Skip to content

Commit

Permalink
Klient for pdl-pip-api
Browse files Browse the repository at this point in the history
  • Loading branch information
@jolarsen
jolarsen committed Nov 11, 2023
1 parent 53f97ef commit 33e5ba5
Show file tree
Hide file tree
Showing 7 changed files with 391 additions and 0 deletions.
6 changes: 6 additions & 0 deletions felles/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
<module>kontekst</module>
<module>abac-kontekst</module>
<module>auth-filter</module>
<module>tilgang</module>
</modules>

<dependencyManagement>
Expand All @@ -51,6 +52,11 @@
<artifactId>felles-kontekst</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>no.nav.foreldrepenger.felles</groupId>
<artifactId>felles-tilgang</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>no.nav.foreldrepenger.felles</groupId>
<artifactId>felles-abac</artifactId>
Expand Down
39 changes: 39 additions & 0 deletions felles/tilgang/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>felles</artifactId>
<groupId>no.nav.foreldrepenger.felles</groupId>
<version>0.0.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>

<artifactId>felles-tilgang</artifactId>
<name>Felles :: Tilgangskontroll</name>


<dependencies>
<dependency>
<groupId>jakarta.enterprise</groupId>
<artifactId>jakarta.enterprise.cdi-api</artifactId>
</dependency>
<dependency>
<groupId>no.nav.foreldrepenger.felles</groupId>
<artifactId>felles-oidc</artifactId>
</dependency>
<dependency>
<groupId>jakarta.ws.rs</groupId>
<artifactId>jakarta.ws.rs-api</artifactId>
</dependency>
</dependencies>


</project>







14 changes: 14 additions & 0 deletions felles/tilgang/src/main/java/no/nav/vedtak/sikkerhet/tilgang/TilgangPersondata.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package no.nav.vedtak.sikkerhet.tilgang;

import java.util.List;
import java.util.Map;

public interface TilgangPersondata {

// ident er aktørId eller personident
TilgangPersondataDto hentTilgangPersondata(String ident);

// identer er aktørId eller personident. Respons er map fra personident til responsobjekt
Map<String, TilgangPersondataDto> hentTilgangPersondataBolk(List<String> identer);

}
95 changes: 95 additions & 0 deletions felles/tilgang/src/main/java/no/nav/vedtak/sikkerhet/tilgang/TilgangPersondataDto.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
package no.nav.vedtak.sikkerhet.tilgang;

import java.time.LocalDate;
import java.util.List;
import java.util.Optional;

import com.fasterxml.jackson.annotation.JsonEnumDefaultValue;

public record TilgangPersondataDto(String aktoerId, Person person, Identer identer, GeografiskTilknytning geografiskTilknytning) {

public record Person(List<Adressebeskyttelse> adressebeskyttelse, List<Fødsel> foedsel,
List<Dødsfall> doedsfall, List<Familierelasjoner> familierelasjoner) {
}

public record Adressebeskyttelse(Gradering gradering) { }

public record Fødsel(LocalDate foedselsdato) { }

public record Dødsfall(LocalDate doedsdato) { }

public record Familierelasjoner(String relatertPersonsIdent) { } // FNR

public record Identer(List<Ident> identer) { }

public record Ident(String ident, Boolean historisk, IdentGruppe gruppe) { }

public record GeografiskTilknytning(GtType gtType, String gtKommune, String gtBydel, String gtLand, String regel) { }

public enum Gradering { STRENGT_FORTROLIG_UTLAND, STRENGT_FORTROLIG, FORTROLIG, @JsonEnumDefaultValue UDEFINERT }

public enum IdentGruppe { AKTORID, FOLKEREGISTERIDENT, NPID, @JsonEnumDefaultValue UDEFINERT }

public enum GtType { KOMMUNE, BYDEL, UTLAND, @JsonEnumDefaultValue UDEFINERT }

public boolean harStrengAdresseBeskyttelse() {
return Optional.ofNullable(person()).map(Person::adressebeskyttelse).orElse(List.of()).stream()
.map(Adressebeskyttelse::gradering)
.anyMatch(g -> Gradering.STRENGT_FORTROLIG.equals(g) || Gradering.STRENGT_FORTROLIG_UTLAND.equals(g));
}

public boolean harAdresseBeskyttelse() {
return Optional.ofNullable(person()).map(Person::adressebeskyttelse).orElse(List.of()).stream()
.map(Adressebeskyttelse::gradering)
.anyMatch(g -> g != null && !Gradering.UDEFINERT.equals(g));
}

public boolean erIkkeMyndig() {
return Optional.ofNullable(person()).map(Person::foedsel).orElse(List.of()).stream()
.map(Fødsel::foedselsdato)
.anyMatch(f -> f == null || f.plusYears(18).isAfter(LocalDate.now()));
}

public String personIdent() {
return Optional.ofNullable(identer()).map(Identer::identer).orElse(List.of()).stream()
.filter(i -> IdentGruppe.FOLKEREGISTERIDENT.equals(i.gruppe()))
.filter(i -> !i.historisk())
.map(Ident::ident)
.findFirst().orElse(null);
}

public List<String> personIdenter() {
return Optional.ofNullable(identer()).map(Identer::identer).orElse(List.of()).stream()
.filter(i -> IdentGruppe.FOLKEREGISTERIDENT.equals(i.gruppe()))
.map(Ident::ident)
.toList();
}

public String aktørId() {
return Optional.ofNullable(identer()).map(Identer::identer).orElse(List.of()).stream()
.filter(i -> IdentGruppe.AKTORID.equals(i.gruppe()))
.filter(i -> !i.historisk())
.map(Ident::ident)
.findFirst().orElse(null);
}

public List<String> aktørIdMedHistoriske() {
return Optional.ofNullable(identer()).map(Identer::identer).orElse(List.of()).stream()
.filter(i -> IdentGruppe.AKTORID.equals(i.gruppe()))
.map(Ident::ident)
.toList();
}

public boolean harNasjonalTilknytning() {
return Optional.ofNullable(geografiskTilknytning()).map(GeografiskTilknytning::gtType)
.filter(gtt -> GtType.KOMMUNE.equals(gtt) || GtType.BYDEL.equals(gtt))
.isPresent();
}

public boolean harIkkeNasjonalTilknytning() {
return Optional.ofNullable(geografiskTilknytning()).map(GeografiskTilknytning::gtType)
.filter(gtt -> GtType.KOMMUNE.equals(gtt) || GtType.BYDEL.equals(gtt))
.isEmpty();
}

}
83 changes: 83 additions & 0 deletions felles/tilgang/src/main/java/no/nav/vedtak/sikkerhet/tilgang/TilgangPersondataKlient.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
package no.nav.vedtak.sikkerhet.tilgang;

import java.net.URI;
import java.net.http.HttpRequest;
import java.time.Duration;
import java.util.List;
import java.util.Map;

import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MediaType;
import no.nav.foreldrepenger.konfig.KonfigVerdi;
import no.nav.vedtak.klient.http.DefaultHttpClient;
import no.nav.vedtak.klient.http.HttpClientRequest;
import no.nav.vedtak.mapper.json.DefaultJsonMapper;
import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider;
import no.nav.vedtak.sikkerhet.oidc.token.TokenProvider;

/*
* Informasjon fra PDL til bruk kun for tilgangskontroll
*
* PROD: SD innenfor FSS ellers https pdl-pip-api.intern.nav.no (scope: prod-fss:pdl:pdl-pip-api)
* DEV: SD innenfor FSS ellers https pdl-pip-api.dev.intern.nav.no (scope: dev-fss:pdl:pdl-pip-api)
*/
@ApplicationScoped
public class TilgangPersondataKlient implements TilgangPersondata {

private static final String OIDC_AUTH_HEADER_PREFIX = "Bearer ";

private static final String BOLK_SUFFIX = "Bolk";

private URI personURI;
private URI personBolkURI;
private String personScopes;


TilgangPersondataKlient() {
} // CDI

@Inject
public TilgangPersondataKlient(@KonfigVerdi(value = "pdl.pip.endpoint.url", defaultVerdi = "http://pdl-pip-api.pdll/api/v1/person") String pdlPipUrl,
@KonfigVerdi(value = "pdl.pip.scopes", defaultVerdi = "api://prod-fss:pdl:pdl-pip-api/.default") String pdlPipScopes) {
this.personURI = URI.create(pdlPipUrl);
this.personBolkURI = URI.create(pdlPipUrl + BOLK_SUFFIX);
this.personScopes = pdlPipScopes;
}

@Override
public TilgangPersondataDto hentTilgangPersondata(String ident) {
var builder = HttpRequest.newBuilder(personURI)
.header(HttpHeaders.ACCEPT, MediaType.WILDCARD) // Bruk APPLICATION_JSON ?
.header(HttpHeaders.AUTHORIZATION, OIDC_AUTH_HEADER_PREFIX + TokenProvider.getTokenForSystem(OpenIDProvider.AZUREAD, personScopes).token())
.header("ident", ident)
.timeout(Duration.ofSeconds(5))
.GET();
var request = new PersondataRequest(builder);

var response = DefaultHttpClient.client().send(request);
return response != null ? DefaultJsonMapper.fromJson(response, TilgangPersondataDto.class) : null;
}

@Override
public Map<String, TilgangPersondataDto> hentTilgangPersondataBolk(List<String> identer) {
var builder = HttpRequest.newBuilder(personBolkURI)
.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON)
.header(HttpHeaders.ACCEPT, MediaType.WILDCARD) // Bruk APPLICATION_JSON ?
.header(HttpHeaders.AUTHORIZATION, OIDC_AUTH_HEADER_PREFIX + TokenProvider.getTokenForSystem(OpenIDProvider.AZUREAD, personScopes).token())
.timeout(Duration.ofSeconds(5))
.POST(HttpRequest.BodyPublishers.ofString(DefaultJsonMapper.toJson(identer)));
var request = new PersondataRequest(builder);

var response = DefaultHttpClient.client().send(request);
return response != null ? DefaultJsonMapper.mapFromJson(response, TilgangPersondataDto.class) : Map.of();
}


private static class PersondataRequest extends HttpClientRequest {
public PersondataRequest(HttpRequest.Builder builder) {
super(builder, Map.of());
}
}
}
6 changes: 6 additions & 0 deletions felles/tilgang/src/main/resources/META-INF/beans.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
version="3.0"
bean-discovery-mode="annotated">
</beans>
Loading

0 comments on commit 33e5ba5

Please sign in to comment.