stuck on how to test

1 files changed, 89 insertions, 52 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 88c3515b..e4a22cbc 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -19,28 +19,10 @@
  * file for details on the various modules and licenses.
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
+ */
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
 
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
-
 import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
@@ -60,6 +42,8 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
@@ -67,20 +51,38 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
 import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
 import eu.eidas.auth.commons.attribute.AttributeValue;
 import eu.eidas.auth.commons.light.ILightResponse;
 import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
 import lombok.extern.slf4j.Slf4j;
+import lombok.val;
+import org.apache.commons.lang3.StringUtils;
+import org.joda.time.DateTime;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import szrservices.IdentityLinkType;
 import szrservices.PersonInfoType;
 import szrservices.TravelDocumentType;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.InputStream;
+import java.security.KeyStoreException;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
 /**
  * Task that creates the IdentityLink for an eIDAS authenticated person.
- * 
- * @author tlenz
  *
+ * @author tlenz
  */
 @Slf4j
 @Component("CreateIdentityLinkTask")
@@ -95,7 +97,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
   /*
    * (non-Javadoc)
-   * 
+   *
    * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.
    * egovernment.moa.id.process.api.ExecutionContext,
    * javax.servlet.http.HttpServletRequest,
@@ -103,7 +105,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
    */
   @Override
   public void execute(ExecutionContext executionContext,
-      HttpServletRequest request, HttpServletResponse response)
+                      HttpServletRequest request, HttpServletResponse response)
       throws TaskExecutionException {
     try {
       final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
@@ -217,43 +219,64 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           }
         }
 
-        final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
+        String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+        if (eidMode.equals("new")) {
 
-        final Element idlFromSzr = (Element) result.getAssertion();
-        identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
+          String vsz = szrClient.getEncryptedStammzahl(personInfo);
 
-        // write ERnB inputdata into revisionlog
-        if (basicConfig.getBasicConfigurationBoolean(
-            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
-          revisionsLogger.logEvent(pendingReq,
-              MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
-              (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
-          revisionsLogger.logEvent(pendingReq,
-              MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
+          // build Keystore
+          String pK64 = getPkFromKeystore();
+          // setzte Keystore in config ?path? lade rein
+          // key pair art siehe jose utils
 
-        }
 
-        // get bPK from SZR
-        if (basicConfig.getBasicConfigurationBoolean(
-            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
-          bpk = szrClient.getBpk(
-              personInfo,
-              pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
-              basicConfig.getBasicConfiguration(
-                  Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
-                  "no VKZ defined"));
+          String signedEidasBind = szrClient.getBcBind(vsz, pK64, "urn:eidgvat:eid.status.eidas"); //eidstatus TODO as config?
+
+          //build AuthBlock JWS
+          ObjectMapper mapper = new ObjectMapper();
+          String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
+
+//          JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern
 
         } else {
-          log.debug("Calculating bPK from baseId ... ");
-          new BpkBuilder();
-          final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(
-              identityLink.getIdentificationValue(),
-              identityLink.getIdentificationType(),
-              pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
-          bpk = bpkCalc.getFirst();
 
-        }
+          final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
 
+          final Element idlFromSzr = (Element) result.getAssertion();
+          identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
+
+          // write ERnB inputdata into revisionlog
+          if (basicConfig.getBasicConfigurationBoolean(
+              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
+            revisionsLogger.logEvent(pendingReq,
+                MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
+                (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+            revisionsLogger.logEvent(pendingReq,
+                MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
+
+          }
+
+          // get bPK from SZR
+          if (basicConfig.getBasicConfigurationBoolean(
+              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
+            bpk = szrClient.getBpk(
+                personInfo,
+                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
+                basicConfig.getBasicConfiguration(
+                    Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
+                    "no VKZ defined")).get(0);
+
+          } else {
+            log.debug("Calculating bPK from baseId ... ");
+            new BpkBuilder();
+            final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(
+                identityLink.getIdentificationValue(),
+                identityLink.getIdentificationType(),
+                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+            bpk = bpkCalc.getFirst();
+
+          }
+        }
       }
 
       if (identityLink == null) {
@@ -307,6 +330,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
     }
   }
 
+  private String getPkFromKeystore() throws EaafException, KeyStoreException {
+    EaafKeyStoreFactory keyStoreFactory = new EaafKeyStoreFactory();
+    KeyStoreConfiguration configuration = new KeyStoreConfiguration();
+
+    final String current = new java.io.File(".").toURI().toString();
+    configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
+
+    configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s");
+    configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
+    val ks = keyStoreFactory.buildNewKeyStore(configuration);
+    val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey();
+    return Base64.getEncoder().encodeToString(publicKey.getEncoded());
+  }
+
   private String extendBpkByPrefix(String bpk, String type) {
     String bpkType = null;