aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus
diff options
context:
space:
mode:
authorlalber <lukas.alber@iaik.tugraz.at>2020-11-04 16:42:46 +0100
committerlalber <lukas.alber@iaik.tugraz.at>2020-11-04 16:42:46 +0100
commita9009a6f89c41dc19b85331dda676993c8a273b9 (patch)
treee950d8f0d820dfef9496dcc4a4d3a705e2030c99 /eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus
parente9a093a8d10dcce01661ef5182633e9a296e737e (diff)
downloadNational_eIDAS_Gateway-a9009a6f89c41dc19b85331dda676993c8a273b9.tar.gz
National_eIDAS_Gateway-a9009a6f89c41dc19b85331dda676993c8a273b9.tar.bz2
National_eIDAS_Gateway-a9009a6f89c41dc19b85331dda676993c8a273b9.zip
fix pw aliasname
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java187
1 files changed, 89 insertions, 98 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 765f7928..af260528 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -102,8 +102,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
EaafKeyStoreFactory keyStoreFactory;
Pair<KeyStore, Provider> ks;
- private static final String KSPASSWORD = "f/+saJBc3a}*/T^s";
- private static final String KSALIAS = "connectorkeypair";
/*
* (non-Javadoc)
@@ -114,19 +112,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
* javax.servlet.http.HttpServletResponse)
*/
@Override
- public void execute(ExecutionContext executionContext,
- HttpServletRequest request, HttpServletResponse response)
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try {
final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession(
- Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
+ final ILightResponse eidasResponse = authProcessData
+ .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
String eidMode = pendingReq.getServiceProviderConfiguration()
- .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+ .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
- final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes()
- .getAttributeMap());
+ final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(
+ eidasResponse.getAttributes().getAttributeMap());
IIdentityLink identityLink = null;
String bpk = null;
@@ -138,13 +135,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
writeMdsLogInformation(eidData);
// connect SZR-Gateway
- if (basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
+ if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!");
// create fake IdL
// - fetch IdL template from resources
- final InputStream s = CreateIdentityLinkTask.class.getResourceAsStream(
- "/resources/xmldata/fakeIdL_IdL_template.xml");
+ final InputStream s = CreateIdentityLinkTask.class
+ .getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
final Element idlTemplate = DomUtils.parseXmlValidating(s);
identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
@@ -153,33 +149,34 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
final Element idlassertion = identityLink.getSamlAssertion();
// - set fake baseID;
- final Node prIdentification = XPathUtils.selectSingleNode(idlassertion,
- SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ final Node prIdentification = XPathUtils
+ .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
prIdentification.getFirstChild().setNodeValue(eidData.getPseudonym());
// - set last name
- final Node prFamilyName = XPathUtils.selectSingleNode(idlassertion,
- SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+ final Node prFamilyName = XPathUtils
+ .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
prFamilyName.getFirstChild().setNodeValue(eidData.getFamilyName());
// - set first name
- final Node prGivenName = XPathUtils.selectSingleNode(idlassertion,
- SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
+ final Node prGivenName = XPathUtils
+ .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
prGivenName.getFirstChild().setNodeValue(eidData.getGivenName());
// - set date of birth
- final Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion,
- SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+ final Node prDateOfBirth = XPathUtils
+ .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
prDateOfBirth.getFirstChild().setNodeValue(eidData.getFormatedDateOfBirth());
identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink();
new BpkBuilder();
- final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(
- identityLink.getIdentificationValue(),
- identityLink.getIdentificationType(),
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ final Pair<String, String> bpkCalc = BpkBuilder
+ .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
+ identityLink.getIdentificationType(),
+ pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
bpk = bpkCalc.getFirst();
} else {
@@ -202,16 +199,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
eDocument.setDocumentNumber(eidData.getPseudonym());
// eID document information
- eDocument.setDocumentType(basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
- Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
+ eDocument.setDocumentType(basicConfig
+ .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
+ Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
// set PlaceOfBirth if available
if (eidData.getPlaceOfBirth() != null) {
log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth());
- if (basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE,
- true)) {
+ if (basicConfig
+ .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE,
+ true)) {
naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth());
log.trace("Adding 'PlaceOfBirth' to ERnB request ... ");
@@ -221,9 +218,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
// set BirthName if available
if (eidData.getBirthName() != null) {
log.trace("Find 'BirthName' attribute: " + eidData.getBirthName());
- if (basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE,
- true)) {
+ if (basicConfig
+ .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE,
+ true)) {
final AlternativeNameType alternativeName = new AlternativeNameType();
naturalPerson.setAlternativeName(alternativeName);
alternativeName.setFamilyName(eidData.getBirthName());
@@ -234,12 +231,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
if (eidMode.equals("new")) {
+ String keyAlias = pendingReq.getServiceProviderConfiguration().getConfigurationValue(
+ MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME, "");
+
+ String keyPw = pendingReq.getServiceProviderConfiguration()
+ .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_PW, "");
+
String vsz = szrClient.getEncryptedStammzahl(personInfo);
// build Keystore
- String pk64 = getPkFromKeystore();
- // setzte Keystore in config ?path? lade rein
- // key pair art siehe jose utils
+ String pk64 = getPkFromKeystore(keyAlias, keyPw);
String signedEidasBind = szrClient.getBcBind(vsz, pk64, "urn:eidgvat:eid.status.eidas");
@@ -249,8 +250,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
ObjectMapper mapper = new ObjectMapper();
String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
- String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload,
- false, KSALIAS);
+
+ String jwsSignature = JoseUtils
+ .createSignature(ks, keyAlias, keyPw.toCharArray(), jwsPayload, false, keyAlias);
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
@@ -264,31 +266,29 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
// write ERnB inputdata into revisionlog
if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
- revisionsLogger.logEvent(pendingReq,
- MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
- (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
- revisionsLogger.logEvent(pendingReq,
- MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
+ (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
}
// get bPK from SZR
- if (basicConfig.getBasicConfigurationBoolean(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
- bpk = szrClient.getBpk(
- personInfo,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
- basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
- "no VKZ defined")).get(0);
+ if (basicConfig
+ .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
+ bpk = szrClient
+ .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
+ basicConfig
+ .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"))
+ .get(0);
} else {
log.debug("Calculating bPK from baseId ... ");
new BpkBuilder();
- final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(
- identityLink.getIdentificationValue(),
- identityLink.getIdentificationType(),
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ final Pair<String, String> bpkCalc = BpkBuilder
+ .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
+ identityLink.getIdentificationType(),
+ pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
bpk = bpkCalc.getFirst();
}
@@ -297,10 +297,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
if (eidMode.equals("new")) {
authProcessData.setForeigner(true);
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
- EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
- Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
+ .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+ .getFirst());
authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
} else {
@@ -310,11 +309,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
- identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
+ identityLink.getSamlAssertion()
+ .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
if (bpk == null) {
log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
+ .getAreaSpecificTargetIdentifier());
throw new SzrCommunicationException("ernb.01", null);
}
@@ -324,20 +324,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
authProcessData.setForeigner(true);
authProcessData.setIdentityLink(identityLink);
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
- EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
- Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
+ .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+ .getFirst());
// set bPK and bPKType into auth session
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.BPK_NAME,
- extendBpkByPrefix(
- bpk,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(bpk, pendingReq
+ .getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
// store pending-request
requestStoreage.storePendingRequest(pendingReq);
@@ -355,17 +351,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- private String getPkFromKeystore() throws EaafException, KeyStoreException {
+ private String getPkFromKeystore(String keyAlias, String keyPw) throws EaafException, KeyStoreException {
KeyStoreConfiguration configuration = new KeyStoreConfiguration();
final String current = new java.io.File(".").toURI().toString();
configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
- configuration.setSoftKeyStorePassword(KSPASSWORD); //TODO from config
+ configuration.setSoftKeyStorePassword(keyPw); //TODO from config
configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
- configuration.setFriendlyName(KSALIAS);
- configuration.setKeyStoreName(KSALIAS);
+ configuration.setFriendlyName(keyAlias);
+ configuration.setKeyStoreName(keyAlias);
ks = keyStoreFactory.buildNewKeyStore(configuration);
- val publicKey = ks.getFirst().getCertificate(KSALIAS).getPublicKey();
+ val publicKey = ks.getFirst().getCertificate(keyAlias).getPublicKey();
return Base64.getEncoder().encodeToString(publicKey.getEncoded());
}
@@ -400,8 +396,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
final Class parameterizedType = el.getParameterizedType();
if (DateTime.class.equals(parameterizedType)) {
- final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el)
- .asList());
+ final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList());
if (attribute != null) {
result.put(el.getFriendlyName(), attribute);
log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString());
@@ -411,8 +406,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
} else if (PostalAddress.class.equals(parameterizedType)) {
- final PostalAddress addressAttribute = EidasResponseUtils.translateAddressAttribute(el, attributeMap
- .get(el).asList());
+ final PostalAddress addressAttribute = EidasResponseUtils
+ .translateAddressAttribute(el, attributeMap.get(el).asList());
if (addressAttribute != null) {
result.put(el.getFriendlyName(), addressAttribute);
log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString());
@@ -422,8 +417,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
} else {
- final List<String> natPersonIdObj = EidasResponseUtils.translateStringListAttribute(el, attributeMap
- .get(el).asList());
+ final List<String> natPersonIdObj = EidasResponseUtils
+ .translateStringListAttribute(el, attributeMap.get(el).asList());
final String stringAttr = natPersonIdObj.get(0);
if (StringUtils.isNotEmpty(stringAttr)) {
result.put(el.getFriendlyName(), stringAttr);
@@ -443,23 +438,19 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
private void writeMdsLogInformation(ErnbEidData eidData) {
// log MDS and country code into technical log
- if (basicConfig.getBasicConfigurationBoolean(
- MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) {
- log.info("eIDAS Auth. for user: "
- + eidData.getGivenName() + " "
- + eidData.getFamilyName() + " "
- + eidData.getFormatedDateOfBirth() + " "
- + "from " + eidData.getCitizenCountryCode());
+ if (basicConfig
+ .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) {
+ log.info("eIDAS Auth. for user: " + eidData.getGivenName() + " " + eidData.getFamilyName() + " " + eidData
+ .getFormatedDateOfBirth() + " " + "from " + eidData.getCitizenCountryCode());
}
// log MDS and country code into revision log
- if (basicConfig.getBasicConfigurationBoolean(
- MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, false)) {
+ if (basicConfig
+ .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG,
+ false)) {
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA,
- "{" + eidData.getGivenName() + ","
- + eidData.getFamilyName() + ","
- + eidData.getFormatedDateOfBirth() + ","
- + eidData.getCitizenCountryCode() + "}");
+ "{" + eidData.getGivenName() + "," + eidData.getFamilyName() + "," + eidData
+ .getFormatedDateOfBirth() + "," + eidData.getCitizenCountryCode() + "}");
}
}