From 3b623cd4b1c66a18d1b5489e70eba2b06c2facf7 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Tue, 6 Aug 2024 12:19:30 +0200
Subject: [PATCH] OZG-6179 impl PR comments

---
 .../antragraum/AntragraumService.java         | 14 ++------
 .../nachrichten/antragraum/TrustLevel.java    | 23 +++++++------
 .../antragraum/AntragraumServiceTest.java     | 25 ++++++---------
 .../antragraum/TrustLevelTest.java            | 32 +++++++++++++++++++
 4 files changed, 58 insertions(+), 36 deletions(-)
 create mode 100644 nachrichten-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/TrustLevelTest.java

diff --git a/nachrichten-manager-server/src/main/java/de/ozgcloud/nachrichten/antragraum/AntragraumService.java b/nachrichten-manager-server/src/main/java/de/ozgcloud/nachrichten/antragraum/AntragraumService.java
index d1bab44..4a3c4a9 100644
--- a/nachrichten-manager-server/src/main/java/de/ozgcloud/nachrichten/antragraum/AntragraumService.java
+++ b/nachrichten-manager-server/src/main/java/de/ozgcloud/nachrichten/antragraum/AntragraumService.java
@@ -175,19 +175,11 @@ public class AntragraumService {
 	}
 
 	public boolean isAccessible(String samlToken, String trustLevel) {
-		try {
-			int vorgangTrustLevel = TrustLevel.fromString(trustLevel).getLevelValue();
-			int tokenTrustLevel = TrustLevel.fromString(getTrustLevel(samlToken)).getLevelValue();
-			return tokenTrustLevel >= vorgangTrustLevel;
-
-		} catch (Exception e) {
-			LOG.error(String.format("Unknown TrustLevel '%s', access denied.", trustLevel));
-			return false;
-		}
+		return getTrustLevel(samlToken).getIntValue() >= TrustLevel.fromString(trustLevel).getIntValue();
 	}
 
-	String getTrustLevel(String samlToken) {
-		return decrypter.decryptTrustLevel(parseSamlToken(samlToken));
+	TrustLevel getTrustLevel(String samlToken) {
+		return TrustLevel.fromString(decrypter.decryptTrustLevel(parseSamlToken(samlToken)));
 	}
 
 	Response parseSamlToken(String samlToken) {
diff --git a/nachrichten-manager-server/src/main/java/de/ozgcloud/nachrichten/antragraum/TrustLevel.java b/nachrichten-manager-server/src/main/java/de/ozgcloud/nachrichten/antragraum/TrustLevel.java
index 93f0dcc..36918be 100644
--- a/nachrichten-manager-server/src/main/java/de/ozgcloud/nachrichten/antragraum/TrustLevel.java
+++ b/nachrichten-manager-server/src/main/java/de/ozgcloud/nachrichten/antragraum/TrustLevel.java
@@ -3,9 +3,8 @@ package de.ozgcloud.nachrichten.antragraum;
 import java.util.Arrays;
 
 import lombok.Getter;
-import lombok.RequiredArgsConstructor;
 
-@RequiredArgsConstructor
+@Getter
 enum TrustLevel {
 
 	LEVEL_1("STORK-QAA-Level-1"),
@@ -13,14 +12,20 @@ enum TrustLevel {
 	LEVEL_3("STORK-QAA-Level-3"),
 	LEVEL_4("STORK-QAA-Level-4");
 
-	@Getter
-	private final String name;
+	private final String value;
+	private final int intValue;
 
-	public int getLevelValue() {
-		return Integer.parseInt(name.substring(name.length() - 1, name.length()));
+	TrustLevel(String value) {
+		this.value = value;
+		this.intValue = extractIntValue();
 	}
 
-	public static TrustLevel fromString(String name) {
-		return Arrays.stream(TrustLevel.values()).filter(trustLevel -> trustLevel.getName().equals(name)).findFirst().orElse(null);
+	private int extractIntValue() {
+		return Integer.parseInt(value.substring(value.length() - 1, value.length()));
 	}
-}
+
+	public static TrustLevel fromString(String value) {
+		return Arrays.stream(TrustLevel.values()).filter(trustLevel -> trustLevel.getValue().equals(value)).findFirst()
+				.orElseThrow(() -> new IllegalArgumentException("Unknown TrustLevel: '" + value + "'"));
+	}
+}
\ No newline at end of file
diff --git a/nachrichten-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumServiceTest.java b/nachrichten-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumServiceTest.java
index 7f24296..f07fd84 100644
--- a/nachrichten-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumServiceTest.java
+++ b/nachrichten-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumServiceTest.java
@@ -476,34 +476,27 @@ class AntragraumServiceTest {
 
 		@Test
 		void shouldCallGetTrustLevel() {
-			service.isAccessible(GrpcGetRueckfrageRequestTestFactory.SAML_TOKEN, TrustLevel.LEVEL_1.getName());
+			doReturn(TrustLevel.LEVEL_1).when(service).getTrustLevel(any());
+
+			service.isAccessible(GrpcGetRueckfrageRequestTestFactory.SAML_TOKEN, TrustLevel.LEVEL_1.getValue());
 
 			verify(service).getTrustLevel(GrpcGetRueckfrageRequestTestFactory.SAML_TOKEN);
 		}
 
 		@Test
 		void shouldReturnTrueIfTrustLevelMatches() {
-			doReturn(TrustLevel.LEVEL_1.getName()).when(service).getTrustLevel(any());
+			doReturn(TrustLevel.LEVEL_1).when(service).getTrustLevel(any());
 
-			var trustLevel = service.isAccessible(GrpcGetRueckfrageRequestTestFactory.SAML_TOKEN, TrustLevel.LEVEL_1.getName());
+			var trustLevel = service.isAccessible(GrpcGetRueckfrageRequestTestFactory.SAML_TOKEN, TrustLevel.LEVEL_1.getValue());
 
 			assertThat(trustLevel).isTrue();
 		}
 
-		@Test
-		void shouldReturnFalseIfTrustLevelNotMatches() {
-			doReturn("qutasch").when(service).getTrustLevel(any());
-
-			var trustLevel = service.isAccessible(GrpcGetRueckfrageRequestTestFactory.SAML_TOKEN, TrustLevel.LEVEL_1.getName());
-
-			assertThat(trustLevel).isFalse();
-		}
-
 		@Test
 		void shouldAllowAccessOnHigherTrustLevel() {
-			doReturn(TrustLevel.LEVEL_2.getName()).when(service).getTrustLevel(any());
+			doReturn(TrustLevel.LEVEL_2).when(service).getTrustLevel(any());
 
-			var trustLevel = service.isAccessible(GrpcGetRueckfrageRequestTestFactory.SAML_TOKEN, TrustLevel.LEVEL_1.getName());
+			var trustLevel = service.isAccessible(GrpcGetRueckfrageRequestTestFactory.SAML_TOKEN, TrustLevel.LEVEL_1.getValue());
 
 			assertThat(trustLevel).isTrue();
 		}
@@ -520,7 +513,7 @@ class AntragraumServiceTest {
 		void mock() {
 			doReturn(response).when(service).parseSamlToken(any());
 
-			when(decrypter.decryptTrustLevel(any())).thenReturn(GrpcServiceKontoTestFactory.TRUST_LEVEL);
+			when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_1.getValue());
 		}
 
 		@Test
@@ -541,7 +534,7 @@ class AntragraumServiceTest {
 		void shouldReturnValue() {
 			var trustLevel = service.getTrustLevel(GrpcGetRueckfrageRequestTestFactory.SAML_TOKEN);
 
-			assertThat(trustLevel).isEqualTo(GrpcServiceKontoTestFactory.TRUST_LEVEL);
+			assertThat(trustLevel).isEqualTo(TrustLevel.LEVEL_1);
 		}
 	}
 
diff --git a/nachrichten-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/TrustLevelTest.java b/nachrichten-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/TrustLevelTest.java
new file mode 100644
index 0000000..ea01ea5
--- /dev/null
+++ b/nachrichten-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/TrustLevelTest.java
@@ -0,0 +1,32 @@
+package de.ozgcloud.nachrichten.antragraum;
+
+import static org.assertj.core.api.Assertions.*;
+
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+
+class TrustLevelTest {
+
+	@DisplayName("From string")
+	@Nested
+	class TestFromString {
+
+		@DisplayName("should return TrustLevel if value matches with existing")
+		@Test
+		void shouldReturnTrustLevel() {
+			var trustLevelValue = "STORK-QAA-Level-2";
+
+			var trustLevel = TrustLevel.fromString(trustLevelValue);
+
+			assertThat(trustLevel.getValue()).isEqualTo(trustLevelValue);
+		}
+
+		@Test
+		void shouldThrowExceptionIfValueNotMatches() {
+			var trustLevelValue = "quatsch";
+
+			assertThatThrownBy(() -> TrustLevel.fromString(trustLevelValue)).isInstanceOf(IllegalArgumentException.class);
+		}
+	}
+}
-- 
GitLab