diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at')
2 files changed, 61 insertions, 42 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 3eec12bd..eac62aae 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -156,6 +156,11 @@ public class Constants { // Default values for SZR communication public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT"; + // AuthBlock + public static final String SZR_AUTHBLOCK = "AUTHBLOCK"; + public static final String EIDAS_BIND = "EIDAS_BIND"; + + // TODO remove!!! public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01"; public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT"; diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 93813ff5..b141402a 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -32,6 +32,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicati import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; @@ -61,6 +62,7 @@ import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; import lombok.val; import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.jce.PKCS10CertificationRequest; import org.joda.time.DateTime; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -72,8 +74,10 @@ import szrservices.TravelDocumentType; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.InputStream; +import java.io.*; +import java.security.KeyStore; import java.security.KeyStoreException; +import java.security.Provider; import java.util.Base64; import java.util.HashMap; import java.util.List; @@ -98,6 +102,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { @Autowired EaafKeyStoreFactory keyStoreFactory; + Pair<KeyStore, Provider> ks; + private final String KSPASSWORD = "f/+saJBc3a}*/T^s"; + private final String KSALIAS = "connectorkeypair"; + /* * (non-Javadoc) * @@ -114,6 +122,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession( Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + String eidMode = pendingReq.getServiceProviderConfiguration() + .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); + final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes() .getAttributeMap()); @@ -222,7 +233,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); if (eidMode.equals("new")) { String vsz = szrClient.getEncryptedStammzahl(personInfo); @@ -239,8 +249,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { ObjectMapper mapper = new ObjectMapper(); String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); -// JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern + String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);//TODO joseutils kopiern + authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); + authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, jwsSignature); } else { final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo); @@ -282,44 +294,46 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - if (identityLink == null) { - log.error("ERnB did not return an identity link."); - throw new SzrCommunicationException("ernb.00", null); + if (eidMode.equals("new")) {} + else { + if (identityLink == null) { + log.error("ERnB did not return an identity link."); + throw new SzrCommunicationException("ernb.00", null); - } - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED, - identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); + } + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED, + identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); - if (bpk == null) { - log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); - throw new SzrCommunicationException("ernb.01", null); + if (bpk == null) { + log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); + throw new SzrCommunicationException("ernb.01", null); - } - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED); - - log.debug("ERnB communication was successfull"); - - authProcessData.setForeigner(true); - authProcessData.setIdentityLink(identityLink); - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); - - // set bPK and bPKType into auth session - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.BPK_NAME, - extendBpkByPrefix( - bpk, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - - // store pending-request - requestStoreage.storePendingRequest(pendingReq); + } + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED); + + log.debug("ERnB communication was successfull"); + + authProcessData.setForeigner(true); + authProcessData.setIdentityLink(identityLink); + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, + EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); + + // set bPK and bPKType into auth session + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.BPK_NAME, + extendBpkByPrefix( + bpk, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); + authProcessData.setGenericDataToSession( + PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + // store pending-request + requestStoreage.storePendingRequest(pendingReq); + } } catch (final EidasAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); @@ -338,12 +352,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { final String current = new java.io.File(".").toURI().toString(); configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks"); - configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s"); + configuration.setSoftKeyStorePassword(KSPASSWORD); //TODO from config configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS); - configuration.setFriendlyName("connectorkeypair"); - configuration.setKeyStoreName("connectorkeypair"); - val ks = keyStoreFactory.buildNewKeyStore(configuration); - val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey(); + configuration.setFriendlyName(KSALIAS); + configuration.setKeyStoreName(KSALIAS); + ks = keyStoreFactory.buildNewKeyStore(configuration); + val publicKey = ks.getFirst().getCertificate(KSALIAS).getPublicKey(); return Base64.getEncoder().encodeToString(publicKey.getEncoded()); } |