aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java29
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java79
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java58
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java7
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java70
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java58
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java31
7 files changed, 161 insertions, 171 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index ee9b00f7..bfb82474 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -40,11 +40,6 @@ public class Constants {
public static final String DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE = "resp_fulleIDASResponseAlternative";
/**
- * Stored when one match from register was found.
- */
- public static final String DATA_RESULT_MATCHING_BPK = "matching_result_bpk";
-
- /**
* Stored before Step 2 from Matching Concept, input from user eIDAS authn.
*/
public static final String DATA_SIMPLE_EIDAS = "matching_simple_eidas_data";
@@ -67,7 +62,7 @@ public class Constants {
// configuration properties
public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS";
- public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX
+ public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX
+ ".eid.testidentity.default";
public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2";
public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode";
@@ -84,20 +79,20 @@ public class Constants {
CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural";
public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION =
CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation";
-
+
public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION =
CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm";
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX =
CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll";
-
+
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME =
- CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";
+ CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName";
public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER =
CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier";
-
- public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT =
+
+ public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT =
CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat";
-
+
public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE
+ ".staticProviderNameForPublicSPs";
public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "Austria";
@@ -279,14 +274,14 @@ public class Constants {
public static final String COUNTRY_CODE_DE = "DE";
public static final String COUNTRY_CODE_IT = "IT";
-
+
// UI options
public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed";
-
-
+
+
// ProcessEngine context
public static final String CONTEXT_FLAG_ADVANCED_MATCHING_FAILED = HTML_FORM_ADVANCED_MATCHING_FAILED;
-
+
/**
* {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask}.
*/
@@ -315,7 +310,7 @@ public class Constants {
*/
public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_GenerateAlternativeEidasAuthn";
-
+
/**
* Stores login selection from user.
*/
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java
index e0273d10..f021fae9 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java
@@ -62,7 +62,6 @@ import lombok.extern.slf4j.Slf4j;
* Output:
* <ul>
* <li>{@link Constants#DATA_PERSON_MATCH_RESULT} results after second search in registers with MDS</li>
- * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
* </ul>
* Transitions:
* <ul>
@@ -98,123 +97,123 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try {
- final SimpleEidasData altEidasData = convertEidasAttrToSimpleData();
+ final SimpleEidasData altEidasData = convertEidasAttrToSimpleData();
final SimpleEidasData initialEidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
- final RegisterStatusResults intermediateMatchingState =
+ final RegisterStatusResults intermediateMatchingState =
MatchingTaskUtils.getIntermediateMatchingResult(pendingReq);
-
+
//pre-validation of eIDAS data
preVerifyAlternativeEidasData(altEidasData, initialEidasData, intermediateMatchingState);
-
+
//perform register search operation based on alterantive eIDAS data
- step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData,
+ step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData,
intermediateMatchingState, initialEidasData);
-
+
} catch (WorkflowException e) {
throw new TaskExecutionException(pendingReq, "Initial search failed", e);
-
+
} catch (final Exception e) {
log.error("Initial search failed", e);
throw new TaskExecutionException(pendingReq, "Initial search failed with a generic error", e);
-
+
}
}
/**
* Pre-validation of eIDAS information.
- *
+ *
* <p>Check if country-code and MDS (givenName, familyName, dateOfBirth) matches.</p>
- *
+ *
* @param altEidasData eIDAS data from alternative authentication
* @param initialEidasData eIDAS data from initial authentication
* @param intermediateMatchingState Intermediate matching result
* @throws WorkflowException In case of a validation error
*/
- private void preVerifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData,
+ private void preVerifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData,
RegisterStatusResults intermediateMatchingState) throws WorkflowException {
if (initialEidasData == null) {
throw new WorkflowException("step11", "No initial eIDAS authn data", true);
-
+
}
-
+
if (intermediateMatchingState == null) {
throw new WorkflowException("step11", "No intermediate matching-state", true);
-
+
}
-
+
if (!Objects.equals(altEidasData.getCitizenCountryCode(), initialEidasData.getCitizenCountryCode())) {
throw new WorkflowException("step11", "Country Code of alternative eIDAS authn not matching", true);
-
+
}
-
+
if (!altEidasData.equalsMds(initialEidasData)) {
throw new WorkflowException("step11", "MDS of alternative eIDAS authn does not match initial authn", true);
-
+
}
}
private void step11RegisterSearchWithPersonIdentifier(
- ExecutionContext executionContext, SimpleEidasData altEidasData,
+ ExecutionContext executionContext, SimpleEidasData altEidasData,
RegisterStatusResults intermediateMatchingState, SimpleEidasData initialEidasData)
throws WorkflowException, EaafStorageException {
try {
log.trace("Starting step11RegisterSearchWithPersonIdentifier");
RegisterStatusResults altSearchResult = registerSearchService.searchWithPersonIdentifier(
intermediateMatchingState.getOperationStatus(), altEidasData);
-
+
int resultCount = altSearchResult.getResultCount();
if (resultCount == 0) {
- step12CountrySpecificSearch(executionContext, intermediateMatchingState, initialEidasData,
+ step12CountrySpecificSearch(executionContext, intermediateMatchingState, initialEidasData,
altSearchResult.getOperationStatus(), altEidasData);
-
+
} else if (resultCount == 1) {
log.debug("step11RegisterSearchWithPersonIdentifier find single result. Starting KITT operation ... ");
RegisterStatusResults matchtedResult = registerSearchService.step7bKittProcess(
intermediateMatchingState, initialEidasData, altSearchResult, altEidasData);
-
+
log.debug("KITT operation finished. Finalize matching process ... ");
foundMatchFinalizeTask(matchtedResult, altEidasData);
-
+
} else {
throw new WorkflowException("step11RegisterSearchWithPersonIdentifier",
"More than one entry with unique personal-identifier", true);
-
+
}
} catch (WorkflowException e) {
log.warn("Workflow error during matching step: {}. Reason: {}", e.getProcessStepName(), e.getErrorReason());
throw e;
-
+
}
}
private void step12CountrySpecificSearch(ExecutionContext executionContext,
- RegisterStatusResults intermediateMatchingState,
+ RegisterStatusResults intermediateMatchingState,
SimpleEidasData initialEidasData,
RegisterOperationStatus registerOperationStatus,
SimpleEidasData altEidasData)
throws EaafStorageException, WorkflowException {
- log.trace("Starting 'step12CountrySpecificSearch' ... ");
+ log.trace("Starting 'step12CountrySpecificSearch' ... ");
RegisterStatusResults ccAltSearchResult = registerSearchService.searchWithCountrySpecifics(
registerOperationStatus, altEidasData);
-
+
if (ccAltSearchResult.getResultCount() == 0) {
log.trace("'step12CountrySpecificSearch' ends with no result. Forward to GUI based matching step ... ");
log.debug("Forward to GUI based matching steps ... ");
executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
-
- } else if (ccAltSearchResult.getResultCount() == 1) {
- log.debug("'step12CountrySpecificSearch' find single result. Starting KITT operation ... ");
+
+ } else if (ccAltSearchResult.getResultCount() == 1) {
+ log.debug("'step12CountrySpecificSearch' find single result. Starting KITT operation ... ");
RegisterStatusResults matchtedResult = registerSearchService.step7bKittProcess(
intermediateMatchingState, initialEidasData, ccAltSearchResult, altEidasData);
-
- log.debug("KITT operation finished. Finalize matching process ... ");
+
+ log.debug("KITT operation finished. Finalize matching process ... ");
foundMatchFinalizeTask(matchtedResult, altEidasData);
-
+
} else {
throw new WorkflowException("step12CountrySpecificSearch",
"More than one entry with unique country-specific information", true);
-
- }
+
+ }
}
private void foundMatchFinalizeTask(RegisterStatusResults searchResult, SimpleEidasData eidasData)
@@ -222,10 +221,10 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
MatchedPersonResult result = MatchedPersonResult.generateFormMatchingResult(
searchResult.getResult(), eidasData.getCitizenCountryCode());
MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result);
-
+
//remove intermediate matching-state
MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, null);
-
+
}
@NotNull
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 35717ae0..c95c275e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -71,11 +71,11 @@ import lombok.extern.slf4j.Slf4j;
import szrservices.IdentityLinkType;
/**
- * Task that creates the IdentityLink for an eIDAS authenticated person.
+ * Task that creates the IdentityLink for an eIDAS authenticated person.
* Input:
* <ul>
* <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li>
- * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} the BPK of the matched entry in a register</li>
+ * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} the data of the matched entry in a register</li>
* </ul>
* Output:
* <ul>
@@ -116,47 +116,47 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
- try {
-
+ try {
+
/*TODO: needs more re-factoring if we finalize CreateNewErnpEntryTask and we know how add entries into ERnP
- * Maybe, we can fully replace eidData by matchedPersonData,
+ * Maybe, we can fully replace eidData by matchedPersonData,
* because matchedPersonData holds the result after a successful matching process.
- *
+ *
* Currently, we only add a work-around to operate without new ERnP implementation.
*/
- final SimpleEidasData eidData = MatchingTaskUtils.getInitialEidasData(pendingReq);
+ final SimpleEidasData eidData = MatchingTaskUtils.getInitialEidasData(pendingReq);
MatchedPersonResult matchedPersonData = MatchingTaskUtils.getFinalMatchingResult(pendingReq);
-
+
writeMdsLogInformation(eidData);
if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
buildDummyIdentityLink(eidData);
-
+
} else {
//request SZR based on IDL or E-ID mode
if (pendingReq.getServiceProviderConfiguration()
.isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) {
executeEidMode(eidData, matchedPersonData);
-
+
} else {
executeIdlMode(eidData, matchedPersonData);
-
- }
+
+ }
}
-
+
storeGenericInfoToSession(eidData);
requestStoreage.storePendingRequest(pendingReq);
-
+
} catch (final EidasAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
-
+
} catch (final EaafException e) {
throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
-
+
} catch (final Exception e) {
log.error("IdentityLink generation for foreign person FAILED.", e);
throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
-
+
}
}
@@ -191,18 +191,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
private void executeEidMode(SimpleEidasData eidData, MatchedPersonResult matchedPersonData)
throws JsonProcessingException, EaafException, JoseException {
- // get encrypted baseId
+ // get encrypted baseId
String vsz;
if (matchedPersonData != null) {
log.debug("Requesting encrypted baseId by already matched person information ... ");
vsz = szrClient.getEncryptedStammzahl(matchedPersonData);
-
+
} else {
log.debug("Requesting encrypted baseId by using eIDAS information directly ... ");
- vsz = szrClient.createNewErnpEntry(eidData);
-
+ vsz = szrClient.createNewErnpEntry(eidData);
+
}
-
+
//write revision-Log entry and extended infos personal-identifier mapping
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED);
writeExtendedRevisionLogEntry(eidData, eidData.getPersonalIdentifier());
@@ -221,7 +221,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
//inject personal-data into session
authProcessDataWrapper.setEidProcess(true);
-
+
}
private void buildDummyIdentityLink(SimpleEidasData eidData)
@@ -249,7 +249,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData,
+ private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData,
MatchedPersonResult matchedPersonData) throws EaafException {
//request IdentityLink from SZR
IdentityLinkType result;
@@ -257,14 +257,14 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
if (matchedPersonData != null) {
log.debug("Requesting encrypted baseId by already matched person information ... ");
result = szrClient.getIdentityLinkInRawMode(matchedPersonData);
-
+
} else {
log.debug("Requesting encrypted baseId by using eIDAS information directly ... ");
result = szrClient.getIdentityLinkInRawMode(eidData);
-
+
}
-
-
+
+
final Element idlFromSzr = (Element) result.getAssertion();
final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
@@ -336,7 +336,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
-
+
/**
* write MDS into technical log and revision log.
*/
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
index b9769bc4..6b0f336e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
@@ -65,7 +65,6 @@ import lombok.extern.slf4j.Slf4j;
* <li>{@link Constants#DATA_INTERMEDIATE_RESULT} results from first search in registers with
* PersonIdentifier</li>
* <li>{@link Constants#DATA_PERSON_MATCH_RESULT} results after second search in registers with MDS</li>
- * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
* </ul>
* Transitions:
* <ul>
@@ -122,14 +121,14 @@ public class InitialSearchTask extends AbstractAuthServletTask {
int resultCount = searchResult.getResultCount();
if (resultCount == 0) {
step6CountrySpecificSearch(executionContext, searchResult.getOperationStatus(), eidasData);
-
+
} else if (resultCount == 1) {
foundMatchFinalizeTask(searchResult, eidasData);
-
+
} else {
throw new WorkflowException("step2RegisterSearchWithPersonIdentifier",
"More than one entry with unique personal-identifier", true);
-
+
}
} catch (WorkflowException e) {
//TODO: what we do in case of a workflow error and manual matching are necessary??
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
index 83fdf771..53485b03 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
@@ -61,7 +61,7 @@ import lombok.extern.slf4j.Slf4j;
* </ul>
* Output:
* <ul>
- * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
+ * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} if one register result found</li>
* </ul>
* Transitions:
* <ul>
@@ -102,89 +102,89 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
log.trace("Starting ReceiveAustrianResidenceGuiResponseTask");
-
- UserInput input = parseHtmlInput(request);
+
+ UserInput input = parseHtmlInput(request);
if (!input.isFormerResidenceAvailable()) {
moveToNextTask(executionContext);
return;
-
+
}
-
+
//TODO: Here, we need an error handling an can not stop full process if form input was invalid
//TODO: check minimum form elements
- /*TODO: maybe we can switch to custom controller and use WebMVC form-binding feature.
+ /*TODO: maybe we can switch to custom controller and use WebMVC form-binding feature.
* Binding element can be add as attribute to this request
*/
if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) {
// HTML form should ensure that mandatory fields are set => this should never happen
- throw new TaskExecutionException(pendingReq, "Invalid user input",
+ throw new TaskExecutionException(pendingReq, "Invalid user input",
new InvalidUserInputException("module.eidasauth.matching.06"));
-
+
}
-
-
-
+
+
+
try {
SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
RegisterStatusResults initialSearchResult = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq);
-
- RegisterStatusResults residencyResult =
- registerSearchService.searchWithResidence(initialSearchResult.getOperationStatus(),
+
+ RegisterStatusResults residencyResult =
+ registerSearchService.searchWithResidence(initialSearchResult.getOperationStatus(),
eidasData, input.zipcode, input.city, input.street);
if (residencyResult.getResultCount() == 0) {
//TODO: her we should add a GUI step of result is zero to inform user an forward process by click
moveToNextTask(executionContext);
-
+
} else if (residencyResult.getResultCount() == 1) {
compareSearchResultWithInitialData(executionContext, residencyResult, eidasData);
-
+
} else {
- /*TODO: align with form generation task and to better error handling in case of more-than-one result.
+ /*TODO: align with form generation task and to better error handling in case of more-than-one result.
* Maybe the user has to provide more information.
*/
throw new TaskExecutionException(pendingReq,
"Manual Fix necessary", new ManualFixNecessaryException(eidasData));
-
+
}
-
+
} catch (EaafStorageException e) {
log.error("Search with residency data failed", e);
throw new TaskExecutionException(pendingReq, "Search with residency data failed", e);
-
+
}
}
- private void compareSearchResultWithInitialData(ExecutionContext executionContext,
+ private void compareSearchResultWithInitialData(ExecutionContext executionContext,
RegisterStatusResults residencyResult, SimpleEidasData eidasData)
throws TaskExecutionException, EaafStorageException {
- try {
+ try {
/*TODO: check 'equalsRegisterData' because this method maybe this method evaluate to an invalid result.
* See TODO in methods body
- */
+ */
if (eidasData.equalsRegisterData(residencyResult.getResult())) {
// update register information
registerSearchService.step7aKittProcess(residencyResult, eidasData);
-
+
// store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS
- MatchingTaskUtils.storeFinalMatchingResult(pendingReq,
+ MatchingTaskUtils.storeFinalMatchingResult(pendingReq,
MatchedPersonResult.generateFormMatchingResult(
residencyResult.getResult(), eidasData.getCitizenCountryCode()));
-
+
} else {
moveToNextTask(executionContext);
-
+
}
-
+
} catch (WorkflowException e) {
throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException(eidasData));
-
+
}
}
private void moveToNextTask(ExecutionContext executionContext) {
// Later on, this should transition to Step 20
executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true);
-
+
}
private @NotNull UserInput parseHtmlInput(HttpServletRequest request) {
@@ -195,20 +195,20 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet
String escaped = StringEscapeUtils.escapeHtml(request.getParameter(paramName));
if (PARAM_FORMER_RESIDENCE_AVAILABLE.equalsIgnoreCase(paramName)) {
result.setFormerResidenceAvailable(Boolean.parseBoolean(escaped));
-
+
} else if (PARAM_STREET.equalsIgnoreCase(paramName)) {
result.setStreet(escaped);
-
+
} else if (PARAM_CITY.equalsIgnoreCase(paramName)) {
result.setCity(escaped);
-
+
} else if (PARAM_ZIPCODE.equalsIgnoreCase(paramName)) {
result.setZipcode(escaped);
-
+
}
}
return result;
-
+
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index d43a175f..03cf5858 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -91,7 +91,7 @@ import lombok.extern.slf4j.Slf4j;
* </ul>
* Output:
* <ul>
- * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
+ * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} if one register result found</li>
* </ul>
* Transitions:
* <ul>
@@ -150,83 +150,83 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
if (processedMsg.getSecond()) {
// forward to next matching step in case of ID Autria authentication was stopped by user
- executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
+ executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
return;
-
+
}
// validate SAML2 response
validateEntityId(inboundMessage);
log.info("Receive a valid assertion from IDP " + inboundMessage.getEntityID());
-
+
// load already existing information from session
SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
RegisterStatusResults initialSearchResult = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq);
-
+
// extract user information from ID Austria authentication
AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor);
-
- // check if MDS from ID Austria authentication matchs to eIDAS authentication
+
+ // check if MDS from ID Austria authentication matchs to eIDAS authentication
if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
// user has cheated!?
- throw new InvalidUserInputException("module.eidasauth.matching.05");
-
+ throw new InvalidUserInputException("module.eidasauth.matching.05");
+
}
-
+
// search entry in initial search result from steps before and build new RegisterSearchResult
RegisterStatusResults registerResult = new RegisterStatusResults(initialSearchResult.getOperationStatus(),
extractEntriesByBpk(initialSearchResult.getResultsZmr().stream(), simpleMobileSignatureData.getBpk()),
extractEntriesByBpk(initialSearchResult.getResultsErnp().stream(), simpleMobileSignatureData.getBpk()));
-
+
if (registerResult.getResultCount() != 1) {
throw new WorkflowException("matchWithIDAustriaAuthentication",
"Suspect state detected. MDS matches to eIDAS authentication "
- + "but register search-result with MDS contains #" + registerResult.getResultCount()
- + " entry with bPK from ID Austria authentication", false);
-
+ + "but register search-result with MDS contains #" + registerResult.getResultCount()
+ + " entry with bPK from ID Austria authentication", false);
+
} else {
// perform kit operation
registerSearchService.step7aKittProcess(registerResult, eidasData);
-
- // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS
- MatchingTaskUtils.storeFinalMatchingResult(pendingReq,
- MatchedPersonResult.generateFormMatchingResult(registerResult.getResult(),
+
+ // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS
+ MatchingTaskUtils.storeFinalMatchingResult(pendingReq,
+ MatchedPersonResult.generateFormMatchingResult(registerResult.getResult(),
eidasData.getCitizenCountryCode()));
-
- }
-
+
+ }
+
} catch (final AuthnResponseValidationException e) {
throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e);
-
+
} catch (MessageDecodingException | SecurityException | SamlSigningException e) {
//final String samlRequest = request.getParameter("SAMLRequest");
//log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}",
// samlRequest, null, e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_00,
new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
-
+
} catch (IOException | MarshallingException | TransformerException e) {
log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
-
+
} catch (final CredentialsNotAvailableException e) {
log.debug("PVP response decryption FAILED. No credential found.", e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
-
+
} catch (final Exception e) {
// todo catch ManualFixNecessaryException in any other way?
log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
-
+
}
}
private List<RegisterResult> extractEntriesByBpk(Stream<RegisterResult> stream, String bpk) {
- return stream.filter(el -> bpk.equals(el.getBpk())).collect(Collectors.toList());
+ return stream.filter(el -> bpk.equals(el.getBpk())).collect(Collectors.toList());
}
@@ -354,7 +354,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
}
if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
builder.dateOfBirth(extractor.getSingleAttributeValue(attrName));
- }
+ }
if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq).setQaaLevel(
extractor.getSingleAttributeValue(attrName));
@@ -362,7 +362,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
}
MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq).setIssueInstant(extractor.getAssertionIssuingDate());
return builder.build();
-
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index c2c1a351..812e534c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -47,14 +47,11 @@ import lombok.extern.slf4j.Slf4j;
* <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li>
* <li>{@link Constants#DATA_INTERMEDIATE_RESULT} results from search in registers with personIdentifier</li>
* </ul>
- * Output:
- * <ul>
- * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li>
- * </ul>
* Transitions:
* <ul>
* <li>{@link GenerateMobilePhoneSignatureRequestTask} if selected by user</li>
* <li>{@link GenerateAustrianResidenceGuiTask} if selected by user</li>
+ * <li>{@link GenerateAuthnRequestTask} if selected by user</li>
* </ul>
*
* @author amarsalek
@@ -65,23 +62,23 @@ import lombok.extern.slf4j.Slf4j;
public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthServletTask {
@Override
- public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request,
+ public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request,
HttpServletResponse response) throws TaskExecutionException {
try {
SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request));
executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection);
executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED);
transitionToNextTask(executionContext, selection);
-
+
} catch (final IllegalArgumentException e) {
log.error("Parsing selected login method FAILED.", e);
throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.",
new InvalidUserInputException("module.eidasauth.matching.98"));
-
+
} catch (final Exception e) {
log.error("Parsing selected login method FAILED.", e);
throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e);
-
+
}
}
@@ -91,12 +88,12 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
String paramName = paramNames.nextElement();
if (Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER.equalsIgnoreCase(paramName)) {
return StringEscapeUtils.escapeHtml(request.getParameter(paramName));
-
+
}
}
-
+
throw new InvalidUserInputException("module.eidasauth.matching.98");
-
+
}
private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection)
@@ -105,22 +102,22 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe
case EIDAS_LOGIN:
executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true);
return;
-
+
case MOBILE_PHONE_SIGNATURE_LOGIN:
executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true);
return;
-
+
case NO_OTHER_LOGIN:
executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
return;
-
+
case ADD_ME_AS_NEW:
executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true);
- return;
-
+ return;
+
default:
throw new InvalidUserInputException("module.eidasauth.matching.98");
-
+
}
}