From 8942276a3e03923cfc1d162582ca0f734a54ea90 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Mon, 16 May 2022 11:30:58 +0200
Subject: fix(matching): optimize prozess handling during alternative eIDAS
authentication
---
.../auth/eidas/v2/tasks/AlternativeSearchTask.java | 37 ++++++++++++++++------
.../messages/eidas_connector_message.properties | 7 ++--
2 files changed, 31 insertions(+), 13 deletions(-)
(limited to 'modules/authmodule-eIDAS-v2/src/main')
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java
index 96aa9c51..e8fb5b6b 100644
--- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java
+++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java
@@ -81,6 +81,7 @@ import lombok.extern.slf4j.Slf4j;
public class AlternativeSearchTask extends AbstractAuthServletTask {
private static final String MSG_PROP_25 = "module.eidasauth.matching.25";
+ private static final String MSG_PROP_26 = "module.eidasauth.matching.26";
private final RegisterSearchService registerSearchService;
private final ICcSpecificEidProcessingService eidPostProcessor;
@@ -107,11 +108,17 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
MatchingTaskUtils.getIntermediateMatchingResult(pendingReq);
//pre-validation of eIDAS data
- preVerifyAlternativeEidasData(altEidasData, initialEidasData, intermediateMatchingState);
-
- //perform register search operation based on alterantive eIDAS data
- step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData,
- intermediateMatchingState, initialEidasData);
+ if (!preVerifyAlternativeEidasData(altEidasData, initialEidasData,
+ intermediateMatchingState, executionContext)) {
+ executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true);
+ executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true);
+
+ } else {
+ //perform register search operation based on alterantive eIDAS data
+ step11RegisterSearchWithPersonIdentifier(executionContext, altEidasData,
+ intermediateMatchingState, initialEidasData);
+
+ }
} catch (WorkflowException e) {
throw new TaskExecutionException(pendingReq, "Initial search failed", e);
@@ -131,10 +138,12 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
* @param altEidasData eIDAS data from alternative authentication
* @param initialEidasData eIDAS data from initial authentication
* @param intermediateMatchingState Intermediate matching result
+ * @param executionContext Current execution context state
+ * @return true
if the current state is valid, otherwise false
* @throws WorkflowException In case of a validation error
*/
- private void preVerifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData,
- RegisterStatusResults intermediateMatchingState) throws WorkflowException {
+ private boolean preVerifyAlternativeEidasData(SimpleEidasData altEidasData, SimpleEidasData initialEidasData,
+ RegisterStatusResults intermediateMatchingState, ExecutionContext executionContext) throws WorkflowException {
if (initialEidasData == null) {
throw new WorkflowException("step11", "No initial eIDAS authn data", true);
@@ -146,14 +155,22 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
}
if (!Objects.equals(altEidasData.getCitizenCountryCode(), initialEidasData.getCitizenCountryCode())) {
- throw new WorkflowException("step11", "Country Code of alternative eIDAS authn not matching", true);
+ log.warn("CountryCode: {} from alternative eIDAS authentication DOES NOT match to initial countryCode: {}",
+ altEidasData.getCitizenCountryCode(), initialEidasData.getCitizenCountryCode());
+ executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_26);
+ return false;
+
}
if (!altEidasData.equalsMds(initialEidasData)) {
- throw new WorkflowException("step11", "MDS of alternative eIDAS authn does not match initial authn", true);
+ log.warn("MDS from alternative eIDAS authentication DOES NOT match to initial MDS");
+ executionContext.put(CONTEXT_FLAG_ADVANCED_MATCHING_FAILED_REASON, MSG_PROP_26);
+ return false;
}
+
+ return true;
}
private void step11RegisterSearchWithPersonIdentifier(
@@ -229,7 +246,7 @@ public class AlternativeSearchTask extends AbstractAuthServletTask {
MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result);
//remove intermediate matching-state
- MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, null);
+ //MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, null);
}
diff --git a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
index bd05fef2..6d73c43a 100644
--- a/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
+++ b/modules/authmodule-eIDAS-v2/src/main/resources/messages/eidas_connector_message.properties
@@ -23,11 +23,12 @@ module.eidasauth.matching.04=An error occurred while loading your data from offi
module.eidasauth.matching.11=Matching failed, because of an ERnP communication error. Reason: {0}
module.eidasauth.matching.12=Matching failed, because ERnP response contains historic information which is not supported.
-module.eidasauth.matching.21=Matching be using residence information failed by missing input information. Use another method for matching or create a new Austrian identity.
-module.eidasauth.matching.22=Can not find an unique match by using residence information. Provide more or other data, use another method for matching, or create a new Austrian identity.
+module.eidasauth.matching.21=Matching be using residence information failed by missing input information. Use another method for matching.
+module.eidasauth.matching.22=Can not find an unique match by using residence information. Provide more or other data or use another method for matching.
module.eidasauth.matching.23=Matching be using Austrian Identity was canceled. Use another method for matching or create a new Austrian identity.
module.eidasauth.matching.24=Matching be using Austrian Identity not possible. Use another method for matching or create a new Austrian identity.
-module.eidasauth.matching.25=Matching be using alternative eIDAS authentication not possible. Provide more or other data, use another method for matching, or create a new Austrian identity.
+module.eidasauth.matching.25=Matching be using alternative eIDAS authentication not possible. Provide more or other data or use another method for matching.
+module.eidasauth.matching.26=Matching be using alternative eIDAS authentication not possible, because Name or Country not matched. Provide more or other data or use another method for matching.
module.eidasauth.matching.99=Matching failed, because of an unexpected processing error. Reason: {0}
--
cgit v1.2.3