diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-11-27 09:07:27 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-11-27 09:07:27 +0100 |
commit | d01abea064f33d1c985464aadf3e2326c6ba3219 (patch) | |
tree | 800e98e7b594b72552770710c5bea93a009a0ead /eidas_modules/authmodule-eIDAS-v2/src/main/java | |
parent | 3d01b42c1e57145850feefd49327cec2bc8b7843 (diff) | |
download | National_eIDAS_Gateway-d01abea064f33d1c985464aadf3e2326c6ba3219.tar.gz National_eIDAS_Gateway-d01abea064f33d1c985464aadf3e2326c6ba3219.tar.bz2 National_eIDAS_Gateway-d01abea064f33d1c985464aadf3e2326c6ba3219.zip |
upatate AuthBlock format in case of E-ID like authentication
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java')
2 files changed, 49 insertions, 5 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java index ccc6eb0c..ad9b1082 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java @@ -1,11 +1,15 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.service; +import java.io.Serializable; import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.Provider; import java.security.cert.X509Certificate; +import java.time.LocalDateTime; +import java.time.temporal.ChronoUnit; import java.util.Base64; +import java.util.UUID; import javax.annotation.PostConstruct; @@ -14,11 +18,18 @@ import org.jose4j.lang.JoseException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import com.fasterxml.jackson.annotation.JsonFormat; +import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer; +import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; @@ -27,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.data.Pair; +import lombok.Data; import lombok.extern.slf4j.Slf4j; /** @@ -55,18 +67,22 @@ public class AuthBlockSigningService { /** * Build and sign an AuthBlock for E-ID system. * - * @param dataToSign data that should be added into AuthBlock + * @param pendingReq data that should be added into AuthBlock * @return serialized JWS * @throws JsonProcessingException In case of a AuthBlock generation error * @throws JoseException In case of a JWS signing error * @throws EaafException In case of a KeyStore or Key error */ - public String buildSignedAuthBlock(String dataToSign) + public String buildSignedAuthBlock(IRequest pendingReq) throws JsonProcessingException, EaafException, JoseException { - log.debug("Building and sign authBlock with data: {}", dataToSign); // build AuthBlock - String jwsPayload = mapper.writeValueAsString(dataToSign); + EidasAuchBlock authBlock = new EidasAuchBlock(); + authBlock.setChallenge(UUID.randomUUID().toString()); + authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS)); + authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); + String jwsPayload = mapper.writeValueAsString(authBlock); + log.debug("Building and sign authBlock with data: {}", jwsPayload); //sign JWS return JoseUtils @@ -148,4 +164,32 @@ public class AuthBlockSigningService { .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS); } + + /** + * Technical AuthBlock for eIDAS Authentication. + * + * @author tlenz + * + */ + @Data + public class EidasAuchBlock implements Serializable { + + private static final long serialVersionUID = -2013435642666124497L; + + @JsonProperty("challenge") + private String challenge; + + @JsonProperty("timestamp") + @JsonSerialize(using = LocalDateTimeSerializer.class) + @JsonDeserialize(using = LocalDateTimeDeserializer.class) + @JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'") + private LocalDateTime timestamp; + + @JsonProperty("appId") + private String uniqueId; + + + } + + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 80142b09..f9142f8e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -157,7 +157,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { EID_STATUS); //get signed AuthBlock - String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq.getUniqueTransactionIdentifier()); + String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq); //inject personal-data into session authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); |