cyclic depend

2 files changed, 61 insertions, 42 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 3eec12bd..eac62aae 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -156,6 +156,11 @@ public class Constants {
   // Default values for SZR communication
   public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT";
 
+  // AuthBlock
+  public static final String SZR_AUTHBLOCK = "AUTHBLOCK";
+  public static final String EIDAS_BIND = "EIDAS_BIND";
+
+
   // TODO remove!!!
   public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01";
   public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 93813ff5..b141402a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -32,6 +32,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicati
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
 import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType;
 import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
 import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
@@ -61,6 +62,7 @@ import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
 import lombok.extern.slf4j.Slf4j;
 import lombok.val;
 import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
 import org.joda.time.DateTime;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -72,8 +74,10 @@ import szrservices.TravelDocumentType;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.InputStream;
+import java.io.*;
+import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.Provider;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.List;
@@ -98,6 +102,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
   @Autowired
   EaafKeyStoreFactory keyStoreFactory;
 
+  Pair<KeyStore, Provider> ks;
+  private final String KSPASSWORD = "f/+saJBc3a}*/T^s";
+  private final String KSALIAS = "connectorkeypair";
+
   /*
    * (non-Javadoc)
    *
@@ -114,6 +122,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
       final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
       final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession(
           Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
+      String eidMode = pendingReq.getServiceProviderConfiguration()
+          .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+
 
       final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes()
           .getAttributeMap());
@@ -222,7 +233,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           }
         }
 
-        String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
         if (eidMode.equals("new")) {
 
           String vsz = szrClient.getEncryptedStammzahl(personInfo);
@@ -239,8 +249,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           ObjectMapper mapper = new ObjectMapper();
           String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
 
-//          JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern
+          String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);//TODO joseutils kopiern
 
+          authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
+          authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, jwsSignature);
         } else {
 
           final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
@@ -282,44 +294,46 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
         }
       }
 
-      if (identityLink == null) {
-        log.error("ERnB did not return an identity link.");
-        throw new SzrCommunicationException("ernb.00", null);
+      if (eidMode.equals("new")) {}
+      else {
+        if (identityLink == null) {
+          log.error("ERnB did not return an identity link.");
+          throw new SzrCommunicationException("ernb.00", null);
 
-      }
-      revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
-          identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
+        }
+        revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
+            identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
 
-      if (bpk == null) {
-        log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
-            .getAreaSpecificTargetIdentifier());
-        throw new SzrCommunicationException("ernb.01", null);
+        if (bpk == null) {
+          log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
+              .getAreaSpecificTargetIdentifier());
+          throw new SzrCommunicationException("ernb.01", null);
 
-      }
-      revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
-
-      log.debug("ERnB communication was successfull");
-
-      authProcessData.setForeigner(true);
-      authProcessData.setIdentityLink(identityLink);
-      authProcessData.setGenericDataToSession(
-          PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
-          EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
-              Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
-
-      // set bPK and bPKType into auth session
-      authProcessData.setGenericDataToSession(
-          PvpAttributeDefinitions.BPK_NAME,
-          extendBpkByPrefix(
-              bpk,
-              pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
-      authProcessData.setGenericDataToSession(
-          PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
-          pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
-
-      // store pending-request
-      requestStoreage.storePendingRequest(pendingReq);
+        }
+        revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
+
+        log.debug("ERnB communication was successfull");
+
+        authProcessData.setForeigner(true);
+        authProcessData.setIdentityLink(identityLink);
+        authProcessData.setGenericDataToSession(
+            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+            EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
+                Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
+
+        // set bPK and bPKType into auth session
+        authProcessData.setGenericDataToSession(
+            PvpAttributeDefinitions.BPK_NAME,
+            extendBpkByPrefix(
+                bpk,
+                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+        authProcessData.setGenericDataToSession(
+            PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+            pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
 
+        // store pending-request
+        requestStoreage.storePendingRequest(pendingReq);
+      }
     } catch (final EidasAttributeException e) {
       throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
 
@@ -338,12 +352,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
     final String current = new java.io.File(".").toURI().toString();
     configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
-    configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s");
+    configuration.setSoftKeyStorePassword(KSPASSWORD); //TODO from config
     configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
-    configuration.setFriendlyName("connectorkeypair");
-    configuration.setKeyStoreName("connectorkeypair");
-    val ks = keyStoreFactory.buildNewKeyStore(configuration);
-    val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey();
+    configuration.setFriendlyName(KSALIAS);
+    configuration.setKeyStoreName(KSALIAS);
+    ks = keyStoreFactory.buildNewKeyStore(configuration);
+    val publicKey = ks.getFirst().getCertificate(KSALIAS).getPublicKey();
     return Base64.getEncoder().encodeToString(publicKey.getEncoded());
   }