aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-27 09:07:27 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-27 09:07:27 +0100
commitd01abea064f33d1c985464aadf3e2326c6ba3219 (patch)
tree800e98e7b594b72552770710c5bea93a009a0ead /eidas_modules/authmodule-eIDAS-v2/src/main
parent3d01b42c1e57145850feefd49327cec2bc8b7843 (diff)
downloadNational_eIDAS_Gateway-d01abea064f33d1c985464aadf3e2326c6ba3219.tar.gz
National_eIDAS_Gateway-d01abea064f33d1c985464aadf3e2326c6ba3219.tar.bz2
National_eIDAS_Gateway-d01abea064f33d1c985464aadf3e2326c6ba3219.zip
upatate AuthBlock format in case of E-ID like authentication
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java52
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java2
2 files changed, 49 insertions, 5 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index ccc6eb0c..ad9b1082 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -1,11 +1,15 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
+import java.io.Serializable;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.cert.X509Certificate;
+import java.time.LocalDateTime;
+import java.time.temporal.ChronoUnit;
import java.util.Base64;
+import java.util.UUID;
import javax.annotation.PostConstruct;
@@ -14,11 +18,18 @@ import org.jose4j.lang.JoseException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
+import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -27,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import lombok.Data;
import lombok.extern.slf4j.Slf4j;
/**
@@ -55,18 +67,22 @@ public class AuthBlockSigningService {
/**
* Build and sign an AuthBlock for E-ID system.
*
- * @param dataToSign data that should be added into AuthBlock
+ * @param pendingReq data that should be added into AuthBlock
* @return serialized JWS
* @throws JsonProcessingException In case of a AuthBlock generation error
* @throws JoseException In case of a JWS signing error
* @throws EaafException In case of a KeyStore or Key error
*/
- public String buildSignedAuthBlock(String dataToSign)
+ public String buildSignedAuthBlock(IRequest pendingReq)
throws JsonProcessingException, EaafException, JoseException {
- log.debug("Building and sign authBlock with data: {}", dataToSign);
// build AuthBlock
- String jwsPayload = mapper.writeValueAsString(dataToSign);
+ EidasAuchBlock authBlock = new EidasAuchBlock();
+ authBlock.setChallenge(UUID.randomUUID().toString());
+ authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
+ authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
+ String jwsPayload = mapper.writeValueAsString(authBlock);
+ log.debug("Building and sign authBlock with data: {}", jwsPayload);
//sign JWS
return JoseUtils
@@ -148,4 +164,32 @@ public class AuthBlockSigningService {
.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS);
}
+
+ /**
+ * Technical AuthBlock for eIDAS Authentication.
+ *
+ * @author tlenz
+ *
+ */
+ @Data
+ public class EidasAuchBlock implements Serializable {
+
+ private static final long serialVersionUID = -2013435642666124497L;
+
+ @JsonProperty("challenge")
+ private String challenge;
+
+ @JsonProperty("timestamp")
+ @JsonSerialize(using = LocalDateTimeSerializer.class)
+ @JsonDeserialize(using = LocalDateTimeDeserializer.class)
+ @JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+ private LocalDateTime timestamp;
+
+ @JsonProperty("appId")
+ private String uniqueId;
+
+
+ }
+
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 80142b09..f9142f8e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -157,7 +157,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
EID_STATUS);
//get signed AuthBlock
- String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq.getUniqueTransactionIdentifier());
+ String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq);
//inject personal-data into session
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);