aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
authorlalber <lukas.alber@iaik.tugraz.at>2020-10-20 16:57:45 +0200
committerlalber <lukas.alber@iaik.tugraz.at>2020-10-20 16:57:45 +0200
commitd42ef2bccc0acd4e1ee830f42956a5cafb863299 (patch)
treeaca5e0f56116e7d6f823fc1c0ff13a783fb09d73 /eidas_modules/authmodule-eIDAS-v2/src/main
parent3332e8c363b624e7478f303c403ea709844e822f (diff)
downloadNational_eIDAS_Gateway-d42ef2bccc0acd4e1ee830f42956a5cafb863299.tar.gz
National_eIDAS_Gateway-d42ef2bccc0acd4e1ee830f42956a5cafb863299.tar.bz2
National_eIDAS_Gateway-d42ef2bccc0acd4e1ee830f42956a5cafb863299.zip
cyclic depend
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java5
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java98
2 files changed, 61 insertions, 42 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 3eec12bd..eac62aae 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -156,6 +156,11 @@ public class Constants {
// Default values for SZR communication
public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT";
+ // AuthBlock
+ public static final String SZR_AUTHBLOCK = "AUTHBLOCK";
+ public static final String EIDAS_BIND = "EIDAS_BIND";
+
+
// TODO remove!!!
public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01";
public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 93813ff5..b141402a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -32,6 +32,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicati
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType;
import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
@@ -61,6 +62,7 @@ import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
import lombok.extern.slf4j.Slf4j;
import lombok.val;
import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -72,8 +74,10 @@ import szrservices.TravelDocumentType;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.InputStream;
+import java.io.*;
+import java.security.KeyStore;
import java.security.KeyStoreException;
+import java.security.Provider;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
@@ -98,6 +102,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
@Autowired
EaafKeyStoreFactory keyStoreFactory;
+ Pair<KeyStore, Provider> ks;
+ private final String KSPASSWORD = "f/+saJBc3a}*/T^s";
+ private final String KSALIAS = "connectorkeypair";
+
/*
* (non-Javadoc)
*
@@ -114,6 +122,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession(
Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
+ String eidMode = pendingReq.getServiceProviderConfiguration()
+ .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+
final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes()
.getAttributeMap());
@@ -222,7 +233,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
if (eidMode.equals("new")) {
String vsz = szrClient.getEncryptedStammzahl(personInfo);
@@ -239,8 +249,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
ObjectMapper mapper = new ObjectMapper();
String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
-// JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern
+ String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);//TODO joseutils kopiern
+ authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
+ authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, jwsSignature);
} else {
final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
@@ -282,44 +294,46 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- if (identityLink == null) {
- log.error("ERnB did not return an identity link.");
- throw new SzrCommunicationException("ernb.00", null);
+ if (eidMode.equals("new")) {}
+ else {
+ if (identityLink == null) {
+ log.error("ERnB did not return an identity link.");
+ throw new SzrCommunicationException("ernb.00", null);
- }
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
- identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
+ }
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
+ identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
- if (bpk == null) {
- log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
- throw new SzrCommunicationException("ernb.01", null);
+ if (bpk == null) {
+ log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
+ throw new SzrCommunicationException("ernb.01", null);
- }
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
-
- log.debug("ERnB communication was successfull");
-
- authProcessData.setForeigner(true);
- authProcessData.setIdentityLink(identityLink);
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
- EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
- Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
-
- // set bPK and bPKType into auth session
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.BPK_NAME,
- extendBpkByPrefix(
- bpk,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
- authProcessData.setGenericDataToSession(
- PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
-
- // store pending-request
- requestStoreage.storePendingRequest(pendingReq);
+ }
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
+
+ log.debug("ERnB communication was successfull");
+
+ authProcessData.setForeigner(true);
+ authProcessData.setIdentityLink(identityLink);
+ authProcessData.setGenericDataToSession(
+ PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+ EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
+ Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
+
+ // set bPK and bPKType into auth session
+ authProcessData.setGenericDataToSession(
+ PvpAttributeDefinitions.BPK_NAME,
+ extendBpkByPrefix(
+ bpk,
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+ authProcessData.setGenericDataToSession(
+ PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ // store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+ }
} catch (final EidasAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
@@ -338,12 +352,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
final String current = new java.io.File(".").toURI().toString();
configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
- configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s");
+ configuration.setSoftKeyStorePassword(KSPASSWORD); //TODO from config
configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
- configuration.setFriendlyName("connectorkeypair");
- configuration.setKeyStoreName("connectorkeypair");
- val ks = keyStoreFactory.buildNewKeyStore(configuration);
- val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey();
+ configuration.setFriendlyName(KSALIAS);
+ configuration.setKeyStoreName(KSALIAS);
+ ks = keyStoreFactory.buildNewKeyStore(configuration);
+ val publicKey = ks.getFirst().getCertificate(KSALIAS).getPublicKey();
return Base64.getEncoder().encodeToString(publicKey.getEncoded());
}