diff options
2 files changed, 37 insertions, 20 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java index 5a551649..d2ce2f5d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -33,7 +33,11 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.UnrecoverableKeyException; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; import javax.annotation.PostConstruct; import javax.net.ssl.KeyManager; @@ -57,7 +61,6 @@ import javax.xml.ws.handler.Handler; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.lang3.StringUtils; -import org.apache.commons.lang3.time.StopWatch; import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; @@ -80,7 +83,20 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; -import szrservices.*; +import szrservices.GetBPK; +import szrservices.GetBPKResponse; +import szrservices.GetIdentityLinkEidas; +import szrservices.GetIdentityLinkEidasResponse; +import szrservices.IdentityLinkType; +import szrservices.JwsHeaderParam; +import szrservices.ObjectFactory; +import szrservices.PersonInfoType; +import szrservices.SZR; +import szrservices.SZRException_Exception; +import szrservices.SignContent; +import szrservices.SignContentEntry; +import szrservices.SignContentResponseType; + @Service("SZRClientForeIDAS") public class SzrClient { @@ -89,6 +105,13 @@ public class SzrClient { private static final String CLIENT_DEFAULT = "DefaultClient"; private static final String CLIENT_RAW = "RawClient"; + private static final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value"; + private static final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys"; + private static final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status"; + private static final String KEY_BC_BIND = "bcBindReq"; + private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype"; + private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; + @Autowired private IConfiguration basicConfig; @@ -232,13 +255,6 @@ public class SzrClient { public String getBcBind(final String vsz, final String bindingPubKey, final String eidStatus) throws SzrCommunicationException { - final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value"; - final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys"; - final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status"; - final String KEY_BC_BIND = "bcBindReq"; - final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype"; - final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; - final Map<String, Object> bcBindMap = new HashMap<>(); bcBindMap.put(ATTR_NAME_VSZ, vsz); bcBindMap.put(ATTR_NAME_STATUS, eidStatus); @@ -264,7 +280,7 @@ public class SzrClient { if (resp == null || resp.getOut().isEmpty() || resp.getOut().get(0).getValue() == null) { - throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"}); //TODO check error handling + throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"}); } return resp.getOut().get(0).getValue(); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 86f28561..765f7928 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -62,7 +62,6 @@ import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; import lombok.val; import org.apache.commons.lang3.StringUtils; -import org.bouncycastle.jce.PKCS10CertificationRequest; import org.joda.time.DateTime; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -74,7 +73,7 @@ import szrservices.TravelDocumentType; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.*; +import java.io.InputStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.Provider; @@ -103,8 +102,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { EaafKeyStoreFactory keyStoreFactory; Pair<KeyStore, Provider> ks; - private final String KSPASSWORD = "f/+saJBc3a}*/T^s"; - private final String KSALIAS = "connectorkeypair"; + private static final String KSPASSWORD = "f/+saJBc3a}*/T^s"; + private static final String KSALIAS = "connectorkeypair"; /* * (non-Javadoc) @@ -238,18 +237,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { String vsz = szrClient.getEncryptedStammzahl(personInfo); // build Keystore - String pK64 = getPkFromKeystore(); + String pk64 = getPkFromKeystore(); // setzte Keystore in config ?path? lade rein // key pair art siehe jose utils - String signedEidasBind = szrClient.getBcBind(vsz, pK64, "urn:eidgvat:eid.status.eidas"); //eidstatus TODO as config? + String signedEidasBind = szrClient.getBcBind(vsz, pk64, "urn:eidgvat:eid.status.eidas"); + //TODO eidStatus as config? //build AuthBlock JWS ObjectMapper mapper = new ObjectMapper(); String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); - String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS); + String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, + false, KSALIAS); authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); @@ -301,8 +302,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); - } - else { + + } else { if (identityLink == null) { log.error("ERnB did not return an identity link."); throw new SzrCommunicationException("ernb.00", null); |