diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java')
2 files changed, 208 insertions, 208 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java index 684451ed..dc6df967 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -260,8 +260,8 @@ public class SzrClient { * @return bPK for this person * @throws SzrCommunicationException In case of a SZR error */ - public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus, - ErnpEidData eidData)throws SzrCommunicationException { + public String getEidasBind(final String vsz, final String bindingPubKey, final String eidStatus, + ErnpEidData eidData)throws SzrCommunicationException { final Map<String, Object> eidsaBindMap = new HashMap<>(); eidsaBindMap.put(ATTR_NAME_VSZ, vsz); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index d6fdd350..ab9c49da 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -23,27 +23,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import java.io.IOException; -import java.io.InputStream; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.ParserConfigurationException; - -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.xml.sax.SAXException; - -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; - import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; @@ -63,29 +42,54 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.Data; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; +import org.joda.time.DateTime; +import org.jose4j.lang.JoseException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.xml.sax.SAXException; import szrservices.IdentityLinkType; import szrservices.PersonInfoType; import szrservices.TravelDocumentType; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.ParserConfigurationException; +import java.io.IOException; +import java.io.InputStream; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; + /** * Task that creates the IdentityLink for an eIDAS authenticated person. * * @author tlenz - * + * <p> * TODO Take Constants#DATA_SIMPLE_EIDAS and Constants#DATA_RESULT_MATCHING_BPK * TODO Only do VSZ Erstellung and eidasBind -- this is always the end of the whole process * TODO Move Eintragung to separate Task, as it does not happen every time @@ -94,13 +98,13 @@ import szrservices.TravelDocumentType; @Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { + @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") @Autowired private IConfiguration basicConfig; @Autowired private SzrClient szrClient; @Autowired private ICcSpecificEidProcessingService eidPostProcessor; - @Autowired private AuthBlockSigningService authBlockSigner; @@ -118,117 +122,115 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final ILightResponse eidasResponse = authProcessData + final ILightResponse eidasResponse = getAuthProcessDataWrapper() .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - - final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap( + final Map<String, Object> eidasAttributes = convertEidasAttrToSimpleMap( eidasResponse.getAttributes().getAttributeMap()); - - // post-process eIDAS attributes - final ErnpEidData eidData = eidPostProcessor.postProcess(simpleAttrMap); - - // write MDS into technical log and revision log + final ErnpEidData eidData = eidPostProcessor.postProcess(eidasAttributes); writeMdsLogInformation(eidData); - //build IdentityLink or VSZ and eidasBind if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { - SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData); - //inject personal-data into session - authProcessData.setIdentityLink(idlResult.getIdentityLink()); - - // set bPK and bPKType into auth session - authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( - idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); - authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); - + buildDummyIdentityLink(eidData); } else { //build SZR request from eIDAS data final PersonInfoType personInfo = generateSzrRequest(eidData); - //request SZR based on IDL or E-ID mode if (pendingReq.getServiceProviderConfiguration() .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) { - - // get encrypted baseId - String vsz = szrClient.getEncryptedStammzahl(personInfo); - - //write revision-Log entry and extended infos personal-identifier mapping - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED); - writeExtendedRevisionLogEntry(simpleAttrMap, eidData); - - - // get eIDAS bind - String signedEidasBind = szrClient.getEidsaBind(vsz, - authBlockSigner.getBase64EncodedPublicKey(), - EID_STATUS, eidData); - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); - authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); - - //get signed AuthBlock - String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq); - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED); - authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); - - //inject personal-data into session - authProcessData.setEidProcess(true); - + executeEidMode(eidasAttributes, eidData, personInfo); } else { - //request SZR - SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo); + executeIdlMode(eidasAttributes, eidData, personInfo); + } + } + storeGenericInfoToSession(eidasResponse, eidasAttributes); + requestStoreage.storePendingRequest(pendingReq); + } catch (final EidasAttributeException e) { + throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); + } catch (final EaafException e) { + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + } catch (final Exception e) { + log.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + } + } - //write revision-Log entry for personal-identifier mapping - writeExtendedRevisionLogEntry(simpleAttrMap, eidData); + private void storeGenericInfoToSession(ILightResponse eidasResponse, Map<String, Object> eidasAttributes) throws EaafStorageException { + AuthProcessDataWrapper authProcessData = getAuthProcessDataWrapper(); + authProcessData.setForeigner(true); + Triple<String, String, String> eidasPersonalIdentifier = EidasResponseUtils + .parseEidasPersonalIdentifier((String) eidasAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + Objects.requireNonNull(eidasPersonalIdentifier).getFirst()); + authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); + } - //check result-data and write revision-log based on current state - checkStateAndWriteRevisionLog(idlResult); + private void executeIdlMode(Map<String, Object> simpleAttrMap, ErnpEidData eidData, PersonInfoType personInfo) throws EaafException { + //request SZR + SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo); - //inject personal-data into session - authProcessData.setIdentityLink(idlResult.getIdentityLink()); - authProcessData.setEidProcess(false); + //write revision-Log entry for personal-identifier mapping + writeExtendedRevisionLogEntry(simpleAttrMap, eidData); - // set bPK and bPKType into auth session - authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( - idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); - authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); + //check result-data and write revision-log based on current state + checkStateAndWriteRevisionLog(idlResult); - } - } + //inject personal-data into session + AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper(); + authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink()); + authProcessDataWrapper.setEidProcess(false); - //add generic info's into session - authProcessData.setForeigner(true); - authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils - .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) - .getFirst()); - authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); + // set bPK and bPKType into auth session + authProcessDataWrapper.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( + idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); + authProcessDataWrapper.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); + } - // store pending-request - requestStoreage.storePendingRequest(pendingReq); + private void executeEidMode(Map<String, Object> simpleAttrMap, ErnpEidData eidData, PersonInfoType personInfo) throws JsonProcessingException, EaafException, JoseException { + // get encrypted baseId + String vsz = szrClient.getEncryptedStammzahl(personInfo); + //write revision-Log entry and extended infos personal-identifier mapping + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED); + writeExtendedRevisionLogEntry(simpleAttrMap, eidData); - } catch (final EidasAttributeException e) { - throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); + // get eIDAS bind + String signedEidasBind = szrClient + .getEidasBind(vsz, authBlockSigner.getBase64EncodedPublicKey(), EID_STATUS, eidData); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); + AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper(); + authProcessDataWrapper.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); - } catch (final EaafException e) { - throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + //get signed AuthBlock + String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED); + authProcessDataWrapper.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); - } catch (final Exception e) { - log.error("IdentityLink generation for foreign person FAILED.", e); - throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + //inject personal-data into session + authProcessDataWrapper.setEidProcess(true); + } - } + private void buildDummyIdentityLink(ErnpEidData eidData) throws ParserConfigurationException, SAXException, IOException, EaafException { + AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper(); + SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData); + //inject personal-data into session + authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink()); + + // set bPK and bPKType into auth session + authProcessDataWrapper.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix( + idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); + authProcessDataWrapper.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); } private void writeExtendedRevisionLogEntry(Map<String, Object> simpleAttrMap, ErnpEidData eidData) { - // write ERnB input-data into revision-log + // write ERnP input-data into revision-log if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, - (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); } @@ -253,76 +255,66 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { eDocument.setDocumentNumber(eidData.getPseudonym()); // eID document information - eDocument.setDocumentType(basicConfig - .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, - Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + String documentType = basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE); + eDocument.setDocumentType(documentType); // set PlaceOfBirth if available if (eidData.getPlaceOfBirth() != null) { log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth()); - if (basicConfig - .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, - true)) { + boolean setPlaceOfBirth = basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, true); + if (setPlaceOfBirth) { naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth()); log.trace("Adding 'PlaceOfBirth' to ERnB request ... "); - } } // set BirthName if available if (eidData.getBirthName() != null) { log.trace("Find 'BirthName' attribute: " + eidData.getBirthName()); - if (basicConfig - .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, - true)) { + boolean setBirthName = basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, true); + if (setBirthName) { final AlternativeNameType alternativeName = new AlternativeNameType(); naturalPerson.setAlternativeName(alternativeName); alternativeName.setFamilyName(eidData.getBirthName()); log.trace("Adding 'BirthName' to ERnB request ... "); - } } return personInfo; - } - private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo) - throws SzrCommunicationException, EaafException { + private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo) throws EaafException { //request IdentityLink from SZR final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); final Element idlFromSzr = (Element) result.getAssertion(); - IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); // get bPK from SZR String bpk = null; - if (basicConfig - .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { - List<String> bpkList = szrClient - .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - basicConfig - .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")); + String targetId = pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(); + boolean debugUseSzrForBpk = basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true); + if (debugUseSzrForBpk) { + String no_vkz_defined = basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"); + List<String> bpkList = szrClient.getBpk(personInfo, targetId, no_vkz_defined); if (!bpkList.isEmpty()) { bpk = bpkList.get(0); - } - - } else { log.debug("Calculating bPK from baseId ... "); - new BpkBuilder(); - final Pair<String, String> bpkCalc = BpkBuilder - .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), - pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); + String idValue = identityLink.getIdentificationValue(); + String idType = identityLink.getIdentificationType(); + final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(idValue, idType, targetId); bpk = bpkCalc.getFirst(); - } return new SzrResultHolder(identityLink, bpk); - } private void checkStateAndWriteRevisionLog(SzrResultHolder idlResult) throws SzrCommunicationException { @@ -330,112 +322,121 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { if (idlResult.getIdentityLink() == null) { log.error("ERnB did not return an identity link."); throw new SzrCommunicationException("ernb.00", null); - } - revisionsLogger.logEvent(pendingReq, - MsConnectorEventCodes.SZR_IDL_RECEIVED, - idlResult.getIdentityLink().getSamlAssertion() - .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); + + String assertionId = idlResult.getIdentityLink().getSamlAssertion() + .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED, assertionId); if (idlResult.getBpK() == null) { log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); + .getAreaSpecificTargetIdentifier()); throw new SzrCommunicationException("ernb.01", null); - } + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED); log.debug("ERnB communication was successfull"); - } private String extendBpkByPrefix(String bpk, String type) { - String bpkType = null; - - if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { - bpkType = type.substring(EaafConstants.URN_PREFIX_WBPK.length()); - } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { - bpkType = type.substring(EaafConstants.URN_PREFIX_CDID.length()); - } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { - bpkType = type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); - } - + String bpkType = getBpkType(type); if (bpkType != null) { log.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + bpkType); return bpkType + ":" + bpk; - } else { log.warn("Service Provider Target with: " + type + " is NOT supported. Set bPK as it is ..."); return bpk; - } + } + @Nullable + private String getBpkType(String type) { + if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + return type.substring(EaafConstants.URN_PREFIX_WBPK.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { + return type.substring(EaafConstants.URN_PREFIX_CDID.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { + return type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); + } else { + return null; + } } private Map<String, Object> convertEidasAttrToSimpleMap( ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { final Map<String, Object> result = new HashMap<>(); - for (final AttributeDefinition<?> el : attributeMap.keySet()) { - final Class<?> parameterizedType = el.getParameterizedType(); if (DateTime.class.equals(parameterizedType)) { - final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); - if (attribute != null) { - result.put(el.getFriendlyName(), attribute); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString()); - - } else { - log.info("Ignore empty 'DateTime' attribute"); - } - + convertDateTime(attributeMap, result, el); } else if (PostalAddress.class.equals(parameterizedType)) { - final PostalAddress addressAttribute = EidasResponseUtils - .translateAddressAttribute(el, attributeMap.get(el).asList()); - if (addressAttribute != null) { - result.put(el.getFriendlyName(), addressAttribute); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString()); - - } else { - log.info("Ignore empty 'PostalAddress' attribute"); - } - + convertPostalAddress(attributeMap, result, el); } else { - final List<String> natPersonIdObj = EidasResponseUtils - .translateStringListAttribute(el, attributeMap.get(el)); - final String stringAttr = natPersonIdObj.get(0); - if (StringUtils.isNotEmpty(stringAttr)) { - result.put(el.getFriendlyName(), stringAttr); - log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); - - } else { - log.info("Ignore empty 'String' attribute"); - } - + convertString(attributeMap, result, el); } } log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); - return result; } + private void convertString(ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap, Map<String, Object> result, AttributeDefinition<?> el) { + final List<String> natPersonIdObj = EidasResponseUtils + .translateStringListAttribute(el, attributeMap.get(el)); + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); + } else { + log.info("Ignore empty 'String' attribute"); + } + } + + private void convertPostalAddress(ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap, Map<String, Object> result, AttributeDefinition<?> el) { + final PostalAddress addressAttribute = EidasResponseUtils + .translateAddressAttribute(el, attributeMap.get(el).asList()); + if (addressAttribute != null) { + result.put(el.getFriendlyName(), addressAttribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString()); + } else { + log.info("Ignore empty 'PostalAddress' attribute"); + } + } + + private void convertDateTime(ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap, Map<String, Object> result, AttributeDefinition<?> el) { + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); + if (attribute != null) { + result.put(el.getFriendlyName(), attribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString()); + } else { + log.info("Ignore empty 'DateTime' attribute"); + } + } + + @NotNull + private AuthProcessDataWrapper getAuthProcessDataWrapper() { + return pendingReq.getSessionData(AuthProcessDataWrapper.class); + } + + /** + * write MDS into technical log and revision log + */ private void writeMdsLogInformation(ErnpEidData eidData) { - // log MDS and country code into technical log - if (basicConfig - .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) { + boolean writeMdsInTechLog = basicConfig + .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false); + if (writeMdsInTechLog) { log.info("eIDAS Auth. for user: " + eidData.getGivenName() + " " + eidData.getFamilyName() + " " + eidData .getFormatedDateOfBirth() + " " + "from " + eidData.getCitizenCountryCode()); } - // log MDS and country code into revision log - if (basicConfig + boolean writeMdsInRevLog = basicConfig .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, - false)) { + false); + if (writeMdsInRevLog) { revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA, - "{" + eidData.getGivenName() + "," + eidData.getFamilyName() + "," + eidData - .getFormatedDateOfBirth() + "," + eidData.getCitizenCountryCode() + "}"); + "{" + eidData.getGivenName() + "," + eidData.getFamilyName() + "," + eidData + .getFormatedDateOfBirth() + "," + eidData.getCitizenCountryCode() + "}"); } - } @Data @@ -454,9 +455,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { * @param eidData Information from eIDAS response * @return IdentityLink and bPK * @throws ParserConfigurationException In case of an IDL processing error - * @throws SAXException In case of an IDL processing error - * @throws IOException In case of an IDL processing error - * @throws EaafException In case of a bPK generation error + * @throws SAXException In case of an IDL processing error + * @throws IOException In case of an IDL processing error + * @throws EaafException In case of a bPK generation error */ private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnpEidData eidData) throws ParserConfigurationException, SAXException, IOException, EaafException { @@ -495,11 +496,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink(); - final Pair<String, String> bpkCalc = BpkBuilder - .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), - pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); + String idValue = identityLink.getIdentificationValue(); + String idType = identityLink.getIdentificationType(); + String targetId = pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(); + final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(idValue, idType, targetId); return new SzrResultHolder(identityLink, bpkCalc.getFirst()); } |