From ba6ba0af88d8c9472a63356ddf3d19f84847c2d7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 28 Jul 2021 11:33:11 +0200 Subject: add new authentication module for EHVD communication --- .../ehvd/service/EhvdCommunicationService.java | 69 ++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java new file mode 100644 index 000000000..f0e2069a1 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -0,0 +1,69 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.service; + +import java.util.Collections; +import java.util.List; + +import javax.annotation.Nonnull; +import javax.annotation.PostConstruct; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Implement interaction with EHVD service to get GDA information. + * + * @author tlenz + * + */ +public class EhvdCommunicationService implements IEhvdCommunication { + + @Autowired IConfiguration config; + + private String ehvdBpkTarget; + + /** + * Get user's GDA roles from EHVD Service. + * + * @param identityLink IdentityLink of the user + * @return {@link List} of Roles that are received from EHVD + * @throws AuthenticationException In case of an EHVD communication error + * @throws EAAFBuilderException In case of a bPK generation error + */ + @Override + @Nonnull + public List getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException { + + // get bPK for EHVD request + Pair ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + ehvdBpkTarget); + + + //TODO: request EHVD and handle errors + + //TODO: parse roles from response + + + return Collections.emptyList(); + + } + + @PostConstruct + private void initialize() { + ehvdBpkTarget = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, + ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); + Logger.info("Initialize EHVD Client with bPK target: " + ehvdBpkTarget); + + } + +} -- cgit v1.2.3 From 56af7bee462d70f08d0442254c632f39e50ec96f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 29 Jul 2021 09:03:47 +0200 Subject: add EHVD WSDL and implement SOAP client --- .../ehvd/service/EhvdCommunicationService.java | 194 ++++++++++++++++++--- 1 file changed, 169 insertions(+), 25 deletions(-) (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index f0e2069a1..ab4a70751 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -1,69 +1,213 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service; +import java.net.URL; +import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Map; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.handler.Handler; +import javax.xml.ws.soap.SOAPFaultException; +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.ProxyServerType; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVDService; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GetGdaDescriptors; +import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier; +import at.gv.egovernment.moa.id.auth.modules.ehvd.exception.EhvdException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.util.LoggingHandler; /** * Implement interaction with EHVD service to get GDA information. - * + * * @author tlenz * */ public class EhvdCommunicationService implements IEhvdCommunication { - @Autowired IConfiguration config; - + private static final String GDA_RESP_STATUS_ACTIVE = "Aktiv"; + + private static final String ERROR_EHVD_00 = "ehvd.00"; + private static final String ERROR_EHVD_01 = "ehvd.01"; + private static final String ERROR_EHVD_02 = "ehvd.02"; + private static final String ERROR_CONFIG_05 = "config.05"; + + @Autowired + IConfiguration config; + private String ehvdBpkTarget; - + + private EHVD ehvdClient; + /** * Get user's GDA roles from EHVD Service. - * + * * @param identityLink IdentityLink of the user * @return {@link List} of Roles that are received from EHVD * @throws AuthenticationException In case of an EHVD communication error - * @throws EAAFBuilderException In case of a bPK generation error + * @throws EAAFBuilderException In case of a bPK generation error */ @Override @Nonnull - public List getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException { - + public List getRoles(IIdentityLink identityLink) throws AuthenticationException, + EAAFBuilderException { + // get bPK for EHVD request - Pair ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), + final Pair ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), ehvdBpkTarget); - - - //TODO: request EHVD and handle errors - - //TODO: parse roles from response - - + + // request EHVD and handle errors + final GdaIndexResponse gdaResp = requestingGda(ehvdBpk.getFirst()); + + // parse roles from response + return parseGdaResponse(gdaResp); + + } + + @Nonnull + private GdaIndexResponse requestingGda(String bpk) throws EhvdException { + try { + final GetGdaDescriptors gdaReq = buildGdaRequest(bpk); + Logger.debug("Requesting EHVD to get GDA status ... "); + final GdaIndexResponse gdaResp = ehvdClient.getGDA(gdaReq); + Logger.debug("Receive GDA status. Starting response validation ... "); + return gdaResp; + + } catch (final SOAPFaultException e) { + // extract reason for this error + String errorMsg = e.getFault() != null + ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() + : e.getMessage(); + + Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); + throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}, e); + + } catch (final Exception e) { + Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); + throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e); + + } + + } + + private List parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException { + if (ehvdResp.getGda() != null) { + final GdaDescriptor gdaInfo = ehvdResp.getGda(); + if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) { + Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles"); + return gdaInfo.getRoles().getRole(); + + } else { + Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... "); + throw new EhvdException(ERROR_EHVD_00, null); + + } + + } else { + Logger.debug("Receive empty GDA response"); + // TODO: what we to in case of empty response? + + } + return Collections.emptyList(); - + + } + + private GetGdaDescriptors buildGdaRequest(String bPK) { + final GetGdaDescriptors req = new GetGdaDescriptors(); + final InstanceIdentifier gdaIdentifier = new InstanceIdentifier(); + gdaIdentifier.setOidIssuingAuthority(PVPAttributeDefinitions.BPK_OID); + gdaIdentifier.setId(bPK); + req.setHcIdentifier(gdaIdentifier); + return req; + } @PostConstruct - private void initialize() { - ehvdBpkTarget = config.getBasicConfiguration( - ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, - ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); - Logger.info("Initialize EHVD Client with bPK target: " + ehvdBpkTarget); + private void initialize() throws EAAFConfigurationException { + if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + initializeEhvdClient(); + + ehvdBpkTarget = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, + ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); + Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget); + + } else { + Logger.info("Skipping EHVD client because it's not active"); + + } + } + + private void initializeEhvdClient() throws EAAFConfigurationException { + Logger.debug("Initializing EHVD client ... "); + final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl"); + final EHVDService service = new EHVDService(url); + ehvdClient = service.getEHVDPort12(); + + // load service end-point URL from configuration + final String ehvdEndpointUrl = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT); + if (StringUtils.isEmpty(ehvdEndpointUrl)) { + Logger.error("Missing configuration for EHVD WebService endpoint. " + + "(Property: " + ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT + ")"); + throw new EAAFConfigurationException(ERROR_CONFIG_05, + new Object[] { ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT }); + + } + + // inject service end-point URL + final Map requestContext = ((BindingProvider) ehvdClient).getRequestContext(); + requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, ehvdEndpointUrl); + + // inject Logging handler + List handlerList = ((BindingProvider) ehvdClient).getBinding().getHandlerChain(); + if (handlerList == null) { + handlerList = new ArrayList<>(); + + } + + handlerList.add(new LoggingHandler()); + ((BindingProvider) ehvdClient).getBinding().setHandlerChain(handlerList); + + Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl); + + + // these code is only for local testing + String socksPort = config.getBasicConfiguration(ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); + if (StringUtils.isNotEmpty(socksPort)) { + Logger.warn("Injecting SOCKS5 Proxy for service communication!"); + final Client client = ClientProxy.getClient(ehvdClient); + final HTTPConduit http = (HTTPConduit) client.getConduit(); + http.getClient().setProxyServerType(ProxyServerType.SOCKS); + http.getClient().setProxyServer("127.0.0.1"); + http.getClient().setProxyServerPort(Integer.valueOf(socksPort)); + + } } - + } -- cgit v1.2.3 From 7abe41afdb6f454e02126dbc90fb0352d0d15f74 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 30 Jul 2021 09:16:47 +0200 Subject: throw a specific error in case of a EHVD response that contains no GDA information --- .../auth/modules/ehvd/service/EhvdCommunicationService.java | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index ab4a70751..2ef79a141 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -51,6 +51,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { private static final String ERROR_EHVD_00 = "ehvd.00"; private static final String ERROR_EHVD_01 = "ehvd.01"; private static final String ERROR_EHVD_02 = "ehvd.02"; + private static final String ERROR_EHVD_03 = "ehvd.03"; private static final String ERROR_CONFIG_05 = "config.05"; @Autowired @@ -100,8 +101,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { // extract reason for this error String errorMsg = e.getFault() != null ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() - : e.getMessage(); - + : e.getMessage(); Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}, e); @@ -127,13 +127,11 @@ public class EhvdCommunicationService implements IEhvdCommunication { } } else { - Logger.debug("Receive empty GDA response"); - // TODO: what we to in case of empty response? + Logger.info("Receive empty GDA response"); + throw new EhvdException(ERROR_EHVD_03, new Object[] {}); + } - - return Collections.emptyList(); - } private GetGdaDescriptors buildGdaRequest(String bPK) { -- cgit v1.2.3 From eed64f78c6e0dd37145b373d7218c07c0f4a8a33 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 30 Jul 2021 11:16:49 +0200 Subject: do not forward SOAP exception into MOA-ID exception handling because child objects of SOAP exceptions are not serializable --- .../moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index 2ef79a141..51bae6dfd 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -103,7 +103,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() : e.getMessage(); Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); - throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}, e); + throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}); } catch (final Exception e) { Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); -- cgit v1.2.3 From ef16b7e22800a5b200e58dd83fc406bb94dd671a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 30 Jul 2021 11:28:23 +0200 Subject: Log some EHVD faults on INFO level because they are well known --- .../ehvd/service/EhvdCommunicationService.java | 35 +++++++++++++++++----- 1 file changed, 28 insertions(+), 7 deletions(-) (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index 51bae6dfd..a25a7f421 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -5,6 +5,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Set; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; @@ -19,6 +20,8 @@ import org.apache.cxf.transport.http.HTTPConduit; import org.apache.cxf.transports.http.configuration.ProxyServerType; import org.springframework.beans.factory.annotation.Autowired; +import com.google.common.collect.Sets; + import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; @@ -53,7 +56,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { private static final String ERROR_EHVD_02 = "ehvd.02"; private static final String ERROR_EHVD_03 = "ehvd.03"; private static final String ERROR_CONFIG_05 = "config.05"; - + + private static final Set SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002"); + @Autowired IConfiguration config; @@ -98,12 +103,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { return gdaResp; } catch (final SOAPFaultException e) { - // extract reason for this error - String errorMsg = e.getFault() != null - ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() - : e.getMessage(); - Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); - throw new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}); + throw handleSoapFaultError(e); } catch (final Exception e) { Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); @@ -113,6 +113,27 @@ public class EhvdCommunicationService implements IEhvdCommunication { } + private EhvdException handleSoapFaultError(SOAPFaultException e) { + // extract reason for this error + String errorMsg = e.getFault() != null + ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() + : e.getMessage(); + + if (SERVICE_ERRORS_LOG_INFO.stream() + .filter(el -> errorMsg.contains(el)) + .findFirst() + .isPresent()) { + Logger.info("EHVD communication failed with SOAP response: " + errorMsg); + + } else { + Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); + + } + + return new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}); + + } + private List parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException { if (ehvdResp.getGda() != null) { final GdaDescriptor gdaInfo = ehvdResp.getGda(); -- cgit v1.2.3 From 031d236181704248475554ebf7ae373096637a4f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Sep 2021 13:45:25 +0200 Subject: update EHVD Role filtering and mapping --- .../ehvd/service/EhvdCommunicationService.java | 111 ++++++++++++++++----- 1 file changed, 86 insertions(+), 25 deletions(-) (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index a25a7f421..900adaff7 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -2,10 +2,12 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service; import java.net.URL; import java.util.ArrayList; -import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; @@ -29,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; @@ -55,16 +58,20 @@ public class EhvdCommunicationService implements IEhvdCommunication { private static final String ERROR_EHVD_01 = "ehvd.01"; private static final String ERROR_EHVD_02 = "ehvd.02"; private static final String ERROR_EHVD_03 = "ehvd.03"; + private static final String ERROR_EHVD_04 = "ehvd.04"; private static final String ERROR_CONFIG_05 = "config.05"; - + private static final Set SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002"); - + @Autowired IConfiguration config; private String ehvdBpkTarget; private EHVD ehvdClient; + private Pattern ehvdRolePattern; + + private List ehvhPvpRoleList; /** * Get user's GDA roles from EHVD Service. @@ -102,9 +109,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { Logger.debug("Receive GDA status. Starting response validation ... "); return gdaResp; - } catch (final SOAPFaultException e) { + } catch (final SOAPFaultException e) { throw handleSoapFaultError(e); - + } catch (final Exception e) { Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e); @@ -114,24 +121,25 @@ public class EhvdCommunicationService implements IEhvdCommunication { } private EhvdException handleSoapFaultError(SOAPFaultException e) { - // extract reason for this error - String errorMsg = e.getFault() != null - ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() + // extract reason for this error + final String errorMsg = e.getFault() != null + ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() + : e.getMessage() : e.getMessage(); - + if (SERVICE_ERRORS_LOG_INFO.stream() - .filter(el -> errorMsg.contains(el)) - .findFirst() - .isPresent()) { - Logger.info("EHVD communication failed with SOAP response: " + errorMsg); - + .filter(el -> errorMsg.contains(el)) + .findFirst() + .isPresent()) { + Logger.info("EHVD communication failed with SOAP response: " + errorMsg); + } else { Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); - - } - - return new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}); - + + } + + return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg }); + } private List parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException { @@ -139,7 +147,24 @@ public class EhvdCommunicationService implements IEhvdCommunication { final GdaDescriptor gdaInfo = ehvdResp.getGda(); if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) { Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles"); - return gdaInfo.getRoles().getRole(); + + // match roles with regex from configuration + final Optional validGdaRole = gdaInfo.getRoles().getRole().stream() + .filter(el -> matchGdaRole(el)) + .findFirst(); + + if (validGdaRole.isPresent()) { + Logger.info("Find valid GDA role: " + validGdaRole.get() + " Set PVP Role: " + + StringUtils.join(ehvhPvpRoleList, ",") + " into Session"); + + // set role into response + return ehvhPvpRoleList; + + } else { + Logger.info("No valid GDA role in EHVD response"); + throw new EhvdException(ERROR_EHVD_04, null); + + } } else { Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... "); @@ -150,11 +175,19 @@ public class EhvdCommunicationService implements IEhvdCommunication { } else { Logger.info("Receive empty GDA response"); throw new EhvdException(ERROR_EHVD_03, new Object[] {}); - } } + private boolean matchGdaRole(String role) { + final Matcher matcher = ehvdRolePattern.matcher(role); + final boolean matches = matcher.matches(); + Logger.trace(matches ? "EHVD role: " + role + " matches" + : "EHVD role: " + role + " does not matche to pattern: " + matcher.toString()); + return matches; + + } + private GetGdaDescriptors buildGdaRequest(String bPK) { final GetGdaDescriptors req = new GetGdaDescriptors(); final InstanceIdentifier gdaIdentifier = new InstanceIdentifier(); @@ -170,17 +203,45 @@ public class EhvdCommunicationService implements IEhvdCommunication { if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { initializeEhvdClient(); + // load EHVD bPK target ehvdBpkTarget = config.getBasicConfiguration( ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget); + // load Regex to match EHVD Roles to PVP Roles + final String ehvdRoleRegex = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); + checkConfigPropertyNotNull(ehvdRoleRegex, ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); + ehvdRolePattern = Pattern.compile(ehvdRoleRegex); + + Logger.info("Set-up EHVD Client with Role regex: " + ehvdRolePattern.toString()); + + // load PVP Roles for EHVD integration + final String ehvdPvpRole = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_PVP_ROLE); + checkConfigPropertyNotNull(ehvdPvpRole, ConfigurationProperties.PROP_MODULE_PVP_ROLE); + ehvhPvpRoleList = KeyValueUtils.getListOfCSVValues(ehvdPvpRole); + Logger.info("Set-up EHVD module with PVP Role: " + StringUtils.join(ehvhPvpRoleList, ",")); + } else { Logger.info("Skipping EHVD client because it's not active"); } } + private void checkConfigPropertyNotNull(String valueToCheck, String configPropName) + throws EAAFConfigurationException { + if (StringUtils.isEmpty(valueToCheck)) { + Logger.error("Missing configuration for EHVD module. " + + "(Property: " + configPropName + ")"); + throw new EAAFConfigurationException(ERROR_CONFIG_05, + new Object[] { configPropName }); + + } + + } + private void initializeEhvdClient() throws EAAFConfigurationException { Logger.debug("Initializing EHVD client ... "); final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl"); @@ -214,9 +275,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl); - // these code is only for local testing - String socksPort = config.getBasicConfiguration(ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); + final String socksPort = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); if (StringUtils.isNotEmpty(socksPort)) { Logger.warn("Injecting SOCKS5 Proxy for service communication!"); final Client client = ClientProxy.getClient(ehvdClient); @@ -224,9 +285,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { http.getClient().setProxyServerType(ProxyServerType.SOCKS); http.getClient().setProxyServer("127.0.0.1"); http.getClient().setProxyServerPort(Integer.valueOf(socksPort)); - + } - + } } -- cgit v1.2.3 From 664c9bcffc537dc206140f03ca0a7c9b81b396cd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Sep 2021 12:37:14 +0200 Subject: update EHVD communication-task to implement new requirements from BRZ --- .../ehvd/service/EhvdCommunicationService.java | 32 ++++++++++++++++++++-- 1 file changed, 29 insertions(+), 3 deletions(-) (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index 900adaff7..cf58fe718 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -83,7 +83,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { */ @Override @Nonnull - public List getRoles(IIdentityLink identityLink) throws AuthenticationException, + public EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException { // get bPK for EHVD request @@ -96,7 +96,7 @@ public class EhvdCommunicationService implements IEhvdCommunication { final GdaIndexResponse gdaResp = requestingGda(ehvdBpk.getFirst()); // parse roles from response - return parseGdaResponse(gdaResp); + return EhvdResponseHolder.getInstance(gdaResp.getGda(), parseGdaResponse(gdaResp)); } @@ -287,7 +287,33 @@ public class EhvdCommunicationService implements IEhvdCommunication { http.getClient().setProxyServerPort(Integer.valueOf(socksPort)); } - } + public static class EhvdResponseHolder { + final List roles; + final GdaDescriptor fullGdaResponse; + + + public static EhvdResponseHolder getInstance(GdaDescriptor gdaInfo, List processedRoles) { + return new EhvdResponseHolder(gdaInfo, processedRoles); + + } + + private EhvdResponseHolder(GdaDescriptor gdaInfo, List processedRoles) { + this.roles = processedRoles; + this.fullGdaResponse = gdaInfo; + + } + + public List getRoles() { + return roles; + } + + public GdaDescriptor getFullGdaResponse() { + return fullGdaResponse; + } + + + + } } -- cgit v1.2.3 From ac4812a1c4cccf61ba0843b04cb987df49f34e29 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 17 Nov 2021 08:22:46 +0100 Subject: distinguish between 'ERROR_EHVD_02' and 'ERROR_EHVD_03' based on error message --- .../moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index cf58fe718..b165d05e2 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -132,13 +132,15 @@ public class EhvdCommunicationService implements IEhvdCommunication { .findFirst() .isPresent()) { Logger.info("EHVD communication failed with SOAP response: " + errorMsg); + return new EhvdException(ERROR_EHVD_03, new Object[] { errorMsg }); } else { Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); + return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg }); } - return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg }); + } -- cgit v1.2.3