aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2021-09-08 13:45:25 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2021-09-08 13:45:25 +0200
commit031d236181704248475554ebf7ae373096637a4f (patch)
tree3154638992b8d3cc5d24b7bdf65f2068136e65ac /id
parentef16b7e22800a5b200e58dd83fc406bb94dd671a (diff)
downloadmoa-id-spss-031d236181704248475554ebf7ae373096637a4f.tar.gz
moa-id-spss-031d236181704248475554ebf7ae373096637a4f.tar.bz2
moa-id-spss-031d236181704248475554ebf7ae373096637a4f.zip
update EHVD Role filtering and mapping
Diffstat (limited to 'id')
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java3
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java10
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java55
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java25
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java4
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java111
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java6
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java36
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties1
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties1
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java26
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java80
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties3
13 files changed, 268 insertions, 93 deletions
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
index 07d65f2f5..035e59387 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
@@ -34,6 +34,9 @@ public class ConfigurationProperties {
public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target";
public static final String PROP_MODULE_SERVICE_ENDPOINT = MODULE_PREFIX + "service.url";
+ public static final String PROP_MODULE_EHVD_ROLE_REGEX = MODULE_PREFIX + "service.role.regex";
+
+ public static final String PROP_MODULE_PVP_ROLE = MODULE_PREFIX + "role.pvp";
public static final String PROP_MODULE_PROXY_SOCKS_PORT = MODULE_PREFIX + "proxy.socks.port";
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
index 917c226a2..d087b9fe2 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
@@ -107,20 +107,20 @@ public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl {
if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();
- Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ....");
- boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq));
+ Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ....");
+ final boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq));
if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) {
- Logger.debug("EHVD communication is allowed for SP: " + spEntityID);
+ Logger.debug("EHVD communication is allowed for SP: " + spEntityID);
return "DefaultAuthenticationWithEHVDInteraction";
} else {
if (Logger.isDebugEnabled()) {
if (ccAuthRequested) {
Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication.");
-
+
} else {
Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too");
-
+
}
}
}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
index ea0695a1a..589a316fe 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
@@ -33,30 +33,39 @@ import at.gv.egiz.components.spring.api.SpringResourceProvider;
*/
public class EhvdServiceAuthSpringResourceProvider implements SpringResourceProvider {
- /* (non-Javadoc)
- * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
- */
- @Override
- public Resource[] getResourcesToLoad() {
- ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml", EhvdServiceAuthSpringResourceProvider.class);
- return new Resource[] {authConfig};
- }
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+ */
+ @Override
+ public Resource[] getResourcesToLoad() {
+ final ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml",
+ EhvdServiceAuthSpringResourceProvider.class);
+ return new Resource[] { authConfig };
+ }
- /* (non-Javadoc)
- * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
- */
- @Override
- public String[] getPackagesToScan() {
- // TODO Auto-generated method stub
- return null;
- }
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+ */
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
- /* (non-Javadoc)
- * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
- */
- @Override
- public String getName() {
- return "Module for 'Dummy Authentication'";
- }
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+ */
+ @Override
+ public String getName() {
+ return "Module for 'Dummy Authentication'";
+ }
}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
index 0f1c96aa8..a79aa86dd 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
@@ -15,44 +15,43 @@ import at.gv.egovernment.moa.logging.Logger;
public class PvpRoleAttributeBuilder implements IPVPAttributeBuilder {
private static final String ROLE_NAME_DELIMITER = ";";
-
+
@Override
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
if (authData instanceof IMOAAuthData) {
- IMOAAuthData moaAuthData = (IMOAAuthData)authData;
- if (moaAuthData.getAuthenticationRoles() != null
+ final IMOAAuthData moaAuthData = (IMOAAuthData) authData;
+ if (moaAuthData.getAuthenticationRoles() != null
&& !moaAuthData.getAuthenticationRoles().isEmpty()) {
return g.buildStringAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME,
moaAuthData.getAuthenticationRoles().stream()
.map(el -> el.getRawRoleString())
.collect(Collectors.joining(ROLE_NAME_DELIMITER)));
-
-
+
} else {
Logger.trace("No PVP roles available. Skipping attribute: " + ROLES_FRIENDLY_NAME);
-
+
}
-
+
} else {
Logger.info("Attribute: " + ROLES_FRIENDLY_NAME + " is only available in MOA-ID context");
-
+
}
-
+
return null;
-
+
}
@Override
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
return g.buildEmptyAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME);
-
+
}
@Override
public String getName() {
return ROLES_NAME;
-
+
}
-
+
}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java
index daab154bc..f621d1bb4 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java
@@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.exception;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-public class EhvdException extends AuthenticationException{
+public class EhvdException extends AuthenticationException {
private static final long serialVersionUID = 380654627005502948L;
@@ -15,5 +15,5 @@ public class EhvdException extends AuthenticationException{
super(messageId, parameters, e);
}
-
+
}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
index a25a7f421..900adaff7 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
@@ -2,10 +2,12 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service;
import java.net.URL;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.List;
import java.util.Map;
+import java.util.Optional;
import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
@@ -29,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD;
@@ -55,16 +58,20 @@ public class EhvdCommunicationService implements IEhvdCommunication {
private static final String ERROR_EHVD_01 = "ehvd.01";
private static final String ERROR_EHVD_02 = "ehvd.02";
private static final String ERROR_EHVD_03 = "ehvd.03";
+ private static final String ERROR_EHVD_04 = "ehvd.04";
private static final String ERROR_CONFIG_05 = "config.05";
-
+
private static final Set<String> SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002");
-
+
@Autowired
IConfiguration config;
private String ehvdBpkTarget;
private EHVD ehvdClient;
+ private Pattern ehvdRolePattern;
+
+ private List<String> ehvhPvpRoleList;
/**
* Get user's GDA roles from EHVD Service.
@@ -102,9 +109,9 @@ public class EhvdCommunicationService implements IEhvdCommunication {
Logger.debug("Receive GDA status. Starting response validation ... ");
return gdaResp;
- } catch (final SOAPFaultException e) {
+ } catch (final SOAPFaultException e) {
throw handleSoapFaultError(e);
-
+
} catch (final Exception e) {
Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e);
throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e);
@@ -114,24 +121,25 @@ public class EhvdCommunicationService implements IEhvdCommunication {
}
private EhvdException handleSoapFaultError(SOAPFaultException e) {
- // extract reason for this error
- String errorMsg = e.getFault() != null
- ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage()
+ // extract reason for this error
+ final String errorMsg = e.getFault() != null
+ ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString()
+ : e.getMessage()
: e.getMessage();
-
+
if (SERVICE_ERRORS_LOG_INFO.stream()
- .filter(el -> errorMsg.contains(el))
- .findFirst()
- .isPresent()) {
- Logger.info("EHVD communication failed with SOAP response: " + errorMsg);
-
+ .filter(el -> errorMsg.contains(el))
+ .findFirst()
+ .isPresent()) {
+ Logger.info("EHVD communication failed with SOAP response: " + errorMsg);
+
} else {
Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e);
-
- }
-
- return new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg});
-
+
+ }
+
+ return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg });
+
}
private List<String> parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException {
@@ -139,7 +147,24 @@ public class EhvdCommunicationService implements IEhvdCommunication {
final GdaDescriptor gdaInfo = ehvdResp.getGda();
if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) {
Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles");
- return gdaInfo.getRoles().getRole();
+
+ // match roles with regex from configuration
+ final Optional<String> validGdaRole = gdaInfo.getRoles().getRole().stream()
+ .filter(el -> matchGdaRole(el))
+ .findFirst();
+
+ if (validGdaRole.isPresent()) {
+ Logger.info("Find valid GDA role: " + validGdaRole.get() + " Set PVP Role: "
+ + StringUtils.join(ehvhPvpRoleList, ",") + " into Session");
+
+ // set role into response
+ return ehvhPvpRoleList;
+
+ } else {
+ Logger.info("No valid GDA role in EHVD response");
+ throw new EhvdException(ERROR_EHVD_04, null);
+
+ }
} else {
Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... ");
@@ -150,11 +175,19 @@ public class EhvdCommunicationService implements IEhvdCommunication {
} else {
Logger.info("Receive empty GDA response");
throw new EhvdException(ERROR_EHVD_03, new Object[] {});
-
}
}
+ private boolean matchGdaRole(String role) {
+ final Matcher matcher = ehvdRolePattern.matcher(role);
+ final boolean matches = matcher.matches();
+ Logger.trace(matches ? "EHVD role: " + role + " matches"
+ : "EHVD role: " + role + " does not matche to pattern: " + matcher.toString());
+ return matches;
+
+ }
+
private GetGdaDescriptors buildGdaRequest(String bPK) {
final GetGdaDescriptors req = new GetGdaDescriptors();
final InstanceIdentifier gdaIdentifier = new InstanceIdentifier();
@@ -170,17 +203,45 @@ public class EhvdCommunicationService implements IEhvdCommunication {
if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
initializeEhvdClient();
+ // load EHVD bPK target
ehvdBpkTarget = config.getBasicConfiguration(
ConfigurationProperties.PROP_MODULE_SERVICE_TARGET,
ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET);
Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget);
+ // load Regex to match EHVD Roles to PVP Roles
+ final String ehvdRoleRegex = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX);
+ checkConfigPropertyNotNull(ehvdRoleRegex, ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX);
+ ehvdRolePattern = Pattern.compile(ehvdRoleRegex);
+
+ Logger.info("Set-up EHVD Client with Role regex: " + ehvdRolePattern.toString());
+
+ // load PVP Roles for EHVD integration
+ final String ehvdPvpRole = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_PVP_ROLE);
+ checkConfigPropertyNotNull(ehvdPvpRole, ConfigurationProperties.PROP_MODULE_PVP_ROLE);
+ ehvhPvpRoleList = KeyValueUtils.getListOfCSVValues(ehvdPvpRole);
+ Logger.info("Set-up EHVD module with PVP Role: " + StringUtils.join(ehvhPvpRoleList, ","));
+
} else {
Logger.info("Skipping EHVD client because it's not active");
}
}
+ private void checkConfigPropertyNotNull(String valueToCheck, String configPropName)
+ throws EAAFConfigurationException {
+ if (StringUtils.isEmpty(valueToCheck)) {
+ Logger.error("Missing configuration for EHVD module. "
+ + "(Property: " + configPropName + ")");
+ throw new EAAFConfigurationException(ERROR_CONFIG_05,
+ new Object[] { configPropName });
+
+ }
+
+ }
+
private void initializeEhvdClient() throws EAAFConfigurationException {
Logger.debug("Initializing EHVD client ... ");
final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl");
@@ -214,9 +275,9 @@ public class EhvdCommunicationService implements IEhvdCommunication {
Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl);
-
// these code is only for local testing
- String socksPort = config.getBasicConfiguration(ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT);
+ final String socksPort = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT);
if (StringUtils.isNotEmpty(socksPort)) {
Logger.warn("Injecting SOCKS5 Proxy for service communication!");
final Client client = ClientProxy.getClient(ehvdClient);
@@ -224,9 +285,9 @@ public class EhvdCommunicationService implements IEhvdCommunication {
http.getClient().setProxyServerType(ProxyServerType.SOCKS);
http.getClient().setProxyServer("127.0.0.1");
http.getClient().setProxyServerPort(Integer.valueOf(socksPort));
-
+
}
-
+
}
}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
index 8a9c7db5c..2d9291ed7 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
@@ -2,8 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service;
import java.util.List;
-import javax.annotation.Nonnull;
-
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -12,11 +10,11 @@ public interface IEhvdCommunication {
/**
* Get user's GDA roles from EHVD Service.
- *
+ *
* @param identityLink IdentityLink of the user
* @return {@link List} of Roles that are received from EHVD
* @throws AuthenticationException In case of an EHVD communication error
- * @throws EAAFBuilderException In case of a bPK generation error
+ * @throws EAAFBuilderException In case of a bPK generation error
*/
List<String> getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException;
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
index b44863b80..8f22c6ffc 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
@@ -31,16 +31,14 @@ import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -50,8 +48,9 @@ import at.gv.egovernment.moa.logging.Logger;
@Component("InjectEhvdInformationTask")
public class InjectEhvdInformationTask extends AbstractAuthServletTask {
- @Autowired IEhvdCommunication ehvdService;
-
+ @Autowired
+ IEhvdCommunication ehvdService;
+
/*
* (non-Javadoc)
*
@@ -66,17 +65,19 @@ public class InjectEhvdInformationTask extends AbstractAuthServletTask {
HttpServletResponse response)
throws TaskExecutionException {
try {
- final AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
-
+ final AuthenticationSessionWrapper session = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
// validate internal state
validateInternalState(session);
-
+
// requesting roles from EHVD
- List<String> ehvdRoles = ehvdService.getRoles(session.getIdentityLink());
-
- // inject EHVD roles
- session.setGenericDataToSession(PVPConstants.ROLES_NAME, StringUtils.join(ehvdRoles, ";"));
-
+ final List<String> ehvdRoles = ehvdService.getRoles(session.getIdentityLink());
+
+ // inject EHVD roles
+ session.setGenericDataToSession(PVPAttributeDefinitions.ROLES_NAME,
+ StringUtils.join(ehvdRoles, ";"));
+
// store MOASession into database
requestStoreage.storePendingRequest(pendingReq);
@@ -90,14 +91,13 @@ public class InjectEhvdInformationTask extends AbstractAuthServletTask {
}
private void validateInternalState(AuthenticationSessionWrapper session) throws AuthenticationException {
- //check if identityLink is available
- if (session.getIdentityLink() == null ) {
+ // check if identityLink is available
+ if (session.getIdentityLink() == null) {
Logger.error("No IdentityLink in session. There is an internal error in process definition");
throw new AuthenticationException("process.04", null);
-
+
}
-
-
+
}
}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties
index 643893413..b4a752a2d 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties
@@ -2,5 +2,6 @@ ehvd.00=Für den abgefragtem GDA liegt keine Berechtigung vor
ehvd.01=Technischer Fehler bei der Abfrage von GDA Informationen. Ursache: {0}
ehvd.02=Fehler bei der Abfrage von GDA Informationen. Ursache: {0}
ehvd.03=Antwort des EHVD Service beinhaltet keine GDA Informationen
+ehvd.04=Keine gültige EHVD Role gefunden
ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties
index 72048b8e3..5c98c199b 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties
@@ -5,4 +5,5 @@ ehvd.00=7000
ehvd.01=7001
ehvd.02=7001
ehvd.03=7001
+ehvd.04=7002
ehvd.99=7099 \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java
index df02c6f4e..cabd8df19 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@@ -27,6 +28,7 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder;
import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
@RunWith(SpringJUnit4ClassRunner.class)
@@ -99,6 +101,8 @@ public class PvpRoleAttributeBuilderTest {
// validate state
assertNotNull("wrong attr. value", attrValue);
+ assertFalse("List delimiter after last element" ,attrValue.endsWith(";"));
+
String[] el = attrValue.split(";");
assertEquals("wrong role count", 4, el.length);
@@ -110,6 +114,28 @@ public class PvpRoleAttributeBuilderTest {
}
+ @Test
+ public void brzProductionRole() throws AttributeBuilderException {
+
+ IAuthData authData = generateAuthData(Arrays.asList(
+ AuthenticationRoleFactory.buildFormPVPole("EPI-GDA()")));
+
+ // perform test
+ String attrValue = toTest.build(oaParam, authData, g);
+
+ // validate state
+ assertNotNull("wrong attr. value", attrValue);
+ assertFalse("List delimiter after last element" ,attrValue.endsWith(";"));
+
+
+ String[] el = attrValue.split(";");
+ assertEquals("wrong role count", 1, el.length);
+ assertEquals("wrong 1. role", "EPI-GDA()", el[0]);
+
+ assertEquals("wrong role attr. value", "EPI-GDA()", attrValue);
+
+ }
+
private IAuthData generateAuthData(List<AuthenticationRole> roles) {
MOAAuthenticationData authData = new MOAAuthenticationData(null);
if (roles != null) {
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java
index 8620ef98b..adedd1d02 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java
@@ -7,7 +7,6 @@ import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
-import java.net.SocketTimeoutException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
@@ -213,13 +212,61 @@ public class InjectEhvdIdentityInformationTaskTest {
}
}
+
@Test
- public void validateState() throws TaskExecutionException, PendingReqIdValidationException {
+ public void noValidGdaRole() throws TaskExecutionException, PendingReqIdValidationException {
// set-up EHVD response
String role1 = RandomStringUtils.randomAlphabetic(10);
String role2 = RandomStringUtils.randomAlphabetic(10);
when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2)));
+ try {
+ task.execute(pendingReq, context);
+ fail("wrong state not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion");
+ assertEquals("wrong errorCode", "ehvd.04", ((EAAFException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+
+ @Test
+ public void validateStateWithRandomData() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ String role1 = RandomStringUtils.randomAlphabetic(10);
+ String role2 = "1.2.40.0.34.5.2:101";
+ String role3 = RandomStringUtils.randomAlphabetic(10);
+ when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3)));
+
+ task.execute(pendingReq, context);
+
+ // validate state
+ final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ assertNotNull("pendingReq not stored", storedReq);
+
+ final AuthenticationSessionWrapper moaSession = storedReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
+ assertFalse("foreign", moaSession.isForeigner());
+ assertFalse("mandate", moaSession.isMandateUsed());
+ assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size());
+ assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME));
+ assertEquals("wrong role attr",
+ "EPI-GDA()",
+ moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class));
+
+ }
+
+ @Test
+ public void validateState() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ String role1 = "1.2.40.0.33.5.2.101";
+ String role2 = "1.2.40.0.34.5.2:100";
+ String role3 = RandomStringUtils.randomAlphabetic(10);
+ when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3)));
+
task.execute(pendingReq, context);
// validate state
@@ -234,11 +281,38 @@ public class InjectEhvdIdentityInformationTaskTest {
assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size());
assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME));
assertEquals("wrong role attr",
- role1 + ";" + role2,
+ "EPI-GDA()",
moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class));
}
+ @Test
+ public void validateStateSecondOid() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ String role1 = "1.2.40.0.33.5.2.101";
+ String role2 = "1.2.40.0.34.5.2:158";
+ String role3 = RandomStringUtils.randomAlphabetic(10);
+ when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3)));
+
+ task.execute(pendingReq, context);
+
+ // validate state
+ final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ assertNotNull("pendingReq not stored", storedReq);
+
+ final AuthenticationSessionWrapper moaSession = storedReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
+ assertFalse("foreign", moaSession.isForeigner());
+ assertFalse("mandate", moaSession.isMandateUsed());
+ assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size());
+ assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME));
+ assertEquals("wrong role attr",
+ "EPI-GDA()",
+ moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class));
+
+ }
+
private GdaIndexResponse generateGdaResponse(boolean isActive, List<String> roles) {
GdaIndexResponse resp = new GdaIndexResponse();
GdaDescriptor gda = new GdaDescriptor();
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties
index 43e900f4b..263192c07 100644
--- a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties
@@ -6,3 +6,6 @@ modules.ehvd.sp.4=435344534egewgegf
modules.ehvd.service.url=http://localhost:1234/ehvd
#modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at
+
+modules.ehvd.role.pvp=EPI-GDA()
+modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ \ No newline at end of file