diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java) | 33 | ||||
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java | 64 | ||||
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java | 84 | ||||
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml | 2 |
4 files changed, 95 insertions, 88 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java index 5612d137..75374872 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/Utils.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java @@ -1,4 +1,4 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.utils; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; @@ -7,14 +7,25 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowExcept import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; + +@Slf4j +@Service("registerSearchService") +public class RegisterSearchService { + + private final IZmrClient zmrClient; + private final IErnpClient ernpClient; + + public RegisterSearchService(IZmrClient zmrClient, IErnpClient ernpClient) { + this.zmrClient = zmrClient; + this.ernpClient = ernpClient; + } -public class Utils { /** * Automatic process to fix the register entries. * - * @param ernpClient ErnP client - * @param zmrClient ZMR client * @param initialSearchResult Result of initial register search * @param specificDetailSearchResult Result of last register search * @param eidData Received eidas data @@ -22,10 +33,9 @@ public class Utils { * @return The bpk * @throws TaskExecutionException if an error occurs during the register update */ - public static String step7aKittProcess(IErnpClient ernpClient, IZmrClient zmrClient, - MergedRegisterSearchResult initialSearchResult, - MergedRegisterSearchResult specificDetailSearchResult, - SimpleEidasData eidData, IRequest pendingReq) throws TaskExecutionException { + public String step7aKittProcess(MergedRegisterSearchResult initialSearchResult, + MergedRegisterSearchResult specificDetailSearchResult, + SimpleEidasData eidData, IRequest pendingReq) throws TaskExecutionException { try { if (initialSearchResult.getResultCount() != 0) { throw new WorkflowException("initialSearchResult.getResultCount() != 0"); @@ -34,13 +44,12 @@ public class Utils { throw new WorkflowException("countrySpecificDetailSearchResult.getResultCount() != 1"); } if (specificDetailSearchResult.getResultsZmr().size() == 1) { - zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidData); + this.zmrClient.update(specificDetailSearchResult.getResultsZmr().get(0), eidData); } if (specificDetailSearchResult.getResultsErnp().size() == 1) { - ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidData); + this.ernpClient.update(specificDetailSearchResult.getResultsErnp().get(0), eidData); } - String bpK = specificDetailSearchResult.getBpk(); - return bpK; + return specificDetailSearchResult.getBpk(); } catch (WorkflowException e) { throw new TaskExecutionException(pendingReq, "Step7a failed.", e); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index c4d067f5..7f4526ad 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -31,12 +31,11 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttribute import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import com.google.common.collect.ImmutableMap; @@ -47,6 +46,7 @@ import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; import org.joda.time.DateTime; import org.springframework.stereotype.Component; @@ -72,16 +72,20 @@ public class InitialSearchTask extends AbstractAuthServletTask { private final List<CountrySpecificDetailSearchProcessor> handlers; private final IErnpClient ernpClient; private final IZmrClient zmrClient; + private final RegisterSearchService registerSearchService; /** * Constructor. - * - * @param handlers List of countrySpecificSearchProcessors + * @param handlers List of countrySpecificSearchProcessors + * @param registerSearchService * @param ernpClient Ernp client * @param zmrClient ZMR client */ - public InitialSearchTask(List<CountrySpecificDetailSearchProcessor> handlers, IErnpClient ernpClient, + public InitialSearchTask(List<CountrySpecificDetailSearchProcessor> handlers, + RegisterSearchService registerSearchService, + IErnpClient ernpClient, IZmrClient zmrClient) { + this.registerSearchService = registerSearchService; this.ernpClient = ernpClient; this.zmrClient = zmrClient; this.handlers = handlers; @@ -93,27 +97,22 @@ public class InitialSearchTask extends AbstractAuthServletTask { throws TaskExecutionException { try { final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final ILightResponse eidasResponse = authProcessData - .getGenericDataFromSession(DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - - final SimpleEidasData eidData = convertSimpleMapToSimpleData(convertEidasAttrToSimpleMap( - eidasResponse.getAttributes().getAttributeMap())); - - final String bpK = step2RegisterSearchWithPersonidentifier(executionContext, eidData, authProcessData); - authProcessData.setGenericDataToSession(DATA_RESULT_MATCHING_BPK, bpK); - authProcessData.setGenericDataToSession(DATA_SIMPLE_EIDAS, eidData); + final SimpleEidasData eidasData = convertEidasAttrToSimpleData(authProcessData); + final String bpk = step2RegisterSearchWithPersonIdentifier(executionContext, eidasData, authProcessData); + authProcessData.setGenericDataToSession(DATA_RESULT_MATCHING_BPK, bpk); + authProcessData.setGenericDataToSession(DATA_SIMPLE_EIDAS, eidasData); } catch (final Exception e) { log.error("Initial search FAILED.", e); throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); } } - private String step2RegisterSearchWithPersonidentifier( + private String step2RegisterSearchWithPersonIdentifier( ExecutionContext executionContext, SimpleEidasData eidData, AuthProcessDataWrapper authProcessData) throws TaskExecutionException { - log.trace("Starting step2RegisterSearchWithPersonidentifier"); + log.trace("Starting step2RegisterSearchWithPersonIdentifier"); String personIdentifier = eidData.getPseudonym(); - MergedRegisterSearchResult result = searchInZmrAndErnp(personIdentifier); + MergedRegisterSearchResult result = searchWithPersonIdentifier(personIdentifier); //store data in session try { authProcessData.setGenericDataToSession(DATA_INITIAL_REGISTER_RESULT, result); @@ -196,19 +195,13 @@ public class InitialSearchTask extends AbstractAuthServletTask { MergedRegisterSearchResult countrySpecificDetailSearchResult, SimpleEidasData eidData) throws TaskExecutionException { log.trace("Starting step7aKittProcess"); - return Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, countrySpecificDetailSearchResult, + return registerSearchService.step7aKittProcess(initialSearchResult, countrySpecificDetailSearchResult, eidData, pendingReq); } private String step8RegisterSearchWithMds(ExecutionContext executionContext, SimpleEidasData eidData) { log.trace("Starting step8RegisterSearchWithMds"); - List<RegisterResult> resultsZmr = - zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - - List<RegisterResult> resultsErnp = - ernpClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); - - MergedRegisterSearchResult mdsSearchResult = new MergedRegisterSearchResult(resultsZmr, resultsErnp); + MergedRegisterSearchResult mdsSearchResult = searchWithMds(eidData); if (mdsSearchResult.getResultCount() == 0) { executionContext.put(TRANSITION_TO_CREATE_NEW_ERNB_ENTRY_TASK, true); } else { @@ -219,12 +212,29 @@ public class InitialSearchTask extends AbstractAuthServletTask { return null; } - private MergedRegisterSearchResult searchInZmrAndErnp(String personIdentifier) { + @NotNull + private MergedRegisterSearchResult searchWithMds(SimpleEidasData eidData) { + List<RegisterResult> resultsZmr = + zmrClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + List<RegisterResult> resultsErnp = + ernpClient.searchWithMds(eidData.getGivenName(), eidData.getFamilyName(), eidData.getDateOfBirth()); + return new MergedRegisterSearchResult(resultsZmr, resultsErnp); + } + + private MergedRegisterSearchResult searchWithPersonIdentifier(String personIdentifier) { List<RegisterResult> resultsZmr = zmrClient.searchWithPersonIdentifier(personIdentifier); List<RegisterResult> resultsErnp = ernpClient.searchWithPersonIdentifier(personIdentifier); return new MergedRegisterSearchResult(resultsZmr, resultsErnp); } + @NotNull + private SimpleEidasData convertEidasAttrToSimpleData(AuthProcessDataWrapper authProcessData) + throws EidasAttributeException { + final ILightResponse eidasResponse = authProcessData + .getGenericDataFromSession(DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + return convertSimpleMapToSimpleData(convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap())); + } + private SimpleEidasData convertSimpleMapToSimpleData(Map<String, Object> eidasAttrMap) throws EidasAttributeException { SimpleEidasData result = new SimpleEidasData(); @@ -260,7 +270,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (attribute != null) { result.put(el.getFriendlyName(), attribute); log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), attribute.toString()); - } else { log.info("Ignore empty 'DateTime' attribute"); } @@ -269,7 +278,6 @@ public class InitialSearchTask extends AbstractAuthServletTask { if (addressAttribute != null) { result.put(el.getFriendlyName(), addressAttribute); log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), addressAttribute.toString()); - } else { log.info("Ignore empty 'PostalAddress' attribute"); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java index 44e13d78..74af7be4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java @@ -23,38 +23,18 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Set; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; - -import org.apache.commons.lang3.StringUtils; -import org.opensaml.core.xml.io.MarshallingException; -import org.opensaml.messaging.decoder.MessageDecodingException; -import org.opensaml.saml.saml2.core.Response; -import org.opensaml.saml.saml2.core.StatusCode; -import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthEventConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.Utils; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; @@ -78,9 +58,25 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.messaging.decoder.MessageDecodingException; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.core.StatusCode; +import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Set; /** - * Task that receives the SAML2 response from ID Austria system. + * Task that receives the SAML2 response from ID Austria system. * * @author tlenz */ @@ -91,6 +87,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends @Autowired private SamlVerificationEngine samlVerificationEngine; @Autowired + private RegisterSearchService registerSearchService; + @Autowired private IdAustriaClientAuthCredentialProvider credentialProvider; @Autowired(required = true) IdAustriaClientAuthMetadataProvider metadataProvider; @@ -112,15 +110,6 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends private static final String ERROR_MSG_03 = "PVP response validation FAILED."; - - private final IErnpClient ernpClient; - private final IZmrClient zmrClient; - - public ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask(IErnpClient ernpClient, IZmrClient zmrClient) { - this.ernpClient = ernpClient; - this.zmrClient = zmrClient; - } - @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -129,7 +118,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends InboundMessage msg = null; IDecoder decoder = null; EaafUriCompare comperator = null; - + // select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); @@ -188,20 +177,20 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); - - - + + + /* - * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem + * SAML2 response ist bereits vollständig validiert und die Attribute können aus dem * <AssertionAttributeExtractor extractor> ausgelesen werden. * Die AttributeNamen sind entsprechend PVP Spezifikation, z.B. PvpAttributeDefinitions.GIVEN_NAME_NAME - * + * * --------------------------------------------------------------------------------------------- - * + * * TODO: ab hier müssen wir wohl was anpassen - * + * */ - + //load additional search-data from pendingRequest final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); MergedRegisterSearchResult initialSearchResult = @@ -210,7 +199,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends SimpleEidasData eidData = authProcessData.getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class); - + SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData); if (!simpleMobileSignatureData.equalsSimpleEidasData(eidData)) { @@ -219,14 +208,13 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends } String bpkzp = simpleMobileSignatureData.getBpk(); - MergedRegisterSearchResult result = searchInZmrAndErnp(bpkzp); + MergedRegisterSearchResult result = searchWithBpkZp(bpkzp); if (result.getResultCount() == 0) { //go to step 16 executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; } else if (result.getResultCount() == 1) { - String bpk = - Utils.step7aKittProcess(ernpClient, zmrClient, initialSearchResult, result, eidData, pendingReq); + String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidData, pendingReq); authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk); //node 110 } else if (result.getResultCount() > 1) { @@ -295,7 +283,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends return Pair.newInstance(msg, false); } else { - log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.", + log.info("Receive StatusCode {} from 'ms-specific eIDAS node'.", samlResp.getStatus().getStatusCode().getValue()); StatusCode subStatusCode = getSubStatusCode(samlResp); if (subStatusCode != null @@ -328,7 +316,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends && StringUtils.isNotEmpty(samlResp.getStatus().getStatusCode().getStatusCode().getValue())) { return samlResp.getStatus().getStatusCode().getStatusCode(); } - + return null; } @@ -379,8 +367,8 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends return simpleMobileSignatureData; } - - private MergedRegisterSearchResult searchInZmrAndErnp(String bpkzp) { + + private MergedRegisterSearchResult searchWithBpkZp(String bpkzp) { List<RegisterResult> resultsZmr = zmrClient.searchWithBpkZp(bpkzp); List<RegisterResult> resultsErnp = ernpClient.searchWithBpkZp(bpkzp); return new MergedRegisterSearchResult(resultsZmr, resultsErnp); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 07553c22..82cf7e95 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -66,6 +66,8 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor"> </bean> + <bean id="registerSearchService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService" /> <!-- ID Austria client specific services --> <bean id="idAustriaClientAuthCredentialProvider" |