aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules
diff options
context:
space:
mode:
authorlalber <lukas.alber@iaik.tugraz.at>2020-11-06 16:28:26 +0100
committerlalber <lukas.alber@iaik.tugraz.at>2020-11-06 16:28:26 +0100
commitf358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4 (patch)
tree78652eb9288596c5a5cd34d5bbdd1ca79f1ed56a /eidas_modules
parentd40505ed35a8db7d242a8b218297e322350722b3 (diff)
downloadNational_eIDAS_Gateway-f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4.tar.gz
National_eIDAS_Gateway-f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4.tar.bz2
National_eIDAS_Gateway-f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4.zip
some improvements
Diffstat (limited to 'eidas_modules')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java65
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java85
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties11
3 files changed, 97 insertions, 64 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index f060a4cf..8626c709 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -60,7 +60,6 @@ import eu.eidas.auth.commons.attribute.AttributeValue;
import eu.eidas.auth.commons.light.ILightResponse;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
import lombok.extern.slf4j.Slf4j;
-import lombok.val;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
@@ -77,6 +76,7 @@ import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
+import java.security.PublicKey;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
@@ -102,7 +102,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
EaafKeyStoreFactory keyStoreFactory;
private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas";
- Pair<KeyStore, Provider> ks;
/*
* (non-Javadoc)
@@ -119,8 +118,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
final ILightResponse eidasResponse = authProcessData
.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
- String eidMode = pendingReq.getServiceProviderConfiguration()
- .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+ boolean isNewEidMode = pendingReq.getServiceProviderConfiguration()
+ .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false);
final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(
@@ -230,17 +229,31 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- if (eidMode.equals("new")) {
- String keyAlias = pendingReq.getServiceProviderConfiguration().getConfigurationValue(
- MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME, "");
- String keyPw = pendingReq.getServiceProviderConfiguration()
- .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_PW, "");
+ if (isNewEidMode) {
+
+ // read Connector wide config data TODO connector wide!
+ String keyStoreAlias = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME);
+ String keyStorePw = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD);
+ String keyStorePath = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PATH);
+ String keyStoreType = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_TYPE);
+
// get verschlüsselte Stammzahl
String vsz = szrClient.getEncryptedStammzahl(personInfo);
// build Keystore
- String pk64 = getPkFromKeystore(keyAlias, keyPw);
+ Pair<KeyStore, Provider> keystoreProvider = initKeystore(keyStoreAlias, keyStorePw, keyStorePath,
+ keyStoreType);
+
+ // get pubKey
+ PublicKey publicKey = keystoreProvider.getFirst().getCertificate(keyStoreAlias).getPublicKey();
+
+ // encode pubKey base64
+ String pk64 = Base64.getEncoder().encodeToString(publicKey.getEncoded());
// get eIDAS bind
String signedEidasBind = szrClient.getBcBind(vsz, pk64, EID_STATUS);
@@ -250,7 +263,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
String jwsSignature = JoseUtils
- .createSignature(ks, keyAlias, keyPw.toCharArray(), jwsPayload, false, keyAlias);
+ .createSignature(keystoreProvider, keyStoreAlias, keyStorePw.toCharArray(), jwsPayload, false,
+ keyStoreAlias);
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
@@ -275,8 +289,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
bpk = szrClient
.getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
- basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
- "no VKZ defined")).get(0);
+ basicConfig
+ .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"))
+ .get(0);
} else {
log.debug("Calculating bPK from baseId ... ");
@@ -292,7 +307,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- if (eidMode.equals("new")) {
+ if (isNewEidMode) {
authProcessData.setForeigner(true);
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
.parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
@@ -305,7 +320,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
throw new SzrCommunicationException("ernb.00", null);
}
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
+ revisionsLogger.logEvent(pendingReq,
+ MsConnectorEventCodes.SZR_IDL_RECEIVED,
identityLink.getSamlAssertion()
.getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
@@ -348,18 +364,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- private String getPkFromKeystore(String keyAlias, String keyPw) throws EaafException, KeyStoreException {
- KeyStoreConfiguration configuration = new KeyStoreConfiguration();
+ private Pair<KeyStore, Provider> initKeystore(String keyAlias, String keyPw, String path, String type)
+ throws EaafException, KeyStoreException {
+ KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration();
final String current = new java.io.File(".").toURI().toString();
- configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
- configuration.setSoftKeyStorePassword(keyPw); //TODO from config
- configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
- configuration.setFriendlyName(keyAlias);
- configuration.setKeyStoreName(keyAlias);
- ks = keyStoreFactory.buildNewKeyStore(configuration);
- val publicKey = ks.getFirst().getCertificate(keyAlias).getPublicKey();
- return Base64.getEncoder().encodeToString(publicKey.getEncoded());
+ keyStoreConfiguration.setSoftKeyStoreFilePath(current + path);
+ keyStoreConfiguration.setSoftKeyStorePassword(keyPw);
+ keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(type));
+ keyStoreConfiguration.setFriendlyName(keyAlias);
+ keyStoreConfiguration.setKeyStoreName(keyAlias);
+ return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
}
private String extendBpkByPrefix(String bpk, String type) {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 00e01a2c..888b7631 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -1,8 +1,8 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
-import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME;
-import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_PW;
-import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE;
+import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME;
+import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD;
+import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
import static org.mockito.ArgumentMatchers.any;
import static org.powermock.api.mockito.PowerMockito.when;
@@ -69,8 +69,8 @@ public class CreateIdentityLinkTaskEidNewTest {
@Autowired(required = true)
private CreateIdentityLinkTask task;
-// @Autowired(required = true)
-// private FinalizeAuthenticationTask authTask;
+ // @Autowired(required = true)
+ // private FinalizeAuthenticationTask authTask;
@Autowired(required = true)
private DummySpecificCommunicationService commService;
@Autowired(required = true)
@@ -87,7 +87,7 @@ public class CreateIdentityLinkTaskEidNewTest {
private static final String PW = "f/+saJBc3a}*/T^s";
private static final String ALIAS = "connectorkeypair";
-
+
@Rule
public final SoapServiceRule soap = SoapServiceRule.newInstance();
@@ -99,8 +99,7 @@ public class CreateIdentityLinkTaskEidNewTest {
@BeforeClass
public static void classInitializer() throws IOException {
final String current = new java.io.File(".").toURI().toString();
- System.setProperty("eidas.ms.configuration", current
- + "src/test/resources/config/junit_config_3.properties");
+ System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties");
}
@@ -118,18 +117,17 @@ public class CreateIdentityLinkTaskEidNewTest {
final Map<String, String> spConfig = new HashMap<>();
spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
- spConfig.put(PROP_CONFIG_SP_EID_MODE, "new");
- spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_PW, PW);
- spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME, ALIAS);
+ spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
+ spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD, PW);
+ spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME, ALIAS);
oaParam = new DummySpConfiguration(spConfig, basicConfig);
pendingReq = new TestRequestImpl();
AuthenticationResponse response = buildDummyAuthResponse();
-
-
- pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
+ pendingReq.getSessionData(AuthProcessDataWrapper.class)
+ .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
pendingReq.setSpConfig(oaParam);
pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
pendingReq.setAuthUrl("http://test.com/");
@@ -143,33 +141,48 @@ public class CreateIdentityLinkTaskEidNewTest {
@NotNull
private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException {
- AttributeDefinition attributeDef = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)
- .nameUri(new URI("ad", "sd", "ff")).personType(PersonType.LEGAL_PERSON)
- .xmlType(new QName("http://saf", "as", "af"))
- .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
- AttributeDefinition attributeDef2 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME)
- .nameUri(new URI("ad", "sd", "fff")).personType(PersonType.LEGAL_PERSON)
- .xmlType(new QName("http://saf", "as", "aff"))
- .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
- AttributeDefinition attributeDef3 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME)
- .nameUri(new URI("ad", "sd", "ffff")).personType(PersonType.LEGAL_PERSON)
- .xmlType(new QName("http://saf", "as", "afff"))
- .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+ AttributeDefinition attributeDef = AttributeDefinition.builder()
+ .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)
+ .nameUri(new URI("ad", "sd", "ff"))
+ .personType(PersonType.LEGAL_PERSON)
+ .xmlType(new QName("http://saf", "as", "af"))
+ .attributeValueMarshaller(
+ "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
+ .build();
+ AttributeDefinition attributeDef2 = AttributeDefinition.builder()
+ .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME)
+ .nameUri(new URI("ad", "sd", "fff"))
+ .personType(PersonType.LEGAL_PERSON)
+ .xmlType(new QName("http://saf", "as", "aff"))
+ .attributeValueMarshaller(
+ "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
+ .build();
+ AttributeDefinition attributeDef3 = AttributeDefinition.builder()
+ .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME)
+ .nameUri(new URI("ad", "sd", "ffff"))
+ .personType(PersonType.LEGAL_PERSON)
+ .xmlType(new QName("http://saf", "as", "afff"))
+ .attributeValueMarshaller(
+ "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
+ .build();
AttributeDefinition attributeDef4 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH)
- .nameUri(new URI("ad", "sd", "fffff")).personType(PersonType.LEGAL_PERSON)
- .xmlType(new QName("http://saf", "as", "affff"))
- .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build();
+ .nameUri(new URI("ad", "sd", "fffff"))
+ .personType(PersonType.LEGAL_PERSON)
+ .xmlType(new QName("http://saf", "as", "affff"))
+ .attributeValueMarshaller(
+ "eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller")
+ .build();
- ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder().put(attributeDef, "de/st/" + RandomStringUtils.randomNumeric(64))
- .put(attributeDef2, RandomStringUtils.randomAlphabetic(10))
- .put(attributeDef3, RandomStringUtils.randomAlphabetic(10))
- .put(attributeDef4, "2001-01-01")
- .build();
+ ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder().put(attributeDef, "de/st/" + RandomStringUtils
+ .randomNumeric(64)).put(attributeDef2, RandomStringUtils.randomAlphabetic(10)).put(attributeDef3,
+ RandomStringUtils
+ .randomAlphabetic(10))
+ .put(attributeDef4, "2001-01-01").build();
val b = new AuthenticationResponse.Builder();
- return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf")
- .subjectNameIdFormat("afaf").attributes(attributeMap).build();
+ return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat("afaf")
+ .attributes(attributeMap).build();
}
@Test
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties
index 33207118..79352734 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties
@@ -47,6 +47,12 @@ eidas.ms.auth.eIDAS.szrclient.timeout.connection=15
eidas.ms.auth.eIDAS.szrclient.timeout.response=30
eidas.ms.auth.eIDAS.szrclient.params.vkz=
+eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s
+eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair
+eidas.ms.auth.eIDAS.authblock.keystore.path=src/test/resources/keystore/teststore.jks
+eidas.ms.auth.eIDAS.authblock.keystore.type=jks
+
+
eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false
@@ -93,9 +99,8 @@ eidas.ms.pvp2.metadata.validity=24
eidas.ms.sp.0.uniqueID=
eidas.ms.sp.0.pvp2.metadata.truststore=
eidas.ms.sp.0.pvp2.metadata.truststore.password=
-eidas.ms.sp.0.eidMode=new
-eidas.ms.sp.0.authblock.truststore.password=f/+saJBc3a}*/T^s
-eidas.ms.sp.0.authblock.truststore.friendlyName=connectorkeypair
+eidas.ms.sp.0.newEidMode=true
+
#eidas.ms.sp.0.friendlyName=
#eidas.ms.sp.0.pvp2.metadata.url=