diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-03-31 17:36:53 +0200 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-03-31 17:36:53 +0200 |
| commit | fc360a112b7e4714edde1ad9bd44f6397b4e7449 (patch) | |
| tree | e3c10030934b83ab52c4cb8c479ab96407573317 /eaaf_core/src/main/java | |
| parent | c7bcb18c30f1a80e23c53bb72bee13d93210041b (diff) | |
| download | EAAF-Components-fc360a112b7e4714edde1ad9bd44f6397b4e7449.tar.gz EAAF-Components-fc360a112b7e4714edde1ad9bd44f6397b4e7449.tar.bz2 EAAF-Components-fc360a112b7e4714edde1ad9bd44f6397b4e7449.zip | |
switch internal wbPK target-identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB
Diffstat (limited to 'eaaf_core/src/main/java')
5 files changed, 137 insertions, 83 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java index 7b7aaa36..677e3c46 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -27,15 +27,16 @@ import java.util.Date; import java.util.Map; import java.util.TimeZone; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; - import org.apache.commons.collections4.map.HashedMap; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; + /** * Service-Provider specific authentication data. * @@ -293,7 +294,8 @@ public class AuthenticationData implements IAuthData, Serializable { */ @Deprecated public void setBpkType(final String bpkType) { - this.bpkType = bpkType; + this.bpkType = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(bpkType); + } @Override diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index 75b14489..c2f85fef 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -26,6 +26,17 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Map.Entry; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; +import org.springframework.util.Base64Utils; +import org.w3c.dom.DOMException; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; @@ -49,17 +60,6 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.lang.NonNull; -import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; -import org.w3c.dom.DOMException; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder { private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class); @@ -726,21 +726,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); if (StringUtils.isNotEmpty(pvpBpkTypeAttr)) { - // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal - // implementations - // if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) && - // !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(), - // EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) { - // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " - // Starting - // attribute value correction ... "); - // pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" + - // pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1); - // - // } - log.debug( - "Find PVP-Attr: " + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); - return pvpBpkTypeAttr; + log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); + return BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(pvpBpkTypeAttr); + } return null; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java index a613bd56..bb8355ad 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java @@ -25,20 +25,22 @@ import java.security.PrivateKey; import java.security.PublicKey; import java.text.SimpleDateFormat; import java.util.Date; +import java.util.Map.Entry; +import javax.annotation.Nullable; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.util.Base64Utils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; import at.gv.egiz.eaaf.core.impl.data.Pair; +import lombok.extern.slf4j.Slf4j; + /** * Builder for the bPK, as defined in @@ -47,9 +49,9 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; * <code>"reference.e-government.gv.at"</code>. * */ +@Slf4j public class BpkBuilder { - private static final Logger log = LoggerFactory.getLogger(BpkBuilder.class); - + /** * Calculates an area specific unique person-identifier from a baseID. * @@ -100,12 +102,17 @@ public class BpkBuilder { if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) { log.trace("Find baseID. Starting unique identifier caluclation for this target"); - if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID) - || targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { - log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); + if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)) { + log.trace("Calculate bPK identifier for target: " + targetIdentifier); return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier); + } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + log.trace("Calculate wbPK identifier for target: " + targetIdentifier); + return Pair.newInstance(calculatebPKwbPK( + baseID + "+" + normalizeBpkTargetIdentifierToCalculationFormat(targetIdentifier)), + normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier)); + } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { log.trace("Calculate eIDAS identifier for target: " + targetIdentifier); final String[] splittedTarget = targetIdentifier.split("\\+"); @@ -144,51 +151,7 @@ public class BpkBuilder { } } - /** - * Builds the eIDAS from the given parameters. - * - * @param baseId baseID of the citizen - * @param baseIdType Type of the baseID - * @param sourceCountry CountryCode of that country, which build the eIDAs - * ID - * @param destinationCountry CountryCode of that country, which receives the - * eIDAs ID - * - * @return Pair eIDAs/bPKType in a BASE64 encoding - * @throws EaafBuilderException if some input data are not valid - */ - private static Pair<String, String> buildEidasIdentifer(final String baseId, - final String baseIdType, final String sourceCountry, final String destinationCountry) - throws EaafBuilderException { - String bpk = null; - String bpkType = null; - // check if we have been called by public sector application - if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { - bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; - log.debug("Building eIDAS identification from: [identValue]+" + bpkType); - bpk = calculatebPKwbPK(baseId + "+" + bpkType); - - } else { // if not, sector identification value is already calculated by BKU - log.debug("eIDAS eIdentifier already provided by BKU"); - bpk = baseId; - } - - if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) - || StringUtils.isEmpty(destinationCountry)) { - throw new EaafBuilderException("builder.00", - new Object[] { "eIDAS-ID", - "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" - + destinationCountry + ", Ursprungsland=" + sourceCountry }, - "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" - + destinationCountry + ", Ursprungsland=" + sourceCountry); - } - - log.trace("eIDAS pseudonym generation finished. "); - final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk; - - return Pair.newInstance(eIdentifier, bpkType); - } /** * Create an encrypted bPK. @@ -264,6 +227,100 @@ public class BpkBuilder { } } + /** + * Normalize wbPK target identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB. + * + * <p>If the target is not of this types the target will be returned as it is</p> + * @param targetIdentifier bPK input target + * @return XFN, XZVR, XERSB, or targetIdentfier if no normalization is required + */ + @Nullable + public static String normalizeBpkTargetIdentifierToCommonFormat(@Nullable String targetIdentifier) { + if (targetIdentifier != null + && !targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X)) { + for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) { + if (targetIdentifier.startsWith(mapper.getValue())) { + String wbpkTarget = mapper.getKey() + targetIdentifier.substring(mapper.getValue().length()); + log.trace("Normalize wbPK target: {} to {}", targetIdentifier, wbpkTarget); + return wbpkTarget; + + } + } + } + + return targetIdentifier; + } + + /** + * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, ZVR, and ERSB. + * + * <p>If the target is not of this types the target will be returned as it is</p> + * + * @param targetIdentifier bPK input target + * @return FN, ZVR, ERSB, or targetIdentfier if no normalization is required + */ + @Nullable + public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String targetIdentifier) { + if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) { + if (targetIdentifier.startsWith(mapper.getKey())) { + String wbpkTarget = mapper.getValue() + targetIdentifier.substring(mapper.getKey().length()); + log.trace("Find new wbPK target: {}. Replace it by: {}", targetIdentifier, wbpkTarget); + return wbpkTarget; + + } + } + } + + return targetIdentifier; + } + + /** + * Builds the eIDAS from the given parameters. + * + * @param baseId baseID of the citizen + * @param baseIdType Type of the baseID + * @param sourceCountry CountryCode of that country, which build the eIDAs + * ID + * @param destinationCountry CountryCode of that country, which receives the + * eIDAs ID + * + * @return Pair eIDAs/bPKType in a BASE64 encoding + * @throws EaafBuilderException if some input data are not valid + */ + private static Pair<String, String> buildEidasIdentifer(final String baseId, + final String baseIdType, final String sourceCountry, final String destinationCountry) + throws EaafBuilderException { + String bpk = null; + String bpkType = null; + + // check if we have been called by public sector application + if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { + bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; + log.debug("Building eIDAS identification from: [identValue]+" + bpkType); + bpk = calculatebPKwbPK(baseId + "+" + bpkType); + + } else { // if not, sector identification value is already calculated by BKU + log.debug("eIDAS eIdentifier already provided by BKU"); + bpk = baseId; + } + + if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) + || StringUtils.isEmpty(destinationCountry)) { + throw new EaafBuilderException("builder.00", + new Object[] { "eIDAS-ID", + "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" + + destinationCountry + ", Ursprungsland=" + sourceCountry }, + "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" + + destinationCountry + ", Ursprungsland=" + sourceCountry); + } + + log.trace("eIDAS pseudonym generation finished. "); + final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk; + + return Pair.newInstance(eIdentifier, bpkType); + } + private static String calculatebPKwbPK(final String basisbegriff) throws EaafBuilderException { try { final MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java index 172d74a7..e18cc1a8 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java @@ -84,12 +84,16 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder { Assert.isTrue(type != null, "bPKType is 'NULL'"); if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { return type.substring(EaafConstants.URN_PREFIX_WBPK.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { return type.substring(EaafConstants.URN_PREFIX_CDID.length()); + } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { return type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); + } else { return type; + } } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java index 3aedf9ab..48d7a3a3 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java @@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; @PvpMetadata public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder { @@ -46,7 +47,9 @@ public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder { } return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, - EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); + EID_SECTOR_FOR_IDENTIFIER_NAME, + BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(bpktype)); + } @Override |