From bada55e1a4ee92bc05d55950836942ed6c3e97f6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 1 Apr 2020 09:05:40 +0200
Subject: fix wrong format in case of encrypted wbPKs

---
 .../core/impl/idp/auth/builder/BpkBuilder.java     | 57 ++++++++++++++--------
 1 file changed, 37 insertions(+), 20 deletions(-)

(limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java')

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
index bb8355ad..fed4af32 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java
@@ -52,6 +52,8 @@ import lombok.extern.slf4j.Slf4j;
 @Slf4j
 public class BpkBuilder {
     
+  private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI";
+  
   /**
    * Calculates an area specific unique person-identifier from a baseID.
    *
@@ -157,7 +159,7 @@ public class BpkBuilder {
    * Create an encrypted bPK.
    *
    * @param bpk       unencrypted bPK
-   * @param target    bPK target
+   * @param target    bPK target in full form
    * @param publicKey Public-Key used for encryption
    * @return encrypted bPK
    * @throws EaafBuilderException In case of an error
@@ -165,12 +167,17 @@ public class BpkBuilder {
   public static String encryptBpk(final String bpk, String target, final PublicKey publicKey)
       throws EaafBuilderException {
     final SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
-    if (target.startsWith(EaafConstants.URN_PREFIX_CDID)) {
-      target = target.substring(EaafConstants.URN_PREFIX_CDID.length());
+    
+    if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+      throw new EaafBuilderException("builder.32", 
+          null, ERROR_MSG_WRONG_TARGET_FORMAT);
+      
     }
+    
+    target = normalizeBpkTargetIdentifierToCalculationFormat(target);
 
     final String input =
-        "V1::urn:publicid:gv.at:cdid+" + target + "::" + bpk + "::" + sdf.format(new Date());
+        "V1::" + target + "::" + bpk + "::" + sdf.format(new Date());
     // System.out.println(input);
     byte[] result;
     try {
@@ -190,17 +197,23 @@ public class BpkBuilder {
    * Decrypt an encrypted bPK.
    *
    * @param encryptedBpk encrypted bPK
-   * @param target       bPK target
+   * @param target       bPK target in full form
    * @param privateKey   private-key for decryption
-   * @return bPK
+   * @return bPK Pair consists of (unique person identifier for this target,
+   *         targetArea) but never null
    * @throws EaafBuilderException In case of an error
    */
-  public static String decryptBpk(final String encryptedBpk, String target,
+  public static Pair<String, String> decryptBpk(final String encryptedBpk, String target,
       final PrivateKey privateKey) throws EaafBuilderException {
     String decryptedString;
+    
+    if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
+      throw new EaafBuilderException("builder.32", 
+          null, ERROR_MSG_WRONG_TARGET_FORMAT);
+      
+    }
+    
     try {
-      // byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false,
-      // "ISO-8859-1");
       final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1"));
       final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
       decryptedString = new String(decryptedBytes, "ISO-8859-1");
@@ -210,20 +223,24 @@ public class BpkBuilder {
 
     }
 
-    String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
-    final String sector = tmp.substring(0, tmp.indexOf("::"));
-    tmp = tmp.substring(tmp.indexOf("::") + 2);
-    final String bPK = tmp.substring(0, tmp.indexOf("::"));
-
-    if (target.startsWith(EaafConstants.URN_PREFIX_CDID + "+")) {
-      target = target.substring((EaafConstants.URN_PREFIX_CDID + "+").length());
+    String[] parts = decryptedString.split("::");
+    if (parts.length != 4) {
+      log.trace("Encrypted bPK has value: {}", decryptedString);
+      throw new EaafBuilderException("builder.31", new Object[] {parts.length}, 
+          "encBpk has a suspect format");
+      
     }
+    
+    final String sector = parts[1];
+    final String bPK = parts[2];
 
-    if (target.equals(sector)) {
-      return bPK;
+    if (target.equals(normalizeBpkTargetIdentifierToCommonFormat(sector))) {
+      return Pair.newInstance(bPK, target);
+      
     } else {
-      log.error("Decrypted bPK does not match to request bPK target.");
-      return null;
+      throw new EaafBuilderException("builder.30", new Object[] {sector, target}, 
+          "Decrypted bPK-target does not match");
+      
     }
   }
 
-- 
cgit v1.2.3