aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java211
1 files changed, 0 insertions, 211 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
deleted file mode 100644
index 098e76ce..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ /dev/null
@@ -1,211 +0,0 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
-
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.Provider;
-import java.security.cert.X509Certificate;
-import java.time.LocalDateTime;
-import java.time.ZoneOffset;
-import java.time.temporal.ChronoUnit;
-import java.util.Base64;
-import java.util.UUID;
-
-import javax.annotation.PostConstruct;
-
-import org.apache.commons.lang3.StringUtils;
-import org.jose4j.lang.JoseException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import com.fasterxml.jackson.annotation.JsonFormat;
-import com.fasterxml.jackson.annotation.JsonInclude;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import com.fasterxml.jackson.databind.annotation.JsonSerialize;
-import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
-import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
-
-import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import lombok.Data;
-import lombok.extern.slf4j.Slf4j;
-
-/**
- * Service to build and sign AuthBlock's for E-ID system.
- *
- * @author tlenz
- *
- */
-@Slf4j
-@Service("authBlockSigningService")
-public class AuthBlockSigningService {
-
- private static final String KEYSTORE_FRIENDLYNAME = "AuthBlock_Signing";
-
- private static ObjectMapper mapper = new ObjectMapper();
-
- @Autowired
- IConfiguration basicConfig;
-
- @Autowired
- EaafKeyStoreFactory keyStoreFactory;
-
-
- private Pair<KeyStore, Provider> keyStore;
-
- /**
- * Build and sign an AuthBlock for E-ID system.
- *
- * @param pendingReq data that should be added into AuthBlock
- * @return serialized JWS
- * @throws JsonProcessingException In case of a AuthBlock generation error
- * @throws JoseException In case of a JWS signing error
- * @throws EaafException In case of a KeyStore or Key error
- */
- public String buildSignedAuthBlock(IRequest pendingReq)
- throws JsonProcessingException, EaafException, JoseException {
-
- //TODO: set Challenge to SAML2 requestId to create link between authentication request and authBlock
-
- // build AuthBlock
- EidasAuchBlock authBlock = new EidasAuchBlock();
- authBlock.setChallenge(UUID.randomUUID().toString());
- authBlock.setTimestamp(LocalDateTime.now(ZoneOffset.UTC).truncatedTo(ChronoUnit.SECONDS));
- authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
- authBlock.setPiiTransactionId(pendingReq.getUniquePiiTransactionIdentifier());
-
- //set Binding PublicKey if available
- Object bindingPubKey = pendingReq.getRawData(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME);
- if (bindingPubKey instanceof String) {
- authBlock.setBindingPublicKey((String) bindingPubKey);
-
- }
-
- String jwsPayload = mapper.writeValueAsString(authBlock);
- log.debug("Building and sign authBlock with data: {}", jwsPayload);
-
- //sign JWS
- return JoseUtils
- .createSignature(keyStore, getKeyAlias(), getKeyPassword(), jwsPayload, false,
- KEYSTORE_FRIENDLYNAME);
- }
-
-
- /**
- * Get the Base64 encoded PublicKey that is used to sign the AuthBlock.
- *
- * @return Base64 encoded PublicKey
- * @throws EaafKeyAccessException In case of an unknown or invalid key
- */
- public String getBase64EncodedPublicKey() throws EaafKeyAccessException {
- Pair<Key, X509Certificate[]> keyPair = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
- keyStore.getFirst(), getKeyAlias(), getKeyPassword(), true, KEYSTORE_FRIENDLYNAME);
- return Base64.getEncoder().encodeToString(keyPair.getSecond()[0].getPublicKey().getEncoded());
-
- }
-
- @PostConstruct
- private void initialize() throws KeyStoreException, EaafException {
- log.debug("Initializing AuthBlock signing service ... ");
- // read Connector wide config data TODO connector wide!
- String keyStoreName = basicConfig
- .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME);
- String keyStorePw = basicConfig
- .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD);
- String keyStorePath = basicConfig
- .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH);
- String keyStoreType = basicConfig
- .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE);
-
-
- //build new KeyStore configuration
- KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration();
- keyStoreConfiguration.setFriendlyName(KEYSTORE_FRIENDLYNAME);
-
- keyStoreConfiguration.setSoftKeyStoreFilePath(keyStorePath);
- keyStoreConfiguration.setSoftKeyStorePassword(keyStorePw);
- keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(keyStoreType));
- keyStoreConfiguration.setKeyStoreName(keyStoreName);
-
- //validate KeyStore configuration
- keyStoreConfiguration.validate();
-
- //validate key alias
- if (StringUtils.isEmpty(getKeyAlias())) {
- throw new EaafConfigurationException("config.08",
- new Object[] {MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS});
-
- }
-
- //build new KeyStore based on configuration
- keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
-
- //check if Key is accessible
- EaafKeyStoreUtils.getPrivateKeyAndCertificates(
- keyStore.getFirst(), getKeyAlias(), getKeyPassword(), true, KEYSTORE_FRIENDLYNAME);
-
- log.info("AuthBlock signing-service successful initialized");
-
- }
-
- private char[] getKeyPassword() {
- final String value = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_PASSWORD);
- if (value != null) {
- return value.trim().toCharArray();
- }
-
- return null;
-
- }
-
-
- private String getKeyAlias() {
- return basicConfig
- .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS);
-
- }
-
- /**
- * Technical AuthBlock for eIDAS Authentication.
- *
- * @author tlenz
- *
- */
- @Data
- @JsonInclude(JsonInclude.Include.NON_NULL)
- private static class EidasAuchBlock {
-
- @JsonProperty("challenge")
- private String challenge;
-
- @JsonProperty("timestamp")
- @JsonSerialize(using = LocalDateTimeSerializer.class)
- @JsonDeserialize(using = LocalDateTimeDeserializer.class)
- @JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'", timezone = "UTC")
- private LocalDateTime timestamp;
-
- @JsonProperty("appId")
- private String uniqueId;
-
- @JsonProperty("piiTransactionId")
- private String piiTransactionId;
-
- @JsonProperty("bindingPublicKey")
- private String bindingPublicKey;
-
- }
-
-
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 14:21:08 +0000