From ea372a857b53b67cb6f7be7f5a1285066aadc9da Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 11 Sep 2018 13:35:52 +0200 Subject: some more updates --- .../tasks/CreateIdentityLinkTask.java | 164 ++++++--------------- 1 file changed, 44 insertions(+), 120 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java index fde56e7c..6e5b0be4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java @@ -3,9 +3,6 @@ package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks; import java.io.InputStream; -import java.security.MessageDigest; -import java.text.SimpleDateFormat; -import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -19,9 +16,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import org.springframework.util.Base64Utils; -import org.w3._2000._09.xmldsig.KeyValueType; -import org.w3._2000._09.xmldsig.RSAKeyValueType; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -30,12 +24,13 @@ import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.connector.MSConnectorEventCodes; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.DAO.ERnBeIDData; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; -import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.eIDASDataStore; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.service.IeIDPostProcessingService; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient; import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils; +import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; @@ -46,7 +41,6 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; @@ -69,11 +63,9 @@ import szrservices.TravelDocumentType; public class CreateIdentityLinkTask extends AbstractAuthServletTask { private static final Logger log = LoggerFactory.getLogger(CreateIdentityLinkTask.class); - //@Autowired private eIDASAttributeRegistry attrRegistry; @Autowired private IConfiguration basicConfig; - @Autowired private SZRClient szrClient; - @Autowired private eIDASDataStore personalIdStore; - + @Autowired private SZRClient szrClient; + @Autowired private IeIDPostProcessingService eIDPostProcessor; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -91,26 +83,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { IIdentityLink identityLink = null; String bPK = null; - //extract attributes - Object eIdentifierObj = simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - Object familyNameObj = simpleAttrMap.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); - Object givenNameObj = simpleAttrMap.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME); - Object dateOfBirthObj = simpleAttrMap.get(Constants.eIDAS_ATTR_DATEOFBIRTH); - Object placeOfBirth = simpleAttrMap.get(Constants.eIDAS_ATTR_PLACEOFBIRTH); - - //check if availabe - if (eIdentifierObj == null || !(eIdentifierObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); - - if (familyNameObj == null || !(familyNameObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); - - if (givenNameObj == null || !(givenNameObj instanceof String)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + //post-process eIDAS attributes + ERnBeIDData eIDData = eIDPostProcessor.postProcess(simpleAttrMap); - if (dateOfBirthObj == null || !(dateOfBirthObj instanceof DateTime)) - throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); - //connect SZR-Gateway if(basicConfig.getBasicMOAIDConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { @@ -127,7 +102,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { // - set fake baseID; Node prIdentification = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue((String) eIdentifierObj); + prIdentification.getFirstChild().setNodeValue(eIDData.getPseudonym()); //build personal identifier which looks like a baseID // String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID"); @@ -136,16 +111,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { // - set last name Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); - prFamilyName.getFirstChild().setNodeValue((String) familyNameObj); + prFamilyName.getFirstChild().setNodeValue(eIDData.getFamilyName()); // - set first name Node prGivenName = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); - prGivenName.getFirstChild().setNodeValue((String) givenNameObj); + prGivenName.getFirstChild().setNodeValue(eIDData.getGivenName()); // - set date of birth Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); - String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate()); - prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth); + + prDateOfBirth.getFirstChild().setNodeValue(eIDData.getFormatedDateOfBirth()); identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink(); @@ -167,23 +142,13 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { naturalPerson.setName(personName ); personInfo.setPerson(naturalPerson ); personInfo.setTravelDocument(eDocument ); - - //parse some eID attributes - String dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate()); - Trible eIdentifier = - eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); - String citizenCountry = eIdentifier.getFirst(); - - //hash unique identifier as work-around for uniqueId length restriction - String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); - - + //person information - personName.setFamilyName((String)familyNameObj); - personName.setGivenName((String)givenNameObj); - naturalPerson.setDateOfBirth(dateOfBirth); - eDocument.setIssuingCountry(citizenCountry); - eDocument.setDocumentNumber(uniqueId); + personName.setFamilyName(eIDData.getFamilyName()); + personName.setGivenName(eIDData.getGivenName()); + naturalPerson.setDateOfBirth(eIDData.getFormatedDateOfBirth()); + eDocument.setIssuingCountry(eIDData.getCitizenCountryCode()); + eDocument.setDocumentNumber(eIDData.getPseudonym()); //eID document information eDocument.setDocumentType(basicConfig.getBasicConfiguration( @@ -191,30 +156,35 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); //set PlaceOfBirth if available - if (placeOfBirth != null && placeOfBirth instanceof String) { - log.trace("Find 'PlaceOfBirth' attribute: " + placeOfBirth); + if (eIDData.getPlaceOfBirth() != null) { + log.trace("Find 'PlaceOfBirth' attribute: " + eIDData.getPlaceOfBirth()); if (basicConfig.getBasicMOAIDConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, - false)) { - naturalPerson.setPlaceOfBirth((String) placeOfBirth); + true)) { + naturalPerson.setPlaceOfBirth(eIDData.getPlaceOfBirth()); log.trace("Adding 'PlaceOfBirth' to ERnB request ... "); } } - + //set BirthName if available + if (eIDData.getBirthName() != null) { + log.trace("Find 'BirthName' attribute: " + eIDData.getBirthName()); + if (basicConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, + true)) { + AlternativeNameType alternativeName = new AlternativeNameType(); + naturalPerson.setAlternativeName(alternativeName ); + alternativeName.setFamilyName(eIDData.getBirthName()); + log.trace("Adding 'BirthName' to ERnB request ... "); + + } + } - //TODO: that should be removed -// eDocument.setIssueDate(basicConfig.getBasicConfiguration( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE)); -// eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration( -// Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY)); - //List keyValue = dummyCodeForKeys(); - List keyValue = null; IdentityLinkType result = szrClient.getIdentityLinkInRawMode( personInfo, - keyValue, + null, basicConfig.getBasicMOAIDConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_INSERTERNB, true) @@ -222,25 +192,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { Element idlFromSZR = (Element)result.getAssertion(); identityLink = new SimpleIdentityLinkAssertionParser(idlFromSZR).parseIdentityLink(); - - //write ERnB inputdate into SQLite database - if (basicConfig.getBasicMOAIDConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE, true)) { - personalIdStore.storeNationalId( - pendingReq.getUniqueTransactionIdentifier(), - eIdentifier, - uniqueId); - - } - + //write ERnB inputdata into revisionlog if (basicConfig.getBasicMOAIDConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_SQLLITEDATASTORE_ACTIVE, false)) { + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { revisionsLogger.logEvent(pendingReq, - MSConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, (String)eIdentifierObj); + MSConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, + (String)simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); revisionsLogger.logEvent(pendingReq, - MSConnectorEventCodes.SZR_ERNB_EIDAS_HASHED_ID, uniqueId); - + MSConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eIDData.getPseudonym()); + } //get bPK from SZR @@ -270,7 +231,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new SZRCommunicationException("ernb.00", null); } - revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.SZR_IDL_RECEIVED); + revisionsLogger.logEvent(pendingReq, MSConnectorEventCodes.SZR_IDL_RECEIVED, + identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); if (bPK == null) { @@ -317,43 +279,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { - try { - MessageDigest md = MessageDigest.getInstance("SHA-256"); - byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); - String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); - return hashBase64; - - } catch (Exception ex) { - throw new eIDASAuthenticationException("internal.03", new Object[]{}, ex); - - } - } - - private List dummyCodeForKeys() { - if (basicConfig.getBasicMOAIDConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY, - false)) { - List keyvalueList = new ArrayList(); - - // set key values - RSAKeyValueType rsa = new RSAKeyValueType(); - rsa.setExponent(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT); - rsa.setModulus(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS); - - KeyValueType key = new KeyValueType(); - key.setRSAKeyValue(rsa); - - keyvalueList.add(key); - - return keyvalueList; - - } - - return null; - - } - private String extendBPKbyPrefix(String bpk, String type) { String bPKType = null; @@ -379,7 +304,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } - //TODO: update for complexe attributes private Map converteIDASAttrToSimpleMap( ImmutableMap, ImmutableSet>> attributeMap) { Map result = new HashMap(); -- cgit v1.2.3