From 6e1a69773284177a0f6c7233c4bcdf7f4bd96681 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 15 Jun 2021 18:15:19 +0200
Subject: further optimizations and bug fixing in matching code
---
.../specific/modules/auth/eidas/v2/Constants.java | 10 +-
.../auth/eidas/v2/clients/szr/SzrClient.java | 157 +++++++++++++++-----
.../auth/eidas/v2/clients/zmr/IZmrClient.java | 5 +-
.../auth/eidas/v2/clients/zmr/ZmrSoapClient.java | 15 +-
.../auth/eidas/v2/dao/MatchedPersonResult.java | 41 +++++
.../modules/auth/eidas/v2/dao/RegisterResult.java | 2 +-
.../modules/auth/eidas/v2/dao/SimpleEidasData.java | 17 +--
.../handler/DeSpecificDetailSearchProcessor.java | 20 ++-
.../eidas/v2/service/RegisterSearchService.java | 19 +--
.../eidas/v2/tasks/CreateIdentityLinkTask.java | 165 ++++++++-------------
.../eidas/v2/tasks/CreateNewErnpEntryTask.java | 39 +++--
.../auth/eidas/v2/tasks/InitialSearchTask.java | 33 +++--
.../ReceiveAustrianResidenceGuiResponseTask.java | 12 +-
.../ReceiveMobilePhoneSignatureResponseTask.java | 12 +-
.../ReceiveOtherLoginMethodGuiResponseTask.java | 2 +-
.../auth/eidas/v2/utils/MatchingTaskUtils.java | 45 +++++-
.../modules/auth/eidas/v2/zmr/DummyZmrClient.java | 3 +-
17 files changed, 359 insertions(+), 238 deletions(-)
create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MatchedPersonResult.java
(limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 3e20a132..48c114a8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -49,14 +49,14 @@ public class Constants {
public static final String DATA_SIMPLE_EIDAS = "matching_simple_eidas_data";
/**
- * Stored after Step 2 from Matching Concept, first results from search with Person Identifier.
+ * Stored intermediate mathing results where matching is still on-going.
*/
- public static final String DATA_INITIAL_REGISTER_RESULT = "matching_initial_register_result";
+ public static final String DATA_INTERMEDIATE_RESULT = "matching_intermediate_result";
/**
* Stored after Step 8 from Matching Concept, results from search in registers with MDS.
*/
- public static final String DATA_FURTHER_REGISTER_RESULT = "matching_further_register_result";
+ public static final String DATA_PERSON_MATCH_RESULT = "matching_result";
// templates for post-binding forwarding
public static final String TEMPLATE_POST_FORWARD_NAME = "eidas_node_forward.html";
@@ -224,6 +224,10 @@ public class Constants {
public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER =
eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PERSONALIDENTIFIER;
+ public static final String eIDAS_ATTRURN_PLACEOFBIRTH =
+ eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PLACEOFBIRTH;
+ public static final String eIDAS_ATTRURN_BIRTHNAME =
+ eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_BIRTHNAME;
public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java
index 2230f30a..397cbe46 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/szr/SzrClient.java
@@ -60,11 +60,14 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.AbstractSoapClient.HttpClientConfig.HttpClientConfigBuilder;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType;
+import at.gv.e_government.reference.namespace.persondata._20020228.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -122,55 +125,38 @@ public class SzrClient extends AbstractSoapClient {
final GetIdentityLinkEidas getIdl = new GetIdentityLinkEidas();
getIdl.setPersonInfo(generateSzrRequest(eidData));
- final JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
- final Marshaller jaxbMarshaller = jaxbContext.createMarshaller();
+ return getIdentityLinkGeneric(getIdl);
- final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
- jaxbMarshaller.marshal(getIdl, outputStream);
- outputStream.flush();
-
- final Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray()));
- outputStream.close();
-
- log.trace("Requesting SZR ... ");
- final Source response = dispatch.invoke(source);
- log.trace("Receive RAW response from SZR");
-
- final byte[] szrResponse = sourceToByteArray(response);
- final GetIdentityLinkEidasResponse jaxbElement = (GetIdentityLinkEidasResponse) jaxbContext
- .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse));
-
- // build response
- log.trace(new String(szrResponse, StandardCharsets.UTF_8));
-
- // ok, we have success
- final Document doc = DomUtils.parseDocument(
- new ByteArrayInputStream(szrResponse),
- true,
- XmlNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS,
- null, null);
- final String xpathExpression = "//saml:Assertion";
- final Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode");
+ } catch (final Exception e) {
+ log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
+ throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
- log.trace("Selecting signed doc " + xpathExpression);
- final Element documentNode = (Element) XPathAPI.selectSingleNode(doc,
- xpathExpression, nsNode);
- log.trace("Signed document: " + DomUtils.serializeNode(documentNode));
+ }
+ }
- final IdentityLinkType idl = new IdentityLinkType();
- idl.setAssertion(documentNode);
- idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo());
+ /**
+ * Get IdentityLink of a person.
+ *
+ *
+ * @param matchedPersonData eID information of an already matched person.
+ * @return IdentityLink
+ * @throws SzrCommunicationException In case of a SZR error
+ */
+ public IdentityLinkType getIdentityLinkInRawMode(MatchedPersonResult matchedPersonData)
+ throws SzrCommunicationException {
+ try {
+ final GetIdentityLinkEidas getIdl = new GetIdentityLinkEidas();
+ getIdl.setPersonInfo(generateSzrRequest(matchedPersonData));
- return idl;
+ return getIdentityLinkGeneric(getIdl);
} catch (final Exception e) {
log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
}
-
}
-
+
/**
* Get bPK of person.
*
@@ -247,7 +233,33 @@ public class SzrClient extends AbstractSoapClient {
return resp;
}
+
+ /**
+ * Request a encrypted baseId from SZR.
+ *
+ * @param matchedPersonData eID information of an already matched person.
+ * @return encrypted baseId
+ * @throws SzrCommunicationException In case of a SZR error
+ */
+ public String getEncryptedStammzahl(MatchedPersonResult matchedPersonData) throws SzrCommunicationException {
+ final String resp;
+ try {
+ resp = this.szr.getStammzahlEncrypted(generateSzrRequest(matchedPersonData), false);
+
+ } catch (SZRException_Exception e) {
+ throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
+
+ }
+
+ if (StringUtils.isEmpty(resp)) {
+ throw new SzrCommunicationException("ernb.01", new Object[]{"Stammzahl response empty"}); // TODO error handling
+
+ }
+ return resp;
+
+ }
+
/**
* Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status.
*
@@ -300,8 +312,29 @@ public class SzrClient extends AbstractSoapClient {
}
}
+ private PersonInfoType generateSzrRequest(MatchedPersonResult matchedPersonData) {
+ log.trace("Starting connecting SZR Gateway");
+ final PersonInfoType personInfo = new PersonInfoType();
+ final PersonNameType personName = new PersonNameType();
+ final PhysicalPersonType naturalPerson = new PhysicalPersonType();
+ IdentificationType bpk = new IdentificationType();
+
+ naturalPerson.setName(personName);
+ personInfo.setPerson(naturalPerson);
+ naturalPerson.setIdentification(bpk);
+
+ // person information
+ personName.setFamilyName(matchedPersonData.getFamilyName());
+ personName.setGivenName(matchedPersonData.getGivenName());
+ naturalPerson.setDateOfBirth(matchedPersonData.getDateOfBirth());
+ bpk.setValue(matchedPersonData.getBpk());
+ bpk.setType(EaafConstants.URN_PREFIX_CDID + "ZP");
+
+ return personInfo;
+ }
+
private PersonInfoType generateSzrRequest(SimpleEidasData eidData) {
- log.debug("Starting connecting SZR Gateway");
+ log.trace("Starting connecting SZR Gateway");
final PersonInfoType personInfo = new PersonInfoType();
final PersonNameType personName = new PersonNameType();
final PhysicalPersonType naturalPerson = new PhysicalPersonType();
@@ -315,6 +348,8 @@ public class SzrClient extends AbstractSoapClient {
personName.setFamilyName(eidData.getFamilyName());
personName.setGivenName(eidData.getGivenName());
naturalPerson.setDateOfBirth(eidData.getDateOfBirth());
+
+ //TODO: need to be updated to new eIDAS document interface!!!!
eDocument.setIssuingCountry(eidData.getCitizenCountryCode());
eDocument.setDocumentNumber(eidData.getPseudonym());
@@ -351,6 +386,50 @@ public class SzrClient extends AbstractSoapClient {
return personInfo;
}
+ private IdentityLinkType getIdentityLinkGeneric(GetIdentityLinkEidas getIdl) throws Exception {
+ final JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
+ final Marshaller jaxbMarshaller = jaxbContext.createMarshaller();
+
+ final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+ jaxbMarshaller.marshal(getIdl, outputStream);
+ outputStream.flush();
+
+ final Source source = new StreamSource(new ByteArrayInputStream(outputStream.toByteArray()));
+ outputStream.close();
+
+ log.trace("Requesting SZR ... ");
+ final Source response = dispatch.invoke(source);
+ log.trace("Receive RAW response from SZR");
+
+ final byte[] szrResponse = sourceToByteArray(response);
+ final GetIdentityLinkEidasResponse jaxbElement = (GetIdentityLinkEidasResponse) jaxbContext
+ .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse));
+
+ // build response
+ log.trace(new String(szrResponse, StandardCharsets.UTF_8));
+
+ // ok, we have success
+ final Document doc = DomUtils.parseDocument(
+ new ByteArrayInputStream(szrResponse),
+ true,
+ XmlNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS,
+ null, null);
+ final String xpathExpression = "//saml:Assertion";
+ final Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode");
+
+ log.trace("Selecting signed doc " + xpathExpression);
+ final Element documentNode = (Element) XPathAPI.selectSingleNode(doc,
+ xpathExpression, nsNode);
+ log.trace("Signed document: " + DomUtils.serializeNode(documentNode));
+
+ final IdentityLinkType idl = new IdentityLinkType();
+ idl.setAssertion(documentNode);
+ idl.setPersonInfo(jaxbElement.getGetIdentityLinkReturn().getPersonInfo());
+
+ return idl;
+
+ }
+
@PostConstruct
private void initialize() throws EaafConfigurationException {
log.info("Starting SZR-Client initialization .... ");
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java
index 18bcbacc..e98573d4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/IZmrClient.java
@@ -41,12 +41,13 @@ public interface IZmrClient {
*
* @param zmrProzessId ProcessId from ZMR or null if no processId exists
* @param personIdentifier Full eIDAS personal identifier with prefix
+ * @param citizenCountryCode CountryCode of the eIDAS proxy-service
* @return Search result but never null
* @throws EidasSAuthenticationException In case of a communication error
*/
@Nonnull
- ZmrRegisterResult searchWithPersonIdentifier(@Nullable BigInteger zmrProzessId, @Nonnull String personIdentifier)
- throws EidasSAuthenticationException;
+ ZmrRegisterResult searchWithPersonIdentifier(@Nullable BigInteger zmrProzessId, @Nonnull String personIdentifier,
+ @Nonnull String citizenCountryCode) throws EidasSAuthenticationException;
/**
* Search person based on eIDSA MDS information.
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
index 014d202b..60e88dca 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/zmr/ZmrSoapClient.java
@@ -24,7 +24,6 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ZmrCommunicationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.VersionHolder;
import at.gv.bmi.namespace.zmr_su.base._20040201.ClientInfoType;
import at.gv.bmi.namespace.zmr_su.base._20040201.Organisation;
@@ -100,8 +99,8 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
}
@Override
- public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier)
- throws EidasSAuthenticationException {
+ public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personPseudonym,
+ String citizenCountryCode) throws EidasSAuthenticationException {
try {
// build search request
@@ -113,7 +112,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
final EidasSuchdatenType eidasInfos = new EidasSuchdatenType();
searchPersonReq.setEidasSuchdaten(eidasInfos);
eidasInfos.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER);
- eidasInfos.setEidasNummer(personIdentifier);
+ eidasInfos.setEidasNummer(personPseudonym);
// set work-flow client information
req.setWorkflowInfoClient(generateWorkFlowInfos(PROCESS_SEARCH_PERSONAL_IDENTIFIER, null));
@@ -127,9 +126,7 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
final ResponseType resp = zmrClient.service(req, null);
// parse ZMR response
- return processZmrResponse(resp, EidasResponseUtils.parseEidasPersonalIdentifier(personIdentifier)
- .getFirst(),
- true, PROCESS_SEARCH_PERSONAL_IDENTIFIER);
+ return processZmrResponse(resp, citizenCountryCode, true, PROCESS_SEARCH_PERSONAL_IDENTIFIER);
} catch (final ServiceFault e) {
final String errorMsg = extractReasonFromError(e);
@@ -496,9 +493,9 @@ public class ZmrSoapClient extends AbstractSoapClient implements IZmrClient {
.dateOfBirth(person.getNatuerlichePerson().getGeburtsdatum())
.bpk(extractBpkZp(person.getNatuerlichePerson()))
.placeOfBirth(selectSingleEidasDocument(person, citizenCountryCode,
- Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
+ Constants.eIDAS_ATTRURN_PLACEOFBIRTH))
.birthName(selectSingleEidasDocument(person, citizenCountryCode,
- Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER))
+ Constants.eIDAS_ATTRURN_BIRTHNAME))
.build();
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MatchedPersonResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MatchedPersonResult.java
new file mode 100644
index 00000000..1e8fcecf
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/MatchedPersonResult.java
@@ -0,0 +1,41 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
+
+import lombok.Builder;
+import lombok.Getter;
+
+/**
+ * Information about a natural person that is already matched.
+ *
+ * @author tlenz
+ *
+ */
+@Getter
+@Builder
+public class MatchedPersonResult {
+
+ /**
+ * Matched person result from matching result.
+ *
+ * @param matchingResult Result of the matching process
+ * @param citizenCountryCode Country-Code of the eIDAS Proxy-Service
+ */
+ public static MatchedPersonResult generateFormMatchingResult(RegisterResult matchingResult,
+ String citizenCountryCode) {
+ return MatchedPersonResult.builder()
+ .familyName(matchingResult.getFamilyName())
+ .givenName(matchingResult.getGivenName())
+ .dateOfBirth(matchingResult.getDateOfBirth())
+ .bpk(matchingResult.getBpk())
+ .countryCode(citizenCountryCode)
+ .build();
+ }
+
+ private final String countryCode;
+ private final String givenName;
+ private final String familyName;
+ private final String dateOfBirth;
+ private final String bpk;
+
+ private String vsz;
+
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java
index 4959d72f..aa82d806 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/RegisterResult.java
@@ -32,7 +32,7 @@ import lombok.Getter;
@Builder
@Getter
public class RegisterResult {
-
+
// MDS
private final List pseudonym;
private final String givenName;
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
index ab84a45f..cedf01e3 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
@@ -26,7 +26,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
import org.apache.commons.lang3.builder.EqualsBuilder;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult;
import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
import lombok.Builder;
import lombok.Data;
@@ -67,20 +66,20 @@ public class SimpleEidasData {
* @return true or false depending of the data matches
* @throws WorkflowException if multiple results have been found
*/
- public boolean equalsRegisterData(RegisterSearchResult result) throws WorkflowException {
+ public boolean equalsRegisterData(RegisterResult result) throws WorkflowException {
/*TODO: maybe this is check is not valid, because only the minimum data-set (personalIdentifer, givenName,
* familyName, dateOfBirth) has to be always available. Any other attributes are optional.
* This check will always evaluate to false if register has more information as current eIDAS process!!!
*/
return new EqualsBuilder()
- .append(result.getResult().getGivenName(), givenName)
- .append(result.getResult().getFamilyName(), familyName)
- .append(result.getResult().getDateOfBirth(), dateOfBirth)
- .append(result.getResult().getPlaceOfBirth(), placeOfBirth)
- .append(result.getResult().getBirthName(), birthName)
- .append(result.getResult().getTaxNumber(), taxNumber)
- .isEquals() && result.getResult().getPseudonym().stream()
+ .append(result.getGivenName(), givenName)
+ .append(result.getFamilyName(), familyName)
+ .append(result.getDateOfBirth(), dateOfBirth)
+ .append(result.getPlaceOfBirth(), placeOfBirth)
+ .append(result.getBirthName(), birthName)
+ .append(result.getTaxNumber(), taxNumber)
+ .isEquals() && result.getPseudonym().stream()
.filter(el -> el.equals(pseudonym))
.findFirst()
.isPresent();
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java
index 802fde14..471cb115 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/DeSpecificDetailSearchProcessor.java
@@ -29,6 +29,8 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType;
import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
+import at.gv.e_government.reference.namespace.persondata.de._20040201.NatuerlichePersonTyp;
+import at.gv.e_government.reference.namespace.persondata.de._20040201.PersonenNameTyp;
public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSearchProcessor {
@@ -46,15 +48,23 @@ public class DeSpecificDetailSearchProcessor implements CountrySpecificDetailSea
}
@Override
- public PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData) {
-
+ public PersonSuchenRequest generateSearchRequest(SimpleEidasData eidData) {
PersonSuchenRequest req = new PersonSuchenRequest();
- EidasSuchdatenType eidasInfos = new EidasSuchdatenType();
- req.setEidasSuchdaten(eidasInfos);
+
+ //set basic MDS information
+ final NatuerlichePersonTyp searchNatPerson = new NatuerlichePersonTyp();
+ req.setNatuerlichePerson(searchNatPerson);
+ final PersonenNameTyp searchNatPersonName = new PersonenNameTyp();
+ searchNatPerson.setPersonenName(searchNatPersonName);
+ searchNatPersonName.setFamilienname(eidData.getFamilyName());
+ searchNatPersonName.setVorname(eidData.getGivenName());
+ searchNatPerson.setGeburtsdatum(eidData.getDateOfBirth());
//TODO: how we can search for more than one eIDAS attribute as a Set
-
+ EidasSuchdatenType eidasInfos = new EidasSuchdatenType();
+ req.setEidasSuchdaten(eidasInfos);
+
return req;
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
index 166ffafb..bcee0f0f 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/RegisterSearchService.java
@@ -21,7 +21,6 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificD
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
-import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -60,7 +59,7 @@ public class RegisterSearchService {
throws WorkflowException {
try {
final ZmrRegisterResult resultsZmr = zmrClient.searchWithPersonIdentifier(
- null, eidasData.getPersonalIdentifier());
+ null, eidasData.getPseudonym(), eidasData.getCitizenCountryCode());
final List resultsErnp = ernpClient.searchWithPersonIdentifier(
eidasData.getPersonalIdentifier());
@@ -235,14 +234,7 @@ public class RegisterSearchService {
*/
@Getter
@RequiredArgsConstructor
- public static class RegisterSearchResult {
-
- /**
- * Mark the register result finished.
- */
- @Setter
- private boolean matchingFinished = false;
-
+ public static class RegisterSearchResult {
/**
* Operation status for this result.
*/
@@ -272,12 +264,11 @@ public class RegisterSearchService {
* Verifies that there is only one match and returns the bpk.
*
* @return bpk bpk of the match
- * @throws WorkflowException if multiple results have been found or matching is not marked as finished
+ * @throws WorkflowException if multiple results have been found
*/
public String getBpk() throws WorkflowException {
- if (getResultCount() != 1 || !matchingFinished) {
- throw new WorkflowException("readRegisterResults",
- matchingFinished ? "getResultCount() != 1" : "matching prozess not finished yet");
+ if (getResultCount() != 1) {
+ throw new WorkflowException("readRegisterResults", "getResultCount() != 1");
}
return getResult().getBpk();
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 41bf4409..35717ae0 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -25,18 +25,13 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
import java.io.IOException;
import java.io.InputStream;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
-import org.apache.commons.lang3.StringUtils;
-import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
-import org.joda.time.DateTime;
import org.jose4j.lang.JoseException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -45,19 +40,17 @@ import org.w3c.dom.Node;
import org.xml.sax.SAXException;
import com.fasterxml.jackson.core.JsonProcessingException;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
@@ -66,17 +59,13 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
-import eu.eidas.auth.commons.attribute.AttributeDefinition;
-import eu.eidas.auth.commons.attribute.AttributeValue;
-import eu.eidas.auth.commons.light.ILightResponse;
-import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import szrservices.IdentityLinkType;
@@ -112,8 +101,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
@Autowired
private SzrClient szrClient;
@Autowired
- private ICcSpecificEidProcessingService eidPostProcessor;
- @Autowired
private AuthBlockSigningService authBlockSigner;
private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas";
@@ -129,63 +116,68 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
- try {
+ try {
- /*TODO: needs refactoring because we has to be operate on national identifiers
- * because matching and insert ERnP was already done!!
+ /*TODO: needs more re-factoring if we finalize CreateNewErnpEntryTask and we know how add entries into ERnP
+ * Maybe, we can fully replace eidData by matchedPersonData,
+ * because matchedPersonData holds the result after a successful matching process.
+ *
+ * Currently, we only add a work-around to operate without new ERnP implementation.
*/
- final ILightResponse eidasResponse = getAuthProcessDataWrapper()
- .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
- final Map eidasAttributes = convertEidasAttrToSimpleMap(
- eidasResponse.getAttributes().getAttributeMap());
- final SimpleEidasData eidData = eidPostProcessor.postProcess(eidasAttributes);
- //final SimpleEidasData eidData =
- // getAuthProcessDataWrapper().getGenericDataFromSession(Constants.DATA_SIMPLE_EIDAS, SimpleEidasData.class);
- final String personalIdentifier = (String) eidasAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
+ final SimpleEidasData eidData = MatchingTaskUtils.getInitialEidasData(pendingReq);
+ MatchedPersonResult matchedPersonData = MatchingTaskUtils.getFinalMatchingResult(pendingReq);
+
writeMdsLogInformation(eidData);
if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
buildDummyIdentityLink(eidData);
+
} else {
//request SZR based on IDL or E-ID mode
if (pendingReq.getServiceProviderConfiguration()
.isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) {
- executeEidMode(eidData, personalIdentifier);
+ executeEidMode(eidData, matchedPersonData);
+
} else {
- executeIdlMode(eidData, personalIdentifier);
- }
+ executeIdlMode(eidData, matchedPersonData);
+
+ }
}
+
storeGenericInfoToSession(eidData);
requestStoreage.storePendingRequest(pendingReq);
+
} catch (final EidasAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
+
} catch (final EaafException e) {
throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+
} catch (final Exception e) {
log.error("IdentityLink generation for foreign person FAILED.", e);
throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+
}
}
private void storeGenericInfoToSession(SimpleEidasData eidData) throws EaafStorageException {
- AuthProcessDataWrapper authProcessData = getAuthProcessDataWrapper();
+ AuthProcessDataWrapper authProcessData = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq);
authProcessData.setForeigner(true);
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
eidData.getCitizenCountryCode());
}
- private void executeIdlMode(SimpleEidasData eidData, String personalIdentifier) throws EaafException {
+ private void executeIdlMode(SimpleEidasData eidData, MatchedPersonResult matchedPersonData) throws EaafException {
//request SZR
- SzrResultHolder idlResult = requestSzrForIdentityLink(eidData);
+ SzrResultHolder idlResult = requestSzrForIdentityLink(eidData, matchedPersonData);
//write revision-Log entry for personal-identifier mapping
- writeExtendedRevisionLogEntry(eidData, personalIdentifier);
-
+ writeExtendedRevisionLogEntry(eidData, eidData.getPersonalIdentifier());
//check result-data and write revision-log based on current state
checkStateAndWriteRevisionLog(idlResult);
//inject personal-data into session
- AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper();
+ AuthProcessDataWrapper authProcessDataWrapper = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq);
authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink());
authProcessDataWrapper.setEidProcess(false);
@@ -197,20 +189,29 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
.getAreaSpecificTargetIdentifier());
}
- private void executeEidMode(SimpleEidasData eidData, String personalIdentifier)
+ private void executeEidMode(SimpleEidasData eidData, MatchedPersonResult matchedPersonData)
throws JsonProcessingException, EaafException, JoseException {
// get encrypted baseId
- String vsz = szrClient.getEncryptedStammzahl(eidData);
-
+ String vsz;
+ if (matchedPersonData != null) {
+ log.debug("Requesting encrypted baseId by already matched person information ... ");
+ vsz = szrClient.getEncryptedStammzahl(matchedPersonData);
+
+ } else {
+ log.debug("Requesting encrypted baseId by using eIDAS information directly ... ");
+ vsz = szrClient.createNewErnpEntry(eidData);
+
+ }
+
//write revision-Log entry and extended infos personal-identifier mapping
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_VSZ_RECEIVED);
- writeExtendedRevisionLogEntry(eidData, personalIdentifier);
+ writeExtendedRevisionLogEntry(eidData, eidData.getPersonalIdentifier());
// get eIDAS bind
String signedEidasBind = szrClient
.getEidasBind(vsz, authBlockSigner.getBase64EncodedPublicKey(), EID_STATUS, eidData);
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED);
- AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper();
+ AuthProcessDataWrapper authProcessDataWrapper = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq);
authProcessDataWrapper.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
//get signed AuthBlock
@@ -220,11 +221,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
//inject personal-data into session
authProcessDataWrapper.setEidProcess(true);
+
}
private void buildDummyIdentityLink(SimpleEidasData eidData)
throws ParserConfigurationException, SAXException, IOException, EaafException {
- AuthProcessDataWrapper authProcessDataWrapper = getAuthProcessDataWrapper();
+ AuthProcessDataWrapper authProcessDataWrapper = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq);
SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData);
//inject personal-data into session
authProcessDataWrapper.setIdentityLink(idlResult.getIdentityLink());
@@ -247,10 +249,22 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData) throws EaafException {
+ private SzrResultHolder requestSzrForIdentityLink(SimpleEidasData eidData,
+ MatchedPersonResult matchedPersonData) throws EaafException {
//request IdentityLink from SZR
- final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(eidData);
+ IdentityLinkType result;
+ if (matchedPersonData != null) {
+ log.debug("Requesting encrypted baseId by already matched person information ... ");
+ result = szrClient.getIdentityLinkInRawMode(matchedPersonData);
+
+ } else {
+ log.debug("Requesting encrypted baseId by using eIDAS information directly ... ");
+ result = szrClient.getIdentityLinkInRawMode(eidData);
+
+ }
+
+
final Element idlFromSzr = (Element) result.getAssertion();
final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
@@ -322,68 +336,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- private Map convertEidasAttrToSimpleMap(
- ImmutableMap, ImmutableSet>> attributeMap) {
- final Map result = new HashMap<>();
- for (final AttributeDefinition el : attributeMap.keySet()) {
- final Class parameterizedType = el.getParameterizedType();
- if (DateTime.class.equals(parameterizedType)) {
- convertDateTime(attributeMap, result, el);
- } else if (PostalAddress.class.equals(parameterizedType)) {
- convertPostalAddress(attributeMap, result, el);
- } else {
- convertString(attributeMap, result, el);
- }
- }
-
- log.debug("Receive #" + result.size() + " attributes with names: " + result.keySet().toString());
- return result;
- }
-
- private void convertString(ImmutableMap,
- ImmutableSet>> attributeMap,
- Map result, AttributeDefinition el) {
- final List natPersonIdObj = EidasResponseUtils
- .translateStringListAttribute(el, attributeMap.get(el));
- final String stringAttr = natPersonIdObj.get(0);
- if (StringUtils.isNotEmpty(stringAttr)) {
- result.put(el.getFriendlyName(), stringAttr);
- log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + stringAttr);
- } else {
- log.info("Ignore empty 'String' attribute");
- }
- }
-
- private void convertPostalAddress(ImmutableMap,
- ImmutableSet>> attributeMap,
- Map result, AttributeDefinition el) {
- final PostalAddress addressAttribute = EidasResponseUtils
- .translateAddressAttribute(el, attributeMap.get(el).asList());
- if (addressAttribute != null) {
- result.put(el.getFriendlyName(), addressAttribute);
- log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString());
- } else {
- log.info("Ignore empty 'PostalAddress' attribute");
- }
- }
-
- private void convertDateTime(ImmutableMap,
- ImmutableSet>> attributeMap,
- Map result, AttributeDefinition el) {
- final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList());
- if (attribute != null) {
- result.put(el.getFriendlyName(), attribute);
- log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString());
- } else {
- log.info("Ignore empty 'DateTime' attribute");
- }
- }
-
- @NotNull
- private AuthProcessDataWrapper getAuthProcessDataWrapper() {
- return pendingReq.getSessionData(AuthProcessDataWrapper.class);
- }
-
+
/**
* write MDS into technical log and revision log.
*/
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java
index 69b127d8..6fc6d499 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateNewErnpEntryTask.java
@@ -29,9 +29,6 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -56,27 +53,37 @@ import lombok.extern.slf4j.Slf4j;
@Component("CreateNewErnbEntryTask")
public class CreateNewErnpEntryTask extends AbstractAuthServletTask {
- private final SzrClient szrClient;
+ //private final SzrClient szrClient;
- /**
- * Constructor.
- * @param szrClient SZR client for creating a new ERnP entry
- */
- public CreateNewErnpEntryTask(SzrClient szrClient) {
- this.szrClient = szrClient;
- }
+ ///**
+ // * Constructor.
+ // * @param szrClient SZR client for creating a new ERnP entry
+ // */
+ //public CreateNewErnpEntryTask(SzrClient szrClient) {
+ // this.szrClient = szrClient;
+ //}
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try {
- SimpleEidasData simpleEidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
+ //SimpleEidasData simpleEidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
- // TODO When to do eidPostProcessor.postProcess on the eidas attributes?
- String vsz = szrClient.createNewErnpEntry(simpleEidasData);
+ // insert person into ERnP
+ //TODO: should we insert it directly into ERnP?
+ //TODO: has to updated to new eIDAS document model in ERnP
+ //String vsz = szrClient.createNewErnpEntry(simpleEidasData);
+
+ // finish matching process, because new user-entry uniquly matches
+ //log.info("User successfully registerred into ERnP and matching tasks are finished ");
+ //MatchingTaskUtils.storeFinalMatchingResult(pendingReq,
+ // MatchedPersonResult.builder()
+ // .vsz(vsz)
+ // .build());
+
+ log.warn("Skipping new insert ERnP task, because it's currently unknown who we should it");
+
- // TODO what to do with the VSZ now
- log.info("VSZ: {}", vsz);
} catch (final Exception e) {
log.error("Initial search FAILED.", e);
throw new TaskExecutionException(pendingReq, "Initial search FAILED.", e);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
index 1563d6df..01497f8d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
@@ -42,6 +42,8 @@ import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
@@ -71,9 +73,9 @@ import lombok.extern.slf4j.Slf4j;
* Output:
*
* - {@link Constants#DATA_SIMPLE_EIDAS} converted from Full eIDAS Response
- * - {@link Constants#DATA_INITIAL_REGISTER_RESULT} results from first search in registers with
+ *
- {@link Constants#DATA_INTERMEDIATE_RESULT} results from first search in registers with
* PersonIdentifier
- * - {@link Constants#DATA_FURTHER_REGISTER_RESULT} results after second search in registers with MDS
+ * - {@link Constants#DATA_PERSON_MATCH_RESULT} results after second search in registers with MDS
* - {@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found
*
* Transitions:
@@ -135,8 +137,7 @@ public class InitialSearchTask extends AbstractAuthServletTask {
step6CountrySpecificSearch(executionContext, initialSearchResult.getOperationStatus(), eidasData);
} else if (resultCount == 1) {
- // find person by PersonalIdentifier --> finalize first matching task
- initialSearchResult.setMatchingFinished(true);
+ // find person by PersonalIdentifier --> finalize first matching task
foundMatchFinializeTask(initialSearchResult, eidasData);
} else {
@@ -169,8 +170,7 @@ public class InitialSearchTask extends AbstractAuthServletTask {
log.trace("'step6CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... ");
registerSearchService.step7aKittProcess(countrySpecificResult, eidasData);
- // find person by country-specific information --> finalize first matching task
- countrySpecificResult.setMatchingFinished(true);
+ // find person by country-specific information --> finalize first matching task
foundMatchFinializeTask(countrySpecificResult, eidasData);
} else {
@@ -194,7 +194,7 @@ public class InitialSearchTask extends AbstractAuthServletTask {
log.debug("Matching step: 'step8RegisterSearchWithMds' has #{} results. "
+ "Forward to GUI based matching steps ... ", registerData.getResultCount());
- MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerData);
+ MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerData);
executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
}
@@ -205,22 +205,26 @@ public class InitialSearchTask extends AbstractAuthServletTask {
private void foundMatchFinializeTask(RegisterSearchResult searchResult, SimpleEidasData eidasData)
throws WorkflowException, EaafStorageException {
// check if register update is required
- step3CheckRegisterUpdateNecessary(searchResult, eidasData);
-
+ RegisterResult updatedResult = step3CheckRegisterUpdateNecessary(searchResult.getResult(), eidasData);
+
// store search result
- MatchingTaskUtils.storeInitialRegisterResult(pendingReq, searchResult);
+ MatchingTaskUtils.storeFinalMatchingResult(pendingReq,
+ MatchedPersonResult.generateFormMatchingResult(updatedResult, eidasData.getCitizenCountryCode()));
}
- private void step3CheckRegisterUpdateNecessary(RegisterSearchResult initialSearchResult,
+ private RegisterResult step3CheckRegisterUpdateNecessary(RegisterResult searchResult,
SimpleEidasData eidasData) throws WorkflowException {
log.trace("Starting step3CheckRegisterUpdateNecessary");
- if (!eidasData.equalsRegisterData(initialSearchResult)) {
- // TODO Update "initialSearchResult" in register with "eidasData" from login not possible for now
+ if (!eidasData.equalsRegisterData(searchResult)) {
log.info("Skipping update-register-information step, because it's not supported yet");
+
+ //TODO: return updated search result if updates are allowed
+ return searchResult;
} else {
- log.debug("Register information match to eIDAS information. No update requird");
+ log.debug("Register information match to eIDAS information. No update requird");
+ return searchResult;
}
@@ -233,6 +237,7 @@ public class InitialSearchTask extends AbstractAuthServletTask {
.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
Map simpleMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap());
return eidPostProcessor.postProcess(simpleMap);
+
}
private Map convertEidasAttrToSimpleMap(
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
index b18104fa..b71d86c8 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAustrianResidenceGuiResponseTask.java
@@ -33,6 +33,7 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Component;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
@@ -56,7 +57,7 @@ import lombok.extern.slf4j.Slf4j;
* Input:
*
* - {@link Constants#DATA_SIMPLE_EIDAS} initial login data from user
- * - {@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier
+ * - {@link Constants#DATA_INTERMEDIATE_RESULT} results from search in registers with personIdentifier
*
* Output:
*
@@ -125,7 +126,7 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet
try {
SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
- RegisterSearchResult initialSearchResult = MatchingTaskUtils.getInitialRegisterResult(pendingReq);
+ RegisterSearchResult initialSearchResult = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq);
RegisterSearchResult residencyResult =
registerSearchService.searchWithResidence(initialSearchResult.getOperationStatus(),
@@ -160,13 +161,14 @@ public class ReceiveAustrianResidenceGuiResponseTask extends AbstractAuthServlet
/*TODO: check 'equalsRegisterData' because this method maybe this method evaluate to an invalid result.
* See TODO in methods body
*/
- if (eidasData.equalsRegisterData(residencyResult)) {
+ if (eidasData.equalsRegisterData(residencyResult.getResult())) {
// update register information
registerSearchService.step7aKittProcess(residencyResult, eidasData);
// store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS
- residencyResult.setMatchingFinished(true);
- MatchingTaskUtils.storeInitialRegisterResult(pendingReq, residencyResult);
+ MatchingTaskUtils.storeFinalMatchingResult(pendingReq,
+ MatchedPersonResult.generateFormMatchingResult(
+ residencyResult.getResult(), eidasData.getCitizenCountryCode()));
} else {
moveToNextTask(executionContext);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index fd469f49..e0b05892 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -45,6 +45,7 @@ import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.springframework.stereotype.Component;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleMobileSignatureData;
@@ -86,7 +87,7 @@ import lombok.extern.slf4j.Slf4j;
* Input:
*
* - {@link Constants#DATA_SIMPLE_EIDAS} initial login data from user
- * - {@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier
+ * - {@link Constants#DATA_INTERMEDIATE_RESULT} results from search in registers with personIdentifier
*
* Output:
*
@@ -160,7 +161,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
// load already existing information from session
SimpleEidasData eidasData = MatchingTaskUtils.getInitialEidasData(pendingReq);
- RegisterSearchResult initialSearchResult = MatchingTaskUtils.getInitialRegisterResult(pendingReq);
+ RegisterSearchResult initialSearchResult = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq);
// extract user information from ID Austria authentication
AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(processedMsg.getFirst().getResponse());
@@ -188,9 +189,10 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
// perform kit operation
registerSearchService.step7aKittProcess(registerResult, eidasData);
- // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS
- registerResult.setMatchingFinished(true);
- MatchingTaskUtils.storeInitialRegisterResult(pendingReq, registerResult);
+ // store search result to re-used in CreateIdentityLink step, because there we need bPK and MDS
+ MatchingTaskUtils.storeFinalMatchingResult(pendingReq,
+ MatchedPersonResult.generateFormMatchingResult(registerResult.getResult(),
+ eidasData.getCitizenCountryCode()));
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
index 59a6886a..0eb56d0b 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java
@@ -45,7 +45,7 @@ import lombok.extern.slf4j.Slf4j;
* Input:
*
* - {@link Constants#DATA_SIMPLE_EIDAS} initial login data from user
- * - {@link Constants#DATA_INITIAL_REGISTER_RESULT} results from search in registers with personIdentifier
+ * - {@link Constants#DATA_INTERMEDIATE_RESULT} results from search in registers with personIdentifier
*
* Output:
*
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java
index 5625a30d..ae4dfb30 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/MatchingTaskUtils.java
@@ -5,6 +5,7 @@ import javax.annotation.Nullable;
import org.springframework.lang.NonNull;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterSearchResult;
import at.gv.egiz.eaaf.core.api.IRequest;
@@ -41,33 +42,61 @@ public class MatchingTaskUtils {
}
/**
- * Get Matching result from session.
+ * Get intermediate matching result from session.
*
* @param pendingReq Current pendingRequest
- * @return Matching result or null if not exist
+ * @return Intermediate matching result or null if not exist
*/
@Nullable
- public static RegisterSearchResult getInitialRegisterResult(IRequest pendingReq) {
- return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession(Constants.DATA_INITIAL_REGISTER_RESULT,
+ public static RegisterSearchResult getIntermediateMatchingResult(IRequest pendingReq) {
+ return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession(Constants.DATA_INTERMEDIATE_RESULT,
RegisterSearchResult.class);
}
/**
- * Store matching result into session.
+ * Store intermediate matching result into session.
*
* @param pendingReq Current pendingRequest
- * @param registerData Matching result information
+ * @param registerData Intermediate matching result information
* @throws EaafStorageException In case of data can not be add into session
*/
@Nullable
- public static void storeInitialRegisterResult(IRequest pendingReq, RegisterSearchResult registerData)
+ public static void storeIntermediateMatchingResult(IRequest pendingReq, RegisterSearchResult registerData)
throws EaafStorageException {
getAuthProcessDataWrapper(pendingReq).setGenericDataToSession(
- Constants.DATA_INITIAL_REGISTER_RESULT, registerData);
+ Constants.DATA_INTERMEDIATE_RESULT, registerData);
}
+ /**
+ * Get intermediate matching result from session.
+ *
+ * @param pendingReq Current pendingRequest
+ * @return Intermediate matching result or null if not exist
+ */
+ @Nullable
+ public static MatchedPersonResult getFinalMatchingResult(IRequest pendingReq) {
+ return getAuthProcessDataWrapper(pendingReq).getGenericDataFromSession(Constants.DATA_PERSON_MATCH_RESULT,
+ MatchedPersonResult.class);
+
+ }
+
+ /**
+ * Store intermediate matching result into session.
+ *
+ * @param pendingReq Current pendingRequest
+ * @param personInfos Person information after a successful match
+ * @throws EaafStorageException In case of data can not be add into session
+ */
+ @Nullable
+ public static void storeFinalMatchingResult(IRequest pendingReq, MatchedPersonResult personInfos)
+ throws EaafStorageException {
+ getAuthProcessDataWrapper(pendingReq).setGenericDataToSession(
+ Constants.DATA_PERSON_MATCH_RESULT, personInfos);
+
+ }
+
/**
* Get holder for authentication information for the current process.
*
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java
index 30a801a4..b39281c2 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/zmr/DummyZmrClient.java
@@ -39,7 +39,8 @@ import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest;
public class DummyZmrClient implements IZmrClient {
@Override
- public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier) {
+ public ZmrRegisterResult searchWithPersonIdentifier(BigInteger zmrProzessId, String personIdentifier,
+ String citizenCountryCode) {
return new ZmrRegisterResult(Collections.emptyList(), null);
}
--
cgit v1.2.3