upatate AuthBlock format in case of E-ID like authentication

2 files changed, 49 insertions, 5 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index ccc6eb0c..ad9b1082 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -1,11 +1,15 @@
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
 
+import java.io.Serializable;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.Provider;
 import java.security.cert.X509Certificate;
+import java.time.LocalDateTime;
+import java.time.temporal.ChronoUnit;
 import java.util.Base64;
+import java.util.UUID;
 
 import javax.annotation.PostConstruct;
 
@@ -14,11 +18,18 @@ import org.jose4j.lang.JoseException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
 
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -27,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
 import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 
 /**
@@ -55,18 +67,22 @@ public class AuthBlockSigningService {
   /**
    * Build and sign an AuthBlock for E-ID system. 
    * 
-   * @param dataToSign data that should be added into AuthBlock
+   * @param pendingReq data that should be added into AuthBlock
    * @return serialized JWS
    * @throws JsonProcessingException In case of a AuthBlock generation error 
    * @throws JoseException  In case of a JWS signing error
    * @throws EaafException  In case of a KeyStore or Key error
    */
-  public String buildSignedAuthBlock(String dataToSign) 
+  public String buildSignedAuthBlock(IRequest pendingReq) 
       throws JsonProcessingException, EaafException, JoseException {
-    log.debug("Building and sign authBlock with data: {}", dataToSign);
     
     // build AuthBlock
-    String jwsPayload = mapper.writeValueAsString(dataToSign);
+    EidasAuchBlock authBlock = new EidasAuchBlock();
+    authBlock.setChallenge(UUID.randomUUID().toString());
+    authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
+    authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));    
+    String jwsPayload = mapper.writeValueAsString(authBlock);
+    log.debug("Building and sign authBlock with data: {}", jwsPayload);
     
     //sign JWS
     return JoseUtils
@@ -148,4 +164,32 @@ public class AuthBlockSigningService {
         .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS);
     
   }
+  
+  /**
+   * Technical AuthBlock for eIDAS Authentication.
+   * 
+   * @author tlenz
+   *
+   */
+  @Data
+  public class EidasAuchBlock implements Serializable {
+
+    private static final long serialVersionUID = -2013435642666124497L;
+
+    @JsonProperty("challenge")
+    private String challenge;
+    
+    @JsonProperty("timestamp")
+    @JsonSerialize(using = LocalDateTimeSerializer.class)
+    @JsonDeserialize(using = LocalDateTimeDeserializer.class)
+    @JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+    private LocalDateTime timestamp;
+    
+    @JsonProperty("appId")
+    private String uniqueId;
+    
+    
+  }
+
+  
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 80142b09..f9142f8e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -157,7 +157,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
               EID_STATUS);
 
           //get signed AuthBlock
-          String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq.getUniqueTransactionIdentifier());
+          String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq);
        
           //inject personal-data into session
           authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);