aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-27 09:07:27 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-27 09:07:27 +0100
commitd01abea064f33d1c985464aadf3e2326c6ba3219 (patch)
tree800e98e7b594b72552770710c5bea93a009a0ead /eidas_modules/authmodule-eIDAS-v2
parent3d01b42c1e57145850feefd49327cec2bc8b7843 (diff)
downloadNational_eIDAS_Gateway-d01abea064f33d1c985464aadf3e2326c6ba3219.tar.gz
National_eIDAS_Gateway-d01abea064f33d1c985464aadf3e2326c6ba3219.tar.bz2
National_eIDAS_Gateway-d01abea064f33d1c985464aadf3e2326c6ba3219.zip
upatate AuthBlock format in case of E-ID like authentication
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/pom.xml6
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java52
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java37
4 files changed, 57 insertions, 40 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index 4fe2bb36..b2e841fb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -123,8 +123,10 @@
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
</dependency>
- <!-- <dependency> <groupId>org.xerial</groupId> <artifactId>sqlite-jdbc</artifactId>
- <version>${org.xerial.sqlite-jdbc.version}</version> </dependency> -->
+ <dependency>
+ <groupId>com.fasterxml.jackson.datatype</groupId>
+ <artifactId>jackson-datatype-jsr310</artifactId>
+ </dependency>
<dependency>
<groupId>javax.servlet</groupId>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index ccc6eb0c..ad9b1082 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -1,11 +1,15 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
+import java.io.Serializable;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.cert.X509Certificate;
+import java.time.LocalDateTime;
+import java.time.temporal.ChronoUnit;
import java.util.Base64;
+import java.util.UUID;
import javax.annotation.PostConstruct;
@@ -14,11 +18,18 @@ import org.jose4j.lang.JoseException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
+import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -27,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import lombok.Data;
import lombok.extern.slf4j.Slf4j;
/**
@@ -55,18 +67,22 @@ public class AuthBlockSigningService {
/**
* Build and sign an AuthBlock for E-ID system.
*
- * @param dataToSign data that should be added into AuthBlock
+ * @param pendingReq data that should be added into AuthBlock
* @return serialized JWS
* @throws JsonProcessingException In case of a AuthBlock generation error
* @throws JoseException In case of a JWS signing error
* @throws EaafException In case of a KeyStore or Key error
*/
- public String buildSignedAuthBlock(String dataToSign)
+ public String buildSignedAuthBlock(IRequest pendingReq)
throws JsonProcessingException, EaafException, JoseException {
- log.debug("Building and sign authBlock with data: {}", dataToSign);
// build AuthBlock
- String jwsPayload = mapper.writeValueAsString(dataToSign);
+ EidasAuchBlock authBlock = new EidasAuchBlock();
+ authBlock.setChallenge(UUID.randomUUID().toString());
+ authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
+ authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
+ String jwsPayload = mapper.writeValueAsString(authBlock);
+ log.debug("Building and sign authBlock with data: {}", jwsPayload);
//sign JWS
return JoseUtils
@@ -148,4 +164,32 @@ public class AuthBlockSigningService {
.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS);
}
+
+ /**
+ * Technical AuthBlock for eIDAS Authentication.
+ *
+ * @author tlenz
+ *
+ */
+ @Data
+ public class EidasAuchBlock implements Serializable {
+
+ private static final long serialVersionUID = -2013435642666124497L;
+
+ @JsonProperty("challenge")
+ private String challenge;
+
+ @JsonProperty("timestamp")
+ @JsonSerialize(using = LocalDateTimeSerializer.class)
+ @JsonDeserialize(using = LocalDateTimeDeserializer.class)
+ @JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+ private LocalDateTime timestamp;
+
+ @JsonProperty("appId")
+ private String uniqueId;
+
+
+ }
+
+
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 80142b09..f9142f8e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -157,7 +157,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
EID_STATUS);
//get signed AuthBlock
- String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq.getUniqueTransactionIdentifier());
+ String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq);
//inject personal-data into session
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index d08855f2..dd485ee6 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -2,9 +2,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.doThrow;
import static org.powermock.api.mockito.PowerMockito.when;
import java.io.IOException;
@@ -21,19 +18,14 @@ import java.util.Map;
import javax.xml.namespace.QName;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import org.apache.commons.lang3.RandomStringUtils;
import org.jetbrains.annotations.NotNull;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
import org.jose4j.jws.AlgorithmIdentifiers;
-import org.jose4j.lang.JoseException;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
-import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -51,6 +43,8 @@ import com.skjolberg.mockito.soap.SoapServiceRule;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
@@ -61,6 +55,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
@@ -75,7 +70,6 @@ import eu.eidas.auth.commons.attribute.PersonType;
import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
import lombok.val;
import szrservices.SZR;
-import szrservices.SZRException_Exception;
import szrservices.SignContentEntry;
import szrservices.SignContentResponseType;
@@ -193,7 +187,7 @@ public class CreateIdentityLinkTaskEidNewTest {
.getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
Assert.assertTrue("AuthBlock not valid", result.isValid());
-
+
}
@Test
@@ -225,29 +219,6 @@ public class CreateIdentityLinkTaskEidNewTest {
}
}
- @Ignore
- @Test
- public void exceptionTest() throws Exception {
- try {
- when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
- val signContentResp = new SignContentResponseType();
- final SignContentEntry signContentEntry = new SignContentEntry();
- signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
- signContentResp.getOut().add(signContentEntry);
- when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
- doThrow(new EaafException("test")).when(authBlockSigner)
- .buildSignedAuthBlock(pendingReq.getUniqueTransactionIdentifier());
-
- task.execute(pendingReq, executionContext);
- } catch (TaskExecutionException e) {
- Assert.assertEquals("Incorrect exception thrown", e.getMessage(),
- "IdentityLink generation for foreign person " + "FAILED.");
- Assert.assertTrue("Incorrect exception thrown", e.getCause() instanceof EaafException);
- Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("test"));
- }
-
- }
-
private Pair<KeyStore, Provider> getKeyStore() throws EaafException {
// read Connector wide config data TODO connector wide!
String keyStoreName = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME);