diff options
Diffstat (limited to 'eidas_modules')
8 files changed, 391 insertions, 1 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java new file mode 100644 index 00000000..710e286c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/CountrySpecificDetailSearchResult.java @@ -0,0 +1,14 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +public class CountrySpecificDetailSearchResult { + + //TODO is the result the same as the one form the initial search? + int resultsZmr; + int resultsErnb; + + public int getResultCount() { + return resultsZmr + resultsErnb; + } + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java new file mode 100644 index 00000000..8fe69414 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/InitialSearchResult.java @@ -0,0 +1,12 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao; + +public class InitialSearchResult { + + int resultsZmr; + int resultsErnb; + + public int getResultCount() { + return resultsErnb + resultsZmr; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java new file mode 100644 index 00000000..f3916ed6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/exception/ManualFixNecessaryException.java @@ -0,0 +1,40 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.exception; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; + +public class ManualFixNecessaryException extends EidasSAuthenticationException { + private static final long serialVersionUID = 1L; + + public ManualFixNecessaryException(String personIdentifier) { + super("eidas.00", new Object[] { personIdentifier });//TODO "eidas.00" + + } + + public ManualFixNecessaryException(ErnbEidData eidData) { + + super("eidas.00", new Object[] { eidData.getPseudonym() });//TODO "eidas.00" => what info to pass??? + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java new file mode 100644 index 00000000..c35f6e16 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/ICountrySpecificDetailSearchProcessor.java @@ -0,0 +1,58 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; + +public interface ICountrySpecificDetailSearchProcessor { + + /** + * Get a friendlyName of this post-processor implementation. + * + * @return + */ + String getName(); + + /** + * Get the priority of this eID Post-Processor <br> + * If more than one Post-Processor implementations can handle the eID data, the + * post-processor with the highest priority are selected. The Default-Processor + * has priority '0' + * + * @return Priority of this handler + */ + int getPriority(); + + /** + * Check if this postProcessor is sensitive for a specific country. + * + * @param countryCode of the eID data that should be processed + * @param eidData eID data + * @return true if this implementation can handle the country, otherwise false + */ + boolean canHandle(String countryCode, ErnbEidData eidData); + + CountrySpecificDetailSearchResult search(ErnbEidData eidData); +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java new file mode 100644 index 00000000..d9f70a81 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java @@ -0,0 +1,258 @@ +/* + * Copyright 2018 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.CountrySpecificDetailSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.InitialSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ICountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Component; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * Task that creates the IdentityLink for an eIDAS authenticated person. + * + * @author tlenz + */ +@Slf4j +@Component("InitialSearchTask") +public class InitialSearchTask extends AbstractAuthServletTask { + + private final List<ICountrySpecificDetailSearchProcessor> handlers = new ArrayList<>(); + + // @Autowired + // private AuthBlockSigningService authBlockSigner; + // @Autowired + // private IConfiguration basicConfig; + // @Autowired + // private SzrClient szrClient; + @Autowired + private ICcSpecificEidProcessingService eidPostProcessor; + + // private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; + @Autowired + private ApplicationContext context; + + @PostConstruct + private void initialize() { + log.debug("Initialize country specific detail search services ... "); + final Map<String, ICountrySpecificDetailSearchProcessor> postProcessors = context.getBeansOfType( + ICountrySpecificDetailSearchProcessor.class); + final Iterator<Map.Entry<String, ICountrySpecificDetailSearchProcessor>> iterator = + postProcessors.entrySet().iterator(); + while (iterator.hasNext()) { + final Map.Entry<String, ICountrySpecificDetailSearchProcessor> el = iterator.next(); + log.debug("Find country specific detail search services with name: " + el.getKey()); + handlers.add(el.getValue()); + + } + + log.trace("Sorting country specific detail search services on priority ... "); + Collections.sort(handlers, (thisAuthModule, otherAuthModule) -> { + final int thisOrder = thisAuthModule.getPriority(); + final int otherOrder = otherAuthModule.getPriority(); + return thisOrder < otherOrder ? 1 : thisOrder == otherOrder ? 0 : -1; + }); + + log.info("# " + handlers.size() + " country specific detail search services are registrated"); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. + * egovernment.moa.id.process.api.ExecutionContext, + * javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + final ILightResponse eidasResponse = authProcessData + .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + + final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap( + eidasResponse.getAttributes().getAttributeMap()); + + // post-process eIDAS attributes + final ErnbEidData eidData = eidPostProcessor.postProcess(simpleAttrMap); + + String personIdentifier = eidData.getPseudonym(); + + //search in register(step 2) + InitialSearchResult result = searchInZmrAndErnp(personIdentifier); + switch (result.getResultCount()) { + case 0: + step5(result, eidData); + break; + case 1: + step3(result, eidData); + break; + default://should not happen + throw new TaskExecutionException(pendingReq, "Initial search - Kitt Process necessary.", + new ManualFixNecessaryException(personIdentifier)); + } + } catch (final Exception e) { + log.error("Initial search FAILED.", e); + throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e); + } + } + + private void step3(InitialSearchResult result, ErnbEidData eidData) { + //check if data from eidas authentication matches with data from register + //TODO + + } + + private void step5(InitialSearchResult result, ErnbEidData eidData) throws TaskExecutionException { + String citizenCountry = eidData.getCitizenCountryCode(); + ICountrySpecificDetailSearchProcessor foundHandler = null; + for (final ICountrySpecificDetailSearchProcessor el : handlers) { + //5 check if country specific search is possible + if (el.canHandle(citizenCountry, eidData)) { + log.debug("Found suitable country specific search handler for " + citizenCountry + + " by using: " + el.getName()); + foundHandler = el; + break; + } + } + if (foundHandler == null) { + //MDS search + step8(result, eidData); + } else { + //country specific search + step6(foundHandler, result, eidData); + } + } + + private void step6(ICountrySpecificDetailSearchProcessor countrySpecificDetailSearchProcessor, + InitialSearchResult initialSearchResult, ErnbEidData eidData) throws TaskExecutionException { + //6 country specific search + CountrySpecificDetailSearchResult countrySpecificDetailSearchResult = + countrySpecificDetailSearchProcessor.search(eidData); + + switch (countrySpecificDetailSearchResult.getResultCount()) { + case 0: + step8(initialSearchResult, eidData); + break; + case 1: + step7a(initialSearchResult, countrySpecificDetailSearchResult, eidData); + break; + default://should not happen + throw new TaskExecutionException(pendingReq, "Detail search - Kitt Process necessary.", + new ManualFixNecessaryException(eidData)); + } + } + + private void step7a(InitialSearchResult initialSearchResult, + CountrySpecificDetailSearchResult countrySpecificDetailSearchResult, ErnbEidData eidData) { + //TODO automerge + + } + + private void step8(InitialSearchResult initialSearchResult, ErnbEidData eidData) { + //TODO MDS Suche + } + + private InitialSearchResult searchInZmrAndErnp(String personIdentifier) { + //search TODO + return new InitialSearchResult();//TODO + } + + private Map<String, Object> convertEidasAttrToSimpleMap( + ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { + final Map<String, Object> result = new HashMap<>(); + + for (final AttributeDefinition<?> el : attributeMap.keySet()) { + + final Class<?> parameterizedType = el.getParameterizedType(); + if (DateTime.class.equals(parameterizedType)) { + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); + if (attribute != null) { + result.put(el.getFriendlyName(), attribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString()); + + } else { + log.info("Ignore empty 'DateTime' attribute"); + } + + } else if (PostalAddress.class.equals(parameterizedType)) { + final PostalAddress addressAttribute = EidasResponseUtils + .translateAddressAttribute(el, attributeMap.get(el).asList()); + if (addressAttribute != null) { + result.put(el.getFriendlyName(), addressAttribute); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString()); + + } else { + log.info("Ignore empty 'PostalAddress' attribute"); + } + + } else { + final List<String> natPersonIdObj = EidasResponseUtils + .translateStringListAttribute(el, attributeMap.get(el).asList()); + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr); + + } else { + log.info("Ignore empty 'String' attribute"); + } + } + } + log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString()); + return result; + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 55bb1ace..e199d379 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -10,6 +10,8 @@ class="FinalizeAuthenticationTask" /> <pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" /> + <pd:Task id="initialRegisterSearch" + class="InitialSearchTask" /> <pd:StartEvent id="start" /> @@ -18,6 +20,8 @@ <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" /> <pd:Transition from="receiveAuthnResponse" + to="initialRegisterSearch" /> + <pd:Transition from="initialRegisterSearch" to="generateIdentityLink" /> <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" /> diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 6cc704ab..9c28bf07 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -87,4 +87,8 @@ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask" scope="prototype" /> + <bean id="InitialSearchTask" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask" + scope="prototype" /> + </beans>
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java index c44e803b..23175a18 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java @@ -100,7 +100,7 @@ public class EidasRequestPreProcessingSecondTest { final LightRequest lightReq = authnRequestBuilder.build(); - Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName()); + Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName());//Fixme "myNode" Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); |