decryptBpk(final String encryptedBpk, String target,
final PrivateKey privateKey) throws EaafBuilderException {
String decryptedString;
if (!target.startsWith(EaafConstants.URN_PREFIX_WITH_COLON)) {
throw new EaafBuilderException("builder.32",
null, ERROR_MSG_WRONG_TARGET_FORMAT);
}
try {
final byte[] encryptedBytes = Base64Utils.decode(encryptedBpk.getBytes("ISO-8859-1"));
final byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
decryptedString = new String(decryptedBytes, "ISO-8859-1");
} catch (final Exception e) {
throw new EaafBuilderException("bPK decryption FAILED", null, e.getMessage(), e);
}
String[] parts = decryptedString.split("::");
if (parts.length != 4) {
log.trace("Encrypted bPK has value: {}", decryptedString);
throw new EaafBuilderException("builder.31", new Object[] {parts.length},
"encBpk has a suspect format");
}
final String sector = parts[1];
final String bPK = parts[2];
if (target.equals(normalizeBpkTargetIdentifierToCommonFormat(sector))) {
return Pair.newInstance(bPK, target);
} else {
throw new EaafBuilderException("builder.30", new Object[] {sector, target},
"Decrypted bPK-target does not match");
}
}
/**
* Normalize wbPK target identifier for FN, ZVR, and ERSB to XFN, XZVR, and XERSB.
*
* If the target is not of this types the target will be returned as it is
* @param targetIdentifier bPK input target
* @return XFN, XZVR, XERSB, or targetIdentfier if no normalization is required
*/
@Nullable
public static String normalizeBpkTargetIdentifierToCommonFormat(@Nullable String targetIdentifier) {
if (targetIdentifier != null
&& !targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X)) {
for (Entry mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
if (targetIdentifier.startsWith(mapper.getValue())) {
String wbpkTarget = mapper.getKey() + targetIdentifier.substring(mapper.getValue().length());
log.trace("Normalize wbPK target: {} to {}", targetIdentifier, wbpkTarget);
return wbpkTarget;
}
}
}
return targetIdentifier;
}
/**
* Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, ZVR, and ERSB.
*
* If the target is not of this types the target will be returned as it is
*
* @param targetIdentifier bPK input target
* @return FN, ZVR, ERSB, or targetIdentfier if no normalization is required
*/
@Nullable
public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String targetIdentifier) {
if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
for (Entry mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) {
if (targetIdentifier.startsWith(mapper.getKey())) {
String wbpkTarget = mapper.getValue() + targetIdentifier.substring(mapper.getKey().length());
log.trace("Find new wbPK target: {}. Replace it by: {}", targetIdentifier, wbpkTarget);
return wbpkTarget;
}
}
}
return targetIdentifier;
}
/**
* Remove prefixes from bPK target identifier and get only the SP specific part.
*
* @param type full qualified bPK target with 'urn:publicid:gv.at:' prefix
* @return SP specific part, or full type if reduction is not supported
*/
@Nonnull
public static String removeBpkTypePrefix(@Nonnull final String type) {
Assert.isTrue(type != null, "bPKType is 'NULL'");
if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) {
return type.substring(EaafConstants.URN_PREFIX_WBPK.length());
} else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) {
return type.substring(EaafConstants.URN_PREFIX_CDID.length());
} else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) {
return type.substring(EaafConstants.URN_PREFIX_EIDAS.length());
} else {
return type;
}
}
/**
* Builds the eIDAS from the given parameters.
*
* @param baseId baseID of the citizen
* @param baseIdType Type of the baseID
* @param sourceCountry CountryCode of that country, which build the eIDAs
* ID
* @param destinationCountry CountryCode of that country, which receives the
* eIDAs ID
*
* @return Pair eIDAs/bPKType in a BASE64 encoding
* @throws EaafBuilderException if some input data are not valid
*/
private static Pair buildEidasIdentifer(final String baseId,
final String baseIdType, final String sourceCountry, final String destinationCountry)
throws EaafBuilderException {
String bpk = null;
String bpkType = null;
// check if we have been called by public sector application
if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) {
bpkType = EaafConstants.URN_PREFIX_EIDAS + sourceCountry + "+" + destinationCountry;
log.debug("Building eIDAS identification from: [identValue]+" + bpkType);
bpk = calculatebPKwbPK(baseId + "+" + bpkType);
} else { // if not, sector identification value is already calculated by BKU
log.debug("eIDAS eIdentifier already provided by BKU");
bpk = baseId;
}
if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(sourceCountry)
|| StringUtils.isEmpty(destinationCountry)) {
throw new EaafBuilderException("builder.00",
new Object[] { "eIDAS-ID",
"Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
+ destinationCountry + ", Ursprungsland=" + sourceCountry },
"eIDAS-ID: Unvollständige Parameterangaben: identificationValue=" + bpk + ", Zielland="
+ destinationCountry + ", Ursprungsland=" + sourceCountry);
}
log.trace("eIDAS pseudonym generation finished. ");
final String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bpk;
return Pair.newInstance(eIdentifier, bpkType);
}
private static String calculatebPKwbPK(final String basisbegriff) throws EaafBuilderException {
try {
final MessageDigest md = MessageDigest.getInstance("SHA-1");
final byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
final String hashBase64 =
new String(Base64Utils.encode(hash), "ISO-8859-1").replaceAll("\r\n", ""); // Base64Utils.encode(hash);
return hashBase64;
} catch (final Exception ex) {
throw new EaafBuilderException("builder.00", new Object[] { "bPK/wbPK", ex.toString() },
ex.getMessage(), ex);
}
}
private static byte[] encrypt(final byte[] inputBytes, final PublicKey publicKey)
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
IllegalBlockSizeException, BadPaddingException {
byte[] result;
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
} catch (final NoSuchAlgorithmException e) {
cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
}
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
result = cipher.doFinal(inputBytes);
return result;
}
private static byte[] decrypt(final byte[] encryptedBytes, final PrivateKey privateKey)
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
IllegalBlockSizeException, BadPaddingException {
byte[] result;
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
} catch (final NoSuchAlgorithmException e) {
cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
}
cipher.init(Cipher.DECRYPT_MODE, privateKey);
result = cipher.doFinal(encryptedBytes);
return result;
}
}