From ea372a857b53b67cb6f7be7f5a1285066aadc9da Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 11 Sep 2018 13:35:52 +0200 Subject: some more updates --- .../properties/external_statuscodes_map.properties | 1 + .../properties/status_messages_en.properties | 1 + .../specific/connector/MSConnectorEventCodes.java | 2 +- .../modules/authmodule_eIDASv2/Constants.java | 14 +- .../authmodule_eIDASv2/DAO/ERnBeIDData.java | 85 ++++ .../DAO/eIDASPersonalIdStoreDAO.java | 1 + .../exception/eIDPostProcessingException.java | 17 + .../handler/AbstracteIDPostProcessor.java | 194 +++++++++ .../handler/DEeIDPostProcessor.java | 79 ++++ .../handler/GenericeIDPostProcessor.java | 31 ++ .../handler/INationaleIDPostProcessor.java | 46 +++ .../service/EIDPostProcessingService.java | 88 +++++ .../service/IeIDPostProcessingService.java | 22 ++ .../authmodule_eIDASv2/service/eIDASDataStore.java | 1 + .../tasks/CreateIdentityLinkTask.java | 164 +++----- .../src/main/resources/eidas_v2_auth.beans.xml | 17 +- .../eIDASAttributePostProcessingTest.java | 432 +++++++++++++++++++++ .../authmodule_eIDASv2/eIDASDataStoreTest.java | 174 ++++----- .../resources/SpringTest-context_basic_test.xml | 17 +- event_code_descr.txt | 3 +- external_error_code_descr.txt | 1 + pom.xml | 2 +- 22 files changed, 1175 insertions(+), 217 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/ERnBeIDData.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDPostProcessingException.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDPostProcessor.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDPostProcessor.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDPostProcessor.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDPostProcessor.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/EIDPostProcessingService.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/IeIDPostProcessingService.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASAttributePostProcessingTest.java diff --git a/connector/src/main/resources/properties/external_statuscodes_map.properties b/connector/src/main/resources/properties/external_statuscodes_map.properties index 3e299481..a0951dfb 100644 --- a/connector/src/main/resources/properties/external_statuscodes_map.properties +++ b/connector/src/main/resources/properties/external_statuscodes_map.properties @@ -16,6 +16,7 @@ config.24=9099 ernb.00=4601 ernb.01=4601 ernb.02=4600 +ernb.03=4602 auth.00=1100 diff --git a/connector/src/main/resources/properties/status_messages_en.properties b/connector/src/main/resources/properties/status_messages_en.properties index f5d084b2..80228a47 100644 --- a/connector/src/main/resources/properties/status_messages_en.properties +++ b/connector/src/main/resources/properties/status_messages_en.properties @@ -16,6 +16,7 @@ config.24=Configuration file {1} does not start with {0} prefix. ernb.00=Receive no identity-link from SZR ernb.01=Receive no bPK from SZR ernb.02=SZR response contains an error. ErrorMsg: {0} +ernb.03=Post-processing of eIDAS attributes failed. Reason: {0} auth.00=Service provider: {0} is unknown auth.21=The authentication process was stopped by user diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSConnectorEventCodes.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSConnectorEventCodes.java index 49a079ff..c9eb7f26 100644 --- a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSConnectorEventCodes.java +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/MSConnectorEventCodes.java @@ -16,6 +16,6 @@ public class MSConnectorEventCodes { public static final int SZR_BPK_RECEIVED = 6201; public static final int SZR_ERNB_EIDAS_RAW_ID = 6210; - public static final int SZR_ERNB_EIDAS_HASHED_ID = 6211; + public static final int SZR_ERNB_EIDAS_ERNB_ID = 6211; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java index 24d1f1ea..4d80965e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java @@ -62,10 +62,13 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.usedummykeys"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.useSZRForbPKCalculation"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.setPlaceOfBirthIfAvailable"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.setBirthNameIfAvailable"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE = CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.active"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE = CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.revisionlog.active"; - public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL = CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.url"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE = CONIG_PROPS_EIDAS_SZRCLIENT + ".revisionlog.eidmapping.active"; + + + @Deprecated public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_URL = CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.url"; + @Deprecated public static final String CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE = CONIG_PROPS_EIDAS_SZRCLIENT + ".workarounds.datastore.sqlite.active"; //http endpoint descriptions @@ -83,6 +86,9 @@ public class Constants { public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; public static final String eIDAS_ATTR_PLACEOFBIRTH = "PlaceOfBirth"; + public static final String eIDAS_ATTR_BIRTHNAME = "BirthName"; + public static final String eIDAS_ATTR_CURRENTADDRESS = "CurrentAddress"; + public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; @@ -118,5 +124,7 @@ public class Constants { public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT"; public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT = "AQAB"; public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS = "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEgXGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X"; + + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/ERnBeIDData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/ERnBeIDData.java new file mode 100644 index 00000000..4f7465ce --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/ERnBeIDData.java @@ -0,0 +1,85 @@ +package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO; + +import java.text.SimpleDateFormat; + +import org.joda.time.DateTime; + +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; + +public class ERnBeIDData { + + private String citizenCountryCode = null; + + //MDS + private String pseudonym = null; + private String givenName = null; + private String familyName = null; + private DateTime dateOfBirth = null; + + //additional attributes + private String placeOfBirth = null; + private String birthName = null; + private PostalAddressType address = null; + + + + + + public String getCitizenCountryCode() { + return citizenCountryCode; + } + public void setCitizenCountryCode(String citizenCountryCode) { + this.citizenCountryCode = citizenCountryCode; + } + public String getPseudonym() { + return pseudonym; + } + public void setPseudonym(String pseudonym) { + this.pseudonym = pseudonym; + } + public String getGivenName() { + return givenName; + } + public void setGivenName(String givenName) { + this.givenName = givenName; + } + public String getFamilyName() { + return familyName; + } + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + public DateTime getDateOfBirth() { + return dateOfBirth; + } + public void setDateOfBirth(DateTime dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + public String getPlaceOfBirth() { + return placeOfBirth; + } + public void setPlaceOfBirth(String placeOfBirth) { + this.placeOfBirth = placeOfBirth; + } + public String getBirthName() { + return birthName; + } + public void setBirthName(String birthName) { + this.birthName = birthName; + } + public PostalAddressType getAddress() { + return address; + } + public void setAddress(PostalAddressType address) { + this.address = address; + } + + public String getFormatedDateOfBirth() { + return new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate()); + } + + + + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/eIDASPersonalIdStoreDAO.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/eIDASPersonalIdStoreDAO.java index b0f957a5..f9f8db6e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/eIDASPersonalIdStoreDAO.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/DAO/eIDASPersonalIdStoreDAO.java @@ -6,6 +6,7 @@ import java.util.List; import at.gv.egiz.eaaf.core.impl.data.Pair; +@Deprecated public class eIDASPersonalIdStoreDAO { public static final String NAME = "foreigneIDMap"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDPostProcessingException.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDPostProcessingException.java new file mode 100644 index 00000000..3d7c821a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/exception/eIDPostProcessingException.java @@ -0,0 +1,17 @@ +package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception; + +public class eIDPostProcessingException extends eIDASAuthenticationException { + + private static final long serialVersionUID = 6780652273831172456L; + + public eIDPostProcessingException(String internalMsgId, Object[] params) { + super(internalMsgId, params); + + } + + public eIDPostProcessingException(String internalMsgId, Object[] params, Throwable e) { + super(internalMsgId, params, e); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDPostProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDPostProcessor.java new file mode 100644 index 00000000..db5dafd7 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/AbstracteIDPostProcessor.java @@ -0,0 +1,194 @@ +package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler; + +import java.util.Map; + +import org.joda.time.DateTime; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; + +public abstract class AbstracteIDPostProcessor implements INationaleIDPostProcessor { + private static final Logger log = LoggerFactory.getLogger(AbstracteIDPostProcessor.class); + + + @Override + public ERnBeIDData postProcess(Map eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException{ + ERnBeIDData result = new ERnBeIDData(); + + //MDS attributes + result.setPseudonym(processPseudonym(eIDASAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))); + result.setFamilyName(processFamilyName(eIDASAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))); + result.setGivenName(processGivenName(eIDASAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME))); + result.setDateOfBirth(processDateOfBirth(eIDASAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH))); + + //additional attributes + result.setPlaceOfBirth(processPlaceOfBirth(eIDASAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH))); + result.setBirthName(processBirthName(eIDASAttrMap.get(Constants.eIDAS_ATTR_BIRTHNAME))); + result.setAddress(processAddress(eIDASAttrMap.get(Constants.eIDAS_ATTR_CURRENTADDRESS))); + + return result; + + } + + /** + * Post-Process the eIDAS CurrentAddress attribute + * + * @param currentAddressObj + * @return current address or null if no attribute is available + * @throws eIDPostProcessingException if post-processing fails + * @throws eIDASAttributeException if eIDAS attribute is of a wrong type + */ + protected PostalAddressType processAddress(Object currentAddressObj) throws eIDPostProcessingException, eIDASAttributeException { + + if (currentAddressObj != null) { + if ((currentAddressObj instanceof PostalAddress)) { + PostalAddressType result = new PostalAddressType(); + result.setPostalCode(((PostalAddress)currentAddressObj).getPostCode()); + result.setMunicipality(((PostalAddress)currentAddressObj).getPostName()); + + //TODO: add more mappings + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_CURRENTADDRESS + " is of WRONG type"); + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTADDRESS); + + } + + } else + log.debug("NO '" + Constants.eIDAS_ATTR_CURRENTADDRESS + "' attribute. Post-Processing skipped ... "); + + return null; + + } + + /** + * Post-Process the eIDAS BirthName attribute + * + * @param birthNameObj + * @return birthName or null if no attribute is available + * @throws eIDPostProcessingException if post-processing fails + * @throws eIDASAttributeException if eIDAS attribute is of a wrong type + */ + protected String processBirthName(Object birthNameObj) throws eIDPostProcessingException, eIDASAttributeException { + if (birthNameObj != null) { + if ((birthNameObj instanceof String)) { + return (String)birthNameObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_BIRTHNAME + " is of WRONG type"); + throw new eIDASAttributeException(Constants.eIDAS_ATTR_BIRTHNAME); + + } + + } else + log.debug("NO '" + Constants.eIDAS_ATTR_BIRTHNAME + "' attribute. Post-Processing skipped ... "); + + + return null; + + } + + /** + * Post-Process the eIDAS PlaceOfBirth attribute + * + * @param placeOfBirthObj + * @return place of Birth or null if no attribute is available + * @throws eIDPostProcessingException if post-processing fails + * @throws eIDASAttributeException if eIDAS attribute is of a wrong type + */ + protected String processPlaceOfBirth(Object placeOfBirthObj) throws eIDPostProcessingException, eIDASAttributeException { + if (placeOfBirthObj != null) { + if ((placeOfBirthObj instanceof String)) { + return (String)placeOfBirthObj; + + } else { + log.warn("eIDAS attr: " + Constants.eIDAS_ATTR_PLACEOFBIRTH + " is of WRONG type"); + throw new eIDASAttributeException(Constants.eIDAS_ATTR_PLACEOFBIRTH); + + } + + } else + log.debug("NO '" + Constants.eIDAS_ATTR_PLACEOFBIRTH + "' attribute. Post-Processing skipped ... "); + + + return null; + + } + + /** + * Post-Process the eIDAS DateOfBirth attribute + * + * @param dateOfBirthObj + * @return + * @throws eIDASAttributeException if NO attribute is available + * @throws eIDPostProcessingException if post-processing fails + */ + protected DateTime processDateOfBirth(Object dateOfBirthObj) throws eIDPostProcessingException, eIDASAttributeException { + if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + + return (DateTime)dateOfBirthObj; + + } + + /** + * Post-Process the eIDAS GivenName attribute + * + * @param givenNameObj + * @return + * @throws eIDASAttributeException if NO attribute is available + * @throws eIDPostProcessingException if post-processing fails + */ + protected String processGivenName(Object givenNameObj) throws eIDPostProcessingException, eIDASAttributeException { + if (givenNameObj == null || !(givenNameObj instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + + return (String)givenNameObj; + + } + + /** + * Post-Process the eIDAS FamilyName attribute + * + * @param familyNameObj + * @return + * @throws eIDASAttributeException if NO attribute is available + * @throws eIDPostProcessingException if post-processing fails + */ + protected String processFamilyName(Object familyNameObj) throws eIDPostProcessingException, eIDASAttributeException { + if (familyNameObj == null || !(familyNameObj instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + + return (String) familyNameObj; + + } + + /** + * Post-Process the eIDAS pseudonym to ERnB unique identifier + * + * @param eIdentifierObj eIDAS PersonalIdentifierAttribute + * @return + * @throws eIDPostProcessingException + * @throws eIDASAttributeException if NO attribute is available + * @throws eIDPostProcessingException if post-processing fails + */ + protected String processPseudonym(Object eIdentifierObj) throws eIDPostProcessingException, eIDASAttributeException { + if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + + Trible eIdentifier = + eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); + + return eIdentifier.getThird(); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDPostProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDPostProcessor.java new file mode 100644 index 00000000..90562f86 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/DEeIDPostProcessor.java @@ -0,0 +1,79 @@ +package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler; + +import java.util.Base64; + +import org.apache.commons.codec.DecoderException; +import org.apache.commons.codec.binary.Hex; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +import at.gv.egiz.eaaf.core.impl.data.Trible; + +public class DEeIDPostProcessor extends AbstracteIDPostProcessor { + private static final Logger log = LoggerFactory.getLogger(DEeIDPostProcessor.class); + private static final String canHandleCC = "DE"; + + private int priority = 1; + + @Override + public int getPriority() { + return priority; + } + + @Override + public boolean canHandle(String countryCode) { + return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC); + + } + + + public void setPriority(int priority) { + this.priority = priority; + } + + @Override + public String getName() { + return "DE-PostProcessor"; + + } + + @Override + protected String processPseudonym(Object eIdentifierObj) throws eIDPostProcessingException, eIDASAttributeException { + if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + + Trible eIdentifier = + eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); + + log.trace(getName() + " starts processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + String result = convertDEIdentifier(eIdentifier.getThird()); + log.debug(getName() + " finished processing of attribute: " + Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + + return result; + + + } + + private String convertDEIdentifier(String hexEncodedDEIdentifier) throws eIDPostProcessingException + { + if(hexEncodedDEIdentifier.length() != 64) + throw new eIDPostProcessingException("ernb.03", new Object[] {"Input has wrong length, expected 64 chars"}); + + byte[] data; + try { + data = Hex.decodeHex(hexEncodedDEIdentifier); + + } catch (DecoderException e) { + throw new eIDPostProcessingException("ernb.03", null, e); + + } + + byte[] encoded = Base64.getEncoder().encode(data); + return new String(encoded); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDPostProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDPostProcessor.java new file mode 100644 index 00000000..f6e0aba2 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/GenericeIDPostProcessor.java @@ -0,0 +1,31 @@ +package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler; + +public class GenericeIDPostProcessor extends AbstracteIDPostProcessor { + + private int priority = 0; + + @Override + public int getPriority() { + return priority; + + } + + @Override + public boolean canHandle(String countryCode) { + return true; + + } + + public void setPriority(int priority) { + this.priority = priority; + } + + @Override + public String getName() { + return "Default-PostProcessor"; + + } + + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDPostProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDPostProcessor.java new file mode 100644 index 00000000..2335ca6d --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/handler/INationaleIDPostProcessor.java @@ -0,0 +1,46 @@ +package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler; + +import java.util.Map; + +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; + +public interface INationaleIDPostProcessor { + + /** + * Get a friendlyName of this post-processor implementation + * + * @return + */ + public String getName(); + + /** + * Get the priority of this eID Post-Processor + *
+ * If more than one Post-Processor implementations can handle the eID data, the post-processor with the highest priority are selected. + * The Default-Processor has priority '0' + * + * @return Priority of this handler + */ + public int getPriority(); + + /** + * Check if this postProcessor is sensitive for a specific country + * + * @param countryCode of the eID data that should be processed + * @return true if this implementation can handle the country, otherwise false + * + */ + public boolean canHandle(String countryCode); + + + /** + * Post-Process eIDAS eID data into national format + * @param eIDASAttrMap Map of eIDAS attributes in format friendlyName and attribute + * @throws eIDPostProcessingException + * @throws eIDASAttributeException + * + */ + public ERnBeIDData postProcess(Map eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException; +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/EIDPostProcessingService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/EIDPostProcessingService.java new file mode 100644 index 00000000..4f94414c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/EIDPostProcessingService.java @@ -0,0 +1,88 @@ +package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.Comparator; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Service; + +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.handler.INationaleIDPostProcessor; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +import at.gv.egiz.eaaf.core.impl.data.Trible; + +@Service +public class EIDPostProcessingService implements IeIDPostProcessingService{ + private static final Logger log = LoggerFactory.getLogger(EIDPostProcessingService.class); + + @Autowired private ApplicationContext context; + + private List handlers = new ArrayList(); + + @PostConstruct + private void initialize() { + log.debug("Initialize eID PostProcessing-Service ... "); + Map postProcessors = context.getBeansOfType(INationaleIDPostProcessor.class); + Iterator> iterator = postProcessors.entrySet().iterator(); + while (iterator.hasNext()) { + Entry el = iterator.next(); + log.debug("Find eID-PostProcessor with name: " + el.getKey()); + handlers.add(el.getValue()); + + } + + log.trace("Sorting eID-PostProcessors on priority ... "); + Collections.sort(handlers, new Comparator() { + @Override + public int compare(INationaleIDPostProcessor thisAuthModule, INationaleIDPostProcessor otherAuthModule) { + int thisOrder = thisAuthModule.getPriority(); + int otherOrder = otherAuthModule.getPriority(); + return (thisOrder < otherOrder ? 1 : (thisOrder == otherOrder ? 0 : -1)); + } + }); + + log.info("# " + handlers.size() + " eID PostProcessing services are registrated"); + + } + + @Override + public ERnBeIDData postProcess(Map eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException { + //extract citizen country from eIDAS unique identifier + Object eIdentifierObj = eIDASAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + + Trible eIdentifier = + eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); + String citizenCountry = eIdentifier.getFirst(); + + if (StringUtils.isEmpty(citizenCountry)) + log.info("No CountryCode for eID PostProcessor. Default-PostProcessor will be used"); + + for (INationaleIDPostProcessor el : handlers) { + if (el.canHandle(citizenCountry)) { + log.debug("Post-Process eIDAS eID from " + citizenCountry + " by using: " + el.getName()); + return el.postProcess(eIDASAttrMap); + + } + } + + log.error("NO eID PostProcessor FOUND. Looks like a depentency problem!"); + throw new eIDPostProcessingException("internal.00", null); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/IeIDPostProcessingService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/IeIDPostProcessingService.java new file mode 100644 index 00000000..fb564cd0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/IeIDPostProcessingService.java @@ -0,0 +1,22 @@ +package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service; + +import java.util.Map; + +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDPostProcessingException; + +public interface IeIDPostProcessingService { + + /** + * Post-process eIDAS eID attributes into national format + * + * @param eIDASAttrMap Map of eIDAS attributes in format friendlyName and attribute + * + * @return eID attributes for SZR request + * @throws eIDPostProcessingException + * @throws eIDASAttributeException + */ + public ERnBeIDData postProcess(Map eIDASAttrMap) throws eIDPostProcessingException, eIDASAttributeException; + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASDataStore.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASDataStore.java index 1eed19aa..cb5d6212 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASDataStore.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/service/eIDASDataStore.java @@ -30,6 +30,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.data.Trible; @Component +@Deprecated public class eIDASDataStore { private static final String SQLITE_JDBC_DRIVER_CLASS = "org.sqlite.JDBC"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java index fde56e7c..6e5b0be4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java @@ -3,9 +3,6 @@ package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks; import java.io.InputStream; -import java.security.MessageDigest; -import java.text.SimpleDateFormat; -import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -19,9 +16,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import org.springframework.util.Base64Utils; -import org.w3._2000._09.xmldsig.KeyValueType; -import org.w3._2000._09.xmldsig.RSAKeyValueType; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -30,12 +24,13 @@ import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.connector.MSConnectorEventCodes; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASDataStore; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.IeIDPostProcessingService; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; @@ -46,7 +41,6 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; @@ -69,11 +63,9 @@ import szrservices.TravelDocumentType; public class CreateIdentityLinkTask extends AbstractAuthServletTask { private static final Logger log = LoggerFactory.getLogger(CreateIdentityLinkTask.class); - //@Autowired private eIDASAttributeRegistry attrRegistry; @Autowired private IConfiguration basicConfig; - @Autowired private SZRClient szrClient; - @Autowired private eIDASDataStore personalIdStore; - + @Autowired private SZRClient szrClient; + @Autowired private IeIDPostProcessingService eIDPostProcessor; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -91,26 +83,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { IIdentityLink identityLink = null; String bPK = null; - //extract attributes - Object eIdentifierObj = simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - Object familyNameObj = simpleAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); - Object givenNameObj = simpleAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME); - Object dateOfBirthObj = simpleAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH); - Object placeOfBirth = simpleAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH); - - //check if availabe - if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - - if (familyNameObj == null || !(familyNameObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); - - if (givenNameObj == null || !(givenNameObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + //post-process eIDAS attributes + ERnBeIDData eIDData = eIDPostProcessor.postProcess(simpleAttrMap); - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); - //connect SZR-Gateway if(basicConfig.getBasicMOAIDConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { @@ -127,7 +102,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { // - set fake baseID; Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue((String) eIdentifierObj); + prIdentification.getFirstChild().setNodeValue(eIDData.getPseudonym()); //build personal identifier which looks like a baseID // String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID"); @@ -136,16 +111,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { // - set last name Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); - prFamilyName.getFirstChild().setNodeValue((String) familyNameObj); + prFamilyName.getFirstChild().setNodeValue(eIDData.getFamilyName()); // - set first name Node prGivenName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); - prGivenName.getFirstChild().setNodeValue((String) givenNameObj); + prGivenName.getFirstChild().setNodeValue(eIDData.getGivenName()); // - set date of birth Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); - String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate()); - prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth); + + prDateOfBirth.getFirstChild().setNodeValue(eIDData.getFormatedDateOfBirth()); identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink(); @@ -167,23 +142,13 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { naturalPerson.setName(personName ); personInfo.setPerson(naturalPerson ); personInfo.setTravelDocument(eDocument ); - - //parse some eID attributes - String dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate()); - Trible eIdentifier = - eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); - String citizenCountry = eIdentifier.getFirst(); - - //hash unique identifier as work-around for uniqueId length restriction - String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); - - + //person information - personName.setFamilyName((String)familyNameObj); - personName.setGivenName((String)givenNameObj); - naturalPerson.setDateOfBirth(dateOfBirth); - eDocument.setIssuingCountry(citizenCountry); - eDocument.setDocumentNumber(uniqueId); + personName.setFamilyName(eIDData.getFamilyName()); + personName.setGivenName(eIDData.getGivenName()); + naturalPerson.setDateOfBirth(eIDData.getFormatedDateOfBirth()); + eDocument.setIssuingCountry(eIDData.getCitizenCountryCode()); + eDocument.setDocumentNumber(eIDData.getPseudonym()); //eID document information eDocument.setDocumentType(basicConfig.getBasicConfiguration( @@ -191,30 +156,35 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); //set PlaceOfBirth if available - if (placeOfBirth != null && placeOfBirth instanceof String) { - log.trace("Find 'PlaceOfBirth' attribute: " + placeOfBirth); + if (eIDData.getPlaceOfBirth() != null) { + log.trace("Find 'PlaceOfBirth' attribute: " + eIDData.getPlaceOfBirth()); if (basicConfig.getBasicMOAIDConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, - false)) { - naturalPerson.setPlaceOfBirth((String) placeOfBirth); + true)) { + naturalPerson.setPlaceOfBirth(eIDData.getPlaceOfBirth()); log.trace("Adding 'PlaceOfBirth' to ERnB request ... "); } } - + //set BirthName if available + if (eIDData.getBirthName() != null) { + log.trace("Find 'BirthName' attribute: " + eIDData.getBirthName()); + if (basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, + true)) { + AlternativeNameType alternativeName = new AlternativeNameType(); + naturalPerson.setAlternativeName(alternativeName ); + alternativeName.setFamilyName(eIDData.getBirthName()); + log.trace("Adding 'BirthName' to ERnB request ... "); + + } + } - //TODO: that should be removed -// eDocument.setIssueDate(basicConfig.getBasicConfiguration( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE)); -// eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY)); - //List keyValue = dummyCodeForKeys(); - List keyValue = null; IdentityLinkType result = szrClient.getIdentityLinkInRawMode( personInfo, - keyValue, + null, basicConfig.getBasicMOAIDConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, true) @@ -222,25 +192,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { Element idlFromSZR = (Element)result.getAssertion(); identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); - - //write ERnB inputdate into SQLite database - if (basicConfig.getBasicMOAIDConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE, true)) { - personalIdStore.storeNationalId( - pendingReq.getUniqueTransactionIdentifier(), - eIdentifier, - uniqueId); - - } - + //write ERnB inputdata into revisionlog if (basicConfig.getBasicMOAIDConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE, false)) { + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { revisionsLogger.logEvent(pendingReq, - MSConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, (String)eIdentifierObj); + MSConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, + (String)simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); revisionsLogger.logEvent(pendingReq, - MSConnectorEventCodes.SZR_ERNB_EIDAS_HASHED_ID, uniqueId); - + MSConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eIDData.getPseudonym()); + } //get bPK from SZR @@ -270,7 +231,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new SZRCommunicationException("ernb.00", null); } - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.SZR_IDL_RECEIVED); + revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.SZR_IDL_RECEIVED, + identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); if (bPK == null) { @@ -317,43 +279,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-256"); - byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); - String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); - return hashBase64; - - } catch (Exception ex) { - throw new eIDASAuthenticationException("internal.03", new Object[]{}, ex); - - } - } - - private List dummyCodeForKeys() { - if (basicConfig.getBasicMOAIDConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY, - false)) { - List keyvalueList = new ArrayList(); - - // set key values - RSAKeyValueType rsa = new RSAKeyValueType(); - rsa.setExponent(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT); - rsa.setModulus(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS); - - KeyValueType key = new KeyValueType(); - key.setRSAKeyValue(rsa); - - keyvalueList.add(key); - - return keyvalueList; - - } - - return null; - - } - private String extendBPKbyPrefix(String bpk, String type) { String bPKType = null; @@ -379,7 +304,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } - //TODO: update for complexe attributes private Map converteIDASAttrToSimpleMap( ImmutableMap, ImmutableSet>> attributeMap) { Map result = new HashMap(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 12d23ebf..13283eea 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -44,8 +44,21 @@ - + + + + + + + + + + + generateInputData(String id, String familyName, String givenName, DateTime dateOfBirth, String placeOfBirth, String birthName) { + Map result = new HashMap(); + result.put(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, id); + result.put(Constants.eIDAS_ATTR_CURRENTGIVENNAME, givenName); + result.put(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, familyName); + result.put(Constants.eIDAS_ATTR_DATEOFBIRTH, dateOfBirth); + result.put(Constants.eIDAS_ATTR_PLACEOFBIRTH, placeOfBirth); + result.put(Constants.eIDAS_ATTR_BIRTHNAME, birthName); + return result; + + } + + private void validate(ERnBeIDData result, String id, String familyName, String givenName, DateTime dateOfBirth, String placeOfBirth, String birthName) { + if (!result.getPseudonym().equals(id)) + fail(result.getPseudonym() + "is not equal to " + id); + + if (!result.getFamilyName().equals(familyName)) + fail(result.getFamilyName() + "is not equal to " + familyName); + + if (!result.getGivenName().equals(givenName)) + fail(result.getGivenName() + "is not equal to " + givenName); + + if (!result.getDateOfBirth().equals(dateOfBirth)) + fail(result.getDateOfBirth() + "is not equal to " + dateOfBirth); + + if (!result.getFormatedDateOfBirth().equals(new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate()))) + fail(result.getDateOfBirth() + "is not equal to " + new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth.toDate())); + + if (!result.getPlaceOfBirth().equals(placeOfBirth)) + fail(result.getPlaceOfBirth() + "is not equal to " + placeOfBirth); + + if (!result.getBirthName().equals(birthName)) + fail(result.getBirthName() + "is not equal to " + birthName); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASDataStoreTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASDataStoreTest.java index 16865b33..3233a47b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASDataStoreTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/test/eidas/specific/modules/authmodule_eIDASv2/eIDASDataStoreTest.java @@ -1,87 +1,87 @@ -package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; - -import java.security.MessageDigest; - -import org.apache.commons.lang3.StringUtils; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.util.Base64Utils; - -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SQLiteServiceException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASDataStore; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; -import at.gv.egiz.eaaf.core.impl.data.Trible; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/SpringTest-context_basic_test.xml") -public class eIDASDataStoreTest { - - @Autowired private eIDASDataStore dataStore; - - private static final String P1_TRANSID = "123456789"; - private static final String P1_eIDASID = "DE/AT/121asdf1as5f1as6f1asd2f1asdf1asdf1asd23f1asdf1asdf4sd7fsdf1asdf1asd2f1asd56f7asdf4asdfasdf1"; - - private static final String P2_TRANSID = "987654321"; - private static final String P2_eIDASID = "EE/AT/asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd"; - - @Test - public void dummyTest() { - - } - - @Test - public void insertTestOne() throws SQLiteServiceException, eIDASAuthenticationException { - Trible eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P1_eIDASID); - String ernbId = createHashFromUniqueId(eidasId.getThird()); - dataStore.storeNationalId( - P1_TRANSID, - eidasId, - ernbId); - - - if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) - && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) - throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); - - if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) - && dataStore.getErnbNationalId(eidasId).equals(ernbId) ) - throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); - - } - - @Test - public void insertTestTwo() throws SQLiteServiceException, eIDASAuthenticationException { - Trible eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P2_eIDASID); - String ernbId = createHashFromUniqueId(eidasId.getThird()); - dataStore.storeNationalId( - P2_TRANSID, - eidasId, - ernbId); - - if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) - && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) - throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); - - if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) - && dataStore.getErnbNationalId(eidasId).equals(ernbId)) - throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); - - } - - private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-256"); - byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); - String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); - return hashBase64; - - } catch (Exception ex) { - throw new eIDASAuthenticationException("internal.03", new Object[]{}, ex); - - } - } -} +//package at.asitplus.test.eidas.specific.modules.authmodule_eIDASv2; +// +//import java.security.MessageDigest; +// +//import org.apache.commons.lang3.StringUtils; +//import org.junit.Test; +//import org.junit.runner.RunWith; +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +//import org.springframework.util.Base64Utils; +// +//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SQLiteServiceException; +//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; +//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASDataStore; +//import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +//import at.gv.egiz.eaaf.core.impl.data.Trible; +// +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration("/SpringTest-context_basic_test.xml") +//public class eIDASDataStoreTest { +// +// @Autowired private eIDASDataStore dataStore; +// +// private static final String P1_TRANSID = "123456789"; +// private static final String P1_eIDASID = "DE/AT/121asdf1as5f1as6f1asd2f1asdf1asdf1asd23f1asdf1asdf4sd7fsdf1asdf1asd2f1asd56f7asdf4asdfasdf1"; +// +// private static final String P2_TRANSID = "987654321"; +// private static final String P2_eIDASID = "EE/AT/asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd"; +// +// @Test +// public void dummyTest() { +// +// } +// +// @Test +// public void insertTestOne() throws SQLiteServiceException, eIDASAuthenticationException { +// Trible eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P1_eIDASID); +// String ernbId = createHashFromUniqueId(eidasId.getThird()); +// dataStore.storeNationalId( +// P1_TRANSID, +// eidasId, +// ernbId); +// +// +// if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) +// && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) +// throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); +// +// if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) +// && dataStore.getErnbNationalId(eidasId).equals(ernbId) ) +// throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); +// +// } +// +// @Test +// public void insertTestTwo() throws SQLiteServiceException, eIDASAuthenticationException { +// Trible eidasId = eIDASResponseUtils.parseEidasPersonalIdentifier(P2_eIDASID); +// String ernbId = createHashFromUniqueId(eidasId.getThird()); +// dataStore.storeNationalId( +// P2_TRANSID, +// eidasId, +// ernbId); +// +// if (StringUtils.isEmpty(dataStore.getEidasRawNationalId(ernbId)) +// && dataStore.getEidasRawNationalId(ernbId).equals(eidasId.getThird())) +// throw new SQLiteServiceException("No eIDAS RAW Id in SQLite DB", null); +// +// if (StringUtils.isEmpty(dataStore.getErnbNationalId(eidasId)) +// && dataStore.getErnbNationalId(eidasId).equals(ernbId)) +// throw new SQLiteServiceException("No ERnB Id in SQLite DB", null); +// +// } +// +// private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { +// try { +// MessageDigest md = MessageDigest.getInstance("SHA-256"); +// byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); +// String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); +// return hashBase64; +// +// } catch (Exception ex) { +// throw new eIDASAuthenticationException("internal.03", new Object[]{}, ex); +// +// } +// } +//} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml index 33454871..7ca42662 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_basic_test.xml @@ -12,8 +12,21 @@ - + + + + + + + + + + + diff --git a/event_code_descr.txt b/event_code_descr.txt index b76f9dcc..953a94f7 100644 --- a/event_code_descr.txt +++ b/event_code_descr.txt @@ -12,6 +12,7 @@ Code ... Wert ... Beschreibung 3000 ... PVP S-Profil Interface 3101 ... PVP S-Profil Authn. request received +3105 ... PVP S-Profil Respone erstellt 4000 ... Authentifizierungsvorgang gestartet @@ -28,7 +29,7 @@ Code ... Wert ... Beschreibung 6103 ... eIDAS Node response validation successfull 6104 ... eIDAS Node response validation failed -6200 ... Personenbindung vom SZR erhalten +6200 ... Personenbindung vom SZR erhalten (IDL Id) 6201 ... bPK vom SZR erhalten 6210 ... Raw eIDAS Personal identifier ohne Länderprefix 6211 ... Sha256(Raw eIDAS Personal identifier ohne Länderprefix) für ERnB Eintragung \ No newline at end of file diff --git a/external_error_code_descr.txt b/external_error_code_descr.txt index cb8b27a0..fb243acb 100644 --- a/external_error_code_descr.txt +++ b/external_error_code_descr.txt @@ -11,6 +11,7 @@ 4600 ... Die Response vom SZR enthält einern Fehler 4601 ... Die Response vom SZR ist ungültig +4602 ... eIDAS attribute post-processing fehlgeschlagen 6100 ... Fehler beim Erstellen der PVP 2.1 Response 6101 ... Fehler beim Verschlüsseln der PVP 2.1 Assertion diff --git a/pom.xml b/pom.xml index 7b0015b9..afb8a552 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 0.1 0.4 - 1.0.1 + 1.0.2 4.3.17.RELEASE -- cgit v1.2.3