From 19bc544de503af5992d045a699a1f2bcc1eaf505 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Mar 2020 13:58:43 +0100 Subject: inject X509 certificates into JOSE signature-verification response if available --- .../java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 1b1f090f..ccb650b3 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -230,7 +230,7 @@ public class JsonSecurityUtils implements IJoseTools { jws.setKey(selectedKey); // load payLoad - return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), null, jws.verifySignature()); + return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature()); } -- cgit v1.2.3 From 5742681b60c6f99efa0040c42e514005596ffb34 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 19 Mar 2020 15:59:15 +0100 Subject: inject authType parameter in VDA request to select a specific authentication method --- .../modules/auth/sl20/utils/SL20Constants.java | 45 ++++++++++++++++++++++ 1 file changed, 45 insertions(+) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index 01316b9b..ec5dbf2e 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -4,6 +4,8 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; +import javax.annotation.Nonnull; + import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; import org.jose4j.jws.AlgorithmIdentifiers; @@ -11,10 +13,53 @@ import org.jose4j.jws.AlgorithmIdentifiers; public class SL20Constants { public static final int CURRENT_SL20_VERSION = 10; + // http binding parameters public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; + public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype"; + public enum VdaAuthMethod { + ANY("any"), MOBILEPHONE("handy"), CARD("card"); + + private final String authMethod; + + VdaAuthMethod(final String method) { + this.authMethod = method; + } + + /** + * Get VDA AuthMethod. + * + * @return + */ + public String getAuthMethod() { + return this.authMethod; + } + + /** + * Get VDA authmethod from String representation. + * + * @param s authMethod parameter + * @return AuthMethod, or VdaAuthMethod.ANY if the parameter is unknown + */ + public static VdaAuthMethod fromString(@Nonnull final String s) { + try { + return VdaAuthMethod.valueOf(s.toUpperCase()); + + } catch (IllegalArgumentException | NullPointerException e) { + return VdaAuthMethod.ANY; + + } + } + + @Override + public String toString() { + return getAuthMethod(); + + } + } + public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl"; public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; -- cgit v1.2.3 From efa9cafcc8cab417efcc8a0a610e82e7578d64fc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 19 Mar 2020 16:07:10 +0100 Subject: codestyle problem --- .../main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java | 1 + 1 file changed, 1 insertion(+) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index ec5dbf2e..5c3fa705 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -19,6 +19,7 @@ public class SL20Constants { public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype"; + public enum VdaAuthMethod { ANY("any"), MOBILEPHONE("handy"), CARD("card"); -- cgit v1.2.3 From b3157cfd92685303de5aa05f05a66ec933d21266 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 19 Mar 2020 17:30:45 +0100 Subject: add 'smartphone' as parameter for authType on VDA side --- .../java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index 5c3fa705..bfc393db 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -21,7 +21,7 @@ public class SL20Constants { public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype"; public enum VdaAuthMethod { - ANY("any"), MOBILEPHONE("handy"), CARD("card"); + ANY("any"), MOBILEPHONE("handy"), CARD("card"), SMARTPHONE("smartphone"); private final String authMethod; -- cgit v1.2.3 From f3792e2ffbfbf0dea3d2ede7b311acdefc1c19fd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 20 Mar 2020 13:51:57 +0100 Subject: add JOSE header into JWS verificationresult DAO --- .../modules/auth/sl20/utils/JsonSecurityUtils.java | 37 ++++++++++++---------- 1 file changed, 20 insertions(+), 17 deletions(-) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index ccb650b3..43c44647 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -13,22 +13,6 @@ import java.util.List; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.utils.X509Utils; -import at.gv.egiz.eaaf.modules.auth.sl20.Constants; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; - import org.apache.commons.lang3.StringUtils; import org.jose4j.jca.ProviderContext; import org.jose4j.jwa.AlgorithmConstraints; @@ -50,6 +34,22 @@ import org.springframework.util.Base64Utils; import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; +import at.gv.egiz.eaaf.modules.auth.sl20.Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; + @Service public class JsonSecurityUtils implements IJoseTools { private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class); @@ -230,7 +230,10 @@ public class JsonSecurityUtils implements IJoseTools { jws.setKey(selectedKey); // load payLoad - return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature()); + return new VerificationResult( + mapper.getMapper().readTree(jws.getHeaders().getFullHeaderAsJsonString()), + mapper.getMapper().readTree(jws.getPayload()), + x5cCerts, jws.verifySignature()); } -- cgit v1.2.3 From a382287bb7f061bb2a26c095e8e17b324efcb4cf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 26 Mar 2020 12:36:36 +0100 Subject: fix codestyle --- .../at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java | 1 + .../at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java | 2 ++ 2 files changed, 3 insertions(+) (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils') diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java index eb17781b..d76f4aad 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonBuilderUtils.java @@ -105,6 +105,7 @@ public class SL20JsonBuilderUtils { * @param name commando name * @param result commando result * @param encryptedResult encrypted commando result + * @param signer {@link JsonSecurityUtils} implementation * @return JWS in serialized form * @throws SlCommandoBuildException in case of an error * diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index eb6de461..40ea0430 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -63,6 +63,7 @@ public class SL20JsonExtractorUtils { * @param input JSON * @param keyID Element identifier * @param isRequired true, if the element must not null + * @param defaultValue in case of no existing element with key * @return Boolean * @throws SlCommandoParserException In case of an error */ @@ -269,6 +270,7 @@ public class SL20JsonExtractorUtils { * * @param container JSON * @param joseTools JWS implementation + * @param mustBeSigned Throw an error if the result was not signed * @return Signature verification result that contains the payLoad * @throws SlCommandoParserException In case of an error */ -- cgit v1.2.3