some improvements

author: lalber <lukas.alber@iaik.tugraz.at> 2020-11-06 16:28:26 +0100
committer: lalber <lukas.alber@iaik.tugraz.at> 2020-11-06 16:28:26 +0100
commit: f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4 (patch)
tree: 78652eb9288596c5a5cd34d5bbdd1ca79f1ed56a /eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
parent: d40505ed35a8db7d242a8b218297e322350722b3 (diff)
download: National_eIDAS_Gateway-f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4.tar.gz
National_eIDAS_Gateway-f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4.tar.bz2
National_eIDAS_Gateway-f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4.zip
1 files changed, 40 insertions, 25 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index f060a4cf..8626c709 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -60,7 +60,6 @@ import eu.eidas.auth.commons.attribute.AttributeValue;
 import eu.eidas.auth.commons.light.ILightResponse;
 import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
 import lombok.extern.slf4j.Slf4j;
-import lombok.val;
 import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -77,6 +76,7 @@ import java.io.InputStream;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.Provider;
+import java.security.PublicKey;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.List;
@@ -102,7 +102,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
   EaafKeyStoreFactory keyStoreFactory;
 
   private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas";
-  Pair<KeyStore, Provider> ks;
 
   /*
    * (non-Javadoc)
@@ -119,8 +118,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
       final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
       final ILightResponse eidasResponse = authProcessData
           .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
-      String eidMode = pendingReq.getServiceProviderConfiguration()
-                                 .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+      boolean isNewEidMode = pendingReq.getServiceProviderConfiguration()
+                                       .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false);
 
 
       final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(
@@ -230,17 +229,31 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           }
         }
 
-        if (eidMode.equals("new")) {
-          String keyAlias = pendingReq.getServiceProviderConfiguration().getConfigurationValue(
-              MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME, "");
-          String keyPw = pendingReq.getServiceProviderConfiguration()
-                                    .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_PW, "");
+        if (isNewEidMode) {
+
+          // read Connector wide config data TODO connector wide!
+          String keyStoreAlias = basicConfig
+              .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME);
+          String keyStorePw = basicConfig
+              .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD);
+          String keyStorePath = basicConfig
+              .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PATH);
+          String keyStoreType = basicConfig
+              .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_TYPE);
+
 
           // get verschlüsselte Stammzahl
           String vsz = szrClient.getEncryptedStammzahl(personInfo);
 
           // build Keystore
-          String pk64 = getPkFromKeystore(keyAlias, keyPw);
+          Pair<KeyStore, Provider> keystoreProvider = initKeystore(keyStoreAlias, keyStorePw, keyStorePath,
+                                                                   keyStoreType);
+
+          // get pubKey
+          PublicKey publicKey = keystoreProvider.getFirst().getCertificate(keyStoreAlias).getPublicKey();
+
+          // encode pubKey base64
+          String pk64 = Base64.getEncoder().encodeToString(publicKey.getEncoded());
 
           // get eIDAS bind
           String signedEidasBind = szrClient.getBcBind(vsz, pk64, EID_STATUS);
@@ -250,7 +263,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
 
           String jwsSignature = JoseUtils
-              .createSignature(ks, keyAlias, keyPw.toCharArray(), jwsPayload, false, keyAlias);
+              .createSignature(keystoreProvider, keyStoreAlias, keyStorePw.toCharArray(), jwsPayload, false,
+                               keyStoreAlias);
 
           authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
           authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
@@ -275,8 +289,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
               .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
             bpk = szrClient
                 .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
-                        basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
-                                                          "no VKZ defined")).get(0);
+                        basicConfig
+                            .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"))
+                .get(0);
 
           } else {
             log.debug("Calculating bPK from baseId ... ");
@@ -292,7 +307,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
         }
       }
 
-      if (eidMode.equals("new")) {
+      if (isNewEidMode) {
         authProcessData.setForeigner(true);
         authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
             .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
@@ -305,7 +320,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           throw new SzrCommunicationException("ernb.00", null);
 
         }
-        revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
+        revisionsLogger.logEvent(pendingReq,
+                                 MsConnectorEventCodes.SZR_IDL_RECEIVED,
                                  identityLink.getSamlAssertion()
                                              .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
 
@@ -348,18 +364,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
     }
   }
 
-  private String getPkFromKeystore(String keyAlias, String keyPw) throws EaafException, KeyStoreException {
-    KeyStoreConfiguration configuration = new KeyStoreConfiguration();
+  private Pair<KeyStore, Provider> initKeystore(String keyAlias, String keyPw, String path, String type)
+      throws EaafException, KeyStoreException {
+    KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration();
 
     final String current = new java.io.File(".").toURI().toString();
-    configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
-    configuration.setSoftKeyStorePassword(keyPw); //TODO from config
-    configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
-    configuration.setFriendlyName(keyAlias);
-    configuration.setKeyStoreName(keyAlias);
-    ks = keyStoreFactory.buildNewKeyStore(configuration);
-    val publicKey = ks.getFirst().getCertificate(keyAlias).getPublicKey();
-    return Base64.getEncoder().encodeToString(publicKey.getEncoded());
+    keyStoreConfiguration.setSoftKeyStoreFilePath(current + path);
+    keyStoreConfiguration.setSoftKeyStorePassword(keyPw);
+    keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(type));
+    keyStoreConfiguration.setFriendlyName(keyAlias);
+    keyStoreConfiguration.setKeyStoreName(keyAlias);
+    return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
   }
 
   private String extendBpkByPrefix(String bpk, String type) {
author	lalber <lukas.alber@iaik.tugraz.at>	2020-11-06 16:28:26 +0100
committer	lalber <lukas.alber@iaik.tugraz.at>	2020-11-06 16:28:26 +0100
commit	f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4 (patch)
tree	78652eb9288596c5a5cd34d5bbdd1ca79f1ed56a /eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
parent	d40505ed35a8db7d242a8b218297e322350722b3 (diff)
download	National_eIDAS_Gateway-f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4.tar.gz National_eIDAS_Gateway-f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4.tar.bz2 National_eIDAS_Gateway-f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4.zip