aboutsummaryrefslogtreecommitdiff
path: root/modules/authmodule-eIDAS-v2/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main/java')
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java80
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java80
-rw-r--r--modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java2
3 files changed, 135 insertions, 27 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
index a847a519..feb2853a 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java
@@ -3,6 +3,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.ernp;
import java.io.IOException;
import java.text.MessageFormat;
import java.time.LocalDate;
+import java.time.LocalDateTime;
import java.time.OffsetDateTime;
import java.util.Arrays;
import java.util.Collection;
@@ -417,30 +418,79 @@ public class ErnpRestClient implements IErnpClient {
"Find more-than-one ERnP entry with search criteria that has to be unique", true);
} else {
- return Arrays.asList(mapErnpResponseToRegisterResult(persons.get(0), citizenCountryCode));
+ RegisterResult activeResult = mapErnpResponseToRegisterResult(persons.get(0), citizenCountryCode);
+ if (activeResult == null) {
+ log.error("ERnP entry, which was selected by matching, looks already closed. "
+ + "Automated operations on closed entries not supported my matching");
+ throw new WorkflowException(processStepFiendlyname,
+ "ERnP entry, which was selected by matching, is not active any more.", true);
+
+ }
+
+ return Arrays.asList(activeResult);
}
}
- @Nonnull
+
+
+ /**
+ * Process a single Person data-set from ERnP.
+ *
+ * @param personEl Person data-set from ERnP
+ * @param citizenCountryCode Country-Code of the citizen
+ * @return Simplified register result, or <code>null</code> if the person data-set is not active anymore
+ * @throws EaafAuthenticationException In case of a validation error
+ */
+ @Nullable
private RegisterResult mapErnpResponseToRegisterResult(@Nonnull Person person,
@Nonnull String citizenCountryCode) {
- // build result
- return RegisterResult.builder()
- .pseudonym(selectAllEidasDocument(person, citizenCountryCode,
- EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
- .familyName(person.getPersonendaten().getFamilienname())
- .givenName(person.getPersonendaten().getVorname())
- .dateOfBirth(getTextualBirthday(person.getPersonendaten().getGeburtsdatum()))
- .bpk(person.getPersonendaten().getBpkZp())
- .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode,
- EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH))
- .birthName(selectSingleEidasDocument(person, citizenCountryCode,
- EidasConstants.eIDAS_ATTRURN_BIRTHNAME))
- .build();
+
+ if (checkIfPersonIsActive(person)) {
+ // build result
+ return RegisterResult.builder()
+ .pseudonym(selectAllEidasDocument(person, citizenCountryCode,
+ EidasConstants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
+ .familyName(person.getPersonendaten().getFamilienname())
+ .givenName(person.getPersonendaten().getVorname())
+ .dateOfBirth(getTextualBirthday(person.getPersonendaten().getGeburtsdatum()))
+ .bpk(person.getPersonendaten().getBpkZp())
+ .placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode,
+ EidasConstants.eIDAS_ATTRURN_PLACEOFBIRTH))
+ .birthName(selectSingleEidasDocument(person, citizenCountryCode,
+ EidasConstants.eIDAS_ATTRURN_BIRTHNAME))
+ .build();
+
+ } else {
+ log.debug("Entity is not valid anymore. Skip it ... ");
+ return null;
+
+ }
}
+ private boolean checkIfPersonIsActive(Person person) {
+ if (person.getGueltigBis() != null) {
+ LocalDateTime validTo = person.getGueltigBis().toLocalDateTime();
+ LocalDateTime now = LocalDateTime.now();
+ if (validTo.isBefore(now)) {
+ log.warn("Enity was valid to: {}, but now its: {}. Ignore that entry", validTo, now);
+ return false;
+
+ } else {
+ log.debug("Entity has a 'validTo' element, but it is in the future.");
+
+ }
+
+ } else {
+ log.trace("Entity has no 'validTo' element. Therefore it should be valid");
+
+ }
+
+ return true;
+ }
+
+
private Suchdaten mapCountrySpecificSearchData(PersonSuchenRequest personSearchDao) {
final Suchdaten searchInfos = new Suchdaten();
searchInfos.setFamilienname(personSearchDao.getNatuerlichePerson().getPersonenName().getFamilienname());
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
index 904afc37..444bd4e7 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
@@ -3,6 +3,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr;
import java.math.BigInteger;
import java.net.URL;
import java.text.MessageFormat;
+import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
@@ -33,6 +34,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicati
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder;
import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants;
import at.gv.bmi.namespace.zmr_su.base._20040201.ClientInfoType;
+import at.gv.bmi.namespace.zmr_su.base._20040201.EntityErgebnisReferenzType;
import at.gv.bmi.namespace.zmr_su.base._20040201.Organisation;
import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType;
import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType;
@@ -78,6 +80,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
private static final String ERROR_MATCHING_01 = "module.eidasauth.matching.01";
private static final String ERROR_MATCHING_02 = "module.eidasauth.matching.02";
+ private static final String ERROR_MATCHING_04 = "module.eidasauth.matching.04";
private static final String ERROR_MATCHING_99 = "module.eidasauth.matching.99";
private static final String LOGMSG_MISSING_CONFIG = "Missing configuration with key: {0}";
@@ -556,29 +559,84 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
"Find more-than-one ZMR entry with search criteria that has to be unique", true);
} else {
- return Arrays.asList(processPersonResult(personErgebnisSatz.get(0), citizenCountryCode));
+ RegisterResult activeResult = processPersonResult(personErgebnisSatz.get(0), citizenCountryCode);
+ if (activeResult == null) {
+ log.error("ZMR entry, which was selected by matching, looks already closed. "
+ + "Automated operations on closed entries not supported my matching");
+ throw new WorkflowException(processStepFiendlyname,
+ "ZMR entry, which was selected by matching, is not active any more.", true);
+
+ }
+ return Arrays.asList(activeResult);
}
}
- @Nonnull
+ /**
+ * Process a single Person data-set from ZMR.
+ *
+ * @param personEl Person data-set from ZMR
+ * @param citizenCountryCode Country-Code of the citizen
+ * @return Simplified register result, or <code>null</code> if the person data-set is not active anymore
+ * @throws EaafAuthenticationException In case of a validation error
+ */
+ @Nullable
private RegisterResult processPersonResult(
@Nonnull PersonErgebnisSatzType personEl, @Nonnull String citizenCountryCode)
+ throws EaafAuthenticationException {
+ PersonErgebnisType latestPersonResult = extractLatestPersonResult(personEl);
+
+ // check if person was not closed already
+ if (checkIfPersonIsActive(latestPersonResult)) {
+ return mapZmrResponseToRegisterResult(latestPersonResult, citizenCountryCode);
+
+ } else {
+ log.debug("Entity is not valid anymore. Skip it ... ");
+ return null;
+
+ }
+ }
+
+ @Nonnull
+ private PersonErgebnisType extractLatestPersonResult(PersonErgebnisSatzType personEl)
throws EaafAuthenticationException {
// TODO: maybe check on 'null' if ERnP data is also allowed
- log.debug("Find #{} data sets in person information",
- personEl.getPersonendaten().getPersonErgebnis().size());
-
- if (personEl.getPersonendaten().getPersonErgebnis().size() > 1) {
- log.error("Find more than on PersoenErgebnis in Personendaten.");
+ log.debug("Find #{} data sets in person information", personEl.getPersonendaten().getPersonErgebnis().size());
+ if (personEl.getPersonendaten().getPersonErgebnis().size() == 0) {
+ log.error("Find no PersoenErgebnis in Personendaten from ZMR.");
+ throw new EaafAuthenticationException(ERROR_MATCHING_04, null);
+
+ } else if (personEl.getPersonendaten().getPersonErgebnis().size() > 1) {
+ log.error("Find more than on PersoenErgebnis in Personendaten from ZMR.");
+ //TODO: select latest entry in case of historic information
throw new EaafAuthenticationException(ERROR_MATCHING_02, null);
+ } else {
+ return personEl.getPersonendaten().getPersonErgebnis().get(0);
+
+ }
+ }
+
+ private boolean checkIfPersonIsActive(PersonErgebnisType latestPersonResult) {
+ EntityErgebnisReferenzType entityRef = latestPersonResult.getEntityErgebnisReferenz();
+ if (entityRef.getBis() != null) {
+ LocalDateTime validTo = entityRef.getBis().toGregorianCalendar().toZonedDateTime().toLocalDateTime();
+ LocalDateTime now = LocalDateTime.now();
+ if (validTo.isBefore(now)) {
+ log.warn("Enity was valid to: {}, but now its: {}. Ignore that entry", validTo, now);
+ return false;
+
+ } else {
+ log.debug("Entity has a 'validTo' element, but it is in the future.");
+
+ }
+
} else {
- return mapZmrResponseToRegisterResult(
- personEl.getPersonendaten().getPersonErgebnis().get(0), citizenCountryCode);
-
+ log.trace("Entity has no 'validTo' element. Therefore it should be valid");
+
}
-
+
+ return true;
}
@Nonnull
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
index 8716f80d..61d5ded2 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
@@ -253,7 +253,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor {
}
} else {
- log.debug("Map " + spConfig.getAreaSpecificTargetIdentifier() + " to 'PrivateSector'");
+ log.debug("Map {} to 'PrivateSector'", spConfig.getAreaSpecificTargetIdentifier());
authnRequestBuilder.spType(SpType.PRIVATE.getValue());
// TODO: switch to RequesterId in further version