diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-04-01 17:24:53 +0200 | 
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-04-01 17:24:53 +0200 | 
| commit | c972a8106bbff5dea9fecc76864be9a99a868d78 (patch) | |
| tree | 6c9cfca3a7cd002d5fe6e4bbaf884b877ecaf5bf /eaaf_core/src/main | |
| parent | f4a941a0c4bbe6251a108612a4ee49607d6951fc (diff) | |
| parent | 5945c62128c2cb9d552ad7b4c085c09d046d2d56 (diff) | |
| download | EAAF-Components-c972a8106bbff5dea9fecc76864be9a99a868d78.tar.gz EAAF-Components-c972a8106bbff5dea9fecc76864be9a99a868d78.tar.bz2 EAAF-Components-c972a8106bbff5dea9fecc76864be9a99a868d78.zip | |
Merge branch 'nightlyBuild'
Diffstat (limited to 'eaaf_core/src/main')
14 files changed, 265 insertions, 138 deletions
| diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java index a7e4f6fe..b3e0c88f 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java @@ -3,6 +3,8 @@ package at.gv.egiz.eaaf.core.api.utils;  import java.io.IOException;  import java.io.InputStream; +import com.google.gson.JsonParseException; +  import at.gv.egiz.eaaf.core.exceptions.EaafJsonMapperException;  public interface IJsonMapper { @@ -23,6 +25,7 @@ public interface IJsonMapper {     * @param value the JSON string to deserialize     * @param clazz optional parameter that determines the type of the returned     *              object. If not set, an {@link Object} is returned. +   * @param <T> Response class type     * @return the deserialized JSON string as an object of type {@code clazz} or     *         {@link Object}     * @throws JsonParseException   if the JSON string contains invalid content. @@ -39,6 +42,7 @@ public interface IJsonMapper {     * @param is    the JSON to deserialize as {@link InputStream}     * @param clazz optional parameter that determines the type of the returned     *              object. If not set, an {@link Object} is returned. +   * @param <T> Response class type     * @return the deserialized JSON string as an object of type {@code clazz} or     *         {@link Object}     * @throws JsonParseException   if the JSON string contains invalid content. diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java index a6fe5ff0..677e3c46 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -27,15 +27,16 @@ import java.util.Date;  import java.util.Map;  import java.util.TimeZone; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -  import org.apache.commons.collections4.map.HashedMap;  import org.apache.commons.lang3.StringUtils;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; +  /**   * Service-Provider specific authentication data.   * @@ -48,6 +49,7 @@ public class AuthenticationData implements IAuthData, Serializable {    private static final long serialVersionUID = -1042697056735596866L;    public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; +  public static final String ISSUE_INSTANT_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";    private boolean isBaseIdTransferRestrication = true;    private final Map<String, Object> genericDataStorate = new HashedMap<>(); @@ -112,7 +114,7 @@ public class AuthenticationData implements IAuthData, Serializable {    @Override    public String getAuthenticationIssueInstantString() { -    final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); +    final SimpleDateFormat f = new SimpleDateFormat(ISSUE_INSTANT_DATE_FORMAT);      f.setTimeZone(TimeZone.getTimeZone("UTC"));      return f.format(this.issueInstant); @@ -292,7 +294,8 @@ public class AuthenticationData implements IAuthData, Serializable {     */    @Deprecated    public void setBpkType(final String bpkType) { -    this.bpkType = bpkType; +    this.bpkType = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(bpkType); +        }    @Override diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index 75b14489..c2f85fef 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -26,6 +26,17 @@ import java.util.ArrayList;  import java.util.Collection;  import java.util.Map.Entry; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.lang.NonNull; +import org.springframework.util.Assert; +import org.springframework.util.Base64Utils; +import org.w3c.dom.DOMException; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +  import at.gv.egiz.eaaf.core.api.IRequest;  import at.gv.egiz.eaaf.core.api.data.EaafConstants;  import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; @@ -49,17 +60,6 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;  import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;  import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.lang.NonNull; -import org.springframework.util.Assert; -import org.springframework.util.Base64Utils; -import org.w3c.dom.DOMException; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -  public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder {    private static final Logger log =        LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class); @@ -726,21 +726,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati          PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);      if (StringUtils.isNotEmpty(pvpBpkTypeAttr)) { -      // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal -      // implementations -      // if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) && -      // !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(), -      // EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) { -      // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " -      // Starting -      // attribute value correction ... "); -      // pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" + -      // pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1); -      // -      // } -      log.debug( -          "Find PVP-Attr: " + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); -      return pvpBpkTypeAttr; +      log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); +      return BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(pvpBpkTypeAttr); +            }      return null; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java index a613bd56..fed4af32 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java @@ -25,20 +25,22 @@ import java.security.PrivateKey;  import java.security.PublicKey;  import java.text.SimpleDateFormat;  import java.util.Date; +import java.util.Map.Entry; +import javax.annotation.Nullable;  import javax.crypto.BadPaddingException;  import javax.crypto.Cipher;  import javax.crypto.IllegalBlockSizeException;  import javax.crypto.NoSuchPaddingException;  import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory;  import org.springframework.util.Base64Utils;  import at.gv.egiz.eaaf.core.api.data.EaafConstants;  import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;  import at.gv.egiz.eaaf.core.impl.data.Pair; +import lombok.extern.slf4j.Slf4j; +  /**   * Builder for the bPK, as defined in @@ -47,9 +49,11 @@ import at.gv.egiz.eaaf.core.impl.data.Pair;   * <code>"reference.e-government.gv.at"</code>.   *   */ +@Slf4j  public class BpkBuilder { -  private static final Logger log = LoggerFactory.getLogger(BpkBuilder.class); - +     +  private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI"; +      /**     * Calculates an area specific unique person-identifier from a baseID.     * @@ -100,12 +104,17 @@ public class BpkBuilder {      if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) {        log.trace("Find baseID. Starting unique identifier caluclation for this target"); -      if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID) -          || targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { -        log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); +      if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)) { +        log.trace("Calculate bPK identifier for target: " + targetIdentifier);          return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier),              targetIdentifier); +      } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { +        log.trace("Calculate  wbPK identifier for target: " + targetIdentifier); +        return Pair.newInstance(calculatebPKwbPK( +            baseID + "+" + normalizeBpkTargetIdentifierToCalculationFormat(targetIdentifier)), +            normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier)); +                } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {          log.trace("Calculate eIDAS identifier for target: " + targetIdentifier);          final String[] splittedTarget = targetIdentifier.split("\\+"); @@ -144,57 +153,13 @@ public class BpkBuilder {      }    } -  /** -   * Builds the eIDAS from the given parameters. -   * -   * @param baseId             baseID of the citizen -   * @param baseIdType         Type of the baseID -   * @param sourceCountry      CountryCode of that country, which build the eIDAs -   *                           ID -   * @param destinationCountry CountryCode of that country, which receives the -   *                           eIDAs ID -   * -   * @return Pair eIDAs/bPKType in a BASE64 encoding -   * @throws EaafBuilderException if some input data are not valid -   */ -  private static Pair<String, String> buildEidasIdentifer(final String baseId, -      final String baseIdType, final String sourceCountry, final String destinationCountry) -      throws EaafBuilderException { -    String bpk = null; -    String bpkType = null; -    // check if we have been called by public sector application -    if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { -      bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; -      log.debug("Building eIDAS identification from: [identValue]+" + bpkType); -      bpk = calculatebPKwbPK(baseId + "+" + bpkType); - -    } else { // if not, sector identification value is already calculated by BKU -      log.debug("eIDAS eIdentifier already provided by BKU"); -      bpk = baseId; -    } - -    if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) -        || StringUtils.isEmpty(destinationCountry)) { -      throw new EaafBuilderException("builder.00", -          new Object[] { "eIDAS-ID", -              "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" -                  + destinationCountry + ", Ursprungsland=" + sourceCountry }, -          "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" -              + destinationCountry + ", Ursprungsland=" + sourceCountry); -    } - -    log.trace("eIDAS pseudonym generation finished. "); -    final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk; - -    return Pair.newInstance(eIdentifier, bpkType); -  }    /**     * Create an encrypted bPK.     *     * @param bpk       unencrypted bPK -   * @param target    bPK target +   * @param target    bPK target in full form     * @param publicKey Public-Key used for encryption     * @return encrypted bPK     * @throws EaafBuilderException In case of an error @@ -202,12 +167,17 @@ public class BpkBuilder {    public static String encryptBpk(final String bpk, String target, final PublicKey publicKey)        throws EaafBuilderException {      final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); -    if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) { -      target = target.substring(EaafConstants.URN_PREFIX_CDID.length()); +     +    if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) { +      throw new EaafBuilderException("builder.32",  +          null, ERROR_MSG_WRONG_TARGET_FORMAT); +            } +     +    target = normalizeBpkTargetIdentifierToCalculationFormat(target);      final String input = -        "V1::urn:publicid:gv.at:cdid+" + target + "::" + bpk + "::" + sdf.format(new Date()); +        "V1::" + target + "::" + bpk + "::" + sdf.format(new Date());      // System.out.println(input);      byte[] result;      try { @@ -227,17 +197,23 @@ public class BpkBuilder {     * Decrypt an encrypted bPK.     *     * @param encryptedBpk encrypted bPK -   * @param target       bPK target +   * @param target       bPK target in full form     * @param privateKey   private-key for decryption -   * @return bPK +   * @return bPK Pair consists of (unique person identifier for this target, +   *         targetArea) but never null     * @throws EaafBuilderException In case of an error     */ -  public static String decryptBpk(final String encryptedBpk, String target, +  public static Pair<String, String> decryptBpk(final String encryptedBpk, String target,        final PrivateKey privateKey) throws EaafBuilderException {      String decryptedString; +     +    if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) { +      throw new EaafBuilderException("builder.32",  +          null, ERROR_MSG_WRONG_TARGET_FORMAT); +       +    } +          try { -      // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, -      // "ISO-8859-1");        final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1"));        final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);        decryptedString = new String(decryptedBytes, "ISO-8859-1"); @@ -247,23 +223,121 @@ public class BpkBuilder {      } -    String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1); -    final String sector = tmp.substring(0, tmp.indexOf("::")); -    tmp = tmp.substring(tmp.indexOf("::") + 2); -    final String bPK = tmp.substring(0, tmp.indexOf("::")); - -    if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) { -      target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length()); +    String[] parts = decryptedString.split("::"); +    if (parts.length != 4) { +      log.trace("Encrypted bPK has value: {}", decryptedString); +      throw new EaafBuilderException("builder.31", new Object[] {parts.length},  +          "encBpk has a suspect format"); +            } +     +    final String sector = parts[1]; +    final String bPK = parts[2]; -    if (target.equals(sector)) { -      return bPK; +    if (target.equals(normalizeBpkTargetIdentifierToCommonFormat(sector))) { +      return Pair.newInstance(bPK, target); +            } else { -      log.error("Decrypted bPK does not match to request bPK target."); -      return null; +      throw new EaafBuilderException("builder.30", new Object[] {sector, target},  +          "Decrypted bPK-target does not match"); +            }    } +  /** +   * Normalize wbPK target identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB. +   *  +   * <p>If the target is not of this types the target will be returned as it is</p> +   * @param targetIdentifier bPK input target +   * @return XFN, XZVR, XERSB, or targetIdentfier if no normalization is required  +   */ +  @Nullable +  public static String normalizeBpkTargetIdentifierToCommonFormat(@Nullable String targetIdentifier) { +    if (targetIdentifier != null  +        && !targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X)) { +      for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) { +        if (targetIdentifier.startsWith(mapper.getValue())) { +          String wbpkTarget = mapper.getKey() + targetIdentifier.substring(mapper.getValue().length());  +          log.trace("Normalize wbPK target: {} to {}", targetIdentifier, wbpkTarget); +          return wbpkTarget; +         +        } +      } +    }  +     +    return targetIdentifier; +  } +   +  /** +   * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, ZVR, and ERSB. +   *  +   * <p>If the target is not of this types the target will be returned as it is</p> +   *  +   * @param targetIdentifier bPK input target +   * @return FN, ZVR, ERSB, or targetIdentfier if no normalization is required  +   */ +  @Nullable +  public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String targetIdentifier) { +    if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { +      for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) { +        if (targetIdentifier.startsWith(mapper.getKey())) { +          String wbpkTarget = mapper.getValue() + targetIdentifier.substring(mapper.getKey().length());  +          log.trace("Find new wbPK target: {}. Replace it by: {}", targetIdentifier, wbpkTarget); +          return wbpkTarget; +       +        } +      } +    } +     +    return targetIdentifier;     +  } +   +  /** +   * Builds the eIDAS from the given parameters. +   * +   * @param baseId             baseID of the citizen +   * @param baseIdType         Type of the baseID +   * @param sourceCountry      CountryCode of that country, which build the eIDAs +   *                           ID +   * @param destinationCountry CountryCode of that country, which receives the +   *                           eIDAs ID +   * +   * @return Pair eIDAs/bPKType in a BASE64 encoding +   * @throws EaafBuilderException if some input data are not valid +   */ +  private static Pair<String, String> buildEidasIdentifer(final String baseId, +      final String baseIdType, final String sourceCountry, final String destinationCountry) +      throws EaafBuilderException { +    String bpk = null; +    String bpkType = null; + +    // check if we have been called by public sector application +    if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { +      bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry; +      log.debug("Building eIDAS identification from: [identValue]+" + bpkType); +      bpk = calculatebPKwbPK(baseId + "+" + bpkType); + +    } else { // if not, sector identification value is already calculated by BKU +      log.debug("eIDAS eIdentifier already provided by BKU"); +      bpk = baseId; +    } + +    if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry) +        || StringUtils.isEmpty(destinationCountry)) { +      throw new EaafBuilderException("builder.00", +          new Object[] { "eIDAS-ID", +              "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" +                  + destinationCountry + ", Ursprungsland=" + sourceCountry }, +          "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland=" +              + destinationCountry + ", Ursprungsland=" + sourceCountry); +    } + +    log.trace("eIDAS pseudonym generation finished. "); +    final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk; + +    return Pair.newInstance(eIdentifier, bpkType); +  } +      private static String calculatebPKwbPK(final String basisbegriff) throws EaafBuilderException {      try {        final MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java index 988a78b6..8eef4a8e 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java @@ -19,26 +19,31 @@  package at.gv.egiz.eaaf.core.impl.idp.auth.data; +import java.text.ParseException;  import java.text.SimpleDateFormat;  import java.util.Date;  import java.util.HashMap;  import java.util.Map;  import java.util.TimeZone; +import javax.annotation.Nullable; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +  import at.gv.egiz.eaaf.core.api.data.EaafConstants;  import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants;  import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;  import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;  import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -  public class AuthProcessDataWrapper      implements IAuthProcessDataContainer, EaafAuthProcessDataConstants {    private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class); +  public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'"; +    protected Map<String, Object> authProcessData;    public AuthProcessDataWrapper(final Map<String, Object> authProcessData) { @@ -46,6 +51,11 @@ public class AuthProcessDataWrapper    } +  @Override +  public Date getIssueInstant() { +    return wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class); +  } +    /*     * (non-Javadoc)     * @@ -53,8 +63,9 @@ public class AuthProcessDataWrapper     * at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()     */    @Override -  public String getIssueInstant() { -    return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class); +  public String getIssueInstantString() { +    return buildDateTimeUtcString( +        wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class));    }    /* @@ -66,7 +77,8 @@ public class AuthProcessDataWrapper     */    @Override    public void setIssueInstant(final String issueInstant) { -    authProcessData.put(VALUE_ISSUEINSTANT, issueInstant); +    authProcessData.put(VALUE_ISSUEINSTANT, +        buildDateTimeUtcDate(issueInstant));    } @@ -79,7 +91,7 @@ public class AuthProcessDataWrapper     */    @Override    public void setIssueInstant(final Date issueInstant) { -    authProcessData.put(VALUE_ISSUEINSTANT, buildDateTimeUtc(issueInstant)); +    authProcessData.put(VALUE_ISSUEINSTANT, issueInstant);    } @@ -91,7 +103,7 @@ public class AuthProcessDataWrapper     */    @Override    public boolean isAuthenticated() { -    return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); +    return wrapStoredObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);    } @@ -116,7 +128,7 @@ public class AuthProcessDataWrapper     */    @Override    public IIdentityLink getIdentityLink() { -    return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); +    return wrapStoredObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);    } @@ -141,7 +153,7 @@ public class AuthProcessDataWrapper     */    @Override    public boolean isMandateUsed() { -    return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class); +    return wrapStoredObject(FLAG_USE_MANDATE, false, Boolean.class);    }    /* @@ -164,7 +176,7 @@ public class AuthProcessDataWrapper     */    @Override    public String getQaaLevel() { -    return wrapStringObject(VALUE_QAALEVEL, null, String.class); +    return wrapStoredObject(VALUE_QAALEVEL, null, String.class);    }    /* @@ -187,7 +199,7 @@ public class AuthProcessDataWrapper     */    @Override    public boolean isForeigner() { -    return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class); +    return wrapStoredObject(FLAG_IS_FOREIGNER, false, Boolean.class);    }    /* @@ -209,7 +221,7 @@ public class AuthProcessDataWrapper     */    @Override    public boolean isOW() { -    return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class); +    return wrapStoredObject(FLAG_IS_ORGANWALTER, false, Boolean.class);    }    /* @@ -225,7 +237,7 @@ public class AuthProcessDataWrapper    @Override    public boolean isEidProcess() { -    return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class); +    return wrapStoredObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class);    }    @Override @@ -242,7 +254,7 @@ public class AuthProcessDataWrapper     */    @Override    public Date getSessionCreated() { -    return wrapStringObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class); +    return wrapStoredObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class);    }    /* @@ -283,7 +295,7 @@ public class AuthProcessDataWrapper     */    @Override    public <T> T getGenericDataFromSession(final String key, final Class<T> clazz) { -    return wrapStringObject(GENERIC_PREFIX + key, null, clazz); +    return wrapStoredObject(GENERIC_PREFIX + key, null, clazz);    }    /* @@ -299,7 +311,7 @@ public class AuthProcessDataWrapper    } -  protected <T> T wrapStringObject(final String key, final Object defaultValue, +  protected <T> T wrapStoredObject(final String key, final Object defaultValue,        final Class<T> clazz) {      if (StringUtils.isNotEmpty(key)) {        final Object obj = authProcessData.get(key); @@ -322,16 +334,49 @@ public class AuthProcessDataWrapper    }    /** -   * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value. +   * Builds a {@link String} dateTime value in UTC from a {@link Date} value.     * -   * @param date the <code>Calendar</code> value -   * @return the <code>dateTime</code> value +   * @param date the {@link Date} that should be transformed +   * @return The {@link String} representation of the date in +   *     <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code>, or <code>null</code> if {@link Date} was <code>null</code>     */ -  public static String buildDateTimeUtc(final Date date) { +  @Nullable +  public static String buildDateTimeUtcString(@Nullable final Date date) { +    if (date == null) { +      return null; -    final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); -    f.setTimeZone(TimeZone.getTimeZone("UTC")); +    } +    final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT); +    f.setTimeZone(TimeZone.getTimeZone("UTC"));      return f.format(date.getTime()); + +  } + +  /** +   * Builds a {@link String} dateTime value in UTC from a {@link Date} value. +   * +   * @param date the {@link String} in <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code> +   *     format that should be transformed +   * @return The {@link Date} representation of the date, otherwise <code>null</code> +   *     if input parameter was <code>null</code> or invalid +   */ +  @Nullable +  public static Date buildDateTimeUtcDate(@Nullable final String date) { +    final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT); +    try { +      if (date != null) { +        return f.parse(date); + +      } + +    } catch (final ParseException e) { +      log.error("Can NOT parse Date from String: {}", date, null, e); + +    } + +    return null; +    } +  } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 817c7aa2..4c82adac 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -70,8 +70,8 @@ import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;  import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;  import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;  import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils;  import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;  @Service  public class ProtocolAuthenticationService implements IProtocolAuthenticationService { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java index 172d74a7..e18cc1a8 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java @@ -84,12 +84,16 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder {      Assert.isTrue(type != null, "bPKType is 'NULL'");      if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) {        return type.substring(EaafConstants.URN_PREFIX_WBPK.length()); +            } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) {        return type.substring(EaafConstants.URN_PREFIX_CDID.length()); +            } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {        return type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); +            } else {        return type; +            }    } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java index 3aedf9ab..48d7a3a3 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java @@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;  import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;  import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;  import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;  @PvpMetadata  public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder { @@ -46,7 +47,9 @@ public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder {      }      return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, -        EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); +        EID_SECTOR_FOR_IDENTIFIER_NAME,  +        BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(bpktype)); +        }    @Override diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java index 5dcbcb7e..708ef399 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java @@ -28,10 +28,6 @@ import java.util.Map.Entry;  import javax.annotation.PostConstruct; -import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; -  import org.apache.commons.lang3.StringUtils;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; @@ -42,6 +38,10 @@ import org.springframework.core.env.EnumerablePropertySource;  import org.springframework.core.env.Environment;  import org.springframework.core.env.PropertySource; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +  public abstract class AbstractSpringBootConfigurationImpl implements IConfigurationWithSP {    private static final Logger log = LoggerFactory.getLogger(AbstractSpringBootConfigurationImpl.class); @@ -114,7 +114,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat        return new URI(env.getRequiredProperty(addPrefixToKey(PROP_CONFIG_ROOT_DIR)));      } catch (IllegalStateException | URISyntaxException e) { -      log.warn("ConfigRootDirectory is NOT set"); +      log.warn("ConfigRootDirectory is NOT set", e);        return null;      } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java index adc8774a..f4494106 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java @@ -40,8 +40,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;  import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;  import at.gv.egiz.eaaf.core.exceptions.EaafException;  import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils;  import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;  import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;  import org.apache.commons.lang3.StringUtils; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java index 27bc829d..3eff8a7b 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java @@ -52,6 +52,8 @@ public class ExecutionContextImpl implements ExecutionContext {    /**     * Creates a new instance and associated it with a certain process instance. +   *  +   * @param processInstanceId ProcessInstanceId for this execution context.     */    public ExecutionContextImpl(final String processInstanceId) {      this.processInstanceId = processInstanceId; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java index afcc0a58..9ef88679 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java @@ -95,7 +95,7 @@ public class SpringWebExpressionEvaluator implements ExpressionEvaluator {       * @param delegate The original {@link ExpressionEvaluationContext} to be       *                 delegated to for {@code ctx['foo']} expressions.       */ -    public SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) { +    SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) {        this.delegate = delegate;      } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java index e1a02c64..01b063aa 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java @@ -239,6 +239,7 @@ public class DomUtils {     *                                          the same way it is accepted by the     *                                          <code>xsi:noNamespaceSchemaLocation</code>     *                                          attribute. +   * @param parserFeatures {@link Map} of features for XML parser     * @return The parsed XML document as a DOM tree.     * @throws SAXException                 An error occurred parsing the document.     * @throws IOException                  An error occurred reading the document. @@ -350,6 +351,7 @@ public class DomUtils {     *                                          decide what to do with parsing     *                                          errors. If <code>null</code>, it     *                                          will not be set. +   * @param parserFeatures {@link Map} of features for XML parser     * @return The parsed XML document as a DOM tree.     * @throws SAXException                 An error occurred parsing the document.     * @throws IOException                  An error occurred reading the document. @@ -622,6 +624,7 @@ public class DomUtils {     *                                          the same way it is accepted by the     *                                          <code>xsi:noNamespaceSchemaLocation</code>     *                                          attribute. +   * @param entityResolver external entity resolver implemention     * @return <code>true</code>, if the <code>element</code> validates against the     *         schemas declared in it.     * @throws SAXException                 An error occurred parsing the document. diff --git a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties index 1916a7fc..064554b9 100644 --- a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties +++ b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties @@ -1,6 +1,7 @@  eaaf.core.00=Requested URL: {0} is NOT allowed by configuration.  builder.08=Authentication process could NOT completed. Reason: {0} - - +builder.30=Decrypted bPK target: {0} does not match to required target: {1} +builder.31=Encrypted bPK has a suspect format and consists of #{0} elements +builder.32=bPK-target format must be full URI | 
