diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java')
| -rw-r--r-- | modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java | 80 |
1 files changed, 69 insertions, 11 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java index 904afc37..444bd4e7 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java @@ -3,6 +3,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr; import java.math.BigInteger; import java.net.URL; import java.text.MessageFormat; +import java.time.LocalDateTime; import java.util.Arrays; import java.util.Collection; import java.util.Collections; @@ -33,6 +34,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicati import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder; import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.gv.bmi.namespace.zmr_su.base._20040201.ClientInfoType; +import at.gv.bmi.namespace.zmr_su.base._20040201.EntityErgebnisReferenzType; import at.gv.bmi.namespace.zmr_su.base._20040201.Organisation; import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType; import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType; @@ -78,6 +80,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { private static final String ERROR_MATCHING_01 = "module.eidasauth.matching.01"; private static final String ERROR_MATCHING_02 = "module.eidasauth.matching.02"; + private static final String ERROR_MATCHING_04 = "module.eidasauth.matching.04"; private static final String ERROR_MATCHING_99 = "module.eidasauth.matching.99"; private static final String LOGMSG_MISSING_CONFIG = "Missing configuration with key: {0}"; @@ -556,29 +559,84 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient { "Find more-than-one ZMR entry with search criteria that has to be unique", true); } else { - return Arrays.asList(processPersonResult(personErgebnisSatz.get(0), citizenCountryCode)); + RegisterResult activeResult = processPersonResult(personErgebnisSatz.get(0), citizenCountryCode); + if (activeResult == null) { + log.error("ZMR entry, which was selected by matching, looks already closed. " + + "Automated operations on closed entries not supported my matching"); + throw new WorkflowException(processStepFiendlyname, + "ZMR entry, which was selected by matching, is not active any more.", true); + + } + return Arrays.asList(activeResult); } } - @Nonnull + /** + * Process a single Person data-set from ZMR. + * + * @param personEl Person data-set from ZMR + * @param citizenCountryCode Country-Code of the citizen + * @return Simplified register result, or <code>null</code> if the person data-set is not active anymore + * @throws EaafAuthenticationException In case of a validation error + */ + @Nullable private RegisterResult processPersonResult( @Nonnull PersonErgebnisSatzType personEl, @Nonnull String citizenCountryCode) + throws EaafAuthenticationException { + PersonErgebnisType latestPersonResult = extractLatestPersonResult(personEl); + + // check if person was not closed already + if (checkIfPersonIsActive(latestPersonResult)) { + return mapZmrResponseToRegisterResult(latestPersonResult, citizenCountryCode); + + } else { + log.debug("Entity is not valid anymore. Skip it ... "); + return null; + + } + } + + @Nonnull + private PersonErgebnisType extractLatestPersonResult(PersonErgebnisSatzType personEl) throws EaafAuthenticationException { // TODO: maybe check on 'null' if ERnP data is also allowed - log.debug("Find #{} data sets in person information", - personEl.getPersonendaten().getPersonErgebnis().size()); - - if (personEl.getPersonendaten().getPersonErgebnis().size() > 1) { - log.error("Find more than on PersoenErgebnis in Personendaten."); + log.debug("Find #{} data sets in person information", personEl.getPersonendaten().getPersonErgebnis().size()); + if (personEl.getPersonendaten().getPersonErgebnis().size() == 0) { + log.error("Find no PersoenErgebnis in Personendaten from ZMR."); + throw new EaafAuthenticationException(ERROR_MATCHING_04, null); + + } else if (personEl.getPersonendaten().getPersonErgebnis().size() > 1) { + log.error("Find more than on PersoenErgebnis in Personendaten from ZMR."); + //TODO: select latest entry in case of historic information throw new EaafAuthenticationException(ERROR_MATCHING_02, null); + } else { + return personEl.getPersonendaten().getPersonErgebnis().get(0); + + } + } + + private boolean checkIfPersonIsActive(PersonErgebnisType latestPersonResult) { + EntityErgebnisReferenzType entityRef = latestPersonResult.getEntityErgebnisReferenz(); + if (entityRef.getBis() != null) { + LocalDateTime validTo = entityRef.getBis().toGregorianCalendar().toZonedDateTime().toLocalDateTime(); + LocalDateTime now = LocalDateTime.now(); + if (validTo.isBefore(now)) { + log.warn("Enity was valid to: {}, but now its: {}. Ignore that entry", validTo, now); + return false; + + } else { + log.debug("Entity has a 'validTo' element, but it is in the future."); + + } + } else { - return mapZmrResponseToRegisterResult( - personEl.getPersonendaten().getPersonErgebnis().get(0), citizenCountryCode); - + log.trace("Entity has no 'validTo' element. Therefore it should be valid"); + } - + + return true; } @Nonnull |