Lagt inn enkel validering av PID (fnr, dnr, hnr).

NB: Denne sjekker ikke skuddår eller om en måned faktisk har 31 dager - derav "enkel validering".

Author: terjenilssen

ebms-send-in/build.gradle.kts

@@ -40,7 +40,7 @@ tasks {
 
 dependencies {
     implementation(project(":felles"))
-    implementation("no.nav.emottak:emottak-utils:0.0.4")
+    implementation("no.nav.emottak:emottak-utils:0.0.7")
     implementation("com.sun.xml.messaging.saaj:saaj-impl:1.5.1")
     implementation(libs.hoplite.core)
     implementation(libs.hoplite.hocon)

ebms-send-in/src/main/kotlin/no/nav/emottak/pasientliste/PasientlisteService.kt

@@ -1,6 +1,7 @@
 package no.nav.emottak.pasientliste
 
 import no.nav.emottak.pasientliste.validator.PasientlisteValidator.validateLegeIsAlsoSigner
+import no.nav.emottak.pasientliste.validator.PasientlisteValidator.validateSignerIsValidPid
 import no.nav.emottak.util.LogLevel
 import no.nav.emottak.util.asXml
 import no.nav.emottak.util.marker
@@ -16,6 +17,7 @@ object PasientlisteService {
         when (fellesformatRequest.mottakenhetBlokk.ebAction) {
             "HentPasientliste", "StartAbonnement", "StoppAbonnement", "HentAbonnementStatus" -> {
                 fellesformatRequest.validateLegeIsAlsoSigner()
+                fellesformatRequest.validateSignerIsValidPid()
                 forwardRequest(fellesformatRequest)
             }
             else -> throw NotImplementedError(

ebms-send-in/src/main/kotlin/no/nav/emottak/pasientliste/validator/PasientlisteValidator.kt

@@ -1,6 +1,7 @@
 package no.nav.emottak.pasientliste.validator
 
 import no.kith.xmlstds.nav.pasientliste._2010_02_01.PasientlisteForesporsel
+import no.nav.emottak.util.PidValidator
 import no.nav.emottak.util.marker
 import no.trygdeetaten.xml.eiff._1.EIFellesformat
 import org.slf4j.Logger
@@ -11,6 +12,7 @@ object PasientlisteValidator {
     private val log: Logger = LoggerFactory.getLogger(PasientlisteValidator::class.java)
 
     const val CONFLICT_SIGNING_SSN = "Sender FNR og legen som har signert meldingen matcher ikke."
+    const val CONFLICT_INVALID_FNR = "Sender FNR validerte ikke."
 
     fun EIFellesformat.validateLegeIsAlsoSigner() {
         when (this.getLegeFnr() == this.mottakenhetBlokk.avsenderFnrFraDigSignatur) {
@@ -22,6 +24,16 @@ object PasientlisteValidator {
         }
     }
 
+    fun EIFellesformat.validateSignerIsValidPid() {
+        when (PidValidator.isValidFodselsnummer(this.mottakenhetBlokk.avsenderFnrFraDigSignatur)) {
+            true -> log.info(this.marker(), "Successfully validated that signer (lege) is a valid PID (FNR)")
+            false -> {
+                log.error(this.marker(), "Signer (lege) was not a valid PID (FNR)")
+                throw InvalidPidException()
+            }
+        }
+    }
+
     private fun EIFellesformat.getLegeFnr(): String {
         try {
             val foresporsel = this.msgHead.document.first().refDoc.content.any.first() as PasientlisteForesporsel
@@ -33,4 +45,5 @@ object PasientlisteValidator {
     }
 
     class SigningConflictException : IllegalStateException(CONFLICT_SIGNING_SSN)
+    class InvalidPidException : IllegalStateException(CONFLICT_INVALID_FNR)
 }

ebms-send-in/src/test/kotlin/no/nav/emottak/Mocks.kt

@@ -13,6 +13,11 @@ val validSendInPasientlisteRequest = lazy {
     mockSendInRequest("PasientisteForesporsel", "HentPasientliste", fagmelding.readAllBytes(), "123456789")
 }
 
+val invalidPidSendInPasientlisteRequest = lazy {
+    val fagmelding = ClassLoader.getSystemResourceAsStream("hentpasientliste/hentpasientliste-payload-invalidPid.xml")
+    mockSendInRequest("PasientisteForesporsel", "HentPasientliste", fagmelding.readAllBytes(), "11223312345")
+}
+
 val validSendInHarBorgerFrikortRequest = lazy {
     val fagmelding = ClassLoader.getSystemResourceAsStream("frikort/EgenandelForesporsel_HarBorgerFrikortRequest.xml")
     mockSendInRequest("HarBorgerFrikort", "EgenandelForesporsel", fagmelding.readAllBytes(), "123456789")

ebms-send-in/src/test/kotlin/no/nav/emottak/PasientlisteServiceTest.kt

@@ -34,6 +34,15 @@ class PasientlisteServiceTest {
         }
     }
 
+    @Test
+    fun `Should throw exception when senderFnr (SSN) matches request's signedOf, but signedOf is not a valid PID`() {
+        try {
+            PasientlisteService.pasientlisteForesporsel(invalidPidSendInPasientlisteRequest.value.asEIFellesFormat())
+        } catch (exception: RuntimeException) {
+            Assertions.assertEquals(exception.message, PasientlisteValidator.CONFLICT_INVALID_FNR)
+        }
+    }
+
     @Test
     fun `Should not throw exception when senderFnr (SSN) matches request's signedOf`() {
         val fellesformat = validSendInPasientlisteRequest.value.copy(

ebms-send-in/src/test/kotlin/no/nav/emottak/util/PidValidatorTest.kt

@@ -0,0 +1,45 @@
+package no.nav.emottak.util
+
+import org.junit.jupiter.api.Test
+
+class PidValidatorTest {
+
+    @Test
+    fun `Should accept FNR`()  = assert(PidValidator.isValidFodselsnummer("13097248022"))
+
+    @Test
+    fun `Should accept DNR`() {
+        // dnr is identical to fnr except for the first digit
+        assert(PidValidator.isValidFodselsnummer("53097248016"))
+    }
+
+    @Test
+    fun `Should accept HNR`() {
+        // hnr is identical to fnr except for the third digit
+        assert(PidValidator.isValidFodselsnummer("13527248013"))
+    }
+
+    @Test
+    fun `Should reject if less than 11 digits`() = assert(!PidValidator.isValidFodselsnummer("1234567890"))
+
+    @Test
+    fun `Should reject if more than 11 digits`() = assert(!PidValidator.isValidFodselsnummer("123456789012"))
+
+    @Test
+    fun `Should reject if checksum 1 is invalid`() = assert(!PidValidator.isValidFodselsnummer("13097248032"))
+
+    @Test
+    fun `Should reject if checksum 2 is invalid`() = assert(!PidValidator.isValidFodselsnummer("13097248023"))
+
+    @Test
+    fun `Should reject if day is invalid`() = assert(!PidValidator.isValidFodselsnummer("32049648742"))
+
+    // @Test
+    fun `Should reject if day of month is invalid`() {
+        // NB: Does not validate leap years or if the month actually have 31 days
+        assert(!PidValidator.isValidFodselsnummer("31049648742"))
+    }
+
+    @Test
+    fun `Should reject if month is invalid`() = assert(!PidValidator.isValidFodselsnummer("13137248022"))
+}

ebms-send-in/src/test/resources/hentpasientliste/hentpasientliste-payload-invalidPid.xml

@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MsgHead xmlns="http://www.kith.no/xmlstds/msghead/2006-05-24"
+         xsi:schemaLocation="http://www.kith.no/xmlstds/msghead/2006-05-24 MsgHead-v1_2.xsd"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <MsgInfo>
+        <Type DN="Hent pasientliste" V="HentPasientliste"/>
+        <MIGversion>v1.2 2006-05-24</MIGversion>
+        <GenDate>2021-01-18T14:58:14</GenDate>
+        <MsgId>1ed4dd1b-ec4f-4fc3-b152-1737555b47b9</MsgId>
+        <ProcessingStatus DN="Opplæring" V="T"/>
+        <Sender>
+            <Organisation>
+                <OrganisationName>Tveita Legesenter</OrganisationName>
+                <Ident>
+                    <Id>1382</Id>
+                    <TypeId V="HER" DN="HER-id" S="2.16.578.1.12.4.1.1.9051"/>
+                </Ident>
+                <HealthcareProfessional>
+                    <FamilyName>Toska</FamilyName>
+                    <GivenName>Emil</GivenName>
+                    <Ident>
+                        <Id>11223312345</Id>
+                        <TypeId DN="Fødselsnummer" S="2.16.578.1.12.4.1.1.8116" V="FNR"/>
+                    </Ident>
+                </HealthcareProfessional>
+            </Organisation>
+        </Sender>
+        <Receiver>
+            <Organisation>
+                <OrganisationName>NAV Arbeidsog velferdsdirektoratet</OrganisationName>
+                <Ident>
+                    <Id>90128</Id>
+                    <TypeId V="HER" DN="HER-id" S="2.16.578.1.12.4.1.1.9051"/>
+                </Ident>
+                <Organisation>
+                    <OrganisationName>Samhandling Arbeids- og velferdsetaten</OrganisationName>
+                    <Ident>
+                        <Id>79768</Id>
+                        <TypeId V="HER" DN="HER-id" S="2.16.578.1.12.4.1.1.9051"/>
+                    </Ident>
+                </Organisation>
+            </Organisation>
+        </Receiver>
+    </MsgInfo>
+    <Document>
+        <RefDoc>
+            <MsgType DN="Hent pasientliste" V="HentPasientliste"/>
+            <Content>
+                <ep2:PasientlisteForesporsel xmlns:ep2="http://www.kith.no/xmlstds/nav/pasientliste/2010-02-01">
+                    <ep2:HentPasientliste>
+                        <ep2:FnrLege>11223312345</ep2:FnrLege>
+                        <ep2:KommuneNr>0301</ep2:KommuneNr>
+                        <ep2:Format DN="PasientInformasjon" V="PI"/>
+                    </ep2:HentPasientliste>
+                </ep2:PasientlisteForesporsel>
+            </Content>
+        </RefDoc>
+    </Document>
+    <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+        <dsig:SignedInfo>
+            <dsig:CanonicalizationMethod
+                    Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></dsig:CanonicalizationMethod>
+            <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></dsig:SignatureMethod>
+            <dsig:Reference URI="">
+                <dsig:Transforms>
+                    <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></dsig:Transform>
+                    <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></dsig:Transform>
+                </dsig:Transforms>
+                <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></dsig:DigestMethod>
+                <dsig:DigestValue>YcNcAnTeHNLKvU38/aurCUppyv9bLhatfroV4OodtP4=</dsig:DigestValue>
+            </dsig:Reference>
+        </dsig:SignedInfo>
+        <dsig:SignatureValue>RucQnGbNf2pRTDnDBhRN+S46oCj1nUedDkVgQsWRbX/7pjwS+B/RprcGqIeAMqEDOJW9CJJF
+            M58exQ/s/Ke1qP+3Dhrw5HZtLc4spBblfKk4hENCphICcFsRTv5Aw7hVqk/VsMBR2YfQahwf
+            JjTZ75SIrmYbG3dzy+x60FOqN71nPFF9+Gi10Dn4Oymh1W0ttttBegkumhnx5MQ2dD+MkXGe
+            +yIqfbZk4ADyRxBno+QfOjgpmPhYRiHCE2y2eWgLoS3yxZKpun1+OK4/aZymtBxfTLlG4dlK
+            wnL+QbkjwQHqsyiyMtMS/FvEADb64mcWi7GXRe2sxekBEhZoNh8HLQ==
+        </dsig:SignatureValue>
+        <dsig:KeyInfo>
+            <dsig:X509Data>
+                <dsig:X509Certificate>
+                    MIIGWDCCBECgAwIBAgILBBAzhCBIZJvHbpYwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCTk8xGDAWBgNVBGEMD05UUk5PLTk4MzE2MzMyNzETMBEGA1UECgwKQnV5cGFzcyBBUzEuMCwGA1UEAwwlQnV5cGFzcyBDbGFzcyAzIFRlc3Q0IENBIEcyIEhUIFBlcnNvbjAeFw0yMzEwMzExMTU3MjVaFw0yNjEwMzEyMjU5MDBaMGkxCzAJBgNVBAYTAk5PMQ4wDAYDVQQEDAVUT1NLQTERMA8GA1UEKgwIRU1JTCBXRUIxEzARBgNVBAMMCkVNSUwgVE9TS0ExIjAgBgNVBAUTGVVOOk5PLTk1NzgtNDA1MC0xMDUzMzE3OTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtfdiVADkRRFG2Jz5OWr1n/jh54muke/roT9rT39tbDOXvOBnoAsqDepWXJdfVX9q59cf+eJwbDs+Hw+4icOrIvM8OJ8aOOUwI6ceDUTXgHR2z8zg0Uj2aW7GqcKCmjcmAsk3HYzZgVtHdHvfkuH6ep47n2wu1qneE3B6GVpaz8vrKoTbCsw2Z0yahfYGLMRyD+wOaS7XurfXN12c1i/wXDWOEKhcPu71+JvtOuBOe+c+tDjTl2sKiZi5m2N1f6+n1+pVw/JCH2PRkpjyKrBII6mxwKDlqy5f2kP733fEvEXAkZq+q7TCDis418suI2l1dl+hK4mvmJXi3UAUKnEcFAgMBAAGjggH8MIIB+DAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFGAtGE1/KuNZfmcgIPyfE5eH3nM1MB0GA1UdDgQWBBTDM/kmh3gKYVIlvAeDQRNHDUm29DAOBgNVHQ8BAf8EBAMCBkAwIAYDVR0gBBkwFzAKBghghEIBGgEDATAJBgcEAIvsQAEAMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudGVzdDQuYnV5cGFzc2NhLmNvbS9CUENsM0NhRzJIVFBTLmNybDB7BggrBgEFBQcBAQRvMG0wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwcHMudGVzdDQuYnV5cGFzc2NhLmNvbTA8BggrBgEFBQcwAoYwaHR0cDovL2NydC50ZXN0NC5idXlwYXNzY2EuY29tL0JQQ2wzQ2FHMkhUUFMuY2VyMIG4BggrBgEFBQcBAwSBqzCBqDBOBggrBgEFBQcLAjBCBgcEAIvsSQEBMDeGNWh0dHBzOi8vd3d3Lm5rb20ubm8vZW5nbGlzaC9uYW1lUmVnaXN0cmF0aW9uQXV0aG9yaXR5MAgGBgQAjkYBATATBgYEAI5GAQYwCQYHBACORgEGATA3BgYEAI5GAQUwLTArFiVodHRwczovL3d3dy5idXlwYXNzLm5vL3Bkcy9wZHNfZW4ucGRmEwJlbjANBgkqhkiG9w0BAQsFAAOCAgEAvFh8wG9+d94XD5RKgLhJ4E/LUj4SQoMmf7lgMcNJHBvedyQmN1gt8G+s26oFdi20qmfIMGNdqeQGX73SMax0imW3f1MjeCYDd5WSsuyPOMhX5fn3i6qRDY/sCkznODbjberriFtW+2BK/G67Pbk+B8He0P1tCNMRpepVE/XC4sQcKxsGLtTNYUl6FxcJMdJ9QfEfTCjheUtGuyU3zsM/1S7M8P3Hx9cgsG/PywqJ38q4CwKeDP4SIpAuGQoOvUeLOI5k5DHDIFZeLXM2VoppCCX1VI8tvbKzeHe1MDuroeV7Zr+I6IrS5XeWnaIAO/FRtdi1CM7JQ1a8dFuIny4+1wgAJouBFas6d7stbcY0E4tsEcf8L/XDjh1+EuIGwt8anHA8n9ZqGCl6evFxCvg07SbE4FgSvRrvJ4vFz3q2h9S9H4KBufDbCkJ2UhZDbHOp2NCJJ+NT1PH9yLzoVwIU4jKcZs12gxkcATCGACQfiSmjq0tqzM0erfEpUFERmyZyWdHNsgOBmDsHOqFt7dMztZojZAzDv9ek0xz7ldsDqlKrj4xGHrv9i77RG5mNGfdcrXDW2ZkYmWtE0xcGs6tpRn5gOciM7i2NNrB+3Vc4jq40a/dq9ylB7nKsdLtDKITAtz4bBd26gW51HX3CAabjafeVT4Uz7y/q4PmHiLHHkm0=
+                </dsig:X509Certificate>
+            </dsig:X509Data>
+        </dsig:KeyInfo>
+    </dsig:Signature>
+</MsgHead><!-- Version: 2.80.240903 User: ML-DEV-GSE - Machine: ML-UTV-GSE-001 - IP: 10.70.69.220 -->

felles/src/main/kotlin/no/nav/emottak/util/PidValidator.kt

@@ -0,0 +1,49 @@
+package no.nav.emottak.util
+
+// Based on fnrValideringUtil.ts from https://github.com/navikt/finnfastlege
+abstract class PidValidator {
+
+    companion object {
+
+        fun isValidFodselsnummer(fodselsnummer: String): Boolean {
+            if (!fodselsnummer.matches(Regex("^[0-9]{11}\$"))) {
+                return false
+            }
+            if (!isValidFodselsdato(fodselsnummer.substring(0, 6))) {
+                return false
+            }
+            val fodselsnummerListe = fodselsnummer.map { it.toString().toInt(decimalRadix) }
+            val kontrollSiffer1 = hentKontrollSiffer(fodselsnummerListe.take(9), kontrollRekke1)
+            val kontrollSiffer2 = hentKontrollSiffer(fodselsnummerListe.take(10), kontrollRekke2)
+            return fodselsnummerListe[9] == kontrollSiffer1 && fodselsnummerListe[10] == kontrollSiffer2
+        }
+
+        private val kontrollRekke1 = listOf(3, 7, 6, 1, 8, 9, 4, 5, 2)
+        private val kontrollRekke2 = listOf(5, 4, 3, 2, 7, 6, 5, 4, 3, 2)
+        private const val decimalRadix = 10
+
+        private fun isValidPNumber(dag: Int, maned: Int) = dag > 0 && dag <= 32 && maned > 0 && maned <= 12
+
+        private fun isValidDNumber(dag: Int, maned: Int) = dag > 40 && dag <= 72 && maned > 0 && maned <= 12
+
+        private fun isValidHNumber(dag: Int, maned: Int) = dag > 0 && dag <= 32 && maned > 40 && maned <= 52
+
+        private fun isValidDate(dag: Int, maned: Int) =
+            isValidPNumber(dag, maned) || isValidDNumber(dag, maned) || isValidHNumber(dag, maned)
+
+        private fun isValidFodselsdato(fodselsnummer: String): Boolean {
+            val dag = fodselsnummer.substring(0, 2).toInt(decimalRadix)
+            val maned = fodselsnummer.substring(2, 4).toInt(decimalRadix)
+            return isValidDate(dag, maned)
+        }
+
+        private fun hentKontrollSiffer(fodselsnummer: List<Int>, kontrollrekke: List<Int>): Int {
+            var sum = 0
+            for (i in fodselsnummer.indices) {
+                sum += fodselsnummer[i] * kontrollrekke[i]
+            }
+            val kontrollSiffer = sum % 11
+            return if (kontrollSiffer != 0) 11 - kontrollSiffer else 0
+        }
+    }
+}