summaryrefslogtreecommitdiff
path: root/eaaf_core/src/main
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-04-01 17:24:53 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-04-01 17:24:53 +0200
commitc972a8106bbff5dea9fecc76864be9a99a868d78 (patch)
tree6c9cfca3a7cd002d5fe6e4bbaf884b877ecaf5bf /eaaf_core/src/main
parentf4a941a0c4bbe6251a108612a4ee49607d6951fc (diff)
parent5945c62128c2cb9d552ad7b4c085c09d046d2d56 (diff)
downloadEAAF-Components-c972a8106bbff5dea9fecc76864be9a99a868d78.tar.gz
EAAF-Components-c972a8106bbff5dea9fecc76864be9a99a868d78.tar.bz2
EAAF-Components-c972a8106bbff5dea9fecc76864be9a99a868d78.zip
Merge branch 'nightlyBuild'
Diffstat (limited to 'eaaf_core/src/main')
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java4
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java15
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java40
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java216
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java93
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java4
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java5
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java10
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java2
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java3
-rw-r--r--eaaf_core/src/main/resources/messages/eaaf_core_messages.properties5
14 files changed, 265 insertions, 138 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java
index a7e4f6fe..b3e0c88f 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java
@@ -3,6 +3,8 @@ package at.gv.egiz.eaaf.core.api.utils;
import java.io.IOException;
import java.io.InputStream;
+import com.google.gson.JsonParseException;
+
import at.gv.egiz.eaaf.core.exceptions.EaafJsonMapperException;
public interface IJsonMapper {
@@ -23,6 +25,7 @@ public interface IJsonMapper {
* @param value the JSON string to deserialize
* @param clazz optional parameter that determines the type of the returned
* object. If not set, an {@link Object} is returned.
+ * @param <T> Response class type
* @return the deserialized JSON string as an object of type {@code clazz} or
* {@link Object}
* @throws JsonParseException if the JSON string contains invalid content.
@@ -39,6 +42,7 @@ public interface IJsonMapper {
* @param is the JSON to deserialize as {@link InputStream}
* @param clazz optional parameter that determines the type of the returned
* object. If not set, an {@link Object} is returned.
+ * @param <T> Response class type
* @return the deserialized JSON string as an object of type {@code clazz} or
* {@link Object}
* @throws JsonParseException if the JSON string contains invalid content.
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
index a6fe5ff0..677e3c46 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java
@@ -27,15 +27,16 @@ import java.util.Date;
import java.util.Map;
import java.util.TimeZone;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-
import org.apache.commons.collections4.map.HashedMap;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
+
/**
* Service-Provider specific authentication data.
*
@@ -48,6 +49,7 @@ public class AuthenticationData implements IAuthData, Serializable {
private static final long serialVersionUID = -1042697056735596866L;
public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+ public static final String ISSUE_INSTANT_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
private boolean isBaseIdTransferRestrication = true;
private final Map<String, Object> genericDataStorate = new HashedMap<>();
@@ -112,7 +114,7 @@ public class AuthenticationData implements IAuthData, Serializable {
@Override
public String getAuthenticationIssueInstantString() {
- final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+ final SimpleDateFormat f = new SimpleDateFormat(ISSUE_INSTANT_DATE_FORMAT);
f.setTimeZone(TimeZone.getTimeZone("UTC"));
return f.format(this.issueInstant);
@@ -292,7 +294,8 @@ public class AuthenticationData implements IAuthData, Serializable {
*/
@Deprecated
public void setBpkType(final String bpkType) {
- this.bpkType = bpkType;
+ this.bpkType = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(bpkType);
+
}
@Override
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
index 75b14489..c2f85fef 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java
@@ -26,6 +26,17 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Map.Entry;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.lang.NonNull;
+import org.springframework.util.Assert;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
@@ -49,17 +60,6 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.lang.NonNull;
-import org.springframework.util.Assert;
-import org.springframework.util.Base64Utils;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder {
private static final Logger log =
LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class);
@@ -726,21 +726,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati
PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);
if (StringUtils.isNotEmpty(pvpBpkTypeAttr)) {
- // //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal
- // implementations
- // if (pvpbPKTypeAttr.startsWith(EAAFConstants.URN_PREFIX_CDID) &&
- // !pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length(),
- // EAAFConstants.URN_PREFIX_CDID.length() + 1).equals("+")) {
- // log.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + "
- // Starting
- // attribute value correction ... ");
- // pvpbPKTypeAttr = EAAFConstants.URN_PREFIX_CDID + "+" +
- // pvpbPKTypeAttr.substring(EAAFConstants.URN_PREFIX_CDID.length() + 1);
- //
- // }
- log.debug(
- "Find PVP-Attr: " + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
- return pvpBpkTypeAttr;
+ log.debug("Find PVP-Attr: {}", PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
+ return BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(pvpBpkTypeAttr);
+
}
return null;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
index a613bd56..fed4af32 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
@@ -25,20 +25,22 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Date;
+import java.util.Map.Entry;
+import javax.annotation.Nullable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.util.Base64Utils;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import lombok.extern.slf4j.Slf4j;
+
/**
* Builder for the bPK, as defined in
@@ -47,9 +49,11 @@ import at.gv.egiz.eaaf.core.impl.data.Pair;
* <code>&quot;reference.e-government.gv.at&quot;</code>.
*
*/
+@Slf4j
public class BpkBuilder {
- private static final Logger log = LoggerFactory.getLogger(BpkBuilder.class);
-
+
+ private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI";
+
/**
* Calculates an area specific unique person-identifier from a baseID.
*
@@ -100,12 +104,17 @@ public class BpkBuilder {
if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) {
log.trace("Find baseID. Starting unique identifier caluclation for this target");
- if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)
- || targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
- log.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier);
+ if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)) {
+ log.trace("Calculate bPK identifier for target: " + targetIdentifier);
return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier),
targetIdentifier);
+ } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
+ log.trace("Calculate wbPK identifier for target: " + targetIdentifier);
+ return Pair.newInstance(calculatebPKwbPK(
+ baseID + "+" + normalizeBpkTargetIdentifierToCalculationFormat(targetIdentifier)),
+ normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier));
+
} else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {
log.trace("Calculate eIDAS identifier for target: " + targetIdentifier);
final String[] splittedTarget = targetIdentifier.split("\\+");
@@ -144,57 +153,13 @@ public class BpkBuilder {
}
}
- /**
- * Builds the eIDAS from the given parameters.
- *
- * @param baseId baseID of the citizen
- * @param baseIdType Type of the baseID
- * @param sourceCountry CountryCode of that country, which build the eIDAs
- * ID
- * @param destinationCountry CountryCode of that country, which receives the
- * eIDAs ID
- *
- * @return Pair eIDAs/bPKType in a BASE64 encoding
- * @throws EaafBuilderException if some input data are not valid
- */
- private static Pair<String, String> buildEidasIdentifer(final String baseId,
- final String baseIdType, final String sourceCountry, final String destinationCountry)
- throws EaafBuilderException {
- String bpk = null;
- String bpkType = null;
- // check if we have been called by public sector application
- if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) {
- bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry;
- log.debug("Building eIDAS identification from: [identValue]+" + bpkType);
- bpk = calculatebPKwbPK(baseId + "+" + bpkType);
-
- } else { // if not, sector identification value is already calculated by BKU
- log.debug("eIDAS eIdentifier already provided by BKU");
- bpk = baseId;
- }
-
- if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry)
- || StringUtils.isEmpty(destinationCountry)) {
- throw new EaafBuilderException("builder.00",
- new Object[] { "eIDAS-ID",
- "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
- + destinationCountry + ", Ursprungsland=" + sourceCountry },
- "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
- + destinationCountry + ", Ursprungsland=" + sourceCountry);
- }
-
- log.trace("eIDAS pseudonym generation finished. ");
- final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk;
-
- return Pair.newInstance(eIdentifier, bpkType);
- }
/**
* Create an encrypted bPK.
*
* @param bpk unencrypted bPK
- * @param target bPK target
+ * @param target bPK target in full form
* @param publicKey Public-Key used for encryption
* @return encrypted bPK
* @throws EaafBuilderException In case of an error
@@ -202,12 +167,17 @@ public class BpkBuilder {
public static String encryptBpk(final String bpk, String target, final PublicKey publicKey)
throws EaafBuilderException {
final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
- if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) {
- target = target.substring(EaafConstants.URN_PREFIX_CDID.length());
+
+ if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+ throw new EaafBuilderException("builder.32",
+ null, ERROR_MSG_WRONG_TARGET_FORMAT);
+
}
+
+ target = normalizeBpkTargetIdentifierToCalculationFormat(target);
final String input =
- "V1::urn:publicid:gv.at:cdid+" + target + "::" + bpk + "::" + sdf.format(new Date());
+ "V1::" + target + "::" + bpk + "::" + sdf.format(new Date());
// System.out.println(input);
byte[] result;
try {
@@ -227,17 +197,23 @@ public class BpkBuilder {
* Decrypt an encrypted bPK.
*
* @param encryptedBpk encrypted bPK
- * @param target bPK target
+ * @param target bPK target in full form
* @param privateKey private-key for decryption
- * @return bPK
+ * @return bPK Pair consists of (unique person identifier for this target,
+ * targetArea) but never null
* @throws EaafBuilderException In case of an error
*/
- public static String decryptBpk(final String encryptedBpk, String target,
+ public static Pair<String, String> decryptBpk(final String encryptedBpk, String target,
final PrivateKey privateKey) throws EaafBuilderException {
String decryptedString;
+
+ if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+ throw new EaafBuilderException("builder.32",
+ null, ERROR_MSG_WRONG_TARGET_FORMAT);
+
+ }
+
try {
- // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false,
- // "ISO-8859-1");
final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1"));
final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
decryptedString = new String(decryptedBytes, "ISO-8859-1");
@@ -247,23 +223,121 @@ public class BpkBuilder {
}
- String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
- final String sector = tmp.substring(0, tmp.indexOf("::"));
- tmp = tmp.substring(tmp.indexOf("::") + 2);
- final String bPK = tmp.substring(0, tmp.indexOf("::"));
-
- if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) {
- target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length());
+ String[] parts = decryptedString.split("::");
+ if (parts.length != 4) {
+ log.trace("Encrypted bPK has value: {}", decryptedString);
+ throw new EaafBuilderException("builder.31", new Object[] {parts.length},
+ "encBpk has a suspect format");
+
}
+
+ final String sector = parts[1];
+ final String bPK = parts[2];
- if (target.equals(sector)) {
- return bPK;
+ if (target.equals(normalizeBpkTargetIdentifierToCommonFormat(sector))) {
+ return Pair.newInstance(bPK, target);
+
} else {
- log.error("Decrypted bPK does not match to request bPK target.");
- return null;
+ throw new EaafBuilderException("builder.30", new Object[] {sector, target},
+ "Decrypted bPK-target does not match");
+
}
}
+ /**
+ * Normalize wbPK target identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB.
+ *
+ * <p>If the target is not of this types the target will be returned as it is</p>
+ * @param targetIdentifier bPK input target
+ * @return XFN, XZVR, XERSB, or targetIdentfier if no normalization is required
+ */
+ @Nullable
+ public static String normalizeBpkTargetIdentifierToCommonFormat(@Nullable String targetIdentifier) {
+ if (targetIdentifier != null
+ && !targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X)) {
+ for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
+ if (targetIdentifier.startsWith(mapper.getValue())) {
+ String wbpkTarget = mapper.getKey() + targetIdentifier.substring(mapper.getValue().length());
+ log.trace("Normalize wbPK target: {} to {}", targetIdentifier, wbpkTarget);
+ return wbpkTarget;
+
+ }
+ }
+ }
+
+ return targetIdentifier;
+ }
+
+ /**
+ * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, ZVR, and ERSB.
+ *
+ * <p>If the target is not of this types the target will be returned as it is</p>
+ *
+ * @param targetIdentifier bPK input target
+ * @return FN, ZVR, ERSB, or targetIdentfier if no normalization is required
+ */
+ @Nullable
+ public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String targetIdentifier) {
+ if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
+ for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
+ if (targetIdentifier.startsWith(mapper.getKey())) {
+ String wbpkTarget = mapper.getValue() + targetIdentifier.substring(mapper.getKey().length());
+ log.trace("Find new wbPK target: {}. Replace it by: {}", targetIdentifier, wbpkTarget);
+ return wbpkTarget;
+
+ }
+ }
+ }
+
+ return targetIdentifier;
+ }
+
+ /**
+ * Builds the eIDAS from the given parameters.
+ *
+ * @param baseId baseID of the citizen
+ * @param baseIdType Type of the baseID
+ * @param sourceCountry CountryCode of that country, which build the eIDAs
+ * ID
+ * @param destinationCountry CountryCode of that country, which receives the
+ * eIDAs ID
+ *
+ * @return Pair eIDAs/bPKType in a BASE64 encoding
+ * @throws EaafBuilderException if some input data are not valid
+ */
+ private static Pair<String, String> buildEidasIdentifer(final String baseId,
+ final String baseIdType, final String sourceCountry, final String destinationCountry)
+ throws EaafBuilderException {
+ String bpk = null;
+ String bpkType = null;
+
+ // check if we have been called by public sector application
+ if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) {
+ bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry;
+ log.debug("Building eIDAS identification from: [identValue]+" + bpkType);
+ bpk = calculatebPKwbPK(baseId + "+" + bpkType);
+
+ } else { // if not, sector identification value is already calculated by BKU
+ log.debug("eIDAS eIdentifier already provided by BKU");
+ bpk = baseId;
+ }
+
+ if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry)
+ || StringUtils.isEmpty(destinationCountry)) {
+ throw new EaafBuilderException("builder.00",
+ new Object[] { "eIDAS-ID",
+ "Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
+ + destinationCountry + ", Ursprungsland=" + sourceCountry },
+ "eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
+ + destinationCountry + ", Ursprungsland=" + sourceCountry);
+ }
+
+ log.trace("eIDAS pseudonym generation finished. ");
+ final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk;
+
+ return Pair.newInstance(eIdentifier, bpkType);
+ }
+
private static String calculatebPKwbPK(final String basisbegriff) throws EaafBuilderException {
try {
final MessageDigest md = MessageDigest.getInstance("SHA-1");
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
index 988a78b6..8eef4a8e 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java
@@ -19,26 +19,31 @@
package at.gv.egiz.eaaf.core.impl.idp.auth.data;
+import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.TimeZone;
+import javax.annotation.Nullable;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.EaafAuthProcessDataConstants;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
public class AuthProcessDataWrapper
implements IAuthProcessDataContainer, EaafAuthProcessDataConstants {
private static final Logger log = LoggerFactory.getLogger(AuthProcessDataWrapper.class);
+ public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ss'Z'";
+
protected Map<String, Object> authProcessData;
public AuthProcessDataWrapper(final Map<String, Object> authProcessData) {
@@ -46,6 +51,11 @@ public class AuthProcessDataWrapper
}
+ @Override
+ public Date getIssueInstant() {
+ return wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class);
+ }
+
/*
* (non-Javadoc)
*
@@ -53,8 +63,9 @@ public class AuthProcessDataWrapper
* at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
*/
@Override
- public String getIssueInstant() {
- return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
+ public String getIssueInstantString() {
+ return buildDateTimeUtcString(
+ wrapStoredObject(VALUE_ISSUEINSTANT, null, Date.class));
}
/*
@@ -66,7 +77,8 @@ public class AuthProcessDataWrapper
*/
@Override
public void setIssueInstant(final String issueInstant) {
- authProcessData.put(VALUE_ISSUEINSTANT, issueInstant);
+ authProcessData.put(VALUE_ISSUEINSTANT,
+ buildDateTimeUtcDate(issueInstant));
}
@@ -79,7 +91,7 @@ public class AuthProcessDataWrapper
*/
@Override
public void setIssueInstant(final Date issueInstant) {
- authProcessData.put(VALUE_ISSUEINSTANT, buildDateTimeUtc(issueInstant));
+ authProcessData.put(VALUE_ISSUEINSTANT, issueInstant);
}
@@ -91,7 +103,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isAuthenticated() {
- return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
}
@@ -116,7 +128,7 @@ public class AuthProcessDataWrapper
*/
@Override
public IIdentityLink getIdentityLink() {
- return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
+ return wrapStoredObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
}
@@ -141,7 +153,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isMandateUsed() {
- return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
+ return wrapStoredObject(FLAG_USE_MANDATE, false, Boolean.class);
}
/*
@@ -164,7 +176,7 @@ public class AuthProcessDataWrapper
*/
@Override
public String getQaaLevel() {
- return wrapStringObject(VALUE_QAALEVEL, null, String.class);
+ return wrapStoredObject(VALUE_QAALEVEL, null, String.class);
}
/*
@@ -187,7 +199,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isForeigner() {
- return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_FOREIGNER, false, Boolean.class);
}
/*
@@ -209,7 +221,7 @@ public class AuthProcessDataWrapper
*/
@Override
public boolean isOW() {
- return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
}
/*
@@ -225,7 +237,7 @@ public class AuthProcessDataWrapper
@Override
public boolean isEidProcess() {
- return wrapStringObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class);
+ return wrapStoredObject(FLAG_IS_NEW_EID_PROCESS, false, Boolean.class);
}
@Override
@@ -242,7 +254,7 @@ public class AuthProcessDataWrapper
*/
@Override
public Date getSessionCreated() {
- return wrapStringObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class);
+ return wrapStoredObject(EaafConstants.AUTH_DATA_CREATED, null, Date.class);
}
/*
@@ -283,7 +295,7 @@ public class AuthProcessDataWrapper
*/
@Override
public <T> T getGenericDataFromSession(final String key, final Class<T> clazz) {
- return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
+ return wrapStoredObject(GENERIC_PREFIX + key, null, clazz);
}
/*
@@ -299,7 +311,7 @@ public class AuthProcessDataWrapper
}
- protected <T> T wrapStringObject(final String key, final Object defaultValue,
+ protected <T> T wrapStoredObject(final String key, final Object defaultValue,
final Class<T> clazz) {
if (StringUtils.isNotEmpty(key)) {
final Object obj = authProcessData.get(key);
@@ -322,16 +334,49 @@ public class AuthProcessDataWrapper
}
/**
- * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value.
+ * Builds a {@link String} dateTime value in UTC from a {@link Date} value.
*
- * @param date the <code>Calendar</code> value
- * @return the <code>dateTime</code> value
+ * @param date the {@link Date} that should be transformed
+ * @return The {@link String} representation of the date in
+ * <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code>, or <code>null</code> if {@link Date} was <code>null</code>
*/
- public static String buildDateTimeUtc(final Date date) {
+ @Nullable
+ public static String buildDateTimeUtcString(@Nullable final Date date) {
+ if (date == null) {
+ return null;
- final SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
- f.setTimeZone(TimeZone.getTimeZone("UTC"));
+ }
+ final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT);
+ f.setTimeZone(TimeZone.getTimeZone("UTC"));
return f.format(date.getTime());
+
+ }
+
+ /**
+ * Builds a {@link String} dateTime value in UTC from a {@link Date} value.
+ *
+ * @param date the {@link String} in <code>yyyy-MM-dd'T'HH:mm:ss'Z'</code>
+ * format that should be transformed
+ * @return The {@link Date} representation of the date, otherwise <code>null</code>
+ * if input parameter was <code>null</code> or invalid
+ */
+ @Nullable
+ public static Date buildDateTimeUtcDate(@Nullable final String date) {
+ final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT);
+ try {
+ if (date != null) {
+ return f.parse(date);
+
+ }
+
+ } catch (final ParseException e) {
+ log.error("Can NOT parse Date from String: {}", date, null, e);
+
+ }
+
+ return null;
+
}
+
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 817c7aa2..4c82adac 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -70,8 +70,8 @@ import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;
@Service
public class ProtocolAuthenticationService implements IProtocolAuthenticationService {
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java
index 172d74a7..e18cc1a8 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java
@@ -84,12 +84,16 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder {
Assert.isTrue(type != null, "bPKType is 'NULL'");
if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
return type.substring(EaafConstants.URN_PREFIX_WBPK.length());
+
} else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) {
return type.substring(EaafConstants.URN_PREFIX_CDID.length());
+
} else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {
return type.substring(EaafConstants.URN_PREFIX_EIDAS.length());
+
} else {
return type;
+
}
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java
index 3aedf9ab..48d7a3a3 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java
@@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
@PvpMetadata
public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder {
@@ -46,7 +47,9 @@ public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder {
}
return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
+ EID_SECTOR_FOR_IDENTIFIER_NAME,
+ BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(bpktype));
+
}
@Override
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
index 5dcbcb7e..708ef399 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/AbstractSpringBootConfigurationImpl.java
@@ -28,10 +28,6 @@ import java.util.Map.Entry;
import javax.annotation.PostConstruct;
-import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
-
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -42,6 +38,10 @@ import org.springframework.core.env.EnumerablePropertySource;
import org.springframework.core.env.Environment;
import org.springframework.core.env.PropertySource;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
public abstract class AbstractSpringBootConfigurationImpl implements IConfigurationWithSP {
private static final Logger log = LoggerFactory.getLogger(AbstractSpringBootConfigurationImpl.class);
@@ -114,7 +114,7 @@ public abstract class AbstractSpringBootConfigurationImpl implements IConfigurat
return new URI(env.getRequiredProperty(addPrefixToKey(PROP_CONFIG_ROOT_DIR)));
} catch (IllegalStateException | URISyntaxException e) {
- log.warn("ConfigRootDirectory is NOT set");
+ log.warn("ConfigRootDirectory is NOT set", e);
return null;
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
index adc8774a..f4494106 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
@@ -40,8 +40,8 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
-import at.gv.egiz.eaaf.core.impl.utils.HttpUtils;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
import org.apache.commons.lang3.StringUtils;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
index 27bc829d..3eff8a7b 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ExecutionContextImpl.java
@@ -52,6 +52,8 @@ public class ExecutionContextImpl implements ExecutionContext {
/**
* Creates a new instance and associated it with a certain process instance.
+ *
+ * @param processInstanceId ProcessInstanceId for this execution context.
*/
public ExecutionContextImpl(final String processInstanceId) {
this.processInstanceId = processInstanceId;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
index afcc0a58..9ef88679 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/springweb/SpringWebExpressionEvaluator.java
@@ -95,7 +95,7 @@ public class SpringWebExpressionEvaluator implements ExpressionEvaluator {
* @param delegate The original {@link ExpressionEvaluationContext} to be
* delegated to for {@code ctx['foo']} expressions.
*/
- public SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) {
+ SpringWebExpressionEvaluationContext(final ExpressionEvaluationContext delegate) {
this.delegate = delegate;
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
index e1a02c64..01b063aa 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
@@ -239,6 +239,7 @@ public class DomUtils {
* the same way it is accepted by the
* <code>xsi:noNamespaceSchemaLocation</code>
* attribute.
+ * @param parserFeatures {@link Map} of features for XML parser
* @return The parsed XML document as a DOM tree.
* @throws SAXException An error occurred parsing the document.
* @throws IOException An error occurred reading the document.
@@ -350,6 +351,7 @@ public class DomUtils {
* decide what to do with parsing
* errors. If <code>null</code>, it
* will not be set.
+ * @param parserFeatures {@link Map} of features for XML parser
* @return The parsed XML document as a DOM tree.
* @throws SAXException An error occurred parsing the document.
* @throws IOException An error occurred reading the document.
@@ -622,6 +624,7 @@ public class DomUtils {
* the same way it is accepted by the
* <code>xsi:noNamespaceSchemaLocation</code>
* attribute.
+ * @param entityResolver external entity resolver implemention
* @return <code>true</code>, if the <code>element</code> validates against the
* schemas declared in it.
* @throws SAXException An error occurred parsing the document.
diff --git a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
index 1916a7fc..064554b9 100644
--- a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
+++ b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties
@@ -1,6 +1,7 @@
eaaf.core.00=Requested URL: {0} is NOT allowed by configuration.
builder.08=Authentication process could NOT completed. Reason: {0}
-
-
+builder.30=Decrypted bPK target: {0} does not match to required target: {1}
+builder.31=Encrypted bPK has a suspect format and consists of #{0} elements
+builder.32=bPK-target format must be full URI