult() throws WorkflowException {
- if (getResultCount() != 1) {
- throw new WorkflowException("getResultCount() != 1");
- }
- if (resultsZmr.size() == 1) {
- return resultsZmr.get(0);
- } else {
- return resultsErnp.get(0);
- }
- }
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java
index 369a4e31..4959d72f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java
@@ -23,70 +23,29 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
+import java.util.List;
+
import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
-import lombok.Data;
+import lombok.Builder;
+import lombok.Getter;
-@Data
+@Builder
+@Getter
public class RegisterResult {
// MDS
- private final String pseudonym;
+ private final List<String> pseudonym;
private final String givenName;
private final String familyName;
private final String dateOfBirth;
// additional attributes
- private final String placeOfBirth;
- private final String birthName;
- private final String taxNumber;
- private final PostalAddressType address;
-
- private final String bpk;
+ private String placeOfBirth;
+ private String birthName;
+ private String taxNumber;
+ private PostalAddressType address;
- /**
- * Register search result.
- *
- * @param bpk The bpk
- * @param pseudonym The pseudonym
- * @param givenName The givenName
- * @param familyName The familyName
- * @param dateOfBirth The dateOfBirth
- */
- public RegisterResult(String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth) {
- this.bpk = bpk;
- this.pseudonym = pseudonym;
- this.givenName = givenName;
- this.familyName = familyName;
- this.dateOfBirth = dateOfBirth;
- this.placeOfBirth = null;
- this.birthName = null;
- this.taxNumber = null;
- this.address = null;
- }
+ private String bpk;
- /**
- * Register search result.
- *
- * @param bpk The bpk
- * @param pseudonym The pseudonym
- * @param givenName The givenName
- * @param familyName The familyName
- * @param dateOfBirth The dateOfBirth
- * @param placeOfBirth The placeOfBirth
- * @param birthName The birthName
- * @param taxNumber The taxNumber
- * @param address The address
- */
- public RegisterResult(String bpk, String pseudonym, String givenName, String familyName, String dateOfBirth,
- String placeOfBirth, String birthName, String taxNumber, PostalAddressType address) {
- this.bpk = bpk;
- this.pseudonym = pseudonym;
- this.givenName = givenName;
- this.familyName = familyName;
- this.dateOfBirth = dateOfBirth;
- this.placeOfBirth = placeOfBirth;
- this.birthName = birthName;
- this.taxNumber = taxNumber;
- this.address = address;
- }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
index ecf5007a..ab84a45f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
@@ -23,20 +23,32 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
+import org.apache.commons.lang3.builder.EqualsBuilder;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult;
import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
import lombok.Builder;
import lombok.Data;
-import org.apache.commons.lang3.builder.EqualsBuilder;
@Data
@Builder
public class SimpleEidasData {
+ /**
+ * Full eIDAS personal identifier with prefix.
+ */
private final String personalIdentifier;
+
+ /**
+ * Citizen country-code from eIDAS personal-identifier.
+ */
private final String citizenCountryCode;
// MDS
+ /**
+ * eIDAS personal identifier without prefix.
+ */
private final String pseudonym;
private final String givenName;
private final String familyName;
@@ -55,16 +67,24 @@ public class SimpleEidasData {
* @return true or false depending of the data matches
* @throws WorkflowException if multiple results have been found
*/
- public boolean equalsRegisterData(MergedRegisterSearchResult result) throws WorkflowException {
+ public boolean equalsRegisterData(RegisterSearchResult result) throws WorkflowException {
+ /*TODO: maybe this is check is not valid, because only the minimum data-set (personalIdentifer, givenName,
+ * familyName, dateOfBirth) has to be always available. Any other attributes are optional.
+ * This check will always evaluate to false if register has more information as current eIDAS process!!!
+ */
+
return new EqualsBuilder()
- .append(result.getResult().getPseudonym(), pseudonym)
.append(result.getResult().getGivenName(), givenName)
.append(result.getResult().getFamilyName(), familyName)
.append(result.getResult().getDateOfBirth(), dateOfBirth)
.append(result.getResult().getPlaceOfBirth(), placeOfBirth)
.append(result.getResult().getBirthName(), birthName)
.append(result.getResult().getTaxNumber(), taxNumber)
- .isEquals();
+ .isEquals() && result.getResult().getPseudonym().stream()
+ .filter(el -> el.equals(pseudonym))
+ .findFirst()
+ .isPresent();
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
index 4a27e60e..92e727ea 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
@@ -23,15 +23,15 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
+import org.apache.commons.lang3.builder.EqualsBuilder;
+
import lombok.Builder;
import lombok.Data;
-import org.apache.commons.lang3.builder.EqualsBuilder;
@Data
@Builder
public class SimpleMobileSignatureData {
- private final String citizenCountryCode;
private final String bpk;
private final String givenName;
private final String familyName;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java
index 3536b0dc..065b17a2 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java
@@ -23,13 +23,14 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import org.springframework.stereotype.Service;
-
import java.util.Collections;
import java.util.List;
+import org.springframework.stereotype.Service;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+
@Service("ErnbClientForeIDAS")
public class DummyErnpClient implements IErnpClient {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java
index 218a9f41..b3b0c033 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java
@@ -23,11 +23,11 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp;
+import java.util.List;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import java.util.List;
-
public interface IErnpClient {
List<RegisterResult> searchWithPersonIdentifier(String personIdentifier);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
index f28d8afa..c7df56d0 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/InvalidUserInputException.java
@@ -26,8 +26,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception;
public class InvalidUserInputException extends EidasSAuthenticationException {
private static final long serialVersionUID = 1L;
- public InvalidUserInputException() {
- super("eidas.10", null);
+ public InvalidUserInputException(String errorCode) {
+ super(errorCode, null);
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java
index 2fecaa6b..cf69bd2c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java
@@ -28,11 +28,17 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
public class ManualFixNecessaryException extends EidasSAuthenticationException {
private static final long serialVersionUID = 1L;
+ //TODO: should we pass some infos?
public ManualFixNecessaryException(String personIdentifier) {
- super("eidas.09", new Object[] { personIdentifier });
+ super("module.eidasauth.matching.04", new Object[] { personIdentifier });
}
public ManualFixNecessaryException(SimpleEidasData eidData) {
- super("eidas.09", new Object[] { eidData.getPseudonym() });//TODO what info to pass???
+ super("module.eidasauth.matching.04", new Object[] { eidData.getPseudonym() });
}
+
+ public ManualFixNecessaryException(SimpleEidasData eidData, Throwable e) {
+ super("module.eidasauth.matching.04", new Object[] { eidData.getPseudonym() }, e);
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java
index b6f3309b..795b4386 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/WorkflowException.java
@@ -23,11 +23,72 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception;
+import lombok.Getter;
+
+@Getter
public class WorkflowException extends EidasSAuthenticationException {
private static final long serialVersionUID = 1L;
- public WorkflowException(String data) {
- super("eidas.08", new Object[]{data});
+ private String processStepName;
+ private String errorReason;
+ private boolean requiresManualFix = false;
+
+ /**
+ * In case of a error during matching work-flow.
+ *
+ * @param processStep Matching step identifier
+ * @param errorReason Reason for this error
+ */
+ public WorkflowException(String processStep, String errorReason) {
+ super("module.eidasauth.matching.03", new Object[]{processStep, errorReason});
+ this.processStepName = processStep;
+ this.errorReason = errorReason;
+
}
+ /**
+ * In case of a error during matching work-flow.
+ *
+ * @param processStep Matching step identifier
+ * @param errorReason Reason for this error
+ * @param e Catched exception
+ */
+ public WorkflowException(String processStep, String errorReason, Throwable e) {
+ super("module.eidasauth.matching.03", new Object[]{processStep, errorReason}, e);
+ this.processStepName = processStep;
+ this.errorReason = errorReason;
+
+ }
+
+ /**
+ * In case of a error during matching work-flow.
+ *
+ * @param processStep Matching step identifier
+ * @param errorReason Reason for this error
+ * @param needsManualFix Mark this work-flow as manually fixable
+ */
+ public WorkflowException(String processStep, String errorReason, boolean needsManualFix) {
+ super("module.eidasauth.matching.03", new Object[]{processStep, errorReason});
+ this.processStepName = processStep;
+ this.errorReason = errorReason;
+ this.requiresManualFix = needsManualFix;
+
+ }
+
+ /**
+ * In case of a error during matching work-flow.
+ *
+ * @param processStep Matching step identifier
+ * @param errorReason Reason for this error
+ * @param needsManualFix Mark this work-flow as manually fixable
+ * @param e Catched exception
+ */
+ public WorkflowException(String processStep, String errorReason, boolean needsManualFix, Throwable e) {
+ super("module.eidasauth.matching.03", new Object[]{processStep, errorReason}, e);
+ this.processStepName = processStep;
+ this.errorReason = errorReason;
+ this.requiresManualFix = needsManualFix;
+
+ }
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ZmrCommunicationException.java
index 5ca69d3d..a6978458 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/IZmrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ZmrCommunicationException.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2020 A-SIT Plus GmbH
+ * Copyright 2018 A-SIT Plus GmbH
* AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
* A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
*
@@ -19,30 +19,20 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- */
+*/
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr;
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+public class ZmrCommunicationException extends EidasSAuthenticationException {
-import java.util.List;
+ private static final long serialVersionUID = 1L;
-public interface IZmrClient {
+ public ZmrCommunicationException(String internalMsgId, Object[] params) {
+ super(internalMsgId, params);
+ }
- List<RegisterResult> searchWithPersonIdentifier(String personIdentifier);
-
- List<RegisterResult> searchWithMds(String givenName, String familyName, String dateOfBirth);
-
- List<RegisterResult> searchDeSpecific(String givenName, String familyName, String dateOfBirth,
- String birthPlace, String birthName);
-
- List<RegisterResult> searchItSpecific(String taxNumber);
-
- void update(RegisterResult registerResult, SimpleEidasData eidData);
-
- List<RegisterResult> searchWithBpkZp(String bpkzp);
-
- List<RegisterResult> searchWithResidenceData(String zipcode, String city, String street);
+ public ZmrCommunicationException(String internalMsgId, Object[] params, Throwable e) {
+ super(internalMsgId, params, e);
+ }
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 05254fe2..1050f8d9 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -24,11 +24,13 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode;
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString;
+
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.slf4j.Logger;
@@ -37,7 +39,9 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.lang.NonNull;
import com.google.common.collect.ImmutableSortedSet;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
@@ -47,15 +51,11 @@ import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
-
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.light.impl.LightRequest.Builder;
import eu.eidas.auth.commons.protocol.eidas.SpType;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString;
-
public abstract class AbstractEidProcessor implements INationalEidProcessor {
private static final Logger log = LoggerFactory.getLogger(AbstractEidProcessor.class);
@@ -77,19 +77,26 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
public final SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException,
EidasAttributeException {
SimpleEidasData.SimpleEidasDataBuilder builder = SimpleEidasData.builder()
+ .personalIdentifier(EidasResponseUtils.processPersonalIdentifier(
+ eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)))
+
// MDS attributes
.citizenCountryCode(processCountryCode(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)))
.pseudonym(processPseudonym(eidasAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)))
.familyName(processFamilyName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME)))
.givenName(processGivenName(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME)))
.dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH)))
+
// additional attributes
.placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH)))
.birthName(processBirthName(eidasAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME)))
.address(processAddress(eidasAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS)));
+
if (eidasAttrMap.containsKey(Constants.eIDAS_ATTR_TAXREFERENCE)) {
builder.taxNumber(EidasResponseUtils.processTaxReference(eidasAttrMap.get(Constants.eIDAS_ATTR_TAXREFERENCE)));
+
}
+
return builder.build();
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java
index 6e8f7fce..c2a62f5c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/CountrySpecificDetailSearchProcessor.java
@@ -23,8 +23,10 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
+import javax.annotation.Nonnull;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
public interface CountrySpecificDetailSearchProcessor {
@@ -37,11 +39,18 @@ public interface CountrySpecificDetailSearchProcessor {
* Check if this postProcessor is sensitive for a specific country.
*
* @param countryCode of the eID data that should be processed
- * @param eidData eID data
+ * @param eidData eID information from eIDAS Proxy-Service
* @return true if this implementation can handle the country, otherwise false
*/
boolean canHandle(String countryCode, SimpleEidasData eidData);
- MergedRegisterSearchResult search(SimpleEidasData eidData);
+ /**
+ * Builds a country-specific search person request for ZMR.
+ *
+ * @param eidData eID information from eIDAS Proxy-Service
+ * @return {@link PersonSuchenRequest} but never <code>null</code>
+ */
+ @Nonnull
+ PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData);
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java
index 904c41a1..802fde14 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java
@@ -23,40 +23,39 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+import org.apache.commons.lang3.StringUtils;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSearchProcessor {
- private final RegisterSearchService registerSearchService;
-
- public DeSpecificDetailSearchProcessor(RegisterSearchService registerSearchService) {
- this.registerSearchService = registerSearchService;
- }
-
@Override
public String getName() {
- return this.getClass().getName();
+ return this.getClass().getSimpleName();
}
@Override
public boolean canHandle(String countryCode, SimpleEidasData eidData) {
- if (!countryCode.equalsIgnoreCase(Constants.COUNTRY_CODE_DE)) {
- return false;
- }
- if (eidData.getBirthName() == null || eidData.getBirthName().isEmpty()) {
- return false;
- }
- if (eidData.getPlaceOfBirth() == null || eidData.getPlaceOfBirth().isEmpty()) {
- return false;
- }
- return true;
+ return countryCode.equalsIgnoreCase(Constants.COUNTRY_CODE_DE)
+ && StringUtils.isNotEmpty(eidData.getBirthName())
+ && StringUtils.isNotEmpty(eidData.getPlaceOfBirth());
+
}
@Override
- public MergedRegisterSearchResult search(SimpleEidasData eidData) {
- return registerSearchService.searchDeSpecific(eidData);
+ public PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData) {
+
+ PersonSuchenRequest req = new PersonSuchenRequest();
+ EidasSuchdatenType eidasInfos = new EidasSuchdatenType();
+ req.setEidasSuchdaten(eidasInfos);
+
+
+ //TODO: how we can search for more than one eIDAS attribute as a Set
+
+
+ return req;
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java
index 7e74a85c..b49c355d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ItSpecificDetailSearchProcessor.java
@@ -23,37 +23,31 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler;
+import org.apache.commons.lang3.StringUtils;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
public class ItSpecificDetailSearchProcessor implements CountrySpecificDetailSearchProcessor {
- private final RegisterSearchService registerSearchService;
-
- public ItSpecificDetailSearchProcessor(RegisterSearchService registerSearchService) {
- this.registerSearchService = registerSearchService;
- }
-
@Override
public String getName() {
- return this.getClass().getName();
+ return this.getClass().getSimpleName();
}
@Override
public boolean canHandle(String countryCode, SimpleEidasData eidData) {
- if (!countryCode.equalsIgnoreCase(Constants.COUNTRY_CODE_IT)) {
- return false;
- }
- if (eidData.getTaxNumber() == null || eidData.getTaxNumber().isEmpty()) {
- return false;
- }
- return true;
+ return countryCode.equalsIgnoreCase(Constants.COUNTRY_CODE_IT)
+ && StringUtils.isNotEmpty(eidData.getTaxNumber());
+
}
@Override
- public MergedRegisterSearchResult search(SimpleEidasData eidData) {
- return registerSearchService.searchItSpecific(eidData);
+ public PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData) {
+
+ //TODO: add IT specific search request if TaxNumber attribute is defined by IT
+ return new PersonSuchenRequest();
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
index 6b524e36..166ffafb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
@@ -1,18 +1,28 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
+import java.math.BigInteger;
+import java.util.Collections;
+import java.util.List;
+
+import javax.annotation.Nonnull;
+
+import org.jetbrains.annotations.Nullable;
+import org.springframework.stereotype.Service;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.IZmrClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
-import org.springframework.stereotype.Service;
-
-import java.util.Collections;
-import java.util.List;
@Slf4j
@Service("registerSearchService")
@@ -21,99 +31,277 @@ public class RegisterSearchService {
private final IZmrClient zmrClient;
private final IErnpClient ernpClient;
- public RegisterSearchService(IZmrClient zmrClient, IErnpClient ernpClient) {
+ private final List<CountrySpecificDetailSearchProcessor> handlers;
+
+ /**
+ * Service that combines ZMR and ERnP register search operations.
+ *
+ * @param handlers Available country-specific search processors
+ * @param zmrClient ZMR client
+ * @param ernpClient ERnP client
+ */
+ public RegisterSearchService(List<CountrySpecificDetailSearchProcessor> handlers, IZmrClient zmrClient,
+ IErnpClient ernpClient) {
this.zmrClient = zmrClient;
this.ernpClient = ernpClient;
+ this.handlers = handlers;
+ log.info("Init with #{} search services for country-specific details", handlers.size());
+
}
/**
- * Automatic process to fix the register entries.
+ * Search with Person Identifier (eIDAS Pseudonym) in ZMR and ERnP.
*
- * @param initialSearchResult Result of initial register search
- * @param specificSearchResult Result of last register search
- * @param eidasData Received eidas data
- * @param pendingReq Pending request
- * @return The bpk
- * @throws TaskExecutionException if an error occurs during the register update
+ * @param eidasData Received eIDAS data
+ * @throws WorkflowException In case of a register interaction error
*/
- public String step7aKittProcess(MergedRegisterSearchResult initialSearchResult,
- MergedRegisterSearchResult specificSearchResult,
- SimpleEidasData eidasData,
- IRequest pendingReq) throws TaskExecutionException {
- log.trace("Starting step7aKittProcess");
- // TODO verify with which data this method gets called
+ @Nonnull
+ public RegisterSearchResult searchWithPersonIdentifier(SimpleEidasData eidasData)
+ throws WorkflowException {
try {
- if (initialSearchResult.getResultCount() != 0) {
- throw new WorkflowException("initialSearchResult.getResultCount() != 0");
- }
- if (specificSearchResult.getResultCount() != 1) {
- throw new WorkflowException("specificSearchResult.getResultCount() != 1");
- }
- if (specificSearchResult.getResultsZmr().size() == 1) {
- zmrClient.update(specificSearchResult.getResultsZmr().get(0), eidasData);
- }
- if (specificSearchResult.getResultsErnp().size() == 1) {
- ernpClient.update(specificSearchResult.getResultsErnp().get(0), eidasData);
- }
- return specificSearchResult.getBpk();
- } catch (WorkflowException e) {
- throw new TaskExecutionException(pendingReq, "Step7a failed.", e);
+ final ZmrRegisterResult resultsZmr = zmrClient.searchWithPersonIdentifier(
+ null, eidasData.getPersonalIdentifier());
+ final List<RegisterResult> resultsErnp = ernpClient.searchWithPersonIdentifier(
+ eidasData.getPersonalIdentifier());
+
+ return new RegisterSearchResult(new RegisterOperationStatus(resultsZmr.getProcessId()),
+ resultsZmr.getPersonResult(), resultsErnp);
+
+ } catch (final EidasSAuthenticationException e) {
+ throw new WorkflowException("searchWithPersonalIdentifier", e.getMessage(),
+ !(e instanceof ZmrCommunicationException), e);
+
}
}
/**
* Search with MDS (Given Name, Family Name, Date of Birth) in ZMR and ERnP.
+ *
+ * @param operationStatus Current register-operation status that contains processing informations
+ * @param eidasData Received eIDAS data
+ * @throws WorkflowException In case of a register interaction error
*/
- public MergedRegisterSearchResult searchWithMds(SimpleEidasData eidasData) {
- List<RegisterResult> resultsZmr =
- zmrClient.searchWithMds(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData.getDateOfBirth());
- List<RegisterResult> resultsErnp =
- ernpClient.searchWithMds(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData.getDateOfBirth());
- return new MergedRegisterSearchResult(resultsZmr, resultsErnp);
+ @Nonnull
+ public RegisterSearchResult searchWithMds(RegisterOperationStatus operationStatus, SimpleEidasData eidasData)
+ throws WorkflowException {
+ try {
+ final ZmrRegisterResult resultsZmr =
+ zmrClient.searchWithMds(operationStatus.getZmrProcessId(), eidasData.getGivenName(),
+ eidasData.getFamilyName(), eidasData.getDateOfBirth(), eidasData.getCitizenCountryCode());
+
+ final List<RegisterResult> resultsErnp =
+ ernpClient.searchWithMds(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData
+ .getDateOfBirth());
+
+ return new RegisterSearchResult(new RegisterOperationStatus(resultsZmr.getProcessId()),
+ resultsZmr.getPersonResult(), resultsErnp);
+
+ } catch (final EidasSAuthenticationException e) {
+ throw new WorkflowException("searchWithMDSOnly", e.getMessage(),
+ !(e instanceof ZmrCommunicationException), e);
+
+ }
}
/**
- * Search with Person Identifier (eIDAS Pseudonym) in ZMR and ERnP.
+ * Search with country-specific parameters based on information from available
+ * {@link CountrySpecificDetailSearchProcessor} implementations.
+ *
+ * @param operationStatus Current register-operation status that contains processing informations
+ * @param eidasData Receive eIDAS eID information
+ * @return Results from ZMR or ERnP search
+ * @throws WorkflowException In case of a register interaction error
*/
- public MergedRegisterSearchResult searchWithPersonIdentifier(SimpleEidasData eidasData) {
- List<RegisterResult> resultsZmr = zmrClient.searchWithPersonIdentifier(eidasData.getPseudonym());
- List<RegisterResult> resultsErnp = ernpClient.searchWithPersonIdentifier(eidasData.getPseudonym());
- return new MergedRegisterSearchResult(resultsZmr, resultsErnp);
+ @Nonnull
+ public RegisterSearchResult searchWithCountrySpecifics(RegisterOperationStatus operationStatus,
+ SimpleEidasData eidasData) throws WorkflowException {
+ try {
+ @Nullable
+ final CountrySpecificDetailSearchProcessor ccSpecificProcessor = findSpecificProcessor(eidasData);
+ if (ccSpecificProcessor != null) {
+ log.debug("Selecting country-specific search processor: {}", ccSpecificProcessor.getName());
+ final ZmrRegisterResult resultsZmr =
+ zmrClient.searchCountrySpecific(operationStatus.getZmrProcessId(),
+ ccSpecificProcessor.generateSearchRequest(eidasData),
+ eidasData.getCitizenCountryCode());
+
+ // TODO: add search procesfor for ERnP searching
+ return new RegisterSearchResult(operationStatus, resultsZmr.getPersonResult(), Collections.emptyList());
+
+ } else {
+ return new RegisterSearchResult(operationStatus, Collections.emptyList(), Collections.emptyList());
+
+ }
+
+ } catch (final EidasSAuthenticationException e) {
+ throw new WorkflowException("searchWithCountrySpecifics", e.getMessage(),
+ !(e instanceof ZmrCommunicationException), e);
+
+ }
}
/**
- * Search with Tax Number in ZMR and ERnP.
+ * Search with BPK-ZP in BMR and ERnP.
*/
- public MergedRegisterSearchResult searchItSpecific(SimpleEidasData eidasData) {
- List<RegisterResult> resultsZmr = zmrClient.searchItSpecific(eidasData.getTaxNumber());
- List<RegisterResult> resultsErnb = ernpClient.searchItSpecific(eidasData.getTaxNumber());
- return new MergedRegisterSearchResult(resultsZmr, resultsErnb);
+ public RegisterSearchResult searchWithBpkZp(RegisterOperationStatus operationStatus, String bpkZp) {
+ final ZmrRegisterResult resultsZmr = zmrClient.searchWithBpkZp(
+ operationStatus.getZmrProcessId(), bpkZp);
+ final List<RegisterResult> resultsErnp = ernpClient.searchWithBpkZp(bpkZp);
+ return new RegisterSearchResult(operationStatus, resultsZmr.getPersonResult(), resultsErnp);
+
}
/**
- * Search with Given Name, Family Name, Date of Birth, Place of Birth and Birth Name in ZMR and ERnP.
+ * Search with residence infos.
+ *
+ * @param operationStatus Current register-operation status that contains processing informations
+ * @param zipcode Provided Zipcode
+ * @param city Provided City
+ * @param street Provided street
+ * @return Results from ZMR or ERnP search
*/
- public MergedRegisterSearchResult searchDeSpecific(SimpleEidasData eidasData) {
- List<RegisterResult> resultsZmr =
- zmrClient.searchDeSpecific(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData.getDateOfBirth(),
- eidasData.getPlaceOfBirth(), eidasData.getBirthName());
- List<RegisterResult> resultsErnb =
- ernpClient.searchDeSpecific(eidasData.getGivenName(), eidasData.getFamilyName(), eidasData.getDateOfBirth(),
- eidasData.getPlaceOfBirth(), eidasData.getBirthName());
- return new MergedRegisterSearchResult(resultsZmr, resultsErnb);
+ public RegisterSearchResult searchWithResidence(RegisterOperationStatus operationStatus, SimpleEidasData eidasData,
+ String zipcode, String city, String street) {
+ final ZmrRegisterResult resultsZmr = zmrClient.searchWithResidenceData(
+ operationStatus.getZmrProcessId(), eidasData.getGivenName(), eidasData.getFamilyName(),
+ eidasData.getDateOfBirth(), zipcode, city, street);
+ return new RegisterSearchResult(operationStatus, resultsZmr.getPersonResult(), Collections.emptyList());
+
}
/**
- * Search with BPK-ZP in BMR and ERnP.
+ * Automatic process to fix the register entries.
+ *
+ * @param specificSearchResult Result of last register search
+ * @param eidasData Received eidas data
+ */
+ public void step7aKittProcess(RegisterSearchResult specificSearchResult,
+ SimpleEidasData eidasData) throws WorkflowException {
+ log.trace("Starting step7aKittProcess");
+ // TODO verify with which data this method gets called
+ if (specificSearchResult.getResultCount() != 1) {
+ throw new WorkflowException("step7aKittProcess", "getResultCount() != 1");
+
+ }
+
+ if (specificSearchResult.getResultsZmr().size() == 1) {
+ zmrClient.update(specificSearchResult.getOperationStatus().getZmrProcessId(),
+
+ specificSearchResult.getResultsZmr().get(0), eidasData);
+ }
+
+ if (specificSearchResult.getResultsErnp().size() == 1) {
+ ernpClient.update(specificSearchResult.getResultsErnp().get(0), eidasData);
+
+ }
+
+ }
+
+ @Nullable
+ private CountrySpecificDetailSearchProcessor findSpecificProcessor(SimpleEidasData eidasData) {
+ final String citizenCountry = eidasData.getCitizenCountryCode();
+ for (final CountrySpecificDetailSearchProcessor processor : handlers) {
+ if (processor.canHandle(citizenCountry, eidasData)) {
+ log.debug("Found suitable search handler for {} by using: {}", citizenCountry, processor.getName());
+ return processor;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Register releated information that are needed for any request.
+ *
+ * @author tlenz
+ *
*/
- public MergedRegisterSearchResult searchWithBpkZp(String bpkZp) {
- List<RegisterResult> resultsZmr = zmrClient.searchWithBpkZp(bpkZp);
- List<RegisterResult> resultsErnp = ernpClient.searchWithBpkZp(bpkZp);
- return new MergedRegisterSearchResult(resultsZmr, resultsErnp);
+ @AllArgsConstructor
+ @Getter
+ public static class RegisterOperationStatus {
+
+ /**
+ * ZMR internal processId that is required for any further request in the same process.
+ */
+ private BigInteger zmrProcessId;
+
+
}
+
+ /**
+ * Response container for {@link RegisterSearchService}.
+ *
+ * @author tlenz
+ *
+ */
+ @Getter
+ @RequiredArgsConstructor
+ public static class RegisterSearchResult {
+
+ /**
+ * Mark the register result finished.
+ */
+ @Setter
+ private boolean matchingFinished = false;
+
+ /**
+ * Operation status for this result.
+ */
+ private final RegisterOperationStatus operationStatus;
+
+ /**
+ * Current ZMR search result.
+ */
+ private final List<RegisterResult> resultsZmr;
+
+ /**
+ * Current ERnP search result.
+ */
+ private final List<RegisterResult> resultsErnp;
+
+
+ /**
+ * Get sum of ZMR and ERnP results.
+ *
+ * @return number of results
+ */
+ public int getResultCount() {
+ return resultsZmr.size() + resultsErnp.size();
+ }
+
+ /**
+ * Verifies that there is only one match and returns the bpk.
+ *
+ * @return bpk bpk of the match
+ * @throws WorkflowException if multiple results have been found or matching is not marked as finished
+ */
+ public String getBpk() throws WorkflowException {
+ if (getResultCount() != 1 || !matchingFinished) {
+ throw new WorkflowException("readRegisterResults",
+ matchingFinished ? "getResultCount() != 1" : "matching prozess not finished yet");
+
+ }
+ return getResult().getBpk();
+ }
- public MergedRegisterSearchResult searchWithResidence(String zipcode, String city, String street) {
- List<RegisterResult> resultsZmr = zmrClient.searchWithResidenceData(zipcode, city, street);
- return new MergedRegisterSearchResult(resultsZmr, Collections.emptyList());
+ /**
+ * Returns the results, if there is exactly one, throws exception otherwise.
+ *
+ * @return The result
+ * @throws WorkflowException Results does not contain exactly one result
+ */
+ public RegisterResult getResult() throws WorkflowException {
+ if (getResultCount() != 1) {
+ throw new WorkflowException("readRegisterResults", "getResultCount() != 1");
+ }
+ if (resultsZmr.size() == 1) {
+ return resultsZmr.get(0);
+
+ } else {
+ return resultsErnp.get(0);
+
+ }
+ }
+
}
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 97769cc2..41bf4409 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -23,15 +23,40 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
+import org.joda.time.DateTime;
+import org.jose4j.lang.JoseException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+
import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
@@ -48,36 +73,14 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.AttributeValue;
import eu.eidas.auth.commons.light.ILightResponse;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
-import org.joda.time.DateTime;
-import org.jose4j.lang.JoseException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
import szrservices.IdentityLinkType;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
/**
* Task that creates the IdentityLink for an eIDAS authenticated person.
* Input:
@@ -127,10 +130,14 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try {
+
+ /*TODO: needs refactoring because we has to be operate on national identifiers
+ * because matching and insert ERnP was already done!!
+ */
final ILightResponse eidasResponse = getAuthProcessDataWrapper()
.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
final Map<String, Object> eidasAttributes = convertEidasAttrToSimpleMap(
- eidasResponse.getAttributes().getAttributeMap());
+ eidasResponse.getAttributes().getAttributeMap());
final SimpleEidasData eidData = eidPostProcessor.postProcess(eidasAttributes);
//final SimpleEidasData eidData =
// getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
@@ -192,7 +199,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
private void executeEidMode(SimpleEidasData eidData, String personalIdentifier)
throws JsonProcessingException, EaafException, JoseException {
- // get encrypted baseId
+ // get encrypted baseId
String vsz = szrClient.getEncryptedStammzahl(eidData);
//write revision-Log entry and extended infos personal-identifier mapping
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java
index 025f3475..69b127d8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java
@@ -23,18 +23,19 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Component;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import lombok.extern.slf4j.Slf4j;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
/**
* Task that searches ERnP and ZMR before adding person to SZR.
@@ -69,9 +70,11 @@ public class CreateNewErnpEntryTask extends AbstractAuthServletTask {
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try {
- SimpleEidasData simpleEidasData = getInitialEidasData();
+ SimpleEidasData simpleEidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
+
// TODO When to do eidPostProcessor.postProcess on the eidas attributes?
String vsz = szrClient.createNewErnpEntry(simpleEidasData);
+
// TODO what to do with the VSZ now
log.info("VSZ: {}", vsz);
} catch (final Exception e) {
@@ -80,12 +83,4 @@ public class CreateNewErnpEntryTask extends AbstractAuthServletTask {
}
}
- private SimpleEidasData getInitialEidasData() {
- return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
- }
-
- private AuthProcessDataWrapper getAuthProcessDataWrapper() {
- return pendingReq.getSessionData(AuthProcessDataWrapper.class);
- }
-
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
index a6e0bca8..1563d6df 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
@@ -23,43 +23,44 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK;
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.joda.time.DateTime;
+import org.springframework.stereotype.Component;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.AttributeValue;
import eu.eidas.auth.commons.light.ILightResponse;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
-import org.joda.time.DateTime;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK;
/**
* Task that searches registers (ERnP and ZMR) before adding person to SZR.
@@ -91,23 +92,19 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSIT
@SuppressWarnings("PMD.TooManyStaticImports")
public class InitialSearchTask extends AbstractAuthServletTask {
- private final List<CountrySpecificDetailSearchProcessor> handlers;
private final RegisterSearchService registerSearchService;
private final ICcSpecificEidProcessingService eidPostProcessor;
/**
* Constructor.
- * @param handlers List of countrySpecificSearchProcessors
* @param registerSearchService Service for register search access
* @param eidPostProcessor Country-Specific post processing of attributes
*/
- public InitialSearchTask(List<CountrySpecificDetailSearchProcessor> handlers,
- RegisterSearchService registerSearchService,
+ public InitialSearchTask(RegisterSearchService registerSearchService,
ICcSpecificEidProcessingService eidPostProcessor) {
this.registerSearchService = registerSearchService;
- this.handlers = handlers;
this.eidPostProcessor = eidPostProcessor;
- log.info("Init with {} country specific detail search services", handlers.size());
+
}
@Override
@@ -115,126 +112,124 @@ public class InitialSearchTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try {
final SimpleEidasData eidasData = convertEidasAttrToSimpleData();
- storeInitialEidasData(eidasData);
+ MatchingTaskUtils.storeInitialEidasData(pendingReq, eidasData);
step2RegisterSearchWithPersonIdentifier(executionContext, eidasData);
+
+ } catch (WorkflowException e) {
+ throw new TaskExecutionException(pendingReq, "Initial search failed", e);
+
} catch (final Exception e) {
log.error("Initial search failed", e);
- throw new TaskExecutionException(pendingReq, "Initial search failed", e);
+ throw new TaskExecutionException(pendingReq, "Initial search failed with a generic error", e);
+
}
}
private void step2RegisterSearchWithPersonIdentifier(
- ExecutionContext executionContext, SimpleEidasData eidasData)
- throws TaskExecutionException, EaafStorageException, ManualFixNecessaryException {
- log.trace("Starting step2RegisterSearchWithPersonIdentifier");
- MergedRegisterSearchResult initialSearchResult = registerSearchService.searchWithPersonIdentifier(eidasData);
- storeInitialRegisterResult(initialSearchResult);
- int resultCount = initialSearchResult.getResultCount();
- if (resultCount == 0) {
- step5CountrySpecificSearchCheck(executionContext, initialSearchResult, eidasData);
- } else if (resultCount == 1) {
- step3CheckRegisterUpdateNecessary(initialSearchResult, eidasData);
- } else {
- throw new ManualFixNecessaryException(eidasData);
- }
- }
-
- private void step3CheckRegisterUpdateNecessary(
- MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData)
- throws ManualFixNecessaryException {
- log.trace("Starting step3CheckRegisterUpdateNecessary");
- try {
- if (eidasData.equalsRegisterData(initialSearchResult)) {
- storeMatchingBpk(initialSearchResult.getBpk());
+ ExecutionContext executionContext, SimpleEidasData eidasData) throws WorkflowException, EaafStorageException {
+ try {
+ log.trace("Starting step2RegisterSearchWithPersonIdentifier");
+ RegisterSearchResult initialSearchResult = registerSearchService.searchWithPersonIdentifier(eidasData);
+ int resultCount = initialSearchResult.getResultCount();
+ if (resultCount == 0) {
+ step6CountrySpecificSearch(executionContext, initialSearchResult.getOperationStatus(), eidasData);
+
+ } else if (resultCount == 1) {
+ // find person by PersonalIdentifier --> finalize first matching task
+ initialSearchResult.setMatchingFinished(true);
+ foundMatchFinializeTask(initialSearchResult, eidasData);
+
} else {
- // TODO Update "initialSearchResult" in register with "eidasData" from login not possible for now
- log.info("Update in Register");
- storeMatchingBpk(initialSearchResult.getBpk());
+ throw new WorkflowException("step2RegisterSearchWithPersonIdentifier",
+ "More than one entry with unique personal-identifier", true);
+
}
- } catch (WorkflowException | EaafStorageException e) {
- throw new ManualFixNecessaryException(eidasData);
+
+ } catch (WorkflowException e) {
+ //TODO: what we do in case of a workflow error and manual matching are necessary??
+
+ log.warn("Workflow error during matching step: {}. Reason: {}", e.getProcessStepName(), e.getErrorReason());
+ throw e;
+
}
}
-
- private void step5CountrySpecificSearchCheck(
- ExecutionContext executionContext, MergedRegisterSearchResult initialSearchResult, SimpleEidasData eidasData)
- throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException {
- log.trace("Starting step5CheckAndPerformCountrySpecificSearchIfPossible");
- CountrySpecificDetailSearchProcessor specificHandler = findSpecificProcessor(eidasData);
- if (specificHandler != null) {
- step6CountrySpecificSearch(executionContext, specificHandler, initialSearchResult, eidasData);
+
+ private void step6CountrySpecificSearch(
+ ExecutionContext executionContext, RegisterOperationStatus registerOperationStatus, SimpleEidasData eidasData)
+ throws EaafStorageException, WorkflowException {
+
+ log.trace("Starting 'step6CountrySpecificSearch' ... ");
+ RegisterSearchResult countrySpecificResult = registerSearchService.searchWithCountrySpecifics(
+ registerOperationStatus, eidasData);
+ if (countrySpecificResult.getResultCount() == 0) {
+ log.trace("'step6CountrySpecificSearch' ends with no result. Forward to next matching step ... ");
+ step8RegisterSearchWithMds(executionContext, countrySpecificResult.getOperationStatus(), eidasData);
+
+ } else if (countrySpecificResult.getResultCount() == 1) {
+ log.trace("'step6CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... ");
+ registerSearchService.step7aKittProcess(countrySpecificResult, eidasData);
+
+ // find person by country-specific information --> finalize first matching task
+ countrySpecificResult.setMatchingFinished(true);
+ foundMatchFinializeTask(countrySpecificResult, eidasData);
+
} else {
- step8RegisterSearchWithMds(executionContext, eidasData);
- }
+ throw new WorkflowException("step6CountrySpecificSearch",
+ "More than one entry with unique country-specific informations", true);
+
+ }
}
- @Nullable
- private CountrySpecificDetailSearchProcessor findSpecificProcessor(SimpleEidasData eidasData) {
- final String citizenCountry = eidasData.getCitizenCountryCode();
- for (final CountrySpecificDetailSearchProcessor processor : handlers) {
- if (processor.canHandle(citizenCountry, eidasData)) {
- log.debug("Found suitable search handler for {} by using: {}", citizenCountry, processor.getName());
- return processor;
- }
- }
- return null;
- }
-
- private void step6CountrySpecificSearch(ExecutionContext executionContext,
- CountrySpecificDetailSearchProcessor processor,
- MergedRegisterSearchResult initialSearchResult,
- SimpleEidasData eidasData)
- throws TaskExecutionException, ManualFixNecessaryException, EaafStorageException {
- log.trace("Starting step6CountrySpecificSearch");
- MergedRegisterSearchResult countrySearchResult = processor.search(eidasData);
- int resultCount = countrySearchResult.getResultCount();
- if (resultCount == 0) {
- step8RegisterSearchWithMds(executionContext, eidasData);
- } else if (resultCount == 1) {
- String bpk = registerSearchService
- .step7aKittProcess(initialSearchResult, countrySearchResult, eidasData, pendingReq);
- storeMatchingBpk(bpk);
- } else {
- throw new ManualFixNecessaryException(eidasData);
- }
- }
-
- private void step8RegisterSearchWithMds(ExecutionContext executionContext, SimpleEidasData eidasData)
- throws EaafStorageException {
+ private void step8RegisterSearchWithMds(ExecutionContext executionContext,
+ RegisterOperationStatus registerOperationStatus, SimpleEidasData eidasData)
+ throws EaafStorageException, WorkflowException {
log.trace("Starting step8RegisterSearchWithMds");
- MergedRegisterSearchResult registerData = registerSearchService.searchWithMds(eidasData);
+ RegisterSearchResult registerData = registerSearchService.searchWithMds(registerOperationStatus, eidasData);
+
if (registerData.getResultCount() == 0) {
+ log.debug("Matching step: 'step8RegisterSearchWithMds' has no result. Forward to create new ERnP entry ... ");
executionContext.put(TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true);
+
} else {
- storeFurtherRegisterResults(registerData);
+ log.debug("Matching step: 'step8RegisterSearchWithMds' has #{} results. "
+ + "Forward to GUI based matching steps ... ", registerData.getResultCount());
+
+ MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerData);
executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
+
}
}
- private void storeInitialRegisterResult(MergedRegisterSearchResult registerData) throws EaafStorageException {
- getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_INITIAL_REGISTER_RESULT, registerData);
- }
-
- private void storeFurtherRegisterResults(MergedRegisterSearchResult registerData) throws EaafStorageException {
- getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_FURTHER_REGISTER_RESULT, registerData);
- }
- private void storeInitialEidasData(SimpleEidasData eidasData) throws EaafStorageException {
- getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidasData);
- }
- private void storeMatchingBpk(String bpk) throws EaafStorageException {
- getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
+ private void foundMatchFinializeTask(RegisterSearchResult searchResult, SimpleEidasData eidasData)
+ throws WorkflowException, EaafStorageException {
+ // check if register update is required
+ step3CheckRegisterUpdateNecessary(searchResult, eidasData);
+
+ // store search result
+ MatchingTaskUtils.storeInitialRegisterResult(pendingReq, searchResult);
+
}
-
- private AuthProcessDataWrapper getAuthProcessDataWrapper() {
- return pendingReq.getSessionData(AuthProcessDataWrapper.class);
+
+ private void step3CheckRegisterUpdateNecessary(RegisterSearchResult initialSearchResult,
+ SimpleEidasData eidasData) throws WorkflowException {
+ log.trace("Starting step3CheckRegisterUpdateNecessary");
+ if (!eidasData.equalsRegisterData(initialSearchResult)) {
+ // TODO Update "initialSearchResult" in register with "eidasData" from login not possible for now
+ log.info("Skipping update-register-information step, because it's not supported yet");
+
+ } else {
+ log.debug("Register information match to eIDAS information. No update requird");
+
+ }
+
}
-
+
@NotNull
private SimpleEidasData convertEidasAttrToSimpleData()
throws EidasAttributeException, EidPostProcessingException {
- final ILightResponse eidasResponse = getAuthProcessDataWrapper()
+ final ILightResponse eidasResponse = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq)
.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
Map<String, Object> simpleMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap());
return eidPostProcessor.postProcess(simpleMap);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
index 3b7f361c..b18104fa 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
@@ -23,29 +23,31 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.jetbrains.annotations.NotNull;
+import org.springframework.stereotype.Component;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.jetbrains.annotations.NotNull;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Enumeration;
/**
@@ -69,6 +71,7 @@ import java.util.Enumeration;
*
* @author amarsalek
* @author ckollmann
+ * @author tlenz
*/
@Slf4j
@Component("ReceiveAustrianResidenceGuiResponseTask")
@@ -98,72 +101,88 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
log.trace("Starting ReceiveAustrianResidenceGuiResponseTask");
- UserInput input = parseHtmlInput(request);
+
+ UserInput input = parseHtmlInput(request);
if (!input.isFormerResidenceAvailable()) {
moveToNextTask(executionContext);
return;
+
}
+
+ //TODO: Here, we need an error handling an can not stop full process if form input was invalid
+ //TODO: check minimum form elements
+ /*TODO: maybe we can switch to custom controller and use WebMVC form-binding feature.
+ * Binding element can be add as attribute to this request
+ */
if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) {
// HTML form should ensure that mandatory fields are set => this should never happen
- throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException());
+ throw new TaskExecutionException(pendingReq, "Invalid user input",
+ new InvalidUserInputException("module.eidasauth.matching.06"));
+
}
- // TODO Also search with MDS? But MDS Search has already happened?
+
+
+
try {
- SimpleEidasData eidasData = getInitialEidasData();
- MergedRegisterSearchResult residencyResult = registerSearchService
- .searchWithResidence(input.zipcode, input.city, input.street);
+ SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
+ RegisterSearchResult initialSearchResult = MatchingTaskUtils.getInitialRegisterResult(pendingReq);
+
+ RegisterSearchResult residencyResult =
+ registerSearchService.searchWithResidence(initialSearchResult.getOperationStatus(),
+ eidasData, input.zipcode, input.city, input.street);
if (residencyResult.getResultCount() == 0) {
+ //TODO: her we should add a GUI step of result is zero to inform user an forward process by click
moveToNextTask(executionContext);
+
} else if (residencyResult.getResultCount() == 1) {
compareSearchResultWithInitialData(executionContext, residencyResult, eidasData);
+
} else {
+ /*TODO: align with form generation task and to better error handling in case of more-than-one result.
+ * Maybe the user has to provide more information.
+ */
throw new TaskExecutionException(pendingReq,
"Manual Fix necessary", new ManualFixNecessaryException(eidasData));
+
}
+
} catch (EaafStorageException e) {
log.error("Search with residency data failed", e);
throw new TaskExecutionException(pendingReq, "Search with residency data failed", e);
+
}
}
- private void compareSearchResultWithInitialData(ExecutionContext executionContext,
- MergedRegisterSearchResult residencyResult, SimpleEidasData eidasData)
+ private void compareSearchResultWithInitialData(ExecutionContext executionContext,
+ RegisterSearchResult residencyResult, SimpleEidasData eidasData)
throws TaskExecutionException, EaafStorageException {
- try {
- MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult();
- // TODO search "residencyResult" in "initialSearchResult"!?
+ try {
+ /*TODO: check 'equalsRegisterData' because this method maybe this method evaluate to an invalid result.
+ * See TODO in methods body
+ */
if (eidasData.equalsRegisterData(residencyResult)) {
- String bpk = registerSearchService
- .step7aKittProcess(initialSearchResult, residencyResult, eidasData, pendingReq);
- storeMatchingBpk(bpk);
+ // update register information
+ registerSearchService.step7aKittProcess(residencyResult, eidasData);
+
+ // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS
+ residencyResult.setMatchingFinished(true);
+ MatchingTaskUtils.storeInitialRegisterResult(pendingReq, residencyResult);
+
} else {
moveToNextTask(executionContext);
+
}
+
} catch (WorkflowException e) {
throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException(eidasData));
+
}
}
- private SimpleEidasData getInitialEidasData() {
- return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
- }
-
- private MergedRegisterSearchResult getInitialRegisterResult() {
- return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
- MergedRegisterSearchResult.class);
- }
-
- private void storeMatchingBpk(String bpk) throws EaafStorageException {
- getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
- }
-
- private AuthProcessDataWrapper getAuthProcessDataWrapper() {
- return pendingReq.getSessionData(AuthProcessDataWrapper.class);
- }
-
private void moveToNextTask(ExecutionContext executionContext) {
// Later on, this should transition to Step 20
executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true);
+
}
private @NotNull UserInput parseHtmlInput(HttpServletRequest request) {
@@ -174,15 +193,20 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet
String escaped = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
if (PARAM_FORMER_RESIDENCE_AVAILABLE.equalsIgnoreCase(paramName)) {
result.setFormerResidenceAvailable(Boolean.parseBoolean(escaped));
+
} else if (PARAM_STREET.equalsIgnoreCase(paramName)) {
result.setStreet(escaped);
+
} else if (PARAM_CITY.equalsIgnoreCase(paramName)) {
result.setCity(escaped);
+
} else if (PARAM_ZIPCODE.equalsIgnoreCase(paramName)) {
result.setZipcode(escaped);
+
}
}
return result;
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index a6ff345d..fd469f49 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -23,24 +23,45 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
+import org.springframework.stereotype.Component;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
@@ -58,23 +79,6 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.jetbrains.annotations.NotNull;
-import org.opensaml.core.xml.io.MarshallingException;
-import org.opensaml.messaging.decoder.MessageDecodingException;
-import org.opensaml.saml.saml2.core.Response;
-import org.opensaml.saml.saml2.core.StatusCode;
-import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-import java.io.IOException;
-import java.util.List;
-import java.util.Set;
-
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants.MODULE_NAME_FOR_LOGGING;
/**
* Task that receives the SAML2 response from ID Austria system.
@@ -144,95 +148,84 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator);
Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
if (processedMsg.getSecond()) {
- stopProcessFromUserDecision(executionContext, request, response);
+ // forward to next matching step in case of ID Autria authentication was stopped by user
+ executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
return;
+
}
+ // validate SAML2 response
validateEntityId(inboundMessage);
+ log.info("Receive a valid assertion from IDP " + inboundMessage.getEntityID());
+
+ // load already existing information from session
+ SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
+ RegisterSearchResult initialSearchResult = MatchingTaskUtils.getInitialRegisterResult(pendingReq);
+
+ // extract user information from ID Austria authentication
AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
-
- /*
- * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem
- * <AssertionAttributeExtractor extractor> ausgelesen werden.
- * Die AttributeNamen sind entsprechend PVP Spezifikation, z.B. PvpAttributeDefinitions.GIVEN_NAME_NAME
- *
- * ---------------------------------------------------------------------------------------------
- *
- * TODO: ab hier müssen wir wohl was anpassen
- *
- */
-
- MergedRegisterSearchResult initialSearchResult = getInitialRegisterResult();
- SimpleEidasData eidasData = getInitialEidasData();
- String bpkZp = extractBpkZp(extractor, eidasData);
-
- // TODO Hier ist wohl keine Register-Suche notwendig, denn das ergibt sicher einen Treffer
- // TODO Soll: In den Ergebnissen aus Step8 matchen! Über BPK matchen, und dann schauen, ob zumindest
- // Geburtsdatum passt
- MergedRegisterSearchResult registerResult = registerSearchService.searchWithBpkZp(bpkZp);
- if (registerResult.getResultCount() == 0) {
- executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
- return;
- } else if (registerResult.getResultCount() == 1) {
- String bpk = registerSearchService
- .step7aKittProcess(initialSearchResult, registerResult, eidasData, pendingReq);
- storeMatchingBpk(bpk);
- return;
- } else if (registerResult.getResultCount() > 1) {
- throw new ManualFixNecessaryException(eidasData);
+ SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor);
+
+ // check if MDS from ID Austria authentication matchs to eIDAS authentication
+ if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
+ // user has cheated!?
+ throw new InvalidUserInputException("module.eidasauth.matching.05");
+
}
-
- // set NeedConsent to false, because user gives consent during authentication
- pendingReq.setNeedUserConsent(false);
- log.info("Receive a valid assertion from IDP " + inboundMessage.getEntityID());
+
+ // search entry in initial search result from steps before and build new RegisterSearchResult
+ RegisterSearchResult registerResult = new RegisterSearchResult(initialSearchResult.getOperationStatus(),
+ extractEntriesByBpk(initialSearchResult.getResultsZmr().stream(), simpleMobileSignatureData.getBpk()),
+ extractEntriesByBpk(initialSearchResult.getResultsErnp().stream(), simpleMobileSignatureData.getBpk()));
+
+ if (registerResult.getResultCount() != 1) {
+ throw new WorkflowException("matchWithIDAustriaAuthentication",
+ "Suspect state detected. MDS matches to eIDAS authentication "
+ + "but register search-result with MDS contains #" + registerResult.getResultCount()
+ + " entry with bPK from ID Austria authentication", false);
+
+ } else {
+ // perform kit operation
+ registerSearchService.step7aKittProcess(registerResult, eidasData);
+
+ // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS
+ registerResult.setMatchingFinished(true);
+ MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerResult);
+
+ }
+
} catch (final AuthnResponseValidationException e) {
throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);
+
} catch (MessageDecodingException | SecurityException | SamlSigningException e) {
//final String samlRequest = request.getParameter("SAMLRequest");
//log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}",
// samlRequest, null, e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_00,
new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
+
} catch (IOException | MarshallingException | TransformerException e) {
log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
+
} catch (final CredentialsNotAvailableException e) {
log.debug("PVP response decryption FAILED. No credential found.", e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
+
} catch (final Exception e) {
// todo catch ManualFixNecessaryException in any other way?
log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
+
}
}
- private String extractBpkZp(AssertionAttributeExtractor extractor,
- SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException {
- SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor);
- if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
- throw new InvalidUserInputException(); // user has cheated!?
- }
- return simpleMobileSignatureData.getBpk();
- }
+ private List<RegisterResult> extractEntriesByBpk(Stream<RegisterResult> stream, String bpk) {
+ return stream.filter(el -> bpk.equals(el.getBpk())).collect(Collectors.toList());
- private SimpleEidasData getInitialEidasData() {
- return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
- }
-
- private MergedRegisterSearchResult getInitialRegisterResult() {
- return getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
- MergedRegisterSearchResult.class);
- }
-
- private void storeMatchingBpk(String bpk) throws EaafStorageException {
- getAuthProcessDataWrapper().setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
- }
-
- private AuthProcessDataWrapper getAuthProcessDataWrapper() {
- return pendingReq.getSessionData(AuthProcessDataWrapper.class);
}
@NotNull
@@ -359,13 +352,15 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
}
if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
builder.dateOfBirth(extractor.getSingleAttributeValue(attrName));
- }
+ }
if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
- getAuthProcessDataWrapper().setQaaLevel(extractor.getSingleAttributeValue(attrName));
+ MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq).setQaaLevel(
+ extractor.getSingleAttributeValue(attrName));
}
}
- getAuthProcessDataWrapper().setIssueInstant(extractor.getAssertionIssuingDate());
+ MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq).setIssueInstant(extractor.getAssertionIssuingDate());
return builder.build();
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index e139b280..59a6886a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -23,6 +23,14 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Component;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
@@ -30,12 +38,6 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Enumeration;
/**
* Handles user's selection from {@link GenerateOtherLoginMethodGuiTask}.
@@ -69,13 +71,16 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractAuthServletT
SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request));
executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection);
transitionToNextTask(executionContext, selection);
+
} catch (final IllegalArgumentException e) {
log.error("Parsing selected login method FAILED.", e);
throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.",
- new InvalidUserInputException());
+ new InvalidUserInputException("module.eidasauth.matching.98"));
+
} catch (final Exception e) {
log.error("Parsing selected login method FAILED.", e);
throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e);
+
}
}
@@ -85,9 +90,12 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractAuthServletT
String paramName = paramNames.nextElement();
if (Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER.equalsIgnoreCase(paramName)) {
return StringEscapeUtils.escapeHtml(request.getParameter(paramName));
+
}
}
- throw new InvalidUserInputException();
+
+ throw new InvalidUserInputException("module.eidasauth.matching.98");
+
}
private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection)
@@ -96,14 +104,18 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractAuthServletT
case EIDAS_LOGIN:
executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true);
return;
+
case MOBILE_PHONE_SIGNATURE_LOGIN:
executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true);
return;
+
case NO_OTHER_LOGIN:
executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
return;
+
default:
- throw new InvalidUserInputException();
+ throw new InvalidUserInputException("module.eidasauth.matching.98");
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
index 3023bc0a..6b541135 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
@@ -23,30 +23,33 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.annotation.Nullable;
+
+import org.apache.commons.lang3.StringUtils;
+import org.joda.time.DateTime;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
import at.gv.egiz.eaaf.core.impl.data.Triple;
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableSet;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.AttributeValue;
import eu.eidas.auth.commons.attribute.AttributeValueMarshaller;
import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
import eu.eidas.auth.commons.attribute.AttributeValueTransliterator;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
-import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.annotation.Nullable;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
public class EidasResponseUtils {
private static final Logger log = LoggerFactory.getLogger(EidasResponseUtils.class);
@@ -324,6 +327,21 @@ public class EidasResponseUtils {
}
/**
+ * Post-Process the eIDAS personal identifier attribute.
+ *
+ * @param personalIdentifierObj eIDAS personal identifier attribute-information
+ * @return formated user's full personal identifier
+ * @throws EidasAttributeException if NO attribute is available
+ */
+ public static String processPersonalIdentifier(Object personalIdentifierObj) throws EidasAttributeException {
+ if (!(personalIdentifierObj instanceof String)) {
+ throw new EidasAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+ }
+ return (String) personalIdentifierObj;
+ }
+
+
+ /**
* Post-Process the eIDAS pseudonym to ERnB unique identifier.
*
* @param personalIdObj eIDAS PersonalIdentifierAttribute
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java
new file mode 100644
index 00000000..5625a30d
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java
@@ -0,0 +1,88 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils;
+
+import javax.annotation.Nullable;
+
+import org.springframework.lang.NonNull;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+
+public class MatchingTaskUtils {
+
+ /**
+ * Get eIDAS log-in information from session.
+ *
+ * @param pendingReq Current pendingRequest
+ * @return eIDAS infos or <code>null</code> if not exist
+ */
+ @Nullable
+ public static SimpleEidasData getInitialEidasData(IRequest pendingReq) {
+ return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession(
+ Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
+
+ }
+
+ /**
+ * Set eIDAS log-in information to session.
+ *
+ * @param pendingReq Current pendingRequest
+ * @param eidasData infos from eIDAS Proxy-Service
+ * @throws EaafStorageException In case of data can not be add into session
+ */
+ @Nullable
+ public static void storeInitialEidasData(IRequest pendingReq, SimpleEidasData eidasData)
+ throws EaafStorageException {
+ getAuthProcessDataWrapper(pendingReq).setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidasData);
+
+ }
+
+ /**
+ * Get Matching result from session.
+ *
+ * @param pendingReq Current pendingRequest
+ * @return Matching result or <code>null</code> if not exist
+ */
+ @Nullable
+ public static RegisterSearchResult getInitialRegisterResult(IRequest pendingReq) {
+ return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
+ RegisterSearchResult.class);
+
+ }
+
+ /**
+ * Store matching result into session.
+ *
+ * @param pendingReq Current pendingRequest
+ * @param registerData Matching result information
+ * @throws EaafStorageException In case of data can not be add into session
+ */
+ @Nullable
+ public static void storeInitialRegisterResult(IRequest pendingReq, RegisterSearchResult registerData)
+ throws EaafStorageException {
+ getAuthProcessDataWrapper(pendingReq).setGenericDataToSession(
+ Constants.DATA_INITIAL_REGISTER_RESULT, registerData);
+
+ }
+
+ /**
+ * Get holder for authentication information for the current process.
+ *
+ * @param pendingReq Current pendingRequest
+ * @return {@link AuthProcessDataWrapper}
+ */
+ @NonNull
+ public static AuthProcessDataWrapper getAuthProcessDataWrapper(IRequest pendingReq) {
+ return pendingReq.getSessionData(AuthProcessDataWrapper.class);
+
+ }
+
+ private MatchingTaskUtils() {
+ //hide constructor in case of class contains only static methods
+
+ }
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/VersionHolder.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/VersionHolder.java
new file mode 100644
index 00000000..dbe88d33
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/VersionHolder.java
@@ -0,0 +1,40 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils;
+
+import java.util.Optional;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.ApplicationContext;
+
+/**
+ * SpringBoot based implementation of an application-version holder.
+ *
+ * @author tlenz
+ *
+ */
+public class VersionHolder {
+
+ private final String version;
+
+ /**
+ * Build up a holder that contains the current version of this application.
+ *
+ * @param context SprintBoot context
+ */
+ public VersionHolder(ApplicationContext context) {
+ version = context.getBeansWithAnnotation(SpringBootApplication.class).entrySet().stream()
+ .findFirst()
+ .flatMap(es -> Optional.ofNullable(es.getValue().getClass().getPackage().getImplementationVersion()))
+ .orElse("unknown");
+
+ }
+
+ /**
+ * Get version of this application.
+ *
+ * @return version
+ */
+ public String getVersion() {
+ return version;
+
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java
index 80e61451..30a801a4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java
@@ -23,55 +23,59 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import java.math.BigInteger;
+import java.util.Collections;
+
import org.springframework.stereotype.Service;
-import java.util.Collections;
-import java.util.List;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.IZmrClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
+import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
@Service("ZmrClientForeIDAS")
public class DummyZmrClient implements IZmrClient {
@Override
- public List<RegisterResult> searchWithPersonIdentifier(String personIdentifier) {
- return Collections.emptyList();
+ public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier) {
+ return new ZmrRegisterResult(Collections.emptyList(), null);
+
}
@Override
- public List<RegisterResult> searchWithMds(String givenName, String familyName, String dateOfBirth) {
+ public ZmrRegisterResult searchWithMds(BigInteger zmrProzessId, String givenName, String familyName,
+ String dateOfBirth, String countryCode) {
//TODO will I only receive matches where all three values match perfectly?
- return Collections.emptyList();
+ return new ZmrRegisterResult(Collections.emptyList(), null);
+
}
@Override
- public List<RegisterResult> searchDeSpecific(String givenName, String familyName, String dateOfBirth,
- String birthPlace, String birthName) {
- //TODO
- return Collections.emptyList();
- }
-
- @Override
- public List<RegisterResult> searchItSpecific(String taxNumber) {
- //TODO
- return Collections.emptyList();
+ public ZmrRegisterResult searchCountrySpecific(BigInteger zmrProzessId, PersonSuchenRequest personSearchDao,
+ String citizenCountryCode) throws EidasSAuthenticationException {
+ return new ZmrRegisterResult(Collections.emptyList(), null);
+
}
@Override
- public void update(RegisterResult registerResult, SimpleEidasData eidData) {
+ public void update(BigInteger zmrProzessId, RegisterResult registerResult, SimpleEidasData eidData) {
//TODO
}
@Override
- public List<RegisterResult> searchWithBpkZp(String bpkzp) {
+ public ZmrRegisterResult searchWithBpkZp(BigInteger zmrProzessId, String bpkzp) {
//TODO
- return Collections.emptyList();
+ return new ZmrRegisterResult(Collections.emptyList(), null);
}
@Override
- public List<RegisterResult> searchWithResidenceData(String zipcode, String city, String street) {
+ public ZmrRegisterResult searchWithResidenceData(BigInteger zmrProzessId, String givenName, String familyName,
+ String dateOfBirth, String zipcode, String city, String street) {
// TODO
- return Collections.emptyList();
+ return new ZmrRegisterResult(Collections.emptyList(), null);
}
+
}