aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java4
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java412
2 files changed, 208 insertions, 208 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index 684451ed..dc6df967 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -260,8 +260,8 @@ public class SzrClient {
* @return bPK for this person
* @throws SzrCommunicationException In case of a SZR error
*/
- public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus,
- ErnpEidData eidData)throws SzrCommunicationException {
+ public String getEidasBind(final String vsz, final String bindingPubKey, final String eidStatus,
+ ErnpEidData eidData)throws SzrCommunicationException {
final Map<String, Object> eidsaBindMap = new HashMap<>();
eidsaBindMap.put(ATTR_NAME_VSZ, vsz);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index d6fdd350..ab9c49da 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -23,27 +23,6 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
-
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
-
import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
@@ -63,29 +42,54 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.AttributeValue;
import eu.eidas.auth.commons.light.ILightResponse;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
+import org.joda.time.DateTime;
+import org.jose4j.lang.JoseException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
import szrservices.IdentityLinkType;
import szrservices.PersonInfoType;
import szrservices.TravelDocumentType;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
/**
* Task that creates the IdentityLink for an eIDAS authenticated person.
*
* @author tlenz
- *
+ * <p>
* TODO Take Constants#DATA_SIMPLE_EIDAS and Constants#DATA_RESULT_MATCHING_BPK
* TODO Only do VSZ Erstellung and eidasBind -- this is always the end of the whole process
* TODO Move Eintragung to separate Task, as it does not happen every time
@@ -94,13 +98,13 @@ import szrservices.TravelDocumentType;
@Component("CreateIdentityLinkTask")
public class CreateIdentityLinkTask extends AbstractAuthServletTask {
+ @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
@Autowired
private IConfiguration basicConfig;
@Autowired
private SzrClient szrClient;
@Autowired
private ICcSpecificEidProcessingService eidPostProcessor;
-
@Autowired
private AuthBlockSigningService authBlockSigner;
@@ -118,117 +122,115 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try {
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- final ILightResponse eidasResponse = authProcessData
+ final ILightResponse eidasResponse = getAuthProcessDataWrapper()
.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
-
- final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(
+ final Map<String, Object> eidasAttributes = convertEidasAttrToSimpleMap(
eidasResponse.getAttributes().getAttributeMap());
-
- // post-process eIDAS attributes
- final ErnpEidData eidData = eidPostProcessor.postProcess(simpleAttrMap);
-
- // write MDS into technical log and revision log
+ final ErnpEidData eidData = eidPostProcessor.postProcess(eidasAttributes);
writeMdsLogInformation(eidData);
- //build IdentityLink or VSZ and eidasBind
if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
- SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData);
- //inject personal-data into session
- authProcessData.setIdentityLink(idlResult.getIdentityLink());
-
- // set bPK and bPKType into auth session
- authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
- idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
- authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
- pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
-
+ buildDummyIdentityLink(eidData);
} else {
//build SZR request from eIDAS data
final PersonInfoType personInfo = generateSzrRequest(eidData);
-
//request SZR based on IDL or E-ID mode
if (pendingReq.getServiceProviderConfiguration()
.isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) {
-
- // get encrypted baseId
- String vsz = szrClient.getEncryptedStammzahl(personInfo);
-
- //write revision-Log entry and extended infos personal-identifier mapping
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED);
- writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
-
-
- // get eIDAS bind
- String signedEidasBind = szrClient.getEidsaBind(vsz,
- authBlockSigner.getBase64EncodedPublicKey(),
- EID_STATUS, eidData);
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED);
- authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
-
- //get signed AuthBlock
- String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq);
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED);
- authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
-
- //inject personal-data into session
- authProcessData.setEidProcess(true);
-
+ executeEidMode(eidasAttributes, eidData, personInfo);
} else {
- //request SZR
- SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo);
+ executeIdlMode(eidasAttributes, eidData, personInfo);
+ }
+ }
+ storeGenericInfoToSession(eidasResponse, eidasAttributes);
+ requestStoreage.storePendingRequest(pendingReq);
+ } catch (final EidasAttributeException e) {
+ throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
+ } catch (final EaafException e) {
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+ } catch (final Exception e) {
+ log.error("IdentityLink generation for foreign person FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+ }
+ }
- //write revision-Log entry for personal-identifier mapping
- writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
+ private void storeGenericInfoToSession(ILightResponse eidasResponse, Map<String, Object> eidasAttributes) throws EaafStorageException {
+ AuthProcessDataWrapper authProcessData = getAuthProcessDataWrapper();
+ authProcessData.setForeigner(true);
+ Triple<String, String, String> eidasPersonalIdentifier = EidasResponseUtils
+ .parseEidasPersonalIdentifier((String) eidasAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+ Objects.requireNonNull(eidasPersonalIdentifier).getFirst());
+ authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
+ }
- //check result-data and write revision-log based on current state
- checkStateAndWriteRevisionLog(idlResult);
+ private void executeIdlMode(Map<String, Object> simpleAttrMap, ErnpEidData eidData, PersonInfoType personInfo) throws EaafException {
+ //request SZR
+ SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo);
- //inject personal-data into session
- authProcessData.setIdentityLink(idlResult.getIdentityLink());
- authProcessData.setEidProcess(false);
+ //write revision-Log entry for personal-identifier mapping
+ writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
- // set bPK and bPKType into auth session
- authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
- idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
- authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
- pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
+ //check result-data and write revision-log based on current state
+ checkStateAndWriteRevisionLog(idlResult);
- }
- }
+ //inject personal-data into session
+ AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper();
+ authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink());
+ authProcessDataWrapper.setEidProcess(false);
- //add generic info's into session
- authProcessData.setForeigner(true);
- authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
- .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
- .getFirst());
- authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
+ // set bPK and bPKType into auth session
+ authProcessDataWrapper.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
+ idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+ authProcessDataWrapper.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
+ }
- // store pending-request
- requestStoreage.storePendingRequest(pendingReq);
+ private void executeEidMode(Map<String, Object> simpleAttrMap, ErnpEidData eidData, PersonInfoType personInfo) throws JsonProcessingException, EaafException, JoseException {
+ // get encrypted baseId
+ String vsz = szrClient.getEncryptedStammzahl(personInfo);
+ //write revision-Log entry and extended infos personal-identifier mapping
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED);
+ writeExtendedRevisionLogEntry(simpleAttrMap, eidData);
- } catch (final EidasAttributeException e) {
- throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
+ // get eIDAS bind
+ String signedEidasBind = szrClient
+ .getEidasBind(vsz, authBlockSigner.getBase64EncodedPublicKey(), EID_STATUS, eidData);
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED);
+ AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper();
+ authProcessDataWrapper.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
- } catch (final EaafException e) {
- throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+ //get signed AuthBlock
+ String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq);
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.TECH_AUCHBLOCK_CREATED);
+ authProcessDataWrapper.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
- } catch (final Exception e) {
- log.error("IdentityLink generation for foreign person FAILED.", e);
- throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+ //inject personal-data into session
+ authProcessDataWrapper.setEidProcess(true);
+ }
- }
+ private void buildDummyIdentityLink(ErnpEidData eidData) throws ParserConfigurationException, SAXException, IOException, EaafException {
+ AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper();
+ SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData);
+ //inject personal-data into session
+ authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink());
+
+ // set bPK and bPKType into auth session
+ authProcessDataWrapper.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
+ idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+ authProcessDataWrapper.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
}
private void writeExtendedRevisionLogEntry(Map<String, Object> simpleAttrMap, ErnpEidData eidData) {
- // write ERnB input-data into revision-log
+ // write ERnP input-data into revision-log
if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
- (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+ (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
}
@@ -253,76 +255,66 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
eDocument.setDocumentNumber(eidData.getPseudonym());
// eID document information
- eDocument.setDocumentType(basicConfig
- .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
- Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
+ String documentType = basicConfig
+ .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
+ Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE);
+ eDocument.setDocumentType(documentType);
// set PlaceOfBirth if available
if (eidData.getPlaceOfBirth() != null) {
log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth());
- if (basicConfig
- .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE,
- true)) {
+ boolean setPlaceOfBirth = basicConfig
+ .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, true);
+ if (setPlaceOfBirth) {
naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth());
log.trace("Adding 'PlaceOfBirth' to ERnB request ... ");
-
}
}
// set BirthName if available
if (eidData.getBirthName() != null) {
log.trace("Find 'BirthName' attribute: " + eidData.getBirthName());
- if (basicConfig
- .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE,
- true)) {
+ boolean setBirthName = basicConfig
+ .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, true);
+ if (setBirthName) {
final AlternativeNameType alternativeName = new AlternativeNameType();
naturalPerson.setAlternativeName(alternativeName);
alternativeName.setFamilyName(eidData.getBirthName());
log.trace("Adding 'BirthName' to ERnB request ... ");
-
}
}
return personInfo;
-
}
- private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo)
- throws SzrCommunicationException, EaafException {
+ private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo) throws EaafException {
//request IdentityLink from SZR
final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
final Element idlFromSzr = (Element) result.getAssertion();
- IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
+ final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
// get bPK from SZR
String bpk = null;
- if (basicConfig
- .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
- List<String> bpkList = szrClient
- .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
- basicConfig
- .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"));
+ String targetId = pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier();
+ boolean debugUseSzrForBpk = basicConfig
+ .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true);
+ if (debugUseSzrForBpk) {
+ String no_vkz_defined = basicConfig
+ .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined");
+ List<String> bpkList = szrClient.getBpk(personInfo, targetId, no_vkz_defined);
if (!bpkList.isEmpty()) {
bpk = bpkList.get(0);
-
}
-
-
} else {
log.debug("Calculating bPK from baseId ... ");
- new BpkBuilder();
- final Pair<String, String> bpkCalc = BpkBuilder
- .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
- identityLink.getIdentificationType(),
- pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
+ String idValue = identityLink.getIdentificationValue();
+ String idType = identityLink.getIdentificationType();
+ final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(idValue, idType, targetId);
bpk = bpkCalc.getFirst();
-
}
return new SzrResultHolder(identityLink, bpk);
-
}
private void checkStateAndWriteRevisionLog(SzrResultHolder idlResult) throws SzrCommunicationException {
@@ -330,112 +322,121 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
if (idlResult.getIdentityLink() == null) {
log.error("ERnB did not return an identity link.");
throw new SzrCommunicationException("ernb.00", null);
-
}
- revisionsLogger.logEvent(pendingReq,
- MsConnectorEventCodes.SZR_IDL_RECEIVED,
- idlResult.getIdentityLink().getSamlAssertion()
- .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
+
+ String assertionId = idlResult.getIdentityLink().getSamlAssertion()
+ .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID);
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED, assertionId);
if (idlResult.getBpK() == null) {
log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
+ .getAreaSpecificTargetIdentifier());
throw new SzrCommunicationException("ernb.01", null);
-
}
+
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
log.debug("ERnB communication was successfull");
-
}
private String extendBpkByPrefix(String bpk, String type) {
- String bpkType = null;
-
- if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
- bpkType = type.substring(EaafConstants.URN_PREFIX_WBPK.length());
- } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) {
- bpkType = type.substring(EaafConstants.URN_PREFIX_CDID.length());
- } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {
- bpkType = type.substring(EaafConstants.URN_PREFIX_EIDAS.length());
- }
-
+ String bpkType = getBpkType(type);
if (bpkType != null) {
log.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + bpkType);
return bpkType + ":" + bpk;
-
} else {
log.warn("Service Provider Target with: " + type + " is NOT supported. Set bPK as it is ...");
return bpk;
-
}
+ }
+ @Nullable
+ private String getBpkType(String type) {
+ if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
+ return type.substring(EaafConstants.URN_PREFIX_WBPK.length());
+ } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) {
+ return type.substring(EaafConstants.URN_PREFIX_CDID.length());
+ } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {
+ return type.substring(EaafConstants.URN_PREFIX_EIDAS.length());
+ } else {
+ return null;
+ }
}
private Map<String, Object> convertEidasAttrToSimpleMap(
ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) {
final Map<String, Object> result = new HashMap<>();
-
for (final AttributeDefinition<?> el : attributeMap.keySet()) {
-
final Class<?> parameterizedType = el.getParameterizedType();
if (DateTime.class.equals(parameterizedType)) {
- final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList());
- if (attribute != null) {
- result.put(el.getFriendlyName(), attribute);
- log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString());
-
- } else {
- log.info("Ignore empty 'DateTime' attribute");
- }
-
+ convertDateTime(attributeMap, result, el);
} else if (PostalAddress.class.equals(parameterizedType)) {
- final PostalAddress addressAttribute = EidasResponseUtils
- .translateAddressAttribute(el, attributeMap.get(el).asList());
- if (addressAttribute != null) {
- result.put(el.getFriendlyName(), addressAttribute);
- log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString());
-
- } else {
- log.info("Ignore empty 'PostalAddress' attribute");
- }
-
+ convertPostalAddress(attributeMap, result, el);
} else {
- final List<String> natPersonIdObj = EidasResponseUtils
- .translateStringListAttribute(el, attributeMap.get(el));
- final String stringAttr = natPersonIdObj.get(0);
- if (StringUtils.isNotEmpty(stringAttr)) {
- result.put(el.getFriendlyName(), stringAttr);
- log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr);
-
- } else {
- log.info("Ignore empty 'String' attribute");
- }
-
+ convertString(attributeMap, result, el);
}
}
log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString());
-
return result;
}
+ private void convertString(ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap, Map<String, Object> result, AttributeDefinition<?> el) {
+ final List<String> natPersonIdObj = EidasResponseUtils
+ .translateStringListAttribute(el, attributeMap.get(el));
+ final String stringAttr = natPersonIdObj.get(0);
+ if (StringUtils.isNotEmpty(stringAttr)) {
+ result.put(el.getFriendlyName(), stringAttr);
+ log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr);
+ } else {
+ log.info("Ignore empty 'String' attribute");
+ }
+ }
+
+ private void convertPostalAddress(ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap, Map<String, Object> result, AttributeDefinition<?> el) {
+ final PostalAddress addressAttribute = EidasResponseUtils
+ .translateAddressAttribute(el, attributeMap.get(el).asList());
+ if (addressAttribute != null) {
+ result.put(el.getFriendlyName(), addressAttribute);
+ log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString());
+ } else {
+ log.info("Ignore empty 'PostalAddress' attribute");
+ }
+ }
+
+ private void convertDateTime(ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap, Map<String, Object> result, AttributeDefinition<?> el) {
+ final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList());
+ if (attribute != null) {
+ result.put(el.getFriendlyName(), attribute);
+ log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString());
+ } else {
+ log.info("Ignore empty 'DateTime' attribute");
+ }
+ }
+
+ @NotNull
+ private AuthProcessDataWrapper getAuthProcessDataWrapper() {
+ return pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ }
+
+ /**
+ * write MDS into technical log and revision log
+ */
private void writeMdsLogInformation(ErnpEidData eidData) {
- // log MDS and country code into technical log
- if (basicConfig
- .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) {
+ boolean writeMdsInTechLog = basicConfig
+ .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false);
+ if (writeMdsInTechLog) {
log.info("eIDAS Auth. for user: " + eidData.getGivenName() + " " + eidData.getFamilyName() + " " + eidData
.getFormatedDateOfBirth() + " " + "from " + eidData.getCitizenCountryCode());
}
- // log MDS and country code into revision log
- if (basicConfig
+ boolean writeMdsInRevLog = basicConfig
.getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG,
- false)) {
+ false);
+ if (writeMdsInRevLog) {
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA,
- "{" + eidData.getGivenName() + "," + eidData.getFamilyName() + "," + eidData
- .getFormatedDateOfBirth() + "," + eidData.getCitizenCountryCode() + "}");
+ "{" + eidData.getGivenName() + "," + eidData.getFamilyName() + "," + eidData
+ .getFormatedDateOfBirth() + "," + eidData.getCitizenCountryCode() + "}");
}
-
}
@Data
@@ -454,9 +455,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
* @param eidData Information from eIDAS response
* @return IdentityLink and bPK
* @throws ParserConfigurationException In case of an IDL processing error
- * @throws SAXException In case of an IDL processing error
- * @throws IOException In case of an IDL processing error
- * @throws EaafException In case of a bPK generation error
+ * @throws SAXException In case of an IDL processing error
+ * @throws IOException In case of an IDL processing error
+ * @throws EaafException In case of a bPK generation error
*/
private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnpEidData eidData)
throws ParserConfigurationException, SAXException, IOException, EaafException {
@@ -495,11 +496,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink();
- final Pair<String, String> bpkCalc = BpkBuilder
- .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
- identityLink.getIdentificationType(),
- pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
+ String idValue = identityLink.getIdentificationValue();
+ String idType = identityLink.getIdentificationType();
+ String targetId = pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier();
+ final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(idValue, idType, targetId);
return new SzrResultHolder(identityLink, bpkCalc.getFirst());
}