diff options
author | lalber <lukas.alber@iaik.tugraz.at> | 2020-10-20 07:47:44 +0200 |
---|---|---|
committer | lalber <lukas.alber@iaik.tugraz.at> | 2020-10-20 07:47:44 +0200 |
commit | f696b4085fd10b3b9d627437f439b222903e13e1 (patch) | |
tree | 16ab04251dab734e2ce0614a4c71668f3b68ae81 /eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java | |
parent | 8ff69c460d5081feb3ece7757b3673ae81cde7da (diff) | |
download | National_eIDAS_Gateway-f696b4085fd10b3b9d627437f439b222903e13e1.tar.gz National_eIDAS_Gateway-f696b4085fd10b3b9d627437f439b222903e13e1.tar.bz2 National_eIDAS_Gateway-f696b4085fd10b3b9d627437f439b222903e13e1.zip |
stuck on how to test
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java')
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java | 141 |
1 files changed, 89 insertions, 52 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 88c3515b..e4a22cbc 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -19,28 +19,10 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; -import java.io.InputStream; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; - import at.asitplus.eidas.specific.connector.MsConnectorEventCodes; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; @@ -60,6 +42,8 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; @@ -67,20 +51,38 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; +import lombok.val; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node; import szrservices.IdentityLinkType; import szrservices.PersonInfoType; import szrservices.TravelDocumentType; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.InputStream; +import java.security.KeyStoreException; +import java.util.Base64; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + /** * Task that creates the IdentityLink for an eIDAS authenticated person. - * - * @author tlenz * + * @author tlenz */ @Slf4j @Component("CreateIdentityLinkTask") @@ -95,7 +97,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { /* * (non-Javadoc) - * + * * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv. * egovernment.moa.id.process.api.ExecutionContext, * javax.servlet.http.HttpServletRequest, @@ -103,7 +105,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { */ @Override public void execute(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) + HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); @@ -217,43 +219,64 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); + String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); + if (eidMode.equals("new")) { - final Element idlFromSzr = (Element) result.getAssertion(); - identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + String vsz = szrClient.getEncryptedStammzahl(personInfo); - // write ERnB inputdata into revisionlog - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { - revisionsLogger.logEvent(pendingReq, - MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, - (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); - revisionsLogger.logEvent(pendingReq, - MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); + // build Keystore + String pK64 = getPkFromKeystore(); + // setzte Keystore in config ?path? lade rein + // key pair art siehe jose utils - } - // get bPK from SZR - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { - bpk = szrClient.getBpk( - personInfo, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, - "no VKZ defined")); + String signedEidasBind = szrClient.getBcBind(vsz, pK64, "urn:eidgvat:eid.status.eidas"); //eidstatus TODO as config? + + //build AuthBlock JWS + ObjectMapper mapper = new ObjectMapper(); + String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); + +// JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern } else { - log.debug("Calculating bPK from baseId ... "); - new BpkBuilder(); - final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - bpk = bpkCalc.getFirst(); - } + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); + final Element idlFromSzr = (Element) result.getAssertion(); + identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); + + // write ERnB inputdata into revisionlog + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { + revisionsLogger.logEvent(pendingReq, + MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, + (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + revisionsLogger.logEvent(pendingReq, + MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); + + } + + // get bPK from SZR + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { + bpk = szrClient.getBpk( + personInfo, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, + "no VKZ defined")).get(0); + + } else { + log.debug("Calculating bPK from baseId ... "); + new BpkBuilder(); + final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + bpk = bpkCalc.getFirst(); + + } + } } if (identityLink == null) { @@ -307,6 +330,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } + private String getPkFromKeystore() throws EaafException, KeyStoreException { + EaafKeyStoreFactory keyStoreFactory = new EaafKeyStoreFactory(); + KeyStoreConfiguration configuration = new KeyStoreConfiguration(); + + final String current = new java.io.File(".").toURI().toString(); + configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks"); + + configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s"); + configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS); + val ks = keyStoreFactory.buildNewKeyStore(configuration); + val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey(); + return Base64.getEncoder().encodeToString(publicKey.getEncoded()); + } + private String extendBpkByPrefix(String bpk, String type) { String bpkType = null; |