Class IdAuthFilter
- java.lang.Object
-
- io.mosip.authentication.common.service.filter.BaseIDAFilter
-
- io.mosip.authentication.common.service.filter.BaseAuthFilter
-
- io.mosip.authentication.common.service.filter.IdAuthFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
- Direct Known Subclasses:
ExternalAuthFilter,InternalAuthenticationFilter,InternalAuthFilter
@Component public abstract class IdAuthFilter extends BaseAuthFilter
The Class IdAuthFilter - the implementation for deciphering and validation of the authenticating partner done for request as AUTH and KYC.- Author:
- Manoj SP, Sanjay Murali, Loganathan Sekar, Nagarjuna K
-
-
Field Summary
Fields Modifier and Type Field Description protected PartnerServicepartnerServiceThe partner service.-
Fields inherited from class io.mosip.authentication.common.service.filter.BaseIDAFilter
env, keyManager, mapper
-
-
Constructor Summary
Constructors Constructor Description IdAuthFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidcheckAllowedAMRForKBT(Map<String,Object> requestBody, Set<String> allowedAMRs)protected voidcheckAllowedAMRForKeyBindedToken(Map<String,Object> requestBody, Set<String> allowedAMRs)protected voidcheckAllowedAuthTypeBasedOnPolicy(PartnerPolicyResponseDTO partnerPolicyResponseDTO, Map<String,Object> requestBody)Check allowed auth type based on policy.protected voidcheckAllowedAuthTypeBasedOnPolicy(Map<String,Object> requestBody, List<AuthPolicy> authPolicies)Check allowed auth type for bio based on the policies.protected voidcheckAllowedAuthTypeForKeyBindedToken(Map<String,Object> requestBody, List<AuthPolicy> authPolicies)protected voidcheckAllowedAuthTypeForPassword(Map<String,Object> requestBody, List<AuthPolicy> authPolicies)protected voidcheckMandatoryAuthTypeBasedOnPolicy(Map<String,Object> requestBody, List<AuthPolicy> mandatoryAuthPolicies)Check mandatory auth type based on policy.protected voidcheckMispPolicyAllowed(MispPolicyDTO mispPolicy)protected DigitalIddecipherDigitalId(String jwsSignature)This method deciphers the digitalId from jws.protected Map<String,Object>decipherRequest(Map<String,Object> requestBody)Decipher request.protected StringextractBioData(String dataFieldValue)protected StringfetchReferenceId()Method to get the reference id.protected Map<String,String>getAuthPart(ResettableStreamHttpServletRequest requestWrapper)Gets the auth part.protected StringgetBioRefId()Gets the bio ref id.Set<String>getSystemSupportedLanguageCodes()Gets the system supported languagesvoidinit(javax.servlet.FilterConfig filterConfig)Initialize the filter.protected booleanisAllowedAuthType(String authType, String subAuthType, List<AuthPolicy> policies)Checks if is allowed auth type.protected booleanisAllowedAuthType(String authType, List<AuthPolicy> policies)Checks if is allowed auth type.protected booleanisBiometricHashValidationDisabled()Checks if is hash based on biometric data block.protected booleanisPartnerCertificateNeeded()Checks if is partner certificate needed.protected booleanisSignatureVerificationRequired()Checks if is signature verification required.protected booleanisSigningRequired()Checks if is signing required.protected booleanisThumbprintValidationRequired()Checks if is thumbprint validation required.protected booleanisTrustValidationRequired()Checks if is trust validation required.protected Map<String,Object>processDecipheredReqeuest(Map<String,Object> decipheredRequest)protected voidvalidateDecipheredRequest(ResettableStreamHttpServletRequest requestWrapper, Map<String,Object> requestBody)Validate deciphered request.-
Methods inherited from class io.mosip.authentication.common.service.filter.BaseAuthFilter
authenticateRequest, consumeRequest, decipherAndValidateRequest, decode, getPayloadFromJwsSingature, validateRequestHMAC, verifyBioDataSignature, verifySignature
-
Methods inherited from class io.mosip.authentication.common.service.filter.BaseIDAFilter
consumeResponse, destroy, doFilter, fetchId, getRequestBody, isAMRValidationRequired, isCertificateValidationRequired, isDate, isMispPolicyValidationRequired, needStoreAnonymousProfile, needStoreAuthTransaction, removeNullOrEmptyFieldsInResponse, validateId, validateRequest
-
-
-
-
Field Detail
-
partnerService
protected PartnerService partnerService
The partner service.
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletExceptionInitialize the filter.- Specified by:
initin interfacejavax.servlet.Filter- Overrides:
initin classBaseAuthFilter- Parameters:
filterConfig- the filter config- Throws:
javax.servlet.ServletException- the servlet exception
-
decipherRequest
protected Map<String,Object> decipherRequest(Map<String,Object> requestBody) throws IdAuthenticationAppException
Decipher request.- Overrides:
decipherRequestin classBaseAuthFilter- Parameters:
requestBody- the request body- Returns:
- the map
- Throws:
IdAuthenticationAppException- the id authentication app exception
-
processDecipheredReqeuest
protected Map<String,Object> processDecipheredReqeuest(Map<String,Object> decipheredRequest)
- Overrides:
processDecipheredReqeuestin classBaseAuthFilter
-
isBiometricHashValidationDisabled
protected boolean isBiometricHashValidationDisabled()
Checks if is hash based on biometric data block.- Returns:
- true, if is hash based on biometric data block
-
getBioRefId
protected String getBioRefId()
Gets the bio ref id.- Returns:
- the bio ref id
-
decipherDigitalId
protected DigitalId decipherDigitalId(String jwsSignature) throws IdAuthenticationAppException
This method deciphers the digitalId from jws.- Parameters:
jwsSignature- the jws signature- Returns:
- the digital id
- Throws:
IdAuthenticationAppException- the id authentication app exception
-
fetchReferenceId
protected String fetchReferenceId()
Method to get the reference id.- Returns:
- the string
-
validateDecipheredRequest
protected void validateDecipheredRequest(ResettableStreamHttpServletRequest requestWrapper, Map<String,Object> requestBody) throws IdAuthenticationAppException
Validate deciphered request.- Specified by:
validateDecipheredRequestin classBaseAuthFilter- Parameters:
requestWrapper- the request wrapperrequestBody- the request body- Throws:
IdAuthenticationAppException- the id authentication app exception
-
isPartnerCertificateNeeded
protected boolean isPartnerCertificateNeeded()
Checks if is partner certificate needed.- Returns:
- true, if is partner certificate needed
-
extractBioData
protected String extractBioData(String dataFieldValue) throws IdAuthenticationAppException
- Throws:
IdAuthenticationAppException
-
checkAllowedAuthTypeBasedOnPolicy
protected void checkAllowedAuthTypeBasedOnPolicy(PartnerPolicyResponseDTO partnerPolicyResponseDTO, Map<String,Object> requestBody) throws IdAuthenticationAppException
Check allowed auth type based on policy.- Parameters:
partnerPolicyResponseDTO- the partner policy response DTOrequestBody- the request body- Throws:
IdAuthenticationAppException- the id authentication app exception
-
checkAllowedAuthTypeBasedOnPolicy
protected void checkAllowedAuthTypeBasedOnPolicy(Map<String,Object> requestBody, List<AuthPolicy> authPolicies) throws IdAuthenticationAppException
Check allowed auth type for bio based on the policies.- Parameters:
requestBody- the request bodyauthPolicies- the auth policies- Throws:
IdAuthenticationAppException- the id authentication app exception
-
checkAllowedAuthTypeForKeyBindedToken
protected void checkAllowedAuthTypeForKeyBindedToken(Map<String,Object> requestBody, List<AuthPolicy> authPolicies) throws IdAuthenticationAppException, IOException
-
checkAllowedAuthTypeForPassword
protected void checkAllowedAuthTypeForPassword(Map<String,Object> requestBody, List<AuthPolicy> authPolicies) throws IdAuthenticationAppException, IOException
-
checkMandatoryAuthTypeBasedOnPolicy
protected void checkMandatoryAuthTypeBasedOnPolicy(Map<String,Object> requestBody, List<AuthPolicy> mandatoryAuthPolicies) throws IdAuthenticationAppException
Check mandatory auth type based on policy.- Parameters:
requestBody- the request bodymandatoryAuthPolicies- the mandatory auth policies- Throws:
IdAuthenticationAppException- the id authentication app exception
-
isAllowedAuthType
protected boolean isAllowedAuthType(String authType, List<AuthPolicy> policies)
Checks if is allowed auth type.- Parameters:
authType- the auth typepolicies- the policies- Returns:
- true, if is allowed auth type
-
isAllowedAuthType
protected boolean isAllowedAuthType(String authType, String subAuthType, List<AuthPolicy> policies)
Checks if is allowed auth type.- Parameters:
authType- the auth typesubAuthType- the sub auth typepolicies- the policies- Returns:
- true, if is allowed auth type
-
checkAllowedAMRForKeyBindedToken
protected void checkAllowedAMRForKeyBindedToken(Map<String,Object> requestBody, Set<String> allowedAMRs) throws IdAuthenticationAppException, IOException
-
getAuthPart
protected Map<String,String> getAuthPart(ResettableStreamHttpServletRequest requestWrapper) throws IdAuthenticationAppException
Gets the auth part.- Parameters:
requestWrapper- the request wrapper- Returns:
- the auth part
- Throws:
IdAuthenticationAppException
-
isSigningRequired
protected boolean isSigningRequired()
Checks if is signing required.- Specified by:
isSigningRequiredin classBaseIDAFilter- Returns:
- true, if is signing required
-
isSignatureVerificationRequired
protected boolean isSignatureVerificationRequired()
Checks if is signature verification required.- Specified by:
isSignatureVerificationRequiredin classBaseIDAFilter- Returns:
- true, if is signature verification required
-
isThumbprintValidationRequired
protected final boolean isThumbprintValidationRequired()
Checks if is thumbprint validation required.- Specified by:
isThumbprintValidationRequiredin classBaseIDAFilter- Returns:
- true, if is thumbprint validation required
-
checkMispPolicyAllowed
protected void checkMispPolicyAllowed(MispPolicyDTO mispPolicy) throws IdAuthenticationAppException
- Specified by:
checkMispPolicyAllowedin classBaseIDAFilter- Throws:
IdAuthenticationAppException
-
checkAllowedAMRForKBT
protected void checkAllowedAMRForKBT(Map<String,Object> requestBody, Set<String> allowedAMRs) throws IdAuthenticationAppException
- Specified by:
checkAllowedAMRForKBTin classBaseIDAFilter- Throws:
IdAuthenticationAppException
-
isTrustValidationRequired
protected boolean isTrustValidationRequired()
Checks if is trust validation required.- Specified by:
isTrustValidationRequiredin classBaseIDAFilter- Returns:
- true, if is trust validation required
-
-