1 files changed, 65 insertions, 15 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
index a847a519..feb2853a 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
@@ -3,6 +3,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.ernp;
 import java.io.IOException;
 import java.text.MessageFormat;
 import java.time.LocalDate;
+import java.time.LocalDateTime;
 import java.time.OffsetDateTime;
 import java.util.Arrays;
 import java.util.Collection;
@@ -417,30 +418,79 @@ public class ErnpRestClient implements IErnpClient {
           "Find more-than-one ERnP entry with search criteria that has to be unique", true);
 
     } else {
-      return Arrays.asList(mapErnpResponseToRegisterResult(persons.get(0), citizenCountryCode));
+      RegisterResult activeResult = mapErnpResponseToRegisterResult(persons.get(0), citizenCountryCode);
+      if (activeResult == null) {
+        log.error("ERnP entry, which was selected by matching, looks already closed. "
+            + "Automated operations on closed entries not supported my matching");
+        throw new WorkflowException(processStepFiendlyname, 
+            "ERnP entry, which was selected by matching, is not active any more.", true);
+        
+      }      
+            
+      return Arrays.asList(activeResult);
 
     }
   }
 
-  @Nonnull
+  
+  
+  /**
+   * Process a single Person data-set from ERnP. 
+   * 
+   * @param personEl Person data-set from ERnP
+   * @param citizenCountryCode Country-Code of the citizen
+   * @return Simplified register result, or <code>null</code> if the person data-set is not active anymore
+   * @throws EaafAuthenticationException In case of a validation error
+   */
+  @Nullable
   private RegisterResult mapErnpResponseToRegisterResult(@Nonnull Person person,
       @Nonnull String citizenCountryCode) {
-    // build result
-    return RegisterResult.builder()
-        .pseudonym(selectAllEidasDocument(person, citizenCountryCode,
-            EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
-        .familyName(person.getPersonendaten().getFamilienname())
-        .givenName(person.getPersonendaten().getVorname())
-        .dateOfBirth(getTextualBirthday(person.getPersonendaten().getGeburtsdatum()))
-        .bpk(person.getPersonendaten().getBpkZp())
-        .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode,
-            EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH))
-        .birthName(selectSingleEidasDocument(person, citizenCountryCode,
-            EidasConstants.eIDAS_ATTRURN_BIRTHNAME))
-        .build();
+
+    if (checkIfPersonIsActive(person)) {    
+      // build result
+      return RegisterResult.builder()
+          .pseudonym(selectAllEidasDocument(person, citizenCountryCode,
+              EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
+          .familyName(person.getPersonendaten().getFamilienname())
+          .givenName(person.getPersonendaten().getVorname())
+          .dateOfBirth(getTextualBirthday(person.getPersonendaten().getGeburtsdatum()))
+          .bpk(person.getPersonendaten().getBpkZp())
+          .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode,
+              EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH))
+          .birthName(selectSingleEidasDocument(person, citizenCountryCode,
+              EidasConstants.eIDAS_ATTRURN_BIRTHNAME))
+          .build();
+      
+    } else {
+      log.debug("Entity is not valid anymore. Skip it ... ");
+      return null;
+      
+    }
 
   }
 
+  private boolean checkIfPersonIsActive(Person person) {    
+    if (person.getGueltigBis() != null) {
+      LocalDateTime validTo = person.getGueltigBis().toLocalDateTime();
+      LocalDateTime now = LocalDateTime.now();
+      if (validTo.isBefore(now)) {
+        log.warn("Enity was valid to: {}, but now its: {}. Ignore that entry", validTo, now);
+        return false;
+        
+      } else {
+        log.debug("Entity has a 'validTo' element, but it is in the future.");
+        
+      }
+          
+    } else {
+      log.trace("Entity has no 'validTo' element. Therefore it should be valid");
+      
+    }
+    
+    return true;
+  }
+  
+  
   private Suchdaten mapCountrySpecificSearchData(PersonSuchenRequest personSearchDao) {            
     final Suchdaten searchInfos = new Suchdaten();
     searchInfos.setFamilienname(personSearchDao.getNatuerlichePerson().getPersonenName().getFamilienname());