diff options
| author | Thomas <> | 2022-05-12 13:56:38 +0200 |
|---|---|---|
| committer | Thomas <> | 2022-05-12 13:56:38 +0200 |
| commit | a988c0af75d96fdf03337b47a68b3a7876abfbac (patch) | |
| tree | b9cdc793c0204fe1f0027a83dd367e2f2ae2126e | |
| parent | cbcc63885156c0b4039d5e71f943e760faaa5d78 (diff) | |
| download | National_eIDAS_Gateway-a988c0af75d96fdf03337b47a68b3a7876abfbac.tar.gz National_eIDAS_Gateway-a988c0af75d96fdf03337b47a68b3a7876abfbac.tar.bz2 National_eIDAS_Gateway-a988c0af75d96fdf03337b47a68b3a7876abfbac.zip | |
refact(ernp): change configuration keys for SSL keystore
8 files changed, 107 insertions, 41 deletions
diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties index 2ea12b17..63f28373 100644 --- a/basicConfig/default_config.properties +++ b/basicConfig/default_config.properties @@ -17,26 +17,52 @@ eidas.ms.revisionlog.logIPAddressOfUser=true eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret -## eIDAS Ref. Implementation connector ### +############################################# +#### eIDAS Ref. Implementation connector #### eidas.ms.auth.eIDAS.eid.testidentity.default=false +## eIDAS Request configuration +eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=Austria + eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector eidas.ms.auth.eIDAS.node_v2.forward.endpoint= + +############################################# +#### eIDAS identity-matching ###### +# ZMR communication +eidas.ms.auth.eIDAS.zmrclient.endpoint= +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.type=pkcs12 +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.path=keys/.... +eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.password= +eidas.ms.auth.eIDAS.zmrclient.ssl.key.alias= +eidas.ms.auth.eIDAS.zmrclient.ssl.key.password= +eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr= + +# ERnP communication +eidas.ms.auth.eIDAS.ernpclient.endpoint= +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.type=pkcs12 +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.path=keys/.... +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.password= +eidas.ms.auth.eIDAS.ernpclient.ssl.key.alias= +eidas.ms.auth.eIDAS.ernpclient.ssl.key.password= +eidas.ms.auth.eIDAS.ernpclient.req.organisation.behoerdennr= + + +############################################# +#### SZR communication ###### eidas.ms.auth.eIDAS.szrclient.useTestService=true eidas.ms.auth.eIDAS.szrclient.endpoint.prod= eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.type=pkcs12 eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password= -eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= -eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= - -## eIDAS Request configuration -eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=Austria +eidas.ms.auth.eIDAS.szrclient.ssl.key.alias= +eidas.ms.auth.eIDAS.szrclient.ssl.key.password= -## E-AuthBlock configuration +############################################# +#### IDA-AuthBlock configuration ###### eidas.ms.auth.eIDAS.authblock.keystore.type=jks eidas.ms.auth.eIDAS.authblock.keystore.path=keys/teststore.jks eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s @@ -44,7 +70,8 @@ eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s -## PVP2 S-Profile end-point configuration +################################################# +#### PVP2 S-Profile end-point configuration #### eidas.ms.pvp2.keystore.type=jks eidas.ms.pvp2.keystore.path=keys/..... eidas.ms.pvp2.keystore.password= diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index 7b624d40..b4cb3bab 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -77,8 +77,13 @@ eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/hig #eidas.ms.auth.eIDAS.szrclient.useTestService=true #eidas.ms.auth.eIDAS.szrclient.endpoint.prod= #eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +#eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.type=jks #eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/junit.jks #eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password=password +#eidas.ms.auth.eIDAS.szrclient.ssl.key.alias= +#eidas.ms.auth.eIDAS.szrclient.ssl.key.password= + +#eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.type= #eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= #eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 @@ -105,21 +110,32 @@ eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject=false #eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.type=jks #eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.path=keys/junit.jks #eidas.ms.auth.eIDAS.zmrclient.ssl.keyStore.password=password +#eidas.ms.auth.eIDAS.zmrclient.ssl.key.alias= +#eidas.ms.auth.eIDAS.zmrclient.ssl.key.password= + +#eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.type= #eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.path= #eidas.ms.auth.eIDAS.zmrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.zmrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.zmrclient.timeout.response=30 + #eidas.ms.auth.eIDAS.zmrclient.req.organisation.behoerdennr=jUnit123456 -#eidas.ms.auth.eIDAS.zmrclient.req.update.reason.code=PERS_AENDERN -#eidas.ms.auth.eIDAS.zmrclient.req.update.reason.text=KITT for eIDAS Matching +eidas.ms.auth.eIDAS.zmrclient.req.update.reason.code=PERS_AENDERN +eidas.ms.auth.eIDAS.zmrclient.req.update.reason.text=KITT for eIDAS Matching +eidas.ms.auth.eIDAS.zmrclient.debug.logfullmessages=false + # ERnP communication #eidas.ms.auth.eIDAS.ernpclient.endpoint=http://localhost:1718/demoernp #eidas.ms.auth.eIDAS.ernpclient.req.organisation.behoerdennr=jUnit123456 -#eidas.ms.auth.eIDAS.client.common.ssl.keyStore.type=jks -#eidas.ms.auth.eIDAS.client.common.ssl.keyStore.path=../keystore/junit_test.jks -#eidas.ms.auth.eIDAS.client.common.ssl.keyStore.password=password -#eidas.ms.auth.eIDAS.client.common.ssl.key.alias=meta -#eidas.ms.auth.eIDAS.client.common.ssl.key.password=password +#eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.type=jks +#eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.path=../keystore/junit_test.jks +#eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.password=password +#eidas.ms.auth.eIDAS.ernpclient.ssl.key.alias=meta +#eidas.ms.auth.eIDAS.ernpclient.ssl.key.password=password +eidas.ms.client.http.connection.timeout.request=15 +eidas.ms.client.http.connection.timeout.socket=30 diff --git a/connector/src/test/resources/config/junit_config_1_springboot.properties b/connector/src/test/resources/config/junit_config_1_springboot.properties index d3f0d136..91e6d2bb 100644 --- a/connector/src/test/resources/config/junit_config_1_springboot.properties +++ b/connector/src/test/resources/config/junit_config_1_springboot.properties @@ -58,11 +58,11 @@ eidas.ms.auth.eIDAS.zmrclient.req.update.reason.code=EIDAS-KITT # ERnP communication eidas.ms.auth.eIDAS.ernpclient.endpoint=http://localhost:1718/demoernp eidas.ms.auth.eIDAS.ernpclient.req.organisation.behoerdennr=jUnit123456 -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.type=jks -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.path=keys/junit.jks -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.password=password -eidas.ms.auth.eIDAS.client.common.ssl.key.alias=meta -eidas.ms.auth.eIDAS.client.common.ssl.key.password=password +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.type=jks +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.ernpclient.ssl.key.alias=meta +eidas.ms.auth.eIDAS.ernpclient.ssl.key.password=password diff --git a/connector/src/test/resources/config/junit_config_2_springboot.properties b/connector/src/test/resources/config/junit_config_2_springboot.properties index 71a573e0..1569f0f6 100644 --- a/connector/src/test/resources/config/junit_config_2_springboot.properties +++ b/connector/src/test/resources/config/junit_config_2_springboot.properties @@ -58,11 +58,11 @@ eidas.ms.auth.eIDAS.zmrclient.req.update.reason.code=EIDAS-KITT # ERnP communication eidas.ms.auth.eIDAS.ernpclient.endpoint=http://localhost:1718/demoernp eidas.ms.auth.eIDAS.ernpclient.req.organisation.behoerdennr=jUnit123456 -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.type=jks -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.path=keys/junit.jks -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.password=password -eidas.ms.auth.eIDAS.client.common.ssl.key.alias=meta -eidas.ms.auth.eIDAS.client.common.ssl.key.password=password +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.type=jks +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.path=keys/junit.jks +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.ernpclient.ssl.key.alias=meta +eidas.ms.auth.eIDAS.ernpclient.ssl.key.password=password ## PVP2 S-Profile end-point configuration diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 0b5d086d..588ea912 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -170,6 +170,29 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_ERNPCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".ernpclient"; public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_ENDPOINT = CONIG_PROPS_EIDAS_ERNPCLIENT + ".endpoint"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PATH = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.keyStore.path"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PASSWORD = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.keyStore.password"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_TYPE = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.keyStore.type"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_NAME = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.keyStore.name"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.key.alias"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.key.password"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.trustStore.path"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.trustStore.password"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_TRUSTSTORE_TYPE = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.trustStore.type"; + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_ERNPCLIENT + + ".ssl.trustStore.name"; + + + public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_ERNPCLIENT + ".timeout.connection"; public static final String CONIG_PROPS_EIDAS_ERNPCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_ERNPCLIENT diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java index 4c4e3d87..6a732a0d 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/clients/ernp/ErnpRestClient.java @@ -809,16 +809,16 @@ public class ErnpRestClient implements IErnpClient { // Set keystore configuration config.buildKeyStoreConfig( - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_TYPE), - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_PATH), - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_PASSWORD), - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYSTORE_NAME)); + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_TYPE), + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PATH), + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_PASSWORD), + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYSTORE_NAME)); // Set key information config.setSslKeyAlias( - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEYS_ALIAS)); + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEYS_ALIAS)); config.setSslKeyPassword( - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_COMMON_CLIENT_SSL_KEY_PASSWORD)); + basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_ERNPCLIENT_SSL_KEY_PASSWORD)); // Set connection parameters // TODO: update EAAF-components to allow custom HTTP Connection-Timeouts diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties index d84777f3..6d97513a 100644 --- a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -104,11 +104,11 @@ eidas.ms.auth.eIDAS.zmrclient.req.update.reason.code=EIDAS-KITT # ERnP communication eidas.ms.auth.eIDAS.ernpclient.endpoint=http://localhost:1718/demoernp eidas.ms.auth.eIDAS.ernpclient.req.organisation.behoerdennr=jUnit123456 -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.type=jks -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.path=../keystore/junit_test.jks -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.password=password -eidas.ms.auth.eIDAS.client.common.ssl.key.alias=meta -eidas.ms.auth.eIDAS.client.common.ssl.key.password=password +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.type=jks +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.path=../keystore/junit_test.jks +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.ernpclient.ssl.key.alias=meta +eidas.ms.auth.eIDAS.ernpclient.ssl.key.password=password diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties index 0cc89a4a..22003513 100644 --- a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1_springboot.properties @@ -60,11 +60,11 @@ eidas.ms.auth.eIDAS.zmrclient.req.update.reason.text=KITT for eIDAS Matching # ERnP communication eidas.ms.auth.eIDAS.ernpclient.endpoint=http://localhost:1718/demoernp eidas.ms.auth.eIDAS.ernpclient.req.organisation.behoerdennr=jUnit123456 -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.type=jks -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.path=../keystore/junit_test.jks -eidas.ms.auth.eIDAS.client.common.ssl.keyStore.password=password -eidas.ms.auth.eIDAS.client.common.ssl.key.alias=meta -eidas.ms.auth.eIDAS.client.common.ssl.key.password=password +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.type=jks +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.path=../keystore/junit_test.jks +eidas.ms.auth.eIDAS.ernpclient.ssl.keyStore.password=password +eidas.ms.auth.eIDAS.ernpclient.ssl.key.alias=meta +eidas.ms.auth.eIDAS.ernpclient.ssl.key.password=password |