summaryrefslogtreecommitdiff
path: root/eaaf_core/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-04-01 09:05:40 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-04-01 09:05:40 +0200
commitbada55e1a4ee92bc05d55950836942ed6c3e97f6 (patch)
tree6739d8b253ba0d8216a27094f09153e37a8fa3da /eaaf_core/src/main/java
parentccef126ae469181b9a4a15ea16d0ab0ffa22621e (diff)
downloadEAAF-Components-bada55e1a4ee92bc05d55950836942ed6c3e97f6.tar.gz
EAAF-Components-bada55e1a4ee92bc05d55950836942ed6c3e97f6.tar.bz2
EAAF-Components-bada55e1a4ee92bc05d55950836942ed6c3e97f6.zip
fix wrong format in case of encrypted wbPKs
Diffstat (limited to 'eaaf_core/src/main/java')
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java57
1 files changed, 37 insertions, 20 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
index bb8355ad..fed4af32 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
@@ -52,6 +52,8 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j
public class BpkBuilder {
+ private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI";
+
/**
* Calculates an area specific unique person-identifier from a baseID.
*
@@ -157,7 +159,7 @@ public class BpkBuilder {
* Create an encrypted bPK.
*
* @param bpk unencrypted bPK
- * @param target bPK target
+ * @param target bPK target in full form
* @param publicKey Public-Key used for encryption
* @return encrypted bPK
* @throws EaafBuilderException In case of an error
@@ -165,12 +167,17 @@ public class BpkBuilder {
public static String encryptBpk(final String bpk, String target, final PublicKey publicKey)
throws EaafBuilderException {
final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
- if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) {
- target = target.substring(EaafConstants.URN_PREFIX_CDID.length());
+
+ if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+ throw new EaafBuilderException("builder.32",
+ null, ERROR_MSG_WRONG_TARGET_FORMAT);
+
}
+
+ target = normalizeBpkTargetIdentifierToCalculationFormat(target);
final String input =
- "V1::urn:publicid:gv.at:cdid+" + target + "::" + bpk + "::" + sdf.format(new Date());
+ "V1::" + target + "::" + bpk + "::" + sdf.format(new Date());
// System.out.println(input);
byte[] result;
try {
@@ -190,17 +197,23 @@ public class BpkBuilder {
* Decrypt an encrypted bPK.
*
* @param encryptedBpk encrypted bPK
- * @param target bPK target
+ * @param target bPK target in full form
* @param privateKey private-key for decryption
- * @return bPK
+ * @return bPK Pair consists of (unique person identifier for this target,
+ * targetArea) but never null
* @throws EaafBuilderException In case of an error
*/
- public static String decryptBpk(final String encryptedBpk, String target,
+ public static Pair<String, String> decryptBpk(final String encryptedBpk, String target,
final PrivateKey privateKey) throws EaafBuilderException {
String decryptedString;
+
+ if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+ throw new EaafBuilderException("builder.32",
+ null, ERROR_MSG_WRONG_TARGET_FORMAT);
+
+ }
+
try {
- // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false,
- // "ISO-8859-1");
final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1"));
final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
decryptedString = new String(decryptedBytes, "ISO-8859-1");
@@ -210,20 +223,24 @@ public class BpkBuilder {
}
- String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
- final String sector = tmp.substring(0, tmp.indexOf("::"));
- tmp = tmp.substring(tmp.indexOf("::") + 2);
- final String bPK = tmp.substring(0, tmp.indexOf("::"));
-
- if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) {
- target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length());
+ String[] parts = decryptedString.split("::");
+ if (parts.length != 4) {
+ log.trace("Encrypted bPK has value: {}", decryptedString);
+ throw new EaafBuilderException("builder.31", new Object[] {parts.length},
+ "encBpk has a suspect format");
+
}
+
+ final String sector = parts[1];
+ final String bPK = parts[2];
- if (target.equals(sector)) {
- return bPK;
+ if (target.equals(normalizeBpkTargetIdentifierToCommonFormat(sector))) {
+ return Pair.newInstance(bPK, target);
+
} else {
- log.error("Decrypted bPK does not match to request bPK target.");
- return null;
+ throw new EaafBuilderException("builder.30", new Object[] {sector, target},
+ "Decrypted bPK-target does not match");
+
}
}