diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
7 files changed, 161 insertions, 171 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index ee9b00f7..bfb82474 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -40,11 +40,6 @@ public class Constants { public static final String DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE = "resp_fulleIDASResponseAlternative"; /** - * Stored when one match from register was found. - */ - public static final String DATA_RESULT_MATCHING_BPK = "matching_result_bpk"; - - /** * Stored before Step 2 from Matching Concept, input from user eIDAS authn. */ public static final String DATA_SIMPLE_EIDAS = "matching_simple_eidas_data"; @@ -67,7 +62,7 @@ public class Constants { // configuration properties public static final String CONIG_PROPS_EIDAS_PREFIX = "auth.eIDAS"; - public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX + public static final String CONIG_PROPS_EIDAS_IS_TEST_IDENTITY = CONIG_PROPS_EIDAS_PREFIX + ".eid.testidentity.default"; public static final String CONIG_PROPS_EIDAS_NODE = CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; @@ -84,20 +79,20 @@ public class Constants { CONIG_PROPS_EIDAS_NODE + ".attributes.requested.{0}.onlynatural"; public static final String CONIG_PROPS_EIDAS_NODE_ATTRIBUTES_REQUESTED_REPRESENTATION = CONIG_PROPS_EIDAS_NODE + ".attributes.requested.representation"; - + public static final String CONIG_PROPS_EIDAS_NODE_REQUESTERID_USE_HASHED_VERSION = CONIG_PROPS_EIDAS_NODE + ".requesterId.useHashedForm"; public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USE_STATIC_REQUESTERID_FOR_LUX = CONIG_PROPS_EIDAS_NODE + ".requesterId.lu.useStaticRequesterForAll"; - + public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_ADD_ALWAYS_PROVIDERNAME = - CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName"; + CONIG_PROPS_EIDAS_NODE + ".workarounds.addAlwaysProviderName"; public static final String CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER = CONIG_PROPS_EIDAS_NODE + ".workarounds.useRequestIdAsTransactionIdentifier"; - - public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT = + + public static final String CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT = CONIG_PROPS_EIDAS_NODE + ".requested.nameIdFormat"; - + public static final String CONIG_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = CONIG_PROPS_EIDAS_NODE + ".staticProviderNameForPublicSPs"; public static final String DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP = "Austria"; @@ -279,14 +274,14 @@ public class Constants { public static final String COUNTRY_CODE_DE = "DE"; public static final String COUNTRY_CODE_IT = "IT"; - + // UI options public static final String HTML_FORM_ADVANCED_MATCHING_FAILED = "advancedMatchingFailed"; - - + + // ProcessEngine context public static final String CONTEXT_FLAG_ADVANCED_MATCHING_FAILED = HTML_FORM_ADVANCED_MATCHING_FAILED; - + /** * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask}. */ @@ -315,7 +310,7 @@ public class Constants { */ public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_GenerateAlternativeEidasAuthn"; - + /** * Stores login selection from user. */ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java index e0273d10..f021fae9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java @@ -62,7 +62,6 @@ import lombok.extern.slf4j.Slf4j; * Output: * <ul> * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} results after second search in registers with MDS</li> - * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> * </ul> * Transitions: * <ul> @@ -98,123 +97,123 @@ public class AlternativeSearchTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - final SimpleEidasData altEidasData = convertEidasAttrToSimpleData(); + final SimpleEidasData altEidasData = convertEidasAttrToSimpleData(); final SimpleEidasData initialEidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); - final RegisterStatusResults intermediateMatchingState = + final RegisterStatusResults intermediateMatchingState = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq); - + //pre-validation of eIDAS data preVerifyAlternativeEidasData(altEidasData, initialEidasData, intermediateMatchingState); - + //perform register search operation based on alterantive eIDAS data - step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData, + step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData, intermediateMatchingState, initialEidasData); - + } catch (WorkflowException e) { throw new TaskExecutionException(pendingReq, "Initial search failed", e); - + } catch (final Exception e) { log.error("Initial search failed", e); throw new TaskExecutionException(pendingReq, "Initial search failed with a generic error", e); - + } } /** * Pre-validation of eIDAS information. - * + * * <p>Check if country-code and MDS (givenName, familyName, dateOfBirth) matches.</p> - * + * * @param altEidasData eIDAS data from alternative authentication * @param initialEidasData eIDAS data from initial authentication * @param intermediateMatchingState Intermediate matching result * @throws WorkflowException In case of a validation error */ - private void preVerifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData, + private void preVerifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData, RegisterStatusResults intermediateMatchingState) throws WorkflowException { if (initialEidasData == null) { throw new WorkflowException("step11", "No initial eIDAS authn data", true); - + } - + if (intermediateMatchingState == null) { throw new WorkflowException("step11", "No intermediate matching-state", true); - + } - + if (!Objects.equals(altEidasData.getCitizenCountryCode(), initialEidasData.getCitizenCountryCode())) { throw new WorkflowException("step11", "Country Code of alternative eIDAS authn not matching", true); - + } - + if (!altEidasData.equalsMds(initialEidasData)) { throw new WorkflowException("step11", "MDS of alternative eIDAS authn does not match initial authn", true); - + } } private void step11RegisterSearchWithPersonIdentifier( - ExecutionContext executionContext, SimpleEidasData altEidasData, + ExecutionContext executionContext, SimpleEidasData altEidasData, RegisterStatusResults intermediateMatchingState, SimpleEidasData initialEidasData) throws WorkflowException, EaafStorageException { try { log.trace("Starting step11RegisterSearchWithPersonIdentifier"); RegisterStatusResults altSearchResult = registerSearchService.searchWithPersonIdentifier( intermediateMatchingState.getOperationStatus(), altEidasData); - + int resultCount = altSearchResult.getResultCount(); if (resultCount == 0) { - step12CountrySpecificSearch(executionContext, intermediateMatchingState, initialEidasData, + step12CountrySpecificSearch(executionContext, intermediateMatchingState, initialEidasData, altSearchResult.getOperationStatus(), altEidasData); - + } else if (resultCount == 1) { log.debug("step11RegisterSearchWithPersonIdentifier find single result. Starting KITT operation ... "); RegisterStatusResults matchtedResult = registerSearchService.step7bKittProcess( intermediateMatchingState, initialEidasData, altSearchResult, altEidasData); - + log.debug("KITT operation finished. Finalize matching process ... "); foundMatchFinalizeTask(matchtedResult, altEidasData); - + } else { throw new WorkflowException("step11RegisterSearchWithPersonIdentifier", "More than one entry with unique personal-identifier", true); - + } } catch (WorkflowException e) { log.warn("Workflow error during matching step: {}. Reason: {}", e.getProcessStepName(), e.getErrorReason()); throw e; - + } } private void step12CountrySpecificSearch(ExecutionContext executionContext, - RegisterStatusResults intermediateMatchingState, + RegisterStatusResults intermediateMatchingState, SimpleEidasData initialEidasData, RegisterOperationStatus registerOperationStatus, SimpleEidasData altEidasData) throws EaafStorageException, WorkflowException { - log.trace("Starting 'step12CountrySpecificSearch' ... "); + log.trace("Starting 'step12CountrySpecificSearch' ... "); RegisterStatusResults ccAltSearchResult = registerSearchService.searchWithCountrySpecifics( registerOperationStatus, altEidasData); - + if (ccAltSearchResult.getResultCount() == 0) { log.trace("'step12CountrySpecificSearch' ends with no result. Forward to GUI based matching step ... "); log.debug("Forward to GUI based matching steps ... "); executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); - - } else if (ccAltSearchResult.getResultCount() == 1) { - log.debug("'step12CountrySpecificSearch' find single result. Starting KITT operation ... "); + + } else if (ccAltSearchResult.getResultCount() == 1) { + log.debug("'step12CountrySpecificSearch' find single result. Starting KITT operation ... "); RegisterStatusResults matchtedResult = registerSearchService.step7bKittProcess( intermediateMatchingState, initialEidasData, ccAltSearchResult, altEidasData); - - log.debug("KITT operation finished. Finalize matching process ... "); + + log.debug("KITT operation finished. Finalize matching process ... "); foundMatchFinalizeTask(matchtedResult, altEidasData); - + } else { throw new WorkflowException("step12CountrySpecificSearch", "More than one entry with unique country-specific information", true); - - } + + } } private void foundMatchFinalizeTask(RegisterStatusResults searchResult, SimpleEidasData eidasData) @@ -222,10 +221,10 @@ public class AlternativeSearchTask extends AbstractAuthServletTask { MatchedPersonResult result = MatchedPersonResult.generateFormMatchingResult( searchResult.getResult(), eidasData.getCitizenCountryCode()); MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result); - + //remove intermediate matching-state MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, null); - + } @NotNull diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 35717ae0..c95c275e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -71,11 +71,11 @@ import lombok.extern.slf4j.Slf4j; import szrservices.IdentityLinkType; /** - * Task that creates the IdentityLink for an eIDAS authenticated person. + * Task that creates the IdentityLink for an eIDAS authenticated person. * Input: * <ul> * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li> - * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} the BPK of the matched entry in a register</li> + * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} the data of the matched entry in a register</li> * </ul> * Output: * <ul> @@ -116,47 +116,47 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try { - + try { + /*TODO: needs more re-factoring if we finalize CreateNewErnpEntryTask and we know how add entries into ERnP - * Maybe, we can fully replace eidData by matchedPersonData, + * Maybe, we can fully replace eidData by matchedPersonData, * because matchedPersonData holds the result after a successful matching process. - * + * * Currently, we only add a work-around to operate without new ERnP implementation. */ - final SimpleEidasData eidData = MatchingTaskUtils.getInitialEidasData(pendingReq); + final SimpleEidasData eidData = MatchingTaskUtils.getInitialEidasData(pendingReq); MatchedPersonResult matchedPersonData = MatchingTaskUtils.getFinalMatchingResult(pendingReq); - + writeMdsLogInformation(eidData); if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { buildDummyIdentityLink(eidData); - + } else { //request SZR based on IDL or E-ID mode if (pendingReq.getServiceProviderConfiguration() .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) { executeEidMode(eidData, matchedPersonData); - + } else { executeIdlMode(eidData, matchedPersonData); - - } + + } } - + storeGenericInfoToSession(eidData); requestStoreage.storePendingRequest(pendingReq); - + } catch (final EidasAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); - + } catch (final EaafException e) { throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); - + } catch (final Exception e) { log.error("IdentityLink generation for foreign person FAILED.", e); throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); - + } } @@ -191,18 +191,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { private void executeEidMode(SimpleEidasData eidData, MatchedPersonResult matchedPersonData) throws JsonProcessingException, EaafException, JoseException { - // get encrypted baseId + // get encrypted baseId String vsz; if (matchedPersonData != null) { log.debug("Requesting encrypted baseId by already matched person information ... "); vsz = szrClient.getEncryptedStammzahl(matchedPersonData); - + } else { log.debug("Requesting encrypted baseId by using eIDAS information directly ... "); - vsz = szrClient.createNewErnpEntry(eidData); - + vsz = szrClient.createNewErnpEntry(eidData); + } - + //write revision-Log entry and extended infos personal-identifier mapping revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED); writeExtendedRevisionLogEntry(eidData, eidData.getPersonalIdentifier()); @@ -221,7 +221,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //inject personal-data into session authProcessDataWrapper.setEidProcess(true); - + } private void buildDummyIdentityLink(SimpleEidasData eidData) @@ -249,7 +249,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData, + private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData, MatchedPersonResult matchedPersonData) throws EaafException { //request IdentityLink from SZR IdentityLinkType result; @@ -257,14 +257,14 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { if (matchedPersonData != null) { log.debug("Requesting encrypted baseId by already matched person information ... "); result = szrClient.getIdentityLinkInRawMode(matchedPersonData); - + } else { log.debug("Requesting encrypted baseId by using eIDAS information directly ... "); result = szrClient.getIdentityLinkInRawMode(eidData); - + } - - + + final Element idlFromSzr = (Element) result.getAssertion(); final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); @@ -336,7 +336,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - + /** * write MDS into technical log and revision log. */ diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java index b9769bc4..6b0f336e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -65,7 +65,6 @@ import lombok.extern.slf4j.Slf4j; * <li>{@link Constants#DATA_INTERMEDIATE_RESULT} results from first search in registers with * PersonIdentifier</li> * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} results after second search in registers with MDS</li> - * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> * </ul> * Transitions: * <ul> @@ -122,14 +121,14 @@ public class InitialSearchTask extends AbstractAuthServletTask { int resultCount = searchResult.getResultCount(); if (resultCount == 0) { step6CountrySpecificSearch(executionContext, searchResult.getOperationStatus(), eidasData); - + } else if (resultCount == 1) { foundMatchFinalizeTask(searchResult, eidasData); - + } else { throw new WorkflowException("step2RegisterSearchWithPersonIdentifier", "More than one entry with unique personal-identifier", true); - + } } catch (WorkflowException e) { //TODO: what we do in case of a workflow error and manual matching are necessary?? diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java index 83fdf771..53485b03 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java @@ -61,7 +61,7 @@ import lombok.extern.slf4j.Slf4j; * </ul> * Output: * <ul> - * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> + * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} if one register result found</li> * </ul> * Transitions: * <ul> @@ -102,89 +102,89 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { log.trace("Starting ReceiveAustrianResidenceGuiResponseTask"); - - UserInput input = parseHtmlInput(request); + + UserInput input = parseHtmlInput(request); if (!input.isFormerResidenceAvailable()) { moveToNextTask(executionContext); return; - + } - + //TODO: Here, we need an error handling an can not stop full process if form input was invalid //TODO: check minimum form elements - /*TODO: maybe we can switch to custom controller and use WebMVC form-binding feature. + /*TODO: maybe we can switch to custom controller and use WebMVC form-binding feature. * Binding element can be add as attribute to this request */ if (input.getStreet().isEmpty() || input.getCity().isEmpty() || input.getZipcode().isEmpty()) { // HTML form should ensure that mandatory fields are set => this should never happen - throw new TaskExecutionException(pendingReq, "Invalid user input", + throw new TaskExecutionException(pendingReq, "Invalid user input", new InvalidUserInputException("module.eidasauth.matching.06")); - + } - - - + + + try { SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); RegisterStatusResults initialSearchResult = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq); - - RegisterStatusResults residencyResult = - registerSearchService.searchWithResidence(initialSearchResult.getOperationStatus(), + + RegisterStatusResults residencyResult = + registerSearchService.searchWithResidence(initialSearchResult.getOperationStatus(), eidasData, input.zipcode, input.city, input.street); if (residencyResult.getResultCount() == 0) { //TODO: her we should add a GUI step of result is zero to inform user an forward process by click moveToNextTask(executionContext); - + } else if (residencyResult.getResultCount() == 1) { compareSearchResultWithInitialData(executionContext, residencyResult, eidasData); - + } else { - /*TODO: align with form generation task and to better error handling in case of more-than-one result. + /*TODO: align with form generation task and to better error handling in case of more-than-one result. * Maybe the user has to provide more information. */ throw new TaskExecutionException(pendingReq, "Manual Fix necessary", new ManualFixNecessaryException(eidasData)); - + } - + } catch (EaafStorageException e) { log.error("Search with residency data failed", e); throw new TaskExecutionException(pendingReq, "Search with residency data failed", e); - + } } - private void compareSearchResultWithInitialData(ExecutionContext executionContext, + private void compareSearchResultWithInitialData(ExecutionContext executionContext, RegisterStatusResults residencyResult, SimpleEidasData eidasData) throws TaskExecutionException, EaafStorageException { - try { + try { /*TODO: check 'equalsRegisterData' because this method maybe this method evaluate to an invalid result. * See TODO in methods body - */ + */ if (eidasData.equalsRegisterData(residencyResult.getResult())) { // update register information registerSearchService.step7aKittProcess(residencyResult, eidasData); - + // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS - MatchingTaskUtils.storeFinalMatchingResult(pendingReq, + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, MatchedPersonResult.generateFormMatchingResult( residencyResult.getResult(), eidasData.getCitizenCountryCode())); - + } else { moveToNextTask(executionContext); - + } - + } catch (WorkflowException e) { throw new TaskExecutionException(pendingReq, "Search failed", new ManualFixNecessaryException(eidasData)); - + } } private void moveToNextTask(ExecutionContext executionContext) { // Later on, this should transition to Step 20 executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); - + } private @NotNull UserInput parseHtmlInput(HttpServletRequest request) { @@ -195,20 +195,20 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet String escaped = StringEscapeUtils.escapeHtml(request.getParameter(paramName)); if (PARAM_FORMER_RESIDENCE_AVAILABLE.equalsIgnoreCase(paramName)) { result.setFormerResidenceAvailable(Boolean.parseBoolean(escaped)); - + } else if (PARAM_STREET.equalsIgnoreCase(paramName)) { result.setStreet(escaped); - + } else if (PARAM_CITY.equalsIgnoreCase(paramName)) { result.setCity(escaped); - + } else if (PARAM_ZIPCODE.equalsIgnoreCase(paramName)) { result.setZipcode(escaped); - + } } return result; - + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index d43a175f..03cf5858 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -91,7 +91,7 @@ import lombok.extern.slf4j.Slf4j; * </ul> * Output: * <ul> - * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> + * <li>{@link Constants#DATA_PERSON_MATCH_RESULT} if one register result found</li> * </ul> * Transitions: * <ul> @@ -150,83 +150,83 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage); if (processedMsg.getSecond()) { // forward to next matching step in case of ID Autria authentication was stopped by user - executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); + executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; - + } // validate SAML2 response validateEntityId(inboundMessage); log.info("Receive a valid assertion from IDP " + inboundMessage.getEntityID()); - + // load already existing information from session SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq); RegisterStatusResults initialSearchResult = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq); - + // extract user information from ID Austria authentication AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse()); SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor); - - // check if MDS from ID Austria authentication matchs to eIDAS authentication + + // check if MDS from ID Austria authentication matchs to eIDAS authentication if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) { // user has cheated!? - throw new InvalidUserInputException("module.eidasauth.matching.05"); - + throw new InvalidUserInputException("module.eidasauth.matching.05"); + } - + // search entry in initial search result from steps before and build new RegisterSearchResult RegisterStatusResults registerResult = new RegisterStatusResults(initialSearchResult.getOperationStatus(), extractEntriesByBpk(initialSearchResult.getResultsZmr().stream(), simpleMobileSignatureData.getBpk()), extractEntriesByBpk(initialSearchResult.getResultsErnp().stream(), simpleMobileSignatureData.getBpk())); - + if (registerResult.getResultCount() != 1) { throw new WorkflowException("matchWithIDAustriaAuthentication", "Suspect state detected. MDS matches to eIDAS authentication " - + "but register search-result with MDS contains #" + registerResult.getResultCount() - + " entry with bPK from ID Austria authentication", false); - + + "but register search-result with MDS contains #" + registerResult.getResultCount() + + " entry with bPK from ID Austria authentication", false); + } else { // perform kit operation registerSearchService.step7aKittProcess(registerResult, eidasData); - - // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS - MatchingTaskUtils.storeFinalMatchingResult(pendingReq, - MatchedPersonResult.generateFormMatchingResult(registerResult.getResult(), + + // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, + MatchedPersonResult.generateFormMatchingResult(registerResult.getResult(), eidasData.getCitizenCountryCode())); - - } - + + } + } catch (final AuthnResponseValidationException e) { throw new TaskExecutionException(pendingReq, ERROR_MSG_03, e); - + } catch (MessageDecodingException | SecurityException | SamlSigningException e) { //final String samlRequest = request.getParameter("SAMLRequest"); //log.debug("Receive INVALID PVP Response from 'ms-specific eIDAS node': {}", // samlRequest, null, e); throw new TaskExecutionException(pendingReq, ERROR_MSG_00, new AuthnResponseValidationException(ERROR_PVP_11, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); - + } catch (IOException | MarshallingException | TransformerException e) { log.debug("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); throw new TaskExecutionException(pendingReq, ERROR_MSG_01, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); - + } catch (final CredentialsNotAvailableException e) { log.debug("PVP response decryption FAILED. No credential found.", e); throw new TaskExecutionException(pendingReq, ERROR_MSG_02, new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); - + } catch (final Exception e) { // todo catch ManualFixNecessaryException in any other way? log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); throw new TaskExecutionException(pendingReq, ERROR_MSG_03, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); - + } } private List<RegisterResult> extractEntriesByBpk(Stream<RegisterResult> stream, String bpk) { - return stream.filter(el -> bpk.equals(el.getBpk())).collect(Collectors.toList()); + return stream.filter(el -> bpk.equals(el.getBpk())).collect(Collectors.toList()); } @@ -354,7 +354,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet } if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) { builder.dateOfBirth(extractor.getSingleAttributeValue(attrName)); - } + } if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) { MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq).setQaaLevel( extractor.getSingleAttributeValue(attrName)); @@ -362,7 +362,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet } MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq).setIssueInstant(extractor.getAssertionIssuingDate()); return builder.build(); - + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index c2c1a351..812e534c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -47,14 +47,11 @@ import lombok.extern.slf4j.Slf4j; * <li>{@link Constants#DATA_SIMPLE_EIDAS} initial login data from user</li> * <li>{@link Constants#DATA_INTERMEDIATE_RESULT} results from search in registers with personIdentifier</li> * </ul> - * Output: - * <ul> - * <li>{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found</li> - * </ul> * Transitions: * <ul> * <li>{@link GenerateMobilePhoneSignatureRequestTask} if selected by user</li> * <li>{@link GenerateAustrianResidenceGuiTask} if selected by user</li> + * <li>{@link GenerateAuthnRequestTask} if selected by user</li> * </ul> * * @author amarsalek @@ -65,23 +62,23 @@ import lombok.extern.slf4j.Slf4j; public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthServletTask { @Override - public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, + public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request)); executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection); executionContext.remove(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED); transitionToNextTask(executionContext, selection); - + } catch (final IllegalArgumentException e) { log.error("Parsing selected login method FAILED.", e); throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", new InvalidUserInputException("module.eidasauth.matching.98")); - + } catch (final Exception e) { log.error("Parsing selected login method FAILED.", e); throw new TaskExecutionException(pendingReq, "Parsing selected login method FAILED.", e); - + } } @@ -91,12 +88,12 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe String paramName = paramNames.nextElement(); if (Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER.equalsIgnoreCase(paramName)) { return StringEscapeUtils.escapeHtml(request.getParameter(paramName)); - + } } - + throw new InvalidUserInputException("module.eidasauth.matching.98"); - + } private void transitionToNextTask(ExecutionContext executionContext, SelectedLoginMethod selection) @@ -105,22 +102,22 @@ public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthSe case EIDAS_LOGIN: executionContext.put(Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN, true); return; - + case MOBILE_PHONE_SIGNATURE_LOGIN: executionContext.put(Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK, true); return; - + case NO_OTHER_LOGIN: executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true); return; - + case ADD_ME_AS_NEW: executionContext.put(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK, true); - return; - + return; + default: throw new InvalidUserInputException("module.eidasauth.matching.98"); - + } } |