aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src
diff options
context:
space:
mode:
authorThomas <>2021-02-08 18:47:34 +0100
committerThomas <>2021-02-08 18:47:34 +0100
commit07318e70ea3a9d25ca945c391820149183c61ca0 (patch)
treeebeb4cf8fb28cdba6cfadac41a6c74b3dfda500b /eidas_modules/authmodule-eIDAS-v2/src
parent811165262f7ef196c8586e42b838d7d7ba376e16 (diff)
downloadNational_eIDAS_Gateway-07318e70ea3a9d25ca945c391820149183c61ca0.tar.gz
National_eIDAS_Gateway-07318e70ea3a9d25ca945c391820149183c61ca0.tar.bz2
National_eIDAS_Gateway-07318e70ea3a9d25ca945c391820149183c61ca0.zip
add Binding Public-Key into technical AuthBlock in case of an ID Austria process
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java12
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java25
2 files changed, 36 insertions, 1 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index 234d52dd..a2af4342 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -81,6 +82,14 @@ public class AuthBlockSigningService {
authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier());
+
+ //set Binding PublicKey if available
+ Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME);
+ if (bindingPubKey instanceof String) {
+ authBlock.setBindingPublicKey((String) bindingPubKey);
+
+ }
+
String jwsPayload = mapper.writeValueAsString(authBlock);
log.debug("Building and sign authBlock with data: {}", jwsPayload);
@@ -172,6 +181,7 @@ public class AuthBlockSigningService {
*
*/
@Data
+ @JsonInclude(JsonInclude.Include.NON_NULL)
private static class EidasAuchBlock {
@JsonProperty("challenge")
@@ -189,6 +199,8 @@ public class AuthBlockSigningService {
@JsonProperty("piiTransactionId")
private String piiTransactionId;
+ @JsonProperty("bindingPublicKey")
+ private String bindingPublicKey;
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 2e6790c5..0621081a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -221,6 +221,7 @@ public class CreateIdentityLinkTaskEidNewTest {
Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+ Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey"));
// check vsz request
@@ -312,9 +313,11 @@ public class CreateIdentityLinkTaskEidNewTest {
signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
signContentResp.getOut().add(signContentEntry);
when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
-
+
String randomTestSp = RandomStringUtils.randomAlphabetic(10);
+ String bindingPubKey = RandomStringUtils.randomAlphabetic(10);
pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp);
+ pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
//perform test
task.execute(pendingReq, executionContext);
@@ -329,8 +332,28 @@ public class CreateIdentityLinkTaskEidNewTest {
Assert.assertNotNull("AuthProcessData", authProcessData);
Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
+ // check authblock signature
String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
Assert.assertNotNull("AuthBlock", authBlock);
+ final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+ BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+ Pair<KeyStore, Provider> keyStore = getKeyStore();
+ X509Certificate[] trustedCerts = EaafKeyStoreUtils
+ .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+ JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
+ Assert.assertTrue("AuthBlock not valid", result.isValid());
+ JsonNode authBlockJson = mapper.readTree(result.getPayLoad());
+ Assert.assertNotNull("deserialized AuthBlock", authBlockJson);
+
+ Assert.assertNotNull("no piiTransactionId in pendingRequesdt",
+ storedPendingReq.getUniquePiiTransactionIdentifier());
+ Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(),
+ authBlockJson.get("piiTransactionId").asText());
+ Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());
+ Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
+ Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+ Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey"));
+ Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText());
Assert.assertTrue("EID process", authProcessData.isEidProcess());
Assert.assertTrue("foreigner process", authProcessData.isForeigner());