diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-01-11 15:15:03 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-01-11 15:15:03 +0100 |
commit | a5d2e6d6fa2c75ae8211c818537524e8c54c3129 (patch) | |
tree | 38444e5b15cfb1705f87b150aec200976bc22ee5 /eidas_modules | |
parent | 1bcc269ff8f16b2a4dee4f393e4259f4768ca3a0 (diff) | |
download | National_eIDAS_Gateway-a5d2e6d6fa2c75ae8211c818537524e8c54c3129.tar.gz National_eIDAS_Gateway-a5d2e6d6fa2c75ae8211c818537524e8c54c3129.tar.bz2 National_eIDAS_Gateway-a5d2e6d6fa2c75ae8211c818537524e8c54c3129.zip |
fix some minor incompatibilities between AuthHandler and MS-Connector in E-ID mode
Diffstat (limited to 'eidas_modules')
5 files changed, 106 insertions, 35 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index ba3c46fe..cdc17654 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -76,6 +76,8 @@ public class Constants { + ".debug.logfullmessages"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY = CONIG_PROPS_EIDAS_SZRCLIENT + ".debug.useDummySolution"; + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND = CONIG_PROPS_EIDAS_SZRCLIENT + + ".eidasbind.mds.inject"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION = CONIG_PROPS_EIDAS_SZRCLIENT + ".timeout.connection"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE = CONIG_PROPS_EIDAS_SZRCLIENT diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java index 0b8de8a7..1f5837d6 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -78,8 +78,10 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; @@ -113,7 +115,8 @@ public class SzrClient { private static final String KEY_BC_BIND = "bcBindReq"; private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype"; private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; - + public static final String ATTR_NAME_MDS = "urn:eidgvat:mds"; + @Autowired private IConfiguration basicConfig; @@ -244,36 +247,38 @@ public class SzrClient { } - /** * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status. * * @param vsz encryped baseId * @param bindingPubKey binding PublikKey as PKCS1# (ASN.1) container * @param eidStatus Status of the E-ID + * @param eidData eID information that was used for ERnP registration * @return bPK for this person * @throws SzrCommunicationException In case of a SZR error */ - public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus) - throws SzrCommunicationException { - - final Map<String, Object> bcBindMap = new HashMap<>(); - bcBindMap.put(ATTR_NAME_VSZ, vsz); - bcBindMap.put(ATTR_NAME_STATUS, eidStatus); - bcBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey)); - + public String getEidsaBind(final String vsz, final String bindingPubKey, final String eidStatus, + ErnbEidData eidData)throws SzrCommunicationException { + + final Map<String, Object> eidsaBindMap = new HashMap<>(); + eidsaBindMap.put(ATTR_NAME_VSZ, vsz); + eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus); + eidsaBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey)); + eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode()); + injectMdsIfAvailableAndActive(eidsaBindMap, eidData); + try { - final String serializedBcBind = mapper.writeValueAsString(bcBindMap); + final String serializedEidasBind = mapper.writeValueAsString(eidsaBindMap); final SignContent req = new SignContent(); - final SignContentEntry bcBindInfo = new SignContentEntry(); - bcBindInfo.setKey(KEY_BC_BIND); - bcBindInfo.setValue(serializedBcBind); - req.getIn().add(bcBindInfo); + final SignContentEntry eidasBindInfo = new SignContentEntry(); + eidasBindInfo.setKey(KEY_BC_BIND); + eidasBindInfo.setValue(serializedEidasBind); + req.getIn().add(eidasBindInfo); req.setAppendCert(false); - final JwsHeaderParam bcBindJoseHeader = new JwsHeaderParam(); - bcBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE); - bcBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND); - req.getJWSHeaderParam().add(bcBindJoseHeader); + final JwsHeaderParam eidasBindJoseHeader = new JwsHeaderParam(); + eidasBindJoseHeader.setKey(JOSE_HEADER_USERCERTPINNING_TYPE); + eidasBindJoseHeader.setValue(JOSE_HEADER_USERCERTPINNING_EIDASBIND); + req.getJWSHeaderParam().add(eidasBindJoseHeader); log.trace("Requesting SZR to sign bcBind datastructure ... "); final SignContentResponseType resp = szr.signContent(req.isAppendCert(), req.getJWSHeaderParam(), req.getIn()); @@ -488,6 +493,19 @@ public class SzrClient { } + private void injectMdsIfAvailableAndActive(Map<String, Object> eidsaBindMap, ErnbEidData eidData) { + if (basicConfig.getBasicConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_SET_MDS_TO_EIDASBIND, false)) { + log.info("Injecting MDS into eidasBind ... "); + final Map<String, Object> mds = new HashMap<>(); + mds.put(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, eidData.getFamilyName()); + mds.put(PvpAttributeDefinitions.GIVEN_NAME_NAME, eidData.getGivenName()); + mds.put(PvpAttributeDefinitions.BIRTHDATE_NAME, eidData.getFormatedDateOfBirth()); + eidsaBindMap.put(ATTR_NAME_MDS, mds); + + } + } + private byte[] sourceToByteArray(Source result) throws TransformerException { final TransformerFactory factory = TransformerFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 4ace8cf0..b519354c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -159,7 +159,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { // get eIDAS bind String signedEidasBind = szrClient.getEidsaBind(vsz, authBlockSigner.getBase64EncodedPublicKey(), - EID_STATUS); + EID_STATUS, eidData); revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_EIDASBIND_RECEIVED); authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java index 3bb7ee06..cf4ed95c 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java @@ -43,6 +43,8 @@ import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.apache.cxf.binding.soap.SoapFault; +import org.joda.time.DateTime; +import org.jose4j.lang.JoseException; import org.junit.Assert; import org.junit.Before; import org.junit.Ignore; @@ -58,9 +60,14 @@ import org.springframework.util.Base64Utils; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.ObjectMapper; import com.skjolberg.mockito.soap.SoapServiceRule; +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; @@ -68,7 +75,6 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafParserException; import at.gv.egiz.eaaf.core.impl.data.Triple; @@ -93,11 +99,11 @@ import szrservices.TravelDocumentType; public class SzrClientTest { private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class); - @Autowired - SzrClient szrClient; - @Autowired - IConfiguration basicConfig; + @Autowired SzrClient szrClient; + @Autowired MsConnectorDummyConfigMap basicConfig; + private static ObjectMapper mapper = new ObjectMapper(); + private static final String givenName = "Franz"; private static final String familyName = "Mustermann"; private static final String dateOfBirth = "1989-05-05"; @@ -105,7 +111,7 @@ public class SzrClientTest { private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; private SZR szrMock = null; - + ErnbEidData eidData = null; @Rule public SoapServiceRule soap = SoapServiceRule.newInstance(); @@ -119,6 +125,16 @@ public class SzrClientTest { szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); } + + eidData = new ErnbEidData(); + eidData.setFamilyName(familyName); + eidData.setGivenName(givenName); + eidData.setDateOfBirth(new DateTime()); + eidData.setCitizenCountryCode("IS"); + eidData.setPseudonym("1234sdgsdfg56789ABCDEF"); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false"); + } @@ -161,7 +177,7 @@ public class SzrClientTest { final String bcBind = szrClient .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10)); + RandomStringUtils.randomAlphabetic(10), eidData); Assert.assertNotNull("bcBind is null", bcBind); Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); @@ -172,10 +188,10 @@ public class SzrClientTest { public void eidasBindNull() throws SZRException_Exception { when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(null); - try { + try { szrClient .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10)); + RandomStringUtils.randomAlphabetic(10), eidData); } catch (SzrCommunicationException e) { Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); @@ -192,7 +208,7 @@ public class SzrClientTest { try { szrClient .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10)); + RandomStringUtils.randomAlphabetic(10), eidData); } catch (SzrCommunicationException e) { Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); @@ -210,7 +226,7 @@ public class SzrClientTest { try { szrClient .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10)); + RandomStringUtils.randomAlphabetic(10), eidData); } catch (SzrCommunicationException e) { Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); @@ -218,7 +234,8 @@ public class SzrClientTest { } @Test - public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException { + public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException, JsonMappingException, + JsonProcessingException, JoseException { final SignContentResponse szrResponse = new SignContentResponse(); final SignContentEntry result1 = new SignContentEntry(); final SignContentResponseType content = new SignContentResponseType(); @@ -232,14 +249,39 @@ public class SzrClientTest { final String bcBind = szrClient .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10)); + RandomStringUtils.randomAlphabetic(10), eidData); Assert.assertNotNull("bcBind is null", bcBind); Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); - + } @Test + public void eidasBindValidWithMds() throws SZRException_Exception, SzrCommunicationException, JoseException, + JsonMappingException, JsonProcessingException { + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "true"); + + final SignContentResponse szrResponse = new SignContentResponse(); + final SignContentEntry result1 = new SignContentEntry(); + final SignContentResponseType content = new SignContentResponseType(); + content.getOut().add(result1); + szrResponse.setSignContentResponse(content); + + result1.setKey("bcBindReq"); + result1.setValue(RandomStringUtils.randomAlphanumeric(100)); + + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content); + + final String bcBind = szrClient + .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), eidData); + + Assert.assertNotNull("bcBind is null", bcBind); + Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); + + } + + @Test public void getIdentityLinkRawModeValidResponse() throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException, JAXBException { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java index ca48d766..1e7ff369 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java @@ -32,6 +32,7 @@ import java.util.List; import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.bouncycastle.util.encoders.Base64; +import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; @@ -47,6 +48,7 @@ import org.springframework.util.Base64Utils; import org.w3c.dom.Element; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; @@ -107,8 +109,15 @@ public class SzrClientTestProduction { String vsz = RandomStringUtils.randomAlphanumeric(10); String bindingPubKey = Base64.toBase64String(RandomStringUtils.random(20).getBytes()); String eidStatus = "urn:eidgvat:eid.status.eidas"; + ErnbEidData eidData = new ErnbEidData(); + eidData.setFamilyName(familyName); + eidData.setGivenName(givenName); + eidData.setDateOfBirth(new DateTime()); + eidData.setCitizenCountryCode("IS"); + eidData.setPseudonym("1234sdgsdfg56789ABCDEF"); - String eidasBind = szrClient.getEidsaBind(vsz, bindingPubKey, eidStatus); + + String eidasBind = szrClient.getEidsaBind(vsz, bindingPubKey, eidStatus, eidData); Assert.assertNotNull("eidasBind", eidasBind); |