aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java/at')
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java61
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java147
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java71
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java51
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java28
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java28
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java22
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java22
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java54
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java22
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java22
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java57
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java19
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java321
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java20
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java109
16 files changed, 1054 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
new file mode 100644
index 000000000..6cb9c08e3
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+
+public class ConfigurationProperties {
+
+ // configuration properties
+ private static final String MODULE_PREFIX = "modules.ehvd.";
+
+ public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled";
+ public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp";
+
+ public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target";
+ public static final String PROP_MODULE_SERVICE_ENDPOINT = MODULE_PREFIX + "service.url";
+ public static final String PROP_MODULE_EHVD_ROLE_REGEX = MODULE_PREFIX + "service.role.regex";
+ public static final String PROP_MODULE_EHVD_OTHERID_PREFIX = MODULE_PREFIX + "service.otherid.prefix";
+
+ public static final String PROP_MODULE_PVP_ROLE = MODULE_PREFIX + "role.pvp";
+
+ public static final String PROP_MODULE_PROXY_SOCKS_PORT = MODULE_PREFIX + "proxy.socks.port";
+
+ public static final String DEFAULT_EHVD_SERVICE_TARGET = EAAFConstants.URN_PREFIX_CDID + "GH";
+
+
+ //TODO: define custom EHVD SAML2 attributes
+ public static final String ATTRIBUTE_URN_EHVD_PREFIX = "urn:brzgvat:attributes.ehvd.";
+ public static final String ATTRIBUTE_URN_EHVD_TITLE = ATTRIBUTE_URN_EHVD_PREFIX + "title";
+ public static final String ATTRIBUTE_URN_EHVD_FIRSTNAME = ATTRIBUTE_URN_EHVD_PREFIX + "firstname";
+ public static final String ATTRIBUTE_URN_EHVD_SURNAME = ATTRIBUTE_URN_EHVD_PREFIX + "surname";
+ public static final String ATTRIBUTE_URN_EHVD_ZIPCODE = ATTRIBUTE_URN_EHVD_PREFIX + "zip";
+ public static final String ATTRIBUTE_URN_EHVD_STATE = ATTRIBUTE_URN_EHVD_PREFIX + "state";
+ public static final String ATTRIBUTE_URN_EHVD_ID = ATTRIBUTE_URN_EHVD_PREFIX + "id";
+ public static final String ATTRIBUTE_URN_EHVD_OTHERID = ATTRIBUTE_URN_EHVD_PREFIX + "otherid";
+
+
+ private ConfigurationProperties() {
+ // hide constructor or static class
+ }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
new file mode 100644
index 000000000..d087b9fe2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.stream.Collectors;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl {
+
+ private int priority = 2;
+
+ @Autowired(required = true)
+ protected IConfigurationWithSP authConfig;
+
+ private Collection<String> uniqueIDsEnabled;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+ */
+ @Override
+ public int getPriority() {
+ return priority;
+
+ }
+
+ /**
+ * Sets the priority of this module. Default value is {@code 0}.
+ *
+ * @param priority The priority.
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+
+ }
+
+ @PostConstruct
+ private void initialDummyAuthWhiteList() {
+ if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+ Logger.info("AuthModule for 'EHVD injection' is enabled");
+
+ // load allowed service-provider Id's
+ uniqueIDsEnabled = authConfig.getBasicConfigurationWithPrefix(
+ ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream()
+ .filter(el -> StringUtils.isNotEmpty(el))
+ .collect(Collectors.toSet());
+
+ if (!uniqueIDsEnabled.isEmpty()) {
+ Logger.info("EHVD communication is enabled for ....");
+ uniqueIDsEnabled.forEach(el -> Logger.info(" EntityID: " + el));
+
+ }
+
+ } else {
+ uniqueIDsEnabled = Collections.emptySet();
+ Logger.info("AuthModule for 'EHVD injection' is disabled");
+
+ }
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.
+ * egovernment.moa.id.process.api.ExecutionContext)
+ */
+ @Override
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+
+ if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+ final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();
+ Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ....");
+ final boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq));
+ if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) {
+ Logger.debug("EHVD communication is allowed for SP: " + spEntityID);
+ return "DefaultAuthenticationWithEHVDInteraction";
+
+ } else {
+ if (Logger.isDebugEnabled()) {
+ if (ccAuthRequested) {
+ Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication.");
+
+ } else {
+ Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too");
+
+ }
+ }
+ }
+
+ } else {
+ Logger.trace("'EHVD injection' authentication is disabled");
+
+ }
+
+ return null;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+ */
+ @Override
+ public String[] getProcessDefinitions() {
+ return new String[] { "classpath:/DefaultAuth_with_ehvd_interaction.process.xml" };
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
new file mode 100644
index 000000000..589a316fe
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EhvdServiceAuthSpringResourceProvider implements SpringResourceProvider {
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+ */
+ @Override
+ public Resource[] getResourcesToLoad() {
+ final ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml",
+ EhvdServiceAuthSpringResourceProvider.class);
+ return new Resource[] { authConfig };
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+ */
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+ */
+ @Override
+ public String getName() {
+ return "Module for 'Dummy Authentication'";
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java
new file mode 100644
index 000000000..af413ffc3
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+import at.gv.egovernment.moa.logging.Logger;
+
+public abstract class AbstractEhvdAttributeBuilder implements IPVPAttributeBuilder {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration spConfig, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+ try {
+ GdaDescriptor fullGdaInfo =
+ authData.getGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, GdaDescriptor.class);
+
+ if (fullGdaInfo != null) {
+ String attrValue = generateAttributeValue(fullGdaInfo);
+ Logger.debug(StringUtils.isEmpty(attrValue) ? "Skip" : "Build"
+ + "attribute: " + getName());
+ return g.buildStringAttribute(getName(), getName(),
+ StringUtils.isNotEmpty(attrValue) ? attrValue : null);
+
+ } else {
+ Logger.trace("Skipping attr: " + getName() + " because no GDA info available");
+ return null;
+
+ }
+
+ } catch (ClassCastException e) {
+ Logger.trace("Skipping attr: " + getName() + " because no GDA info available");
+ return null;
+
+ }
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(getName(), getName());
+
+ }
+
+ protected abstract String generateAttributeValue(GdaDescriptor fullGdaInfo);
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java
new file mode 100644
index 000000000..7056c3099
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java
@@ -0,0 +1,28 @@
+//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+//
+//import java.util.stream.Collectors;
+//
+//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+//
+//@PVPMETADATA
+//public class EhvdAddressStateAttributeBuilder extends AbstractEhvdAttributeBuilder {
+//
+// private static final String ATTR_VALUE_DELIMITER = "|";
+//
+// @Override
+// public String getName() {
+// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_STATE;
+//
+// }
+//
+// @Override
+// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+// return fullGdaInfo.getAddress().stream()
+// .map(el -> el.getState() != null ? el.getState() : "")
+// .collect(Collectors.joining(ATTR_VALUE_DELIMITER));
+//
+// }
+//
+//}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java
new file mode 100644
index 000000000..98a0567f2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java
@@ -0,0 +1,28 @@
+//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+//
+//import java.util.stream.Collectors;
+//
+//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+//
+//@PVPMETADATA
+//public class EhvdAddressZipcodeAttributeBuilder extends AbstractEhvdAttributeBuilder {
+//
+// private static final String ATTR_VALUE_DELIMITER = "|";
+//
+// @Override
+// public String getName() {
+// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ZIPCODE;
+//
+// }
+//
+// @Override
+// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+// return fullGdaInfo.getAddress().stream()
+// .map(el -> el.getZip() != null ? el.getZip() : "")
+// .collect(Collectors.joining(ATTR_VALUE_DELIMITER));
+//
+// }
+//
+//}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java
new file mode 100644
index 000000000..1bb923cf4
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@PVPMETADATA
+public class EhvdFirstnameAttributeBuilder extends AbstractEhvdAttributeBuilder {
+
+ @Override
+ public String getName() {
+ return ConfigurationProperties.ATTRIBUTE_URN_EHVD_FIRSTNAME;
+
+ }
+
+ @Override
+ protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+ return fullGdaInfo.getFirstname();
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java
new file mode 100644
index 000000000..918b02c2e
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@PVPMETADATA
+public class EhvdIdAttributeBuilder extends AbstractEhvdAttributeBuilder {
+
+ @Override
+ public String getName() {
+ return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ID;
+
+ }
+
+ @Override
+ protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+ return fullGdaInfo.getId() != null ? fullGdaInfo.getId().getId() : null;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java
new file mode 100644
index 000000000..2d0e20c9c
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java
@@ -0,0 +1,54 @@
+//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+//
+//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+//import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+//import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+//import at.gv.egovernment.moa.logging.Logger;
+//
+//@PVPMETADATA
+//public class EhvdOtherIdAttributeBuilder extends AbstractEhvdAttributeBuilder {
+//
+// private static final String DEFAULT_ID_PREFIX = "1.2.40.0.34.4.18:";
+//
+// private String idPrefix;
+//
+// public EhvdOtherIdAttributeBuilder() {
+// try {
+// AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+// if (config != null) {
+// idPrefix = config.getBasicConfiguration(
+// ConfigurationProperties.PROP_MODULE_EHVD_OTHERID_PREFIX, DEFAULT_ID_PREFIX);
+//
+// } else {
+// idPrefix = DEFAULT_ID_PREFIX;
+//
+// }
+// } catch (ConfigurationException e) {
+// idPrefix = DEFAULT_ID_PREFIX;
+//
+// }
+//
+// Logger.info(" Set-up " + getName() + " with otherId prefix: " + idPrefix);
+//
+// }
+//
+// @Override
+// public String getName() {
+// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_OTHERID;
+//
+// }
+//
+// @Override
+// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+// return fullGdaInfo.getOtherID().stream()
+// .filter(el -> el.startsWith(idPrefix))
+// .findFirst()
+// .map(el -> el.substring(idPrefix.length()))
+// .orElse(null);
+//
+// }
+//
+//}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java
new file mode 100644
index 000000000..db8de397b
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@PVPMETADATA
+public class EhvdSurnameAttributeBuilder extends AbstractEhvdAttributeBuilder {
+
+ @Override
+ public String getName() {
+ return ConfigurationProperties.ATTRIBUTE_URN_EHVD_SURNAME;
+
+ }
+
+ @Override
+ protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+ return fullGdaInfo.getSurname();
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java
new file mode 100644
index 000000000..c978d4dd2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@PVPMETADATA
+public class EhvdTitelAttributeBuilder extends AbstractEhvdAttributeBuilder {
+
+ @Override
+ public String getName() {
+ return ConfigurationProperties.ATTRIBUTE_URN_EHVD_TITLE;
+
+ }
+
+ @Override
+ protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+ return fullGdaInfo.getTitle();
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
new file mode 100644
index 000000000..a79aa86dd
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
@@ -0,0 +1,57 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import java.util.stream.Collectors;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
+
+@PVPMETADATA
+public class PvpRoleAttributeBuilder implements IPVPAttributeBuilder {
+
+ private static final String ROLE_NAME_DELIMITER = ";";
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+ if (authData instanceof IMOAAuthData) {
+ final IMOAAuthData moaAuthData = (IMOAAuthData) authData;
+ if (moaAuthData.getAuthenticationRoles() != null
+ && !moaAuthData.getAuthenticationRoles().isEmpty()) {
+ return g.buildStringAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME,
+ moaAuthData.getAuthenticationRoles().stream()
+ .map(el -> el.getRawRoleString())
+ .collect(Collectors.joining(ROLE_NAME_DELIMITER)));
+
+ } else {
+ Logger.trace("No PVP roles available. Skipping attribute: " + ROLES_FRIENDLY_NAME);
+
+ }
+
+ } else {
+ Logger.info("Attribute: " + ROLES_FRIENDLY_NAME + " is only available in MOA-ID context");
+
+ }
+
+ return null;
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME);
+
+ }
+
+ @Override
+ public String getName() {
+ return ROLES_NAME;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java
new file mode 100644
index 000000000..f621d1bb4
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.exception;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+
+public class EhvdException extends AuthenticationException {
+
+ private static final long serialVersionUID = 380654627005502948L;
+
+ public EhvdException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+
+ }
+
+ public EhvdException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
new file mode 100644
index 000000000..b165d05e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
@@ -0,0 +1,321 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.service;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.annotation.Nonnull;
+import javax.annotation.PostConstruct;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.handler.Handler;
+import javax.xml.ws.soap.SOAPFaultException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transports.http.configuration.ProxyServerType;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import com.google.common.collect.Sets;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVDService;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GetGdaDescriptors;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.exception.EhvdException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.util.LoggingHandler;
+
+/**
+ * Implement interaction with EHVD service to get GDA information.
+ *
+ * @author tlenz
+ *
+ */
+public class EhvdCommunicationService implements IEhvdCommunication {
+
+ private static final String GDA_RESP_STATUS_ACTIVE = "Aktiv";
+
+ private static final String ERROR_EHVD_00 = "ehvd.00";
+ private static final String ERROR_EHVD_01 = "ehvd.01";
+ private static final String ERROR_EHVD_02 = "ehvd.02";
+ private static final String ERROR_EHVD_03 = "ehvd.03";
+ private static final String ERROR_EHVD_04 = "ehvd.04";
+ private static final String ERROR_CONFIG_05 = "config.05";
+
+ private static final Set<String> SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002");
+
+ @Autowired
+ IConfiguration config;
+
+ private String ehvdBpkTarget;
+
+ private EHVD ehvdClient;
+ private Pattern ehvdRolePattern;
+
+ private List<String> ehvhPvpRoleList;
+
+ /**
+ * Get user's GDA roles from EHVD Service.
+ *
+ * @param identityLink IdentityLink of the user
+ * @return {@link List} of Roles that are received from EHVD
+ * @throws AuthenticationException In case of an EHVD communication error
+ * @throws EAAFBuilderException In case of a bPK generation error
+ */
+ @Override
+ @Nonnull
+ public EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException,
+ EAAFBuilderException {
+
+ // get bPK for EHVD request
+ final Pair<String, String> ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier(
+ identityLink.getIdentificationValue(),
+ identityLink.getIdentificationType(),
+ ehvdBpkTarget);
+
+ // request EHVD and handle errors
+ final GdaIndexResponse gdaResp = requestingGda(ehvdBpk.getFirst());
+
+ // parse roles from response
+ return EhvdResponseHolder.getInstance(gdaResp.getGda(), parseGdaResponse(gdaResp));
+
+ }
+
+ @Nonnull
+ private GdaIndexResponse requestingGda(String bpk) throws EhvdException {
+ try {
+ final GetGdaDescriptors gdaReq = buildGdaRequest(bpk);
+ Logger.debug("Requesting EHVD to get GDA status ... ");
+ final GdaIndexResponse gdaResp = ehvdClient.getGDA(gdaReq);
+ Logger.debug("Receive GDA status. Starting response validation ... ");
+ return gdaResp;
+
+ } catch (final SOAPFaultException e) {
+ throw handleSoapFaultError(e);
+
+ } catch (final Exception e) {
+ Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e);
+ throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e);
+
+ }
+
+ }
+
+ private EhvdException handleSoapFaultError(SOAPFaultException e) {
+ // extract reason for this error
+ final String errorMsg = e.getFault() != null
+ ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString()
+ : e.getMessage()
+ : e.getMessage();
+
+ if (SERVICE_ERRORS_LOG_INFO.stream()
+ .filter(el -> errorMsg.contains(el))
+ .findFirst()
+ .isPresent()) {
+ Logger.info("EHVD communication failed with SOAP response: " + errorMsg);
+ return new EhvdException(ERROR_EHVD_03, new Object[] { errorMsg });
+
+ } else {
+ Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e);
+ return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg });
+
+ }
+
+
+
+ }
+
+ private List<String> parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException {
+ if (ehvdResp.getGda() != null) {
+ final GdaDescriptor gdaInfo = ehvdResp.getGda();
+ if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) {
+ Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles");
+
+ // match roles with regex from configuration
+ final Optional<String> validGdaRole = gdaInfo.getRoles().getRole().stream()
+ .filter(el -> matchGdaRole(el))
+ .findFirst();
+
+ if (validGdaRole.isPresent()) {
+ Logger.info("Find valid GDA role: " + validGdaRole.get() + " Set PVP Role: "
+ + StringUtils.join(ehvhPvpRoleList, ",") + " into Session");
+
+ // set role into response
+ return ehvhPvpRoleList;
+
+ } else {
+ Logger.info("No valid GDA role in EHVD response");
+ throw new EhvdException(ERROR_EHVD_04, null);
+
+ }
+
+ } else {
+ Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... ");
+ throw new EhvdException(ERROR_EHVD_00, null);
+
+ }
+
+ } else {
+ Logger.info("Receive empty GDA response");
+ throw new EhvdException(ERROR_EHVD_03, new Object[] {});
+
+ }
+ }
+
+ private boolean matchGdaRole(String role) {
+ final Matcher matcher = ehvdRolePattern.matcher(role);
+ final boolean matches = matcher.matches();
+ Logger.trace(matches ? "EHVD role: " + role + " matches"
+ : "EHVD role: " + role + " does not matche to pattern: " + matcher.toString());
+ return matches;
+
+ }
+
+ private GetGdaDescriptors buildGdaRequest(String bPK) {
+ final GetGdaDescriptors req = new GetGdaDescriptors();
+ final InstanceIdentifier gdaIdentifier = new InstanceIdentifier();
+ gdaIdentifier.setOidIssuingAuthority(PVPAttributeDefinitions.BPK_OID);
+ gdaIdentifier.setId(bPK);
+ req.setHcIdentifier(gdaIdentifier);
+ return req;
+
+ }
+
+ @PostConstruct
+ private void initialize() throws EAAFConfigurationException {
+ if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+ initializeEhvdClient();
+
+ // load EHVD bPK target
+ ehvdBpkTarget = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_SERVICE_TARGET,
+ ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET);
+ Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget);
+
+ // load Regex to match EHVD Roles to PVP Roles
+ final String ehvdRoleRegex = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX);
+ checkConfigPropertyNotNull(ehvdRoleRegex, ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX);
+ ehvdRolePattern = Pattern.compile(ehvdRoleRegex);
+
+ Logger.info("Set-up EHVD Client with Role regex: " + ehvdRolePattern.toString());
+
+ // load PVP Roles for EHVD integration
+ final String ehvdPvpRole = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_PVP_ROLE);
+ checkConfigPropertyNotNull(ehvdPvpRole, ConfigurationProperties.PROP_MODULE_PVP_ROLE);
+ ehvhPvpRoleList = KeyValueUtils.getListOfCSVValues(ehvdPvpRole);
+ Logger.info("Set-up EHVD module with PVP Role: " + StringUtils.join(ehvhPvpRoleList, ","));
+
+ } else {
+ Logger.info("Skipping EHVD client because it's not active");
+
+ }
+ }
+
+ private void checkConfigPropertyNotNull(String valueToCheck, String configPropName)
+ throws EAAFConfigurationException {
+ if (StringUtils.isEmpty(valueToCheck)) {
+ Logger.error("Missing configuration for EHVD module. "
+ + "(Property: " + configPropName + ")");
+ throw new EAAFConfigurationException(ERROR_CONFIG_05,
+ new Object[] { configPropName });
+
+ }
+
+ }
+
+ private void initializeEhvdClient() throws EAAFConfigurationException {
+ Logger.debug("Initializing EHVD client ... ");
+ final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl");
+ final EHVDService service = new EHVDService(url);
+ ehvdClient = service.getEHVDPort12();
+
+ // load service end-point URL from configuration
+ final String ehvdEndpointUrl = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT);
+ if (StringUtils.isEmpty(ehvdEndpointUrl)) {
+ Logger.error("Missing configuration for EHVD WebService endpoint. "
+ + "(Property: " + ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT + ")");
+ throw new EAAFConfigurationException(ERROR_CONFIG_05,
+ new Object[] { ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT });
+
+ }
+
+ // inject service end-point URL
+ final Map<String, Object> requestContext = ((BindingProvider) ehvdClient).getRequestContext();
+ requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, ehvdEndpointUrl);
+
+ // inject Logging handler
+ List<Handler> handlerList = ((BindingProvider) ehvdClient).getBinding().getHandlerChain();
+ if (handlerList == null) {
+ handlerList = new ArrayList<>();
+
+ }
+
+ handlerList.add(new LoggingHandler());
+ ((BindingProvider) ehvdClient).getBinding().setHandlerChain(handlerList);
+
+ Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl);
+
+ // these code is only for local testing
+ final String socksPort = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT);
+ if (StringUtils.isNotEmpty(socksPort)) {
+ Logger.warn("Injecting SOCKS5 Proxy for service communication!");
+ final Client client = ClientProxy.getClient(ehvdClient);
+ final HTTPConduit http = (HTTPConduit) client.getConduit();
+ http.getClient().setProxyServerType(ProxyServerType.SOCKS);
+ http.getClient().setProxyServer("127.0.0.1");
+ http.getClient().setProxyServerPort(Integer.valueOf(socksPort));
+
+ }
+ }
+
+ public static class EhvdResponseHolder {
+ final List<String> roles;
+ final GdaDescriptor fullGdaResponse;
+
+
+ public static EhvdResponseHolder getInstance(GdaDescriptor gdaInfo, List<String> processedRoles) {
+ return new EhvdResponseHolder(gdaInfo, processedRoles);
+
+ }
+
+ private EhvdResponseHolder(GdaDescriptor gdaInfo, List<String> processedRoles) {
+ this.roles = processedRoles;
+ this.fullGdaResponse = gdaInfo;
+
+ }
+
+ public List<String> getRoles() {
+ return roles;
+ }
+
+ public GdaDescriptor getFullGdaResponse() {
+ return fullGdaResponse;
+ }
+
+
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
new file mode 100644
index 000000000..6b7c7e2f5
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
@@ -0,0 +1,20 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.service;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder;
+
+public interface IEhvdCommunication {
+
+ /**
+ * Get user's GDA roles from EHVD Service.
+ *
+ * @param identityLink IdentityLink of the user
+ * @return {@link EhvdResponseHolder} that contains the Roles received from EHVD and the full GDA response
+ * @throws AuthenticationException In case of an EHVD communication error
+ * @throws EAAFBuilderException In case of a bPK generation error
+ */
+ EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException;
+
+} \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
new file mode 100644
index 000000000..ee5dbb2fd
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd.task;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("InjectEhvdInformationTask")
+public class InjectEhvdInformationTask extends AbstractAuthServletTask {
+
+ @Autowired
+ IEhvdCommunication ehvdService;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.
+ * egovernment.moa.id.process.api.ExecutionContext,
+ * javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request,
+ HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ final AuthenticationSessionWrapper session = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
+ // validate internal state
+ validateInternalState(session);
+
+ // requesting roles from EHVD
+ final EhvdResponseHolder ehvdResponse = ehvdService.getRoles(session.getIdentityLink());
+
+ // inject EHVD roles
+ session.setGenericDataToSession(PVPAttributeDefinitions.ROLES_NAME,
+ StringUtils.join(ehvdResponse.getRoles(), ";"));
+
+ // inject full EHVD response
+ session.setGenericDataToSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX,
+ ehvdResponse.getFullGdaResponse());
+
+ // store MOASession into database
+ requestStoreage.storePendingRequest(pendingReq);
+
+ } catch (final MOAIDException e) {
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } catch (final Exception e) {
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ }
+ }
+
+ private void validateInternalState(AuthenticationSessionWrapper session) throws AuthenticationException {
+ // check if identityLink is available
+ if (session.getIdentityLink() == null) {
+ Logger.error("No IdentityLink in session. There is an internal error in process definition");
+ throw new AuthenticationException("process.04", null);
+
+ }
+
+ }
+
+}