diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2021-12-20 15:54:56 +0100 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2021-12-20 15:54:56 +0100 | 
| commit | 506ab3232b2c237a1d83c9e970dccdb9445d5d81 (patch) | |
| tree | 3c94a1a8b4849bdcdbe56d12d0dd7b2e964b234f /id/server/modules/moa-id-module-ehvd_integration/src/main/java | |
| parent | fc0385dbeee71f1ce18783ef1c7a4d06288fdb0d (diff) | |
| parent | 600369d4ffa753716a9572824de7a96a04cb05a7 (diff) | |
| download | moa-id-spss-master.tar.gz moa-id-spss-master.tar.bz2 moa-id-spss-master.zip | |
Diffstat (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java')
16 files changed, 1054 insertions, 0 deletions
| diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java new file mode 100644 index 000000000..6cb9c08e3 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java @@ -0,0 +1,61 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; + +public class ConfigurationProperties { + +  // configuration properties +  private static final String MODULE_PREFIX = "modules.ehvd."; + +  public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled"; +  public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp"; + +  public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target"; +  public static final String PROP_MODULE_SERVICE_ENDPOINT = MODULE_PREFIX + "service.url"; +  public static final String PROP_MODULE_EHVD_ROLE_REGEX = MODULE_PREFIX + "service.role.regex"; +  public static final String PROP_MODULE_EHVD_OTHERID_PREFIX = MODULE_PREFIX + "service.otherid.prefix"; + +  public static final String PROP_MODULE_PVP_ROLE = MODULE_PREFIX + "role.pvp"; + +  public static final String PROP_MODULE_PROXY_SOCKS_PORT = MODULE_PREFIX + "proxy.socks.port"; + +  public static final String DEFAULT_EHVD_SERVICE_TARGET = EAAFConstants.URN_PREFIX_CDID + "GH"; + +   +  //TODO: define custom EHVD SAML2 attributes +  public static final String ATTRIBUTE_URN_EHVD_PREFIX = "urn:brzgvat:attributes.ehvd."; +  public static final String ATTRIBUTE_URN_EHVD_TITLE = ATTRIBUTE_URN_EHVD_PREFIX + "title"; +  public static final String ATTRIBUTE_URN_EHVD_FIRSTNAME = ATTRIBUTE_URN_EHVD_PREFIX + "firstname"; +  public static final String ATTRIBUTE_URN_EHVD_SURNAME = ATTRIBUTE_URN_EHVD_PREFIX + "surname"; +  public static final String ATTRIBUTE_URN_EHVD_ZIPCODE = ATTRIBUTE_URN_EHVD_PREFIX + "zip"; +  public static final String ATTRIBUTE_URN_EHVD_STATE = ATTRIBUTE_URN_EHVD_PREFIX + "state"; +  public static final String ATTRIBUTE_URN_EHVD_ID = ATTRIBUTE_URN_EHVD_PREFIX + "id"; +  public static final String ATTRIBUTE_URN_EHVD_OTHERID = ATTRIBUTE_URN_EHVD_PREFIX + "otherid"; +   +   +  private ConfigurationProperties() { +    // hide constructor or static class +  } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java new file mode 100644 index 000000000..d087b9fe2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java @@ -0,0 +1,147 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd; + +import java.util.Collection; +import java.util.Collections; +import java.util.stream.Collectors; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl { + +  private int priority = 2; + +  @Autowired(required = true) +  protected IConfigurationWithSP authConfig; + +  private Collection<String> uniqueIDsEnabled; + +  /* +   * (non-Javadoc) +   * +   * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() +   */ +  @Override +  public int getPriority() { +    return priority; + +  } + +  /** +   * Sets the priority of this module. Default value is {@code 0}. +   * +   * @param priority The priority. +   */ +  public void setPriority(int priority) { +    this.priority = priority; + +  } + +  @PostConstruct +  private void initialDummyAuthWhiteList() { +    if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { +      Logger.info("AuthModule for 'EHVD injection' is enabled"); + +      // load allowed service-provider Id's +      uniqueIDsEnabled = authConfig.getBasicConfigurationWithPrefix( +          ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream() +          .filter(el -> StringUtils.isNotEmpty(el)) +          .collect(Collectors.toSet()); + +      if (!uniqueIDsEnabled.isEmpty()) { +        Logger.info("EHVD communication is enabled for ...."); +        uniqueIDsEnabled.forEach(el -> Logger.info("   EntityID: " + el)); + +      } + +    } else { +      uniqueIDsEnabled = Collections.emptySet(); +      Logger.info("AuthModule for 'EHVD injection' is disabled"); + +    } + +  } + +  /* +   * (non-Javadoc) +   * +   * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv. +   * egovernment.moa.id.process.api.ExecutionContext) +   */ +  @Override +  public String selectProcess(ExecutionContext context, IRequest pendingReq) { + +    if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { +      final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); +      Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ...."); +      final boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq)); +      if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) { +        Logger.debug("EHVD communication is allowed for SP: " + spEntityID); +        return "DefaultAuthenticationWithEHVDInteraction"; + +      } else { +        if (Logger.isDebugEnabled()) { +          if (ccAuthRequested) { +            Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication."); + +          } else { +            Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too"); + +          } +        } +      } + +    } else { +      Logger.trace("'EHVD injection' authentication is disabled"); + +    } + +    return null; + +  } + +  /* +   * (non-Javadoc) +   * +   * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() +   */ +  @Override +  public String[] getProcessDefinitions() { +    return new String[] { "classpath:/DefaultAuth_with_ehvd_interaction.process.xml" }; +  } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java new file mode 100644 index 000000000..589a316fe --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java @@ -0,0 +1,71 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class EhvdServiceAuthSpringResourceProvider implements SpringResourceProvider { + +  /* +   * (non-Javadoc) +   * +   * @see +   * at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() +   */ +  @Override +  public Resource[] getResourcesToLoad() { +    final ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml", +        EhvdServiceAuthSpringResourceProvider.class); +    return new Resource[] { authConfig }; +  } + +  /* +   * (non-Javadoc) +   * +   * @see +   * at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() +   */ +  @Override +  public String[] getPackagesToScan() { +    // TODO Auto-generated method stub +    return null; +  } + +  /* +   * (non-Javadoc) +   * +   * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() +   */ +  @Override +  public String getName() { +    return "Module for 'Dummy Authentication'"; +  } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java new file mode 100644 index 000000000..af413ffc3 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.logging.Logger; + +public abstract class AbstractEhvdAttributeBuilder implements IPVPAttributeBuilder { + +  @Override +  public <ATT> ATT build(ISPConfiguration spConfig, IAuthData authData, IAttributeGenerator<ATT> g) +      throws AttributeBuilderException { +    try { +      GdaDescriptor fullGdaInfo =  +          authData.getGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, GdaDescriptor.class); +     +      if (fullGdaInfo != null) { +        String attrValue = generateAttributeValue(fullGdaInfo); +        Logger.debug(StringUtils.isEmpty(attrValue) ? "Skip" : "Build"  +            + "attribute: " + getName());       +        return g.buildStringAttribute(getName(), getName(),  +            StringUtils.isNotEmpty(attrValue) ? attrValue : null); +       +      } else { +        Logger.trace("Skipping attr: " + getName() + " because no GDA info available"); +        return null; +         +      } +       +    } catch (ClassCastException e) { +      Logger.trace("Skipping attr: " + getName() + " because no GDA info available"); +      return null; +       +    } +  } + +  @Override +  public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { +    return g.buildEmptyAttribute(getName(), getName()); +     +  } +   +  protected abstract String generateAttributeValue(GdaDescriptor fullGdaInfo); + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java new file mode 100644 index 000000000..7056c3099 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java @@ -0,0 +1,28 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; +// +//import java.util.stream.Collectors; +// +//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +// +//@PVPMETADATA +//public class EhvdAddressStateAttributeBuilder extends AbstractEhvdAttributeBuilder { +// +//  private static final String ATTR_VALUE_DELIMITER = "|"; +//   +//  @Override +//  public String getName() { +//    return ConfigurationProperties.ATTRIBUTE_URN_EHVD_STATE; +//     +//  } +// +//  @Override +//  protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +//    return fullGdaInfo.getAddress().stream() +//        .map(el -> el.getState() != null ? el.getState() : "")        +//        .collect(Collectors.joining(ATTR_VALUE_DELIMITER)); +//     +//  } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java new file mode 100644 index 000000000..98a0567f2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java @@ -0,0 +1,28 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; +// +//import java.util.stream.Collectors; +// +//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +// +//@PVPMETADATA +//public class EhvdAddressZipcodeAttributeBuilder extends AbstractEhvdAttributeBuilder { +// +//  private static final String ATTR_VALUE_DELIMITER = "|"; +//   +//  @Override +//  public String getName() { +//    return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ZIPCODE; +//     +//  } +// +//  @Override +//  protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +//    return fullGdaInfo.getAddress().stream() +//        .map(el -> el.getZip() != null ? el.getZip() : "") +//        .collect(Collectors.joining(ATTR_VALUE_DELIMITER)); +//     +//  } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java new file mode 100644 index 000000000..1bb923cf4 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdFirstnameAttributeBuilder extends AbstractEhvdAttributeBuilder { + +  @Override +  public String getName() { +    return ConfigurationProperties.ATTRIBUTE_URN_EHVD_FIRSTNAME; +     +  } + +  @Override +  protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +    return fullGdaInfo.getFirstname(); +     +  } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java new file mode 100644 index 000000000..918b02c2e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdIdAttributeBuilder extends AbstractEhvdAttributeBuilder { + +  @Override +  public String getName() { +    return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ID; +     +  } + +  @Override +  protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {     +    return fullGdaInfo.getId() != null ? fullGdaInfo.getId().getId() : null; +     +  } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java new file mode 100644 index 000000000..2d0e20c9c --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java @@ -0,0 +1,54 @@ +//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; +// +//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +//import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +//import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +//import at.gv.egovernment.moa.logging.Logger; +// +//@PVPMETADATA +//public class EhvdOtherIdAttributeBuilder extends AbstractEhvdAttributeBuilder { +// +//  private static final String DEFAULT_ID_PREFIX = "1.2.40.0.34.4.18:"; +// +//  private String idPrefix; +//   +//  public EhvdOtherIdAttributeBuilder() {    +//    try { +//      AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); +//      if (config != null) { +//        idPrefix = config.getBasicConfiguration( +//            ConfigurationProperties.PROP_MODULE_EHVD_OTHERID_PREFIX, DEFAULT_ID_PREFIX); +//         +//      } else { +//        idPrefix = DEFAULT_ID_PREFIX; +//         +//      } +//    } catch (ConfigurationException e) { +//      idPrefix = DEFAULT_ID_PREFIX; +//       +//    } +//         +//    Logger.info("  Set-up " + getName() + " with otherId prefix: " + idPrefix); +//     +//  } +//   +//  @Override +//  public String getName() { +//    return ConfigurationProperties.ATTRIBUTE_URN_EHVD_OTHERID; +// +//  } +// +//  @Override +//  protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {     +//    return fullGdaInfo.getOtherID().stream() +//        .filter(el -> el.startsWith(idPrefix)) +//        .findFirst() +//        .map(el -> el.substring(idPrefix.length())) +//        .orElse(null); +//     +//  } +// +//} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java new file mode 100644 index 000000000..db8de397b --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdSurnameAttributeBuilder extends AbstractEhvdAttributeBuilder { + +  @Override +  public String getName() { +    return ConfigurationProperties.ATTRIBUTE_URN_EHVD_SURNAME; +     +  } + +  @Override +  protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +    return fullGdaInfo.getSurname(); +     +  } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java new file mode 100644 index 000000000..c978d4dd2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; + +@PVPMETADATA +public class EhvdTitelAttributeBuilder extends AbstractEhvdAttributeBuilder { + +  @Override +  public String getName() { +    return ConfigurationProperties.ATTRIBUTE_URN_EHVD_TITLE; +     +  } + +  @Override +  protected String generateAttributeValue(GdaDescriptor fullGdaInfo) { +    return fullGdaInfo.getTitle(); +     +  } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java new file mode 100644 index 000000000..a79aa86dd --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java @@ -0,0 +1,57 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import java.util.stream.Collectors; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; + +@PVPMETADATA +public class PvpRoleAttributeBuilder implements IPVPAttributeBuilder { + +  private static final String ROLE_NAME_DELIMITER = ";"; + +  @Override +  public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, +      IAttributeGenerator<ATT> g) throws AttributeBuilderException { +    if (authData instanceof IMOAAuthData) { +      final IMOAAuthData moaAuthData = (IMOAAuthData) authData; +      if (moaAuthData.getAuthenticationRoles() != null +          && !moaAuthData.getAuthenticationRoles().isEmpty()) { +        return g.buildStringAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME, +            moaAuthData.getAuthenticationRoles().stream() +                .map(el -> el.getRawRoleString()) +                .collect(Collectors.joining(ROLE_NAME_DELIMITER))); + +      } else { +        Logger.trace("No PVP roles available. Skipping attribute: " + ROLES_FRIENDLY_NAME); + +      } + +    } else { +      Logger.info("Attribute: " + ROLES_FRIENDLY_NAME + " is only available in MOA-ID context"); + +    } + +    return null; + +  } + +  @Override +  public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { +    return g.buildEmptyAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME); + +  } + +  @Override +  public String getName() { +    return ROLES_NAME; + +  } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java new file mode 100644 index 000000000..f621d1bb4 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java @@ -0,0 +1,19 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.exception; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; + +public class EhvdException extends AuthenticationException { + +  private static final long serialVersionUID = 380654627005502948L; + +  public EhvdException(String messageId, Object[] parameters) { +    super(messageId, parameters); + +  } + +  public EhvdException(String messageId, Object[] parameters, Throwable e) { +    super(messageId, parameters, e); + +  } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java new file mode 100644 index 000000000..b165d05e2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -0,0 +1,321 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.service; + +import java.net.URL; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.annotation.Nonnull; +import javax.annotation.PostConstruct; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.handler.Handler; +import javax.xml.ws.soap.SOAPFaultException; + +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.ProxyServerType; +import org.springframework.beans.factory.annotation.Autowired; + +import com.google.common.collect.Sets; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVDService; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GetGdaDescriptors; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +import at.gv.egovernment.moa.id.auth.modules.ehvd.exception.EhvdException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.util.LoggingHandler; + +/** + * Implement interaction with EHVD service to get GDA information. + * + * @author tlenz + * + */ +public class EhvdCommunicationService implements IEhvdCommunication { + +  private static final String GDA_RESP_STATUS_ACTIVE = "Aktiv"; + +  private static final String ERROR_EHVD_00 = "ehvd.00"; +  private static final String ERROR_EHVD_01 = "ehvd.01"; +  private static final String ERROR_EHVD_02 = "ehvd.02"; +  private static final String ERROR_EHVD_03 = "ehvd.03"; +  private static final String ERROR_EHVD_04 = "ehvd.04"; +  private static final String ERROR_CONFIG_05 = "config.05"; + +  private static final Set<String> SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002"); + +  @Autowired +  IConfiguration config; + +  private String ehvdBpkTarget; + +  private EHVD ehvdClient; +  private Pattern ehvdRolePattern; + +  private List<String> ehvhPvpRoleList; + +  /** +   * Get user's GDA roles from EHVD Service. +   * +   * @param identityLink IdentityLink of the user +   * @return {@link List} of Roles that are received from EHVD +   * @throws AuthenticationException In case of an EHVD communication error +   * @throws EAAFBuilderException    In case of a bPK generation error +   */ +  @Override +  @Nonnull +  public EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException, +      EAAFBuilderException { + +    // get bPK for EHVD request +    final Pair<String, String> ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier( +        identityLink.getIdentificationValue(), +        identityLink.getIdentificationType(), +        ehvdBpkTarget); + +    // request EHVD and handle errors +    final GdaIndexResponse gdaResp = requestingGda(ehvdBpk.getFirst()); + +    // parse roles from response +    return EhvdResponseHolder.getInstance(gdaResp.getGda(), parseGdaResponse(gdaResp)); + +  } + +  @Nonnull +  private GdaIndexResponse requestingGda(String bpk) throws EhvdException { +    try { +      final GetGdaDescriptors gdaReq = buildGdaRequest(bpk); +      Logger.debug("Requesting EHVD to get GDA status ... "); +      final GdaIndexResponse gdaResp = ehvdClient.getGDA(gdaReq); +      Logger.debug("Receive GDA status. Starting response validation ... "); +      return gdaResp; + +    } catch (final SOAPFaultException e) { +      throw handleSoapFaultError(e); + +    } catch (final Exception e) { +      Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); +      throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e); + +    } + +  } + +  private EhvdException handleSoapFaultError(SOAPFaultException e) { +    // extract reason for this error +    final String errorMsg = e.getFault() != null +        ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() +            : e.getMessage() +        : e.getMessage(); + +    if (SERVICE_ERRORS_LOG_INFO.stream() +        .filter(el -> errorMsg.contains(el)) +        .findFirst() +        .isPresent()) { +      Logger.info("EHVD communication failed with SOAP response: " + errorMsg); +      return new EhvdException(ERROR_EHVD_03, new Object[] { errorMsg }); + +    } else { +      Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); +      return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg }); + +    } + +     + +  } + +  private List<String> parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException { +    if (ehvdResp.getGda() != null) { +      final GdaDescriptor gdaInfo = ehvdResp.getGda(); +      if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) { +        Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles"); + +        // match roles with regex from configuration +        final Optional<String> validGdaRole = gdaInfo.getRoles().getRole().stream() +            .filter(el -> matchGdaRole(el)) +            .findFirst(); + +        if (validGdaRole.isPresent()) { +          Logger.info("Find valid GDA role: " + validGdaRole.get() + " Set PVP Role: " +              + StringUtils.join(ehvhPvpRoleList, ",") + " into Session"); + +          // set role into response +          return ehvhPvpRoleList; + +        } else { +          Logger.info("No valid GDA role in EHVD response"); +          throw new EhvdException(ERROR_EHVD_04, null); + +        } + +      } else { +        Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... "); +        throw new EhvdException(ERROR_EHVD_00, null); + +      } + +    } else { +      Logger.info("Receive empty GDA response"); +      throw new EhvdException(ERROR_EHVD_03, new Object[] {}); + +    } +  } + +  private boolean matchGdaRole(String role) { +    final Matcher matcher = ehvdRolePattern.matcher(role); +    final boolean matches = matcher.matches(); +    Logger.trace(matches ? "EHVD role: " + role + " matches" +        : "EHVD role: " + role + " does not matche to pattern: " + matcher.toString()); +    return matches; + +  } + +  private GetGdaDescriptors buildGdaRequest(String bPK) { +    final GetGdaDescriptors req = new GetGdaDescriptors(); +    final InstanceIdentifier gdaIdentifier = new InstanceIdentifier(); +    gdaIdentifier.setOidIssuingAuthority(PVPAttributeDefinitions.BPK_OID); +    gdaIdentifier.setId(bPK); +    req.setHcIdentifier(gdaIdentifier); +    return req; + +  } + +  @PostConstruct +  private void initialize() throws EAAFConfigurationException { +    if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { +      initializeEhvdClient(); + +      // load EHVD bPK target +      ehvdBpkTarget = config.getBasicConfiguration( +          ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, +          ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); +      Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget); + +      // load Regex to match EHVD Roles to PVP Roles +      final String ehvdRoleRegex = config.getBasicConfiguration( +          ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); +      checkConfigPropertyNotNull(ehvdRoleRegex, ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); +      ehvdRolePattern = Pattern.compile(ehvdRoleRegex); + +      Logger.info("Set-up EHVD Client with Role regex: " + ehvdRolePattern.toString()); + +      // load PVP Roles for EHVD integration +      final String ehvdPvpRole = config.getBasicConfiguration( +          ConfigurationProperties.PROP_MODULE_PVP_ROLE); +      checkConfigPropertyNotNull(ehvdPvpRole, ConfigurationProperties.PROP_MODULE_PVP_ROLE); +      ehvhPvpRoleList = KeyValueUtils.getListOfCSVValues(ehvdPvpRole); +      Logger.info("Set-up EHVD module with PVP Role: " + StringUtils.join(ehvhPvpRoleList, ",")); + +    } else { +      Logger.info("Skipping EHVD client because it's not active"); + +    } +  } + +  private void checkConfigPropertyNotNull(String valueToCheck, String configPropName) +      throws EAAFConfigurationException { +    if (StringUtils.isEmpty(valueToCheck)) { +      Logger.error("Missing configuration for EHVD module. " +          + "(Property: " + configPropName + ")"); +      throw new EAAFConfigurationException(ERROR_CONFIG_05, +          new Object[] { configPropName }); + +    } + +  } + +  private void initializeEhvdClient() throws EAAFConfigurationException { +    Logger.debug("Initializing EHVD client ... "); +    final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl"); +    final EHVDService service = new EHVDService(url); +    ehvdClient = service.getEHVDPort12(); + +    // load service end-point URL from configuration +    final String ehvdEndpointUrl = config.getBasicConfiguration( +        ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT); +    if (StringUtils.isEmpty(ehvdEndpointUrl)) { +      Logger.error("Missing configuration for EHVD WebService endpoint. " +          + "(Property: " + ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT + ")"); +      throw new EAAFConfigurationException(ERROR_CONFIG_05, +          new Object[] { ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT }); + +    } + +    // inject service end-point URL +    final Map<String, Object> requestContext = ((BindingProvider) ehvdClient).getRequestContext(); +    requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, ehvdEndpointUrl); + +    // inject Logging handler +    List<Handler> handlerList = ((BindingProvider) ehvdClient).getBinding().getHandlerChain(); +    if (handlerList == null) { +      handlerList = new ArrayList<>(); + +    } + +    handlerList.add(new LoggingHandler()); +    ((BindingProvider) ehvdClient).getBinding().setHandlerChain(handlerList); + +    Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl); + +    // these code is only for local testing +    final String socksPort = config.getBasicConfiguration( +        ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); +    if (StringUtils.isNotEmpty(socksPort)) { +      Logger.warn("Injecting SOCKS5 Proxy for service communication!"); +      final Client client = ClientProxy.getClient(ehvdClient); +      final HTTPConduit http = (HTTPConduit) client.getConduit(); +      http.getClient().setProxyServerType(ProxyServerType.SOCKS); +      http.getClient().setProxyServer("127.0.0.1"); +      http.getClient().setProxyServerPort(Integer.valueOf(socksPort)); + +    } +  } + +  public static class EhvdResponseHolder { +    final List<String> roles; +    final GdaDescriptor fullGdaResponse; +     +     +    public static EhvdResponseHolder getInstance(GdaDescriptor gdaInfo, List<String> processedRoles) { +      return new EhvdResponseHolder(gdaInfo, processedRoles); +       +    } +     +    private EhvdResponseHolder(GdaDescriptor gdaInfo, List<String> processedRoles) { +      this.roles = processedRoles; +      this.fullGdaResponse = gdaInfo; +       +    } + +    public List<String> getRoles() { +      return roles; +    } + +    public GdaDescriptor getFullGdaResponse() { +      return fullGdaResponse; +    } +     +     +     +  } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java new file mode 100644 index 000000000..6b7c7e2f5 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java @@ -0,0 +1,20 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.service; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder; + +public interface IEhvdCommunication { + +  /** +   * Get user's GDA roles from EHVD Service. +   * +   * @param identityLink IdentityLink of the user +   * @return {@link EhvdResponseHolder} that contains the Roles received from EHVD and the full GDA response +   * @throws AuthenticationException In case of an EHVD communication error +   * @throws EAAFBuilderException    In case of a bPK generation error +   */ +  EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException; + +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java new file mode 100644 index 000000000..ee5dbb2fd --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java @@ -0,0 +1,109 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd.task; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder; +import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("InjectEhvdInformationTask") +public class InjectEhvdInformationTask extends AbstractAuthServletTask { + +  @Autowired +  IEhvdCommunication ehvdService; + +  /* +   * (non-Javadoc) +   * +   * @see +   * at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv. +   * egovernment.moa.id.process.api.ExecutionContext, +   * javax.servlet.http.HttpServletRequest, +   * javax.servlet.http.HttpServletResponse) +   */ +  @Override +  public void execute(ExecutionContext executionContext, HttpServletRequest request, +      HttpServletResponse response) +      throws TaskExecutionException { +    try { +      final AuthenticationSessionWrapper session = pendingReq.getSessionData( +          AuthenticationSessionWrapper.class); + +      // validate internal state +      validateInternalState(session); + +      // requesting roles from EHVD +      final EhvdResponseHolder ehvdResponse = ehvdService.getRoles(session.getIdentityLink()); + +      // inject EHVD roles +      session.setGenericDataToSession(PVPAttributeDefinitions.ROLES_NAME, +          StringUtils.join(ehvdResponse.getRoles(), ";")); + +      // inject full EHVD response +      session.setGenericDataToSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX,  +          ehvdResponse.getFullGdaResponse()); +       +      // store MOASession into database +      requestStoreage.storePendingRequest(pendingReq); + +    } catch (final MOAIDException e) { +      throw new TaskExecutionException(pendingReq, e.getMessage(), e); + +    } catch (final Exception e) { +      throw new TaskExecutionException(pendingReq, e.getMessage(), e); + +    } +  } + +  private void validateInternalState(AuthenticationSessionWrapper session) throws AuthenticationException { +    // check if identityLink is available +    if (session.getIdentityLink() == null) { +      Logger.error("No IdentityLink in session. There is an internal error in process definition"); +      throw new AuthenticationException("process.04", null); + +    } + +  } + +} | 
