From 6be05460cfde0a3b8e616a5aacdee7703105b59c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 May 2020 11:19:00 +0200 Subject: add Pattern for encryped bPK target identifier and add new method into BpkBuilder --- .../core/impl/idp/auth/builder/BpkBuilder.java | 26 ++++++++++++++++ .../builder/attributes/BpkAttributeBuilder.java | 27 ++--------------- .../core/impl/idp/auth/builder/BpkBuilderTest.java | 35 ++++++++++++++++++++++ .../gv/egiz/eaaf/core/api/data/EaafConstants.java | 9 +++++- 4 files changed, 72 insertions(+), 25 deletions(-) diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java index fed4af32..7b9ffcf0 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java @@ -27,6 +27,7 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.Map.Entry; +import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -34,6 +35,7 @@ import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import org.apache.commons.lang3.StringUtils; +import org.springframework.util.Assert; import org.springframework.util.Base64Utils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; @@ -292,6 +294,30 @@ public class BpkBuilder { return targetIdentifier; } + /** + * Remove prefixes from bPK target identifier and get only the SP specific part. + * + * @param type full qualified bPK target with 'urn:publicid:gv.at:' prefix + * @return SP specific part, or full type if reduction is not supported + */ + @Nonnull + public static String removeBpkTypePrefix(@Nonnull final String type) { + Assert.isTrue(type != null, "bPKType is 'NULL'"); + if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + return type.substring(EaafConstants.URN_PREFIX_WBPK.length()); + + } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { + return type.substring(EaafConstants.URN_PREFIX_CDID.length()); + + } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { + return type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); + + } else { + return type; + + } + } + /** * Builds the eIDAS from the given parameters. * diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java index e18cc1a8..17919fc2 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java @@ -19,20 +19,17 @@ package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; -import javax.annotation.Nonnull; - import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.util.Assert; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; @PvpMetadata public class BpkAttributeBuilder implements IPvpAttributeBuilder { @@ -61,7 +58,7 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder { protected String getBpkForSP(final IAuthData authData) throws UnavailableAttributeException { final String bpk = attrMaxSize(authData.getBpk()); - final String type = removeBpkTypePrefix(authData.getBpkType()); + final String type = BpkBuilder.removeBpkTypePrefix(authData.getBpkType()); if (StringUtils.isEmpty(bpk)) { throw new UnavailableAttributeException(BPK_NAME); @@ -78,23 +75,5 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder { return attr; } - - @Nonnull - protected String removeBpkTypePrefix(@Nonnull final String type) { - Assert.isTrue(type != null, "bPKType is 'NULL'"); - if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { - return type.substring(EaafConstants.URN_PREFIX_WBPK.length()); - - } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { - return type.substring(EaafConstants.URN_PREFIX_CDID.length()); - - } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { - return type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); - - } else { - return type; - - } - - } + } diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java index 64c13781..df431186 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java @@ -450,4 +450,39 @@ public class BpkBuilderTest { } + @Test + public void removeBpkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong SP target without prefix", + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_CDID + spTarget)); + + } + + @Test + public void removeWpbkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(10); + Assert.assertEquals("Wrong SP target without prefix", + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_WBPK + spTarget)); + + } + + @Test + public void removeEidasPbkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(2) + "+" + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong SP target without prefix", + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_EIDAS + spTarget)); + + } + + @Test + public void removeUnknownPbkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(10); + Assert.assertEquals("Wrong SP target without prefix", + EaafConstants.URN_PREFIX_BASEID + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_BASEID + spTarget)); + + } } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java index 57375e01..7a8bc67c 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java @@ -45,16 +45,23 @@ public class EaafConstants { public static final String URN_PART_CDID = "cdid+"; public static final String URN_PART_WBPK = "wbpk+"; public static final String URN_PART_EIDAS = "eidasid+"; - + public static final String URN_PART_ECDID = "ecdid+"; + public static final String URN_PREFIX = "urn:publicid:gv.at"; public static final String URN_PREFIX_WITH_COLON = URN_PREFIX + ":"; public static final String URN_PREFIX_BASEID = URN_PREFIX_WITH_COLON + URN_PART_BASEID; public static final String URN_PREFIX_CDID = URN_PREFIX_WITH_COLON + URN_PART_CDID; + public static final String URN_PREFIX_ECDID = URN_PREFIX_WITH_COLON + URN_PART_ECDID; public static final String URN_PREFIX_BPK = URN_PREFIX_CDID + "bpk"; public static final String URN_PREFIX_WBPK = URN_PREFIX_WITH_COLON + URN_PART_WBPK; public static final String URN_PREFIX_EIDAS = URN_PREFIX_WITH_COLON + URN_PART_EIDAS; public static final String URN_PREFIX_OW_BPK = URN_PREFIX_CDID + "OW"; + /** + * encrypted bPK target identifier pattern with {0} as bPK target without prefix and {1} as VKZ/SourceId. + */ + public static final String URN_ECDID_TARGET_PATTERN = URN_PREFIX_ECDID + "{1}+{0}"; + public static final String URN_PREFIX_WBPK_TARGET_WITH_X = EaafConstants.URN_PREFIX_WBPK + "X"; private static final String WBPK_TARGET_FN = "FN"; private static final String WBPK_TARGET_ZVR = "ZVR"; -- cgit v1.2.3