From 031d236181704248475554ebf7ae373096637a4f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Sep 2021 13:45:25 +0200 Subject: update EHVD Role filtering and mapping --- .../auth/modules/ehvd/ConfigurationProperties.java | 3 + .../auth/modules/ehvd/EhvdServiceAuthModule.java | 10 +- .../EhvdServiceAuthSpringResourceProvider.java | 55 +++++----- .../ehvd/attributes/PvpRoleAttributeBuilder.java | 25 +++-- .../auth/modules/ehvd/exception/EhvdException.java | 4 +- .../ehvd/service/EhvdCommunicationService.java | 111 ++++++++++++++++----- .../modules/ehvd/service/IEhvdCommunication.java | 6 +- .../ehvd/task/InjectEhvdInformationTask.java | 36 +++---- .../resources/properties/id_messages.properties | 1 + .../protocol_response_statuscodes.properties | 1 + .../attributes/PvpRoleAttributeBuilderTest.java | 26 +++++ .../InjectEhvdIdentityInformationTaskTest.java | 80 ++++++++++++++- .../src/test/resources/config/config1.properties | 3 + 13 files changed, 268 insertions(+), 93 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java index 07d65f2f5..035e59387 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java @@ -34,6 +34,9 @@ public class ConfigurationProperties { public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target"; public static final String PROP_MODULE_SERVICE_ENDPOINT = MODULE_PREFIX + "service.url"; + public static final String PROP_MODULE_EHVD_ROLE_REGEX = MODULE_PREFIX + "service.role.regex"; + + public static final String PROP_MODULE_PVP_ROLE = MODULE_PREFIX + "role.pvp"; public static final String PROP_MODULE_PROXY_SOCKS_PORT = MODULE_PREFIX + "proxy.socks.port"; diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java index 917c226a2..d087b9fe2 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java @@ -107,20 +107,20 @@ public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl { if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); - Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ...."); - boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq)); + Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ...."); + final boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq)); if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) { - Logger.debug("EHVD communication is allowed for SP: " + spEntityID); + Logger.debug("EHVD communication is allowed for SP: " + spEntityID); return "DefaultAuthenticationWithEHVDInteraction"; } else { if (Logger.isDebugEnabled()) { if (ccAuthRequested) { Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication."); - + } else { Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too"); - + } } } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java index ea0695a1a..589a316fe 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java @@ -33,30 +33,39 @@ import at.gv.egiz.components.spring.api.SpringResourceProvider; */ public class EhvdServiceAuthSpringResourceProvider implements SpringResourceProvider { - /* (non-Javadoc) - * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() - */ - @Override - public Resource[] getResourcesToLoad() { - ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml", EhvdServiceAuthSpringResourceProvider.class); - return new Resource[] {authConfig}; - } + /* + * (non-Javadoc) + * + * @see + * at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + final ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml", + EhvdServiceAuthSpringResourceProvider.class); + return new Resource[] { authConfig }; + } - /* (non-Javadoc) - * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() - */ - @Override - public String[] getPackagesToScan() { - // TODO Auto-generated method stub - return null; - } + /* + * (non-Javadoc) + * + * @see + * at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } - /* (non-Javadoc) - * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() - */ - @Override - public String getName() { - return "Module for 'Dummy Authentication'"; - } + /* + * (non-Javadoc) + * + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "Module for 'Dummy Authentication'"; + } } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java index 0f1c96aa8..a79aa86dd 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java @@ -15,44 +15,43 @@ import at.gv.egovernment.moa.logging.Logger; public class PvpRoleAttributeBuilder implements IPVPAttributeBuilder { private static final String ROLE_NAME_DELIMITER = ";"; - + @Override public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { if (authData instanceof IMOAAuthData) { - IMOAAuthData moaAuthData = (IMOAAuthData)authData; - if (moaAuthData.getAuthenticationRoles() != null + final IMOAAuthData moaAuthData = (IMOAAuthData) authData; + if (moaAuthData.getAuthenticationRoles() != null && !moaAuthData.getAuthenticationRoles().isEmpty()) { return g.buildStringAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME, moaAuthData.getAuthenticationRoles().stream() .map(el -> el.getRawRoleString()) .collect(Collectors.joining(ROLE_NAME_DELIMITER))); - - + } else { Logger.trace("No PVP roles available. Skipping attribute: " + ROLES_FRIENDLY_NAME); - + } - + } else { Logger.info("Attribute: " + ROLES_FRIENDLY_NAME + " is only available in MOA-ID context"); - + } - + return null; - + } @Override public ATT buildEmpty(IAttributeGenerator g) { return g.buildEmptyAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME); - + } @Override public String getName() { return ROLES_NAME; - + } - + } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java index daab154bc..f621d1bb4 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java @@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.exception; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -public class EhvdException extends AuthenticationException{ +public class EhvdException extends AuthenticationException { private static final long serialVersionUID = 380654627005502948L; @@ -15,5 +15,5 @@ public class EhvdException extends AuthenticationException{ super(messageId, parameters, e); } - + } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java index a25a7f421..900adaff7 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -2,10 +2,12 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service; import java.net.URL; import java.util.ArrayList; -import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; @@ -29,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD; @@ -55,16 +58,20 @@ public class EhvdCommunicationService implements IEhvdCommunication { private static final String ERROR_EHVD_01 = "ehvd.01"; private static final String ERROR_EHVD_02 = "ehvd.02"; private static final String ERROR_EHVD_03 = "ehvd.03"; + private static final String ERROR_EHVD_04 = "ehvd.04"; private static final String ERROR_CONFIG_05 = "config.05"; - + private static final Set SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002"); - + @Autowired IConfiguration config; private String ehvdBpkTarget; private EHVD ehvdClient; + private Pattern ehvdRolePattern; + + private List ehvhPvpRoleList; /** * Get user's GDA roles from EHVD Service. @@ -102,9 +109,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { Logger.debug("Receive GDA status. Starting response validation ... "); return gdaResp; - } catch (final SOAPFaultException e) { + } catch (final SOAPFaultException e) { throw handleSoapFaultError(e); - + } catch (final Exception e) { Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e); throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e); @@ -114,24 +121,25 @@ public class EhvdCommunicationService implements IEhvdCommunication { } private EhvdException handleSoapFaultError(SOAPFaultException e) { - // extract reason for this error - String errorMsg = e.getFault() != null - ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() : e.getMessage() + // extract reason for this error + final String errorMsg = e.getFault() != null + ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString() + : e.getMessage() : e.getMessage(); - + if (SERVICE_ERRORS_LOG_INFO.stream() - .filter(el -> errorMsg.contains(el)) - .findFirst() - .isPresent()) { - Logger.info("EHVD communication failed with SOAP response: " + errorMsg); - + .filter(el -> errorMsg.contains(el)) + .findFirst() + .isPresent()) { + Logger.info("EHVD communication failed with SOAP response: " + errorMsg); + } else { Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e); - - } - - return new EhvdException(ERROR_EHVD_02, new Object[] {errorMsg}); - + + } + + return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg }); + } private List parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException { @@ -139,7 +147,24 @@ public class EhvdCommunicationService implements IEhvdCommunication { final GdaDescriptor gdaInfo = ehvdResp.getGda(); if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) { Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles"); - return gdaInfo.getRoles().getRole(); + + // match roles with regex from configuration + final Optional validGdaRole = gdaInfo.getRoles().getRole().stream() + .filter(el -> matchGdaRole(el)) + .findFirst(); + + if (validGdaRole.isPresent()) { + Logger.info("Find valid GDA role: " + validGdaRole.get() + " Set PVP Role: " + + StringUtils.join(ehvhPvpRoleList, ",") + " into Session"); + + // set role into response + return ehvhPvpRoleList; + + } else { + Logger.info("No valid GDA role in EHVD response"); + throw new EhvdException(ERROR_EHVD_04, null); + + } } else { Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... "); @@ -150,11 +175,19 @@ public class EhvdCommunicationService implements IEhvdCommunication { } else { Logger.info("Receive empty GDA response"); throw new EhvdException(ERROR_EHVD_03, new Object[] {}); - } } + private boolean matchGdaRole(String role) { + final Matcher matcher = ehvdRolePattern.matcher(role); + final boolean matches = matcher.matches(); + Logger.trace(matches ? "EHVD role: " + role + " matches" + : "EHVD role: " + role + " does not matche to pattern: " + matcher.toString()); + return matches; + + } + private GetGdaDescriptors buildGdaRequest(String bPK) { final GetGdaDescriptors req = new GetGdaDescriptors(); final InstanceIdentifier gdaIdentifier = new InstanceIdentifier(); @@ -170,17 +203,45 @@ public class EhvdCommunicationService implements IEhvdCommunication { if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { initializeEhvdClient(); + // load EHVD bPK target ehvdBpkTarget = config.getBasicConfiguration( ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget); + // load Regex to match EHVD Roles to PVP Roles + final String ehvdRoleRegex = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); + checkConfigPropertyNotNull(ehvdRoleRegex, ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX); + ehvdRolePattern = Pattern.compile(ehvdRoleRegex); + + Logger.info("Set-up EHVD Client with Role regex: " + ehvdRolePattern.toString()); + + // load PVP Roles for EHVD integration + final String ehvdPvpRole = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_PVP_ROLE); + checkConfigPropertyNotNull(ehvdPvpRole, ConfigurationProperties.PROP_MODULE_PVP_ROLE); + ehvhPvpRoleList = KeyValueUtils.getListOfCSVValues(ehvdPvpRole); + Logger.info("Set-up EHVD module with PVP Role: " + StringUtils.join(ehvhPvpRoleList, ",")); + } else { Logger.info("Skipping EHVD client because it's not active"); } } + private void checkConfigPropertyNotNull(String valueToCheck, String configPropName) + throws EAAFConfigurationException { + if (StringUtils.isEmpty(valueToCheck)) { + Logger.error("Missing configuration for EHVD module. " + + "(Property: " + configPropName + ")"); + throw new EAAFConfigurationException(ERROR_CONFIG_05, + new Object[] { configPropName }); + + } + + } + private void initializeEhvdClient() throws EAAFConfigurationException { Logger.debug("Initializing EHVD client ... "); final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl"); @@ -214,9 +275,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl); - // these code is only for local testing - String socksPort = config.getBasicConfiguration(ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); + final String socksPort = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT); if (StringUtils.isNotEmpty(socksPort)) { Logger.warn("Injecting SOCKS5 Proxy for service communication!"); final Client client = ClientProxy.getClient(ehvdClient); @@ -224,9 +285,9 @@ public class EhvdCommunicationService implements IEhvdCommunication { http.getClient().setProxyServerType(ProxyServerType.SOCKS); http.getClient().setProxyServer("127.0.0.1"); http.getClient().setProxyServerPort(Integer.valueOf(socksPort)); - + } - + } } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java index 8a9c7db5c..2d9291ed7 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java @@ -2,8 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.service; import java.util.List; -import javax.annotation.Nonnull; - import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -12,11 +10,11 @@ public interface IEhvdCommunication { /** * Get user's GDA roles from EHVD Service. - * + * * @param identityLink IdentityLink of the user * @return {@link List} of Roles that are received from EHVD * @throws AuthenticationException In case of an EHVD communication error - * @throws EAAFBuilderException In case of a bPK generation error + * @throws EAAFBuilderException In case of a bPK generation error */ List getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException; diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java index b44863b80..8f22c6ffc 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java @@ -31,16 +31,14 @@ import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; /** @@ -50,8 +48,9 @@ import at.gv.egovernment.moa.logging.Logger; @Component("InjectEhvdInformationTask") public class InjectEhvdInformationTask extends AbstractAuthServletTask { - @Autowired IEhvdCommunication ehvdService; - + @Autowired + IEhvdCommunication ehvdService; + /* * (non-Javadoc) * @@ -66,17 +65,19 @@ public class InjectEhvdInformationTask extends AbstractAuthServletTask { HttpServletResponse response) throws TaskExecutionException { try { - final AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - + final AuthenticationSessionWrapper session = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + // validate internal state validateInternalState(session); - + // requesting roles from EHVD - List ehvdRoles = ehvdService.getRoles(session.getIdentityLink()); - - // inject EHVD roles - session.setGenericDataToSession(PVPConstants.ROLES_NAME, StringUtils.join(ehvdRoles, ";")); - + final List ehvdRoles = ehvdService.getRoles(session.getIdentityLink()); + + // inject EHVD roles + session.setGenericDataToSession(PVPAttributeDefinitions.ROLES_NAME, + StringUtils.join(ehvdRoles, ";")); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -90,14 +91,13 @@ public class InjectEhvdInformationTask extends AbstractAuthServletTask { } private void validateInternalState(AuthenticationSessionWrapper session) throws AuthenticationException { - //check if identityLink is available - if (session.getIdentityLink() == null ) { + // check if identityLink is available + if (session.getIdentityLink() == null) { Logger.error("No IdentityLink in session. There is an internal error in process definition"); throw new AuthenticationException("process.04", null); - + } - - + } } diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties index 643893413..b4a752a2d 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties @@ -2,5 +2,6 @@ ehvd.00=F ehvd.01=Technischer Fehler bei der Abfrage von GDA Informationen. Ursache: {0} ehvd.02=Fehler bei der Abfrage von GDA Informationen. Ursache: {0} ehvd.03=Antwort des EHVD Service beinhaltet keine GDA Informationen +ehvd.04=Keine gültige EHVD Role gefunden ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties index 72048b8e3..5c98c199b 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties @@ -5,4 +5,5 @@ ehvd.00=7000 ehvd.01=7001 ehvd.02=7001 ehvd.03=7001 +ehvd.04=7002 ehvd.99=7099 \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java index df02c6f4e..cabd8df19 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -27,6 +28,7 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder; import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; @RunWith(SpringJUnit4ClassRunner.class) @@ -99,6 +101,8 @@ public class PvpRoleAttributeBuilderTest { // validate state assertNotNull("wrong attr. value", attrValue); + assertFalse("List delimiter after last element" ,attrValue.endsWith(";")); + String[] el = attrValue.split(";"); assertEquals("wrong role count", 4, el.length); @@ -110,6 +114,28 @@ public class PvpRoleAttributeBuilderTest { } + @Test + public void brzProductionRole() throws AttributeBuilderException { + + IAuthData authData = generateAuthData(Arrays.asList( + AuthenticationRoleFactory.buildFormPVPole("EPI-GDA()"))); + + // perform test + String attrValue = toTest.build(oaParam, authData, g); + + // validate state + assertNotNull("wrong attr. value", attrValue); + assertFalse("List delimiter after last element" ,attrValue.endsWith(";")); + + + String[] el = attrValue.split(";"); + assertEquals("wrong role count", 1, el.length); + assertEquals("wrong 1. role", "EPI-GDA()", el[0]); + + assertEquals("wrong role attr. value", "EPI-GDA()", attrValue); + + } + private IAuthData generateAuthData(List roles) { MOAAuthenticationData authData = new MOAAuthenticationData(null); if (roles != null) { diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java index 8620ef98b..adedd1d02 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java @@ -7,7 +7,6 @@ import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; -import java.net.SocketTimeoutException; import java.util.Arrays; import java.util.HashMap; import java.util.Iterator; @@ -213,13 +212,61 @@ public class InjectEhvdIdentityInformationTaskTest { } } + @Test - public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + public void noValidGdaRole() throws TaskExecutionException, PendingReqIdValidationException { // set-up EHVD response String role1 = RandomStringUtils.randomAlphabetic(10); String role2 = RandomStringUtils.randomAlphabetic(10); when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2))); + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (final TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "ehvd.04", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + + @Test + public void validateStateWithRandomData() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = RandomStringUtils.randomAlphabetic(10); + String role2 = "1.2.40.0.34.5.2:101"; + String role3 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3))); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + assertEquals("wrong role attr", + "EPI-GDA()", + moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); + + } + + @Test + public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = "1.2.40.0.33.5.2.101"; + String role2 = "1.2.40.0.34.5.2:100"; + String role3 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3))); + task.execute(pendingReq, context); // validate state @@ -234,11 +281,38 @@ public class InjectEhvdIdentityInformationTaskTest { assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); assertEquals("wrong role attr", - role1 + ";" + role2, + "EPI-GDA()", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); } + @Test + public void validateStateSecondOid() throws TaskExecutionException, PendingReqIdValidationException { + // set-up EHVD response + String role1 = "1.2.40.0.33.5.2.101"; + String role2 = "1.2.40.0.34.5.2:158"; + String role3 = RandomStringUtils.randomAlphabetic(10); + when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3))); + + task.execute(pendingReq, context); + + // validate state + final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME)); + assertEquals("wrong role attr", + "EPI-GDA()", + moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class)); + + } + private GdaIndexResponse generateGdaResponse(boolean isActive, List roles) { GdaIndexResponse resp = new GdaIndexResponse(); GdaDescriptor gda = new GdaDescriptor(); diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties index 43e900f4b..263192c07 100644 --- a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties @@ -6,3 +6,6 @@ modules.ehvd.sp.4=435344534egewgegf modules.ehvd.service.url=http://localhost:1234/ehvd #modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at + +modules.ehvd.role.pvp=EPI-GDA() +modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$ \ No newline at end of file -- cgit v1.2.3