aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2018-08-16 16:38:29 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2018-08-16 16:38:29 +0200
commit242818b75bf379e8a12770991dc67c2058e071b9 (patch)
treee9c68578f81275dd2909de3b9e085e0dba8e6f88 /eidas_modules/authmodule-eIDAS-v2/src/main/java
parent88628b66ee510c01811923cf87301bb6de39b319 (diff)
downloadNational_eIDAS_Gateway-242818b75bf379e8a12770991dc67c2058e071b9.tar.gz
National_eIDAS_Gateway-242818b75bf379e8a12770991dc67c2058e071b9.tar.bz2
National_eIDAS_Gateway-242818b75bf379e8a12770991dc67c2058e071b9.zip
update SZR client after first tests
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java9
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java44
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java86
3 files changed, 79 insertions, 60 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java
index 64cf6af2..85743585 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java
@@ -60,6 +60,7 @@ public class Constants {
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingdate";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingauthority";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.usedummykeys";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.useSZRForbPKCalculation";
//http endpoint descriptions
public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post";
@@ -99,12 +100,16 @@ public class Constants {
public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60"; //seconds
+ public static final String SZR_SCHEMA_LOCATIONS =
+ ("urn:SZRServices" + " " + "/szr_client/szr.xsd");
+
//Default values for SZR communication
public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT";
//TODO remove!!!
public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01";
public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT";
- public final static byte[] SZR_CONSTANTS_DEFAULT_PUBL_KEY = new byte[] {48, -127, -97, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -127, -115, 0, 48, -127, -119, 2, -127, -127, 0, -106, 114, -113, -1, -84, 116, 35, 3, 70, -81, 81, -110, -10, -59, 114, 4, -109, 86, 127, -50, 125, 47, 4, 80, 79, 53, 117, -36, 15, -16, -61, 110, 39, 89, 29, -43, 37, -127, 80, -109, -38, 65, 125, -119, 44, -111, -21, 47, -98, 38, -112, -24, 107, -110, 17, -10, 51, -4, -36, -72, -28, -18, -14, 117, -67, 76, -31, 32, 92, 104, -21, 68, 31, -12, 30, -104, -104, 42, -107, 126, 84, 50, 85, -117, 44, -100, -4, 102, -100, 52, -68, 77, -32, 9, -16, -30, -104, -90, 107, -88, 7, 97, -94, 72, -61, -40, 80, -112, -65, -25, -72, -19, -95, -54, 31, 15, 24, -105, 123, -81, 23, -123, 92, -103, -101, 47, 47, -105, 2, 3, 1, 0, 1};
-
+ public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT = "AQAB";
+ public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS = "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEgXGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X";
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java
index cec36d4b..4840a5e0 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java
@@ -88,21 +88,28 @@ public class SZRClient {
private SZRService szrService = null;
private String szrURL = null;
private QName qname = null;
-
- public IdentityLinkType getIdentityLink(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException {
- try {
- return szr.getIdentityLink(
- personInfo,
- keyValue,
- insertERnP);
-
- } catch (SZRException_Exception e) {
- log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
- throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e);
-
- }
-
- }
+
+ /*
+ * This method does not return a valid signed IDL, because Apache CXF XML parser switch namespaces!!!!
+ */
+// public IdentityLinkType getIdentityLink(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException {
+// try {
+// return szr.getIdentityLink(
+// personInfo,
+// keyValue,
+// insertERnP);
+//
+// } catch (SZRException_Exception | SOAPFaultException e) {
+// log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
+// throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e);
+//
+// } catch (Exception e) {
+// log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e);
+// throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e);
+//
+// }
+//
+// }
public IdentityLinkType getIdentityLinkInRawMode(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException {
try {
@@ -139,7 +146,9 @@ public class SZRClient {
// ok, we have success
Document doc = DOMUtils.parseDocument(
new ByteArrayInputStream(szrResponse),
- true, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null, null
+ true,
+ XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS,
+ null, null
);
String xpathExpression = "//saml:Assertion";
Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode");
@@ -288,7 +297,8 @@ public class SZRClient {
LoggingHandler loggingHandler = new LoggingHandler();
handlerList.add(loggingHandler);
- }
+ }
+ bindingProvider.getBinding().setHandlerChain(handlerList);
}
private SSLContext createSSLContext(String clientType) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
index c5d33b73..9882bab2 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
@@ -3,13 +3,7 @@
package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks;
import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.MessageDigest;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.HashMap;
@@ -38,6 +32,7 @@ import at.asitplus.eidas.specific.connector.MSConnectorEventCodes;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException;
+import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient;
import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils;
import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
@@ -174,8 +169,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
String dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate());
Trible<String, String, String> eIdentifier =
eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj);
- String uniqueId = (String)eIdentifierObj;
String citizenCountry = eIdentifier.getFirst();
+
+ //hash unique identifier as work-around for uniqueId length restriction
+ String uniqueId = createHashFromUniqueId(eIdentifier.getThird());
+
//person information
personName.setFamilyName((String)familyNameObj);
@@ -191,20 +189,14 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
//TODO: that should be removed
eDocument.setIssueDate(basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE,
- Constants.SZR_CONSTANTS_DEFAULT_ISSUING_DATE));
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE));
eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration(
- Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY,
- Constants.SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY));
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY));
//TODO: keys are not available in eIDAS
List<KeyValueType> keyValue = dummyCodeForKeys();
- /*TODO:
- * Validate if IDL signature is valid after using this method
- * MAYBE we had to switch to 'getIdentityLinkInRawMode' method!
- */
- IdentityLinkType result = szrClient.getIdentityLink(
+ IdentityLinkType result = szrClient.getIdentityLinkInRawMode(
personInfo,
keyValue,
basicConfig.getBasicMOAIDConfigurationBoolean(
@@ -217,12 +209,24 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
//get bPK from SZR
- bPK = szrClient.getBPK(
+ if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
+ bPK = szrClient.getBPK(
personInfo,
pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
basicConfig.getBasicConfiguration(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
"no VKZ defined"));
+
+ } else {
+ log.debug("Calculating bPK from baseId ... ");
+ Pair<String, String> bPKCalc = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ identityLink.getIdentificationValue(),
+ identityLink.getIdentificationType(),
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ bPK = bPKCalc.getFirst();
+
+ }
}
@@ -278,36 +282,36 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
+ private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException {
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-256");
+ byte[] hash = md.digest(uniqueId.getBytes("UTF-8"));
+ String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", "");
+ return hashBase64;
+
+ } catch (Exception ex) {
+ throw new eIDASAuthenticationException("internal.03", new Object[]{}, ex);
+
+ }
+ }
+
private List<KeyValueType> dummyCodeForKeys() {
if (basicConfig.getBasicMOAIDConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY,
false)) {
List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>();
- try {
- PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Constants.SZR_CONSTANTS_DEFAULT_PUBL_KEY);
- KeyFactory kf = KeyFactory.getInstance("RSA");
- PublicKey pb = kf.generatePublic(spec);
-
- RSAPublicKey rsapb = (RSAPublicKey)pb;
- BigInteger modulus = rsapb.getModulus();
- BigInteger exponent = rsapb.getPublicExponent();
-
- // set key values
- RSAKeyValueType rsa = new RSAKeyValueType();
- rsa.setExponent(new String(Base64Utils.encode(exponent.toByteArray())));
- rsa.setModulus(new String(Base64Utils.encode(modulus.toByteArray())));
+ // set key values
+ RSAKeyValueType rsa = new RSAKeyValueType();
+ rsa.setExponent(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT);
+ rsa.setModulus(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS);
+
+ KeyValueType key = new KeyValueType();
+ key.setRSAKeyValue(rsa);
- KeyValueType key = new KeyValueType();
- key.setRSAKeyValue(rsa);
-
- keyvalueList.add(key);
-
- return keyvalueList;
- } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
- log.error("TestCode has an internal ERROR", e);
-
- }
+ keyvalueList.add(key);
+
+ return keyvalueList;
}