aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2021-01-11 15:15:03 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2021-01-11 15:15:03 +0100
commita5d2e6d6fa2c75ae8211c818537524e8c54c3129 (patch)
tree38444e5b15cfb1705f87b150aec200976bc22ee5 /eidas_modules/authmodule-eIDAS-v2
parent1bcc269ff8f16b2a4dee4f393e4259f4768ca3a0 (diff)
downloadNational_eIDAS_Gateway-a5d2e6d6fa2c75ae8211c818537524e8c54c3129.tar.gz
National_eIDAS_Gateway-a5d2e6d6fa2c75ae8211c818537524e8c54c3129.tar.bz2
National_eIDAS_Gateway-a5d2e6d6fa2c75ae8211c818537524e8c54c3129.zip
fix some minor incompatibilities between AuthHandler and MS-Connector in E-ID mode
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java56
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java70
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java11
5 files changed, 106 insertions, 35 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index ba3c46fe..cdc17654 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -76,6 +76,8 @@ public class Constants {
+ ".debug.logfullmessages";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY = CONIG_PROPS_EIDAS_SZRCLIENT
+ ".debug.useDummySolution";
+ public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND = CONIG_PROPS_EIDAS_SZRCLIENT
+ + ".eidasbind.mds.inject";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_SZRCLIENT
+ ".timeout.connection";
public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_SZRCLIENT
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index 0b8de8a7..1f5837d6 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -78,8 +78,10 @@ import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
@@ -113,7 +115,8 @@ public class SzrClient {
private static final String KEY_BC_BIND = "bcBindReq";
private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype";
private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind";
-
+ public static final String ATTR_NAME_MDS = "urn:eidgvat:mds";
+
@Autowired
private IConfiguration basicConfig;
@@ -244,36 +247,38 @@ public class SzrClient {
}
-
/**
* Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status.
*
* @param vsz encryped baseId
* @param bindingPubKey binding PublikKey as PKCS1# (ASN.1) container
* @param eidStatus Status of the E-ID
+ * @param eidData eID information that was used for ERnP registration
* @return bPK for this person
* @throws SzrCommunicationException In case of a SZR error
*/
- public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus)
- throws SzrCommunicationException {
-
- final Map<String, Object> bcBindMap = new HashMap<>();
- bcBindMap.put(ATTR_NAME_VSZ, vsz);
- bcBindMap.put(ATTR_NAME_STATUS, eidStatus);
- bcBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey));
-
+ public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus,
+ ErnbEidData eidData)throws SzrCommunicationException {
+
+ final Map<String, Object> eidsaBindMap = new HashMap<>();
+ eidsaBindMap.put(ATTR_NAME_VSZ, vsz);
+ eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus);
+ eidsaBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey));
+ eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode());
+ injectMdsIfAvailableAndActive(eidsaBindMap, eidData);
+
try {
- final String serializedBcBind = mapper.writeValueAsString(bcBindMap);
+ final String serializedEidasBind = mapper.writeValueAsString(eidsaBindMap);
final SignContent req = new SignContent();
- final SignContentEntry bcBindInfo = new SignContentEntry();
- bcBindInfo.setKey(KEY_BC_BIND);
- bcBindInfo.setValue(serializedBcBind);
- req.getIn().add(bcBindInfo);
+ final SignContentEntry eidasBindInfo = new SignContentEntry();
+ eidasBindInfo.setKey(KEY_BC_BIND);
+ eidasBindInfo.setValue(serializedEidasBind);
+ req.getIn().add(eidasBindInfo);
req.setAppendCert(false);
- final JwsHeaderParam bcBindJoseHeader = new JwsHeaderParam();
- bcBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE);
- bcBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND);
- req.getJWSHeaderParam().add(bcBindJoseHeader);
+ final JwsHeaderParam eidasBindJoseHeader = new JwsHeaderParam();
+ eidasBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE);
+ eidasBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND);
+ req.getJWSHeaderParam().add(eidasBindJoseHeader);
log.trace("Requesting SZR to sign bcBind datastructure ... ");
final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn());
@@ -488,6 +493,19 @@ public class SzrClient {
}
+ private void injectMdsIfAvailableAndActive(Map<String, Object> eidsaBindMap, ErnbEidData eidData) {
+ if (basicConfig.getBasicConfigurationBoolean(
+ Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND, false)) {
+ log.info("Injecting MDS into eidasBind ... ");
+ final Map<String, Object> mds = new HashMap<>();
+ mds.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, eidData.getFamilyName());
+ mds.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, eidData.getGivenName());
+ mds.put(PvpAttributeDefinitions.BIRTHDATE_NAME, eidData.getFormatedDateOfBirth());
+ eidsaBindMap.put(ATTR_NAME_MDS, mds);
+
+ }
+ }
+
private byte[] sourceToByteArray(Source result) throws TransformerException {
final TransformerFactory factory = TransformerFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 4ace8cf0..b519354c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -159,7 +159,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
// get eIDAS bind
String signedEidasBind = szrClient.getEidsaBind(vsz,
authBlockSigner.getBase64EncodedPublicKey(),
- EID_STATUS);
+ EID_STATUS, eidData);
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED);
authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
index 3bb7ee06..cf4ed95c 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
@@ -43,6 +43,8 @@ import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.binding.soap.SoapFault;
+import org.joda.time.DateTime;
+import org.jose4j.lang.JoseException;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
@@ -58,9 +60,14 @@ import org.springframework.util.Base64Utils;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
import com.skjolberg.mockito.soap.SoapServiceRule;
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient;
@@ -68,7 +75,6 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils
import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
import at.gv.egiz.eaaf.core.impl.data.Triple;
@@ -93,11 +99,11 @@ import szrservices.TravelDocumentType;
public class SzrClientTest {
private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class);
- @Autowired
- SzrClient szrClient;
- @Autowired
- IConfiguration basicConfig;
+ @Autowired SzrClient szrClient;
+ @Autowired MsConnectorDummyConfigMap basicConfig;
+ private static ObjectMapper mapper = new ObjectMapper();
+
private static final String givenName = "Franz";
private static final String familyName = "Mustermann";
private static final String dateOfBirth = "1989-05-05";
@@ -105,7 +111,7 @@ public class SzrClientTest {
private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP";
private SZR szrMock = null;
-
+ ErnbEidData eidData = null;
@Rule
public SoapServiceRule soap = SoapServiceRule.newInstance();
@@ -119,6 +125,16 @@ public class SzrClientTest {
szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr");
}
+
+ eidData = new ErnbEidData();
+ eidData.setFamilyName(familyName);
+ eidData.setGivenName(givenName);
+ eidData.setDateOfBirth(new DateTime());
+ eidData.setCitizenCountryCode("IS");
+ eidData.setPseudonym("1234sdgsdfg56789ABCDEF");
+
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false");
+
}
@@ -161,7 +177,7 @@ public class SzrClientTest {
final String bcBind = szrClient
.getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
- RandomStringUtils.randomAlphabetic(10));
+ RandomStringUtils.randomAlphabetic(10), eidData);
Assert.assertNotNull("bcBind is null", bcBind);
Assert.assertEquals("bcBind not match", result1.getValue(), bcBind);
@@ -172,10 +188,10 @@ public class SzrClientTest {
public void eidasBindNull() throws SZRException_Exception {
when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(null);
- try {
+ try {
szrClient
.getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
- RandomStringUtils.randomAlphabetic(10));
+ RandomStringUtils.randomAlphabetic(10), eidData);
} catch (SzrCommunicationException e) {
Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01"));
@@ -192,7 +208,7 @@ public class SzrClientTest {
try {
szrClient
.getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
- RandomStringUtils.randomAlphabetic(10));
+ RandomStringUtils.randomAlphabetic(10), eidData);
} catch (SzrCommunicationException e) {
Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01"));
@@ -210,7 +226,7 @@ public class SzrClientTest {
try {
szrClient
.getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
- RandomStringUtils.randomAlphabetic(10));
+ RandomStringUtils.randomAlphabetic(10), eidData);
} catch (SzrCommunicationException e) {
Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01"));
@@ -218,7 +234,8 @@ public class SzrClientTest {
}
@Test
- public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException {
+ public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException, JsonMappingException,
+ JsonProcessingException, JoseException {
final SignContentResponse szrResponse = new SignContentResponse();
final SignContentEntry result1 = new SignContentEntry();
final SignContentResponseType content = new SignContentResponseType();
@@ -232,14 +249,39 @@ public class SzrClientTest {
final String bcBind = szrClient
.getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
- RandomStringUtils.randomAlphabetic(10));
+ RandomStringUtils.randomAlphabetic(10), eidData);
Assert.assertNotNull("bcBind is null", bcBind);
Assert.assertEquals("bcBind not match", result1.getValue(), bcBind);
-
+
}
@Test
+ public void eidasBindValidWithMds() throws SZRException_Exception, SzrCommunicationException, JoseException,
+ JsonMappingException, JsonProcessingException {
+ basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "true");
+
+ final SignContentResponse szrResponse = new SignContentResponse();
+ final SignContentEntry result1 = new SignContentEntry();
+ final SignContentResponseType content = new SignContentResponseType();
+ content.getOut().add(result1);
+ szrResponse.setSignContentResponse(content);
+
+ result1.setKey("bcBindReq");
+ result1.setValue(RandomStringUtils.randomAlphanumeric(100));
+
+ when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content);
+
+ final String bcBind = szrClient
+ .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
+ RandomStringUtils.randomAlphabetic(10), eidData);
+
+ Assert.assertNotNull("bcBind is null", bcBind);
+ Assert.assertEquals("bcBind not match", result1.getValue(), bcBind);
+
+ }
+
+ @Test
public void getIdentityLinkRawModeValidResponse()
throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException,
EidasSAuthenticationException, JAXBException {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
index ca48d766..1e7ff369 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
@@ -32,6 +32,7 @@ import java.util.List;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.util.encoders.Base64;
+import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;
@@ -47,6 +48,7 @@ import org.springframework.util.Base64Utils;
import org.w3c.dom.Element;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient;
@@ -107,8 +109,15 @@ public class SzrClientTestProduction {
String vsz = RandomStringUtils.randomAlphanumeric(10);
String bindingPubKey = Base64.toBase64String(RandomStringUtils.random(20).getBytes());
String eidStatus = "urn:eidgvat:eid.status.eidas";
+ ErnbEidData eidData = new ErnbEidData();
+ eidData.setFamilyName(familyName);
+ eidData.setGivenName(givenName);
+ eidData.setDateOfBirth(new DateTime());
+ eidData.setCitizenCountryCode("IS");
+ eidData.setPseudonym("1234sdgsdfg56789ABCDEF");
- String eidasBind = szrClient.getEidsaBind(vsz, bindingPubKey, eidStatus);
+
+ String eidasBind = szrClient.getEidsaBind(vsz, bindingPubKey, eidStatus, eidData);
Assert.assertNotNull("eidasBind", eidasBind);