aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java147
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java507
2 files changed, 409 insertions, 245 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
new file mode 100644
index 00000000..30d255b9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -0,0 +1,147 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
+
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Provider;
+import java.security.cert.X509Certificate;
+import java.util.Base64;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.jose4j.lang.JoseException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Service to build and sign AuthBlock's for E-ID system.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+@Service("authBlockSigningService")
+public class AuthBlockSigningService {
+
+ private static final String KEYSTORE_FRIENDLYNAME = "AuthBlock_Signing";
+
+ private static ObjectMapper mapper = new ObjectMapper();
+
+ @Autowired
+ IConfiguration basicConfig;
+
+ @Autowired
+ EaafKeyStoreFactory keyStoreFactory;
+
+
+ private Pair<KeyStore, Provider> keyStore;
+
+ /**
+ * Build and sign an AuthBlock for E-ID system.
+ *
+ * @param dataToSign data that should be added into AuthBlock
+ * @return serialized JWS
+ * @throws JsonProcessingException In case of a AuthBlock generation error
+ * @throws JoseException In case of a JWS signing error
+ * @throws EaafException In case of a KeyStore or Key error
+ */
+ public String buildSignedAuthBlock(String dataToSign)
+ throws JsonProcessingException, EaafException, JoseException {
+ log.debug("Building and sign authBlock with data: {}", dataToSign);
+
+ // build AuthBlock
+ String jwsPayload = mapper.writeValueAsString(dataToSign);
+
+ //sign JWS
+ return JoseUtils
+ .createSignature(keyStore, getKeyAlias(), getKeyPassword(), jwsPayload, false,
+ KEYSTORE_FRIENDLYNAME);
+ }
+
+
+ /**
+ * Get the Base64 encoded PublicKey that is used to sign the AuthBlock.
+ *
+ * @return Base64 encoded PublicKey
+ * @throws EaafKeyAccessException In case of an unknown or invalid key
+ */
+ public String getBase64EncodedPublicKey() throws EaafKeyAccessException {
+ Pair<Key, X509Certificate[]> keyPair = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore.getFirst(), getKeyAlias(), getKeyPassword(), true, KEYSTORE_FRIENDLYNAME);
+ return Base64.getEncoder().encodeToString(keyPair.getSecond()[0].getPublicKey().getEncoded());
+
+ }
+
+ @PostConstruct
+ private void initialize() throws KeyStoreException, EaafException {
+ log.debug("Initializing AuthBlock signing service ... ");
+ // read Connector wide config data TODO connector wide!
+ String keyStoreName = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME);
+ String keyStorePw = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD);
+ String keyStorePath = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH);
+ String keyStoreType = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE);
+
+
+ //build new KeyStore configuration
+ KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration();
+ keyStoreConfiguration.setFriendlyName(KEYSTORE_FRIENDLYNAME);
+
+ keyStoreConfiguration.setSoftKeyStoreFilePath(keyStorePath);
+ keyStoreConfiguration.setSoftKeyStorePassword(keyStorePw);
+ keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(keyStoreType));
+ keyStoreConfiguration.setKeyStoreName(keyStoreName);
+
+ //validate KeyStore configuration
+ keyStoreConfiguration.validate();
+
+ //validate key alias
+ if (StringUtils.isEmpty(getKeyAlias())) {
+ throw new EaafConfigurationException("config.08",
+ new Object[] {MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS});
+
+ }
+
+ //build new KeyStore based on configuration
+ keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
+
+ log.info("AuthBlock signing-service successful initialized");
+
+ }
+
+ private char[] getKeyPassword() {
+ final String value = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_PASSWORD);
+ if (value != null) {
+ return value.trim().toCharArray();
+ }
+
+ return null;
+
+ }
+
+
+ private String getKeyAlias() {
+ return basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS);
+
+ }
+}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 8626c709..1ffd56e4 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -23,16 +23,37 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.joda.time.DateTime;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+
import at.asitplus.eidas.specific.connector.MsConnectorEventCodes;
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType;
import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
@@ -43,8 +64,6 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
@@ -52,36 +71,16 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
import eu.eidas.auth.commons.attribute.AttributeDefinition;
import eu.eidas.auth.commons.attribute.AttributeValue;
import eu.eidas.auth.commons.light.ILightResponse;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
+import lombok.Data;
import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import szrservices.IdentityLinkType;
import szrservices.PersonInfoType;
import szrservices.TravelDocumentType;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.InputStream;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.util.Base64;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
/**
* Task that creates the IdentityLink for an eIDAS authenticated person.
*
@@ -97,12 +96,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
private SzrClient szrClient;
@Autowired
private ICcSpecificEidProcessingService eidPostProcessor;
-
+
@Autowired
- EaafKeyStoreFactory keyStoreFactory;
+ private AuthBlockSigningService authBlockSigner;
private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas";
-
+
/*
* (non-Javadoc)
*
@@ -118,164 +117,57 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
final ILightResponse eidasResponse = authProcessData
.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
- boolean isNewEidMode = pendingReq.getServiceProviderConfiguration()
- .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false);
-
final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(
eidasResponse.getAttributes().getAttributeMap());
- IIdentityLink identityLink = null;
- String bpk = null;
-
// post-process eIDAS attributes
final ErnbEidData eidData = eidPostProcessor.postProcess(simpleAttrMap);
// write MDS into technical log and revision log
writeMdsLogInformation(eidData);
- // connect SZR-Gateway
+ //build IdentityLink or VSZ and eidasBind
if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
- log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!");
- // create fake IdL
- // - fetch IdL template from resources
- final InputStream s = CreateIdentityLinkTask.class
- .getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
- final Element idlTemplate = DomUtils.parseXmlValidating(s);
-
- identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
-
- // replace data
- final Element idlassertion = identityLink.getSamlAssertion();
-
- // - set fake baseID;
- final Node prIdentification = XPathUtils
- .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
- prIdentification.getFirstChild().setNodeValue(eidData.getPseudonym());
-
- // - set last name
- final Node prFamilyName = XPathUtils
- .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
- prFamilyName.getFirstChild().setNodeValue(eidData.getFamilyName());
-
- // - set first name
- final Node prGivenName = XPathUtils
- .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
- prGivenName.getFirstChild().setNodeValue(eidData.getGivenName());
-
- // - set date of birth
- final Node prDateOfBirth = XPathUtils
- .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
-
- prDateOfBirth.getFirstChild().setNodeValue(eidData.getFormatedDateOfBirth());
-
- identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink();
-
- new BpkBuilder();
- final Pair<String, String> bpkCalc = BpkBuilder
- .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
- identityLink.getIdentificationType(),
- pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
- bpk = bpkCalc.getFirst();
-
+ SzrResultHolder idlResult = createDummyIdentityLinkForTestDeployment(eidData);
+ //inject personal-data into session
+ authProcessData.setIdentityLink(idlResult.getIdentityLink());
+
+ // set bPK and bPKType into auth session
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
+ idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
+
} else {
- // contact SZR Gateway
- log.debug("Starting connecting SZR Gateway");
- final PersonInfoType personInfo = new PersonInfoType();
- final PersonNameType personName = new PersonNameType();
- final PhysicalPersonType naturalPerson = new PhysicalPersonType();
- final TravelDocumentType eDocument = new TravelDocumentType();
-
- naturalPerson.setName(personName);
- personInfo.setPerson(naturalPerson);
- personInfo.setTravelDocument(eDocument);
-
- // person information
- personName.setFamilyName(eidData.getFamilyName());
- personName.setGivenName(eidData.getGivenName());
- naturalPerson.setDateOfBirth(eidData.getFormatedDateOfBirth());
- eDocument.setIssuingCountry(eidData.getCitizenCountryCode());
- eDocument.setDocumentNumber(eidData.getPseudonym());
-
- // eID document information
- eDocument.setDocumentType(basicConfig
- .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
- Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
-
- // set PlaceOfBirth if available
- if (eidData.getPlaceOfBirth() != null) {
- log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth());
- if (basicConfig
- .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE,
- true)) {
- naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth());
- log.trace("Adding 'PlaceOfBirth' to ERnB request ... ");
-
- }
- }
-
- // set BirthName if available
- if (eidData.getBirthName() != null) {
- log.trace("Find 'BirthName' attribute: " + eidData.getBirthName());
- if (basicConfig
- .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE,
- true)) {
- final AlternativeNameType alternativeName = new AlternativeNameType();
- naturalPerson.setAlternativeName(alternativeName);
- alternativeName.setFamilyName(eidData.getBirthName());
- log.trace("Adding 'BirthName' to ERnB request ... ");
-
- }
- }
-
- if (isNewEidMode) {
-
- // read Connector wide config data TODO connector wide!
- String keyStoreAlias = basicConfig
- .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME);
- String keyStorePw = basicConfig
- .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD);
- String keyStorePath = basicConfig
- .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PATH);
- String keyStoreType = basicConfig
- .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_TYPE);
-
-
- // get verschlüsselte Stammzahl
+ //build SZR request from eIDAS data
+ final PersonInfoType personInfo = generateSzrRequest(eidData);
+
+ //request SZR based on IDL or E-ID mode
+ if (pendingReq.getServiceProviderConfiguration()
+ .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false)) {
+
+ // get encrypted baseId
String vsz = szrClient.getEncryptedStammzahl(personInfo);
-
- // build Keystore
- Pair<KeyStore, Provider> keystoreProvider = initKeystore(keyStoreAlias, keyStorePw, keyStorePath,
- keyStoreType);
-
- // get pubKey
- PublicKey publicKey = keystoreProvider.getFirst().getCertificate(keyStoreAlias).getPublicKey();
-
- // encode pubKey base64
- String pk64 = Base64.getEncoder().encodeToString(publicKey.getEncoded());
-
+
// get eIDAS bind
- String signedEidasBind = szrClient.getBcBind(vsz, pk64, EID_STATUS);
-
- // build AuthBlock (JWS)
- ObjectMapper mapper = new ObjectMapper();
- String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
-
- String jwsSignature = JoseUtils
- .createSignature(keystoreProvider, keyStoreAlias, keyStorePw.toCharArray(), jwsPayload, false,
- keyStoreAlias);
-
+ String signedEidasBind = szrClient.getBcBind(vsz,
+ authBlockSigner.getBase64EncodedPublicKey(),
+ EID_STATUS);
+
+ //get signed AuthBlock
+ String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq.getUniqueTransactionIdentifier());
+
+ //inject personal-data into session
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
+
} else {
-
- final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
-
- final Element idlFromSzr = (Element) result.getAssertion();
- identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
-
- // write ERnB inputdata into revisionlog
+ //request SZR
+ SzrResultHolder idlResult = requestSzrForIdentityLink(personInfo);
+
+ // write ERnB input-data into revision-log
if (basicConfig.getBasicConfigurationBoolean(
Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
@@ -283,100 +175,158 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
}
-
- // get bPK from SZR
- if (basicConfig
- .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
- bpk = szrClient
- .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
- basicConfig
- .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"))
- .get(0);
-
- } else {
- log.debug("Calculating bPK from baseId ... ");
- new BpkBuilder();
- final Pair<String, String> bpkCalc = BpkBuilder
- .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
- identityLink.getIdentificationType(),
- pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
- bpk = bpkCalc.getFirst();
-
- }
+
+ //check result-data and write revision-log based on current state
+ checkStateAndWriteRevisionLog(idlResult);
+
+
+ //inject personal-data into session
+ authProcessData.setIdentityLink(idlResult.getIdentityLink());
+
+ // set bPK and bPKType into auth session
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(
+ idlResult.getBpK(), pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
+
}
}
+
+ //add generic info's into session
+ authProcessData.setForeigner(true);
+ authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
+ .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+ .getFirst());
+ authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
+
+ // store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+
+ } catch (final EidasAttributeException e) {
+ throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
- if (isNewEidMode) {
- authProcessData.setForeigner(true);
- authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
- .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
- .getFirst());
- authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
+ } catch (final EaafException e) {
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
- } else {
- if (identityLink == null) {
- log.error("ERnB did not return an identity link.");
- throw new SzrCommunicationException("ernb.00", null);
+ } catch (final Exception e) {
+ log.error("IdentityLink generation for foreign person FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
- }
- revisionsLogger.logEvent(pendingReq,
- MsConnectorEventCodes.SZR_IDL_RECEIVED,
- identityLink.getSamlAssertion()
- .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
+ }
+ }
- if (bpk == null) {
- log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
- .getAreaSpecificTargetIdentifier());
- throw new SzrCommunicationException("ernb.01", null);
+ private PersonInfoType generateSzrRequest(ErnbEidData eidData) {
+ log.debug("Starting connecting SZR Gateway");
+ final PersonInfoType personInfo = new PersonInfoType();
+ final PersonNameType personName = new PersonNameType();
+ final PhysicalPersonType naturalPerson = new PhysicalPersonType();
+ final TravelDocumentType eDocument = new TravelDocumentType();
+
+ naturalPerson.setName(personName);
+ personInfo.setPerson(naturalPerson);
+ personInfo.setTravelDocument(eDocument);
+
+ // person information
+ personName.setFamilyName(eidData.getFamilyName());
+ personName.setGivenName(eidData.getGivenName());
+ naturalPerson.setDateOfBirth(eidData.getFormatedDateOfBirth());
+ eDocument.setIssuingCountry(eidData.getCitizenCountryCode());
+ eDocument.setDocumentNumber(eidData.getPseudonym());
+
+ // eID document information
+ eDocument.setDocumentType(basicConfig
+ .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
+ Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
+
+ // set PlaceOfBirth if available
+ if (eidData.getPlaceOfBirth() != null) {
+ log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth());
+ if (basicConfig
+ .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE,
+ true)) {
+ naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth());
+ log.trace("Adding 'PlaceOfBirth' to ERnB request ... ");
- }
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
+ }
+ }
- log.debug("ERnB communication was successfull");
+ // set BirthName if available
+ if (eidData.getBirthName() != null) {
+ log.trace("Find 'BirthName' attribute: " + eidData.getBirthName());
+ if (basicConfig
+ .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE,
+ true)) {
+ final AlternativeNameType alternativeName = new AlternativeNameType();
+ naturalPerson.setAlternativeName(alternativeName);
+ alternativeName.setFamilyName(eidData.getBirthName());
+ log.trace("Adding 'BirthName' to ERnB request ... ");
- authProcessData.setForeigner(true);
- authProcessData.setIdentityLink(identityLink);
- authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
- .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
- .getFirst());
+ }
+ }
+
+ return personInfo;
+
+ }
- // set bPK and bPKType into auth session
- authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(bpk, pendingReq
- .getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
- authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+ private SzrResultHolder requestSzrForIdentityLink(PersonInfoType personInfo)
+ throws SzrCommunicationException, EaafException {
+ //request IdentityLink from SZR
+ final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
+
+ final Element idlFromSzr = (Element) result.getAssertion();
+ IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink();
+
+ // get bPK from SZR
+ String bpk;
+ if (basicConfig
+ .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
+ bpk = szrClient
+ .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
+ basicConfig
+ .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"))
+ .get(0);
+
+ } else {
+ log.debug("Calculating bPK from baseId ... ");
+ new BpkBuilder();
+ final Pair<String, String> bpkCalc = BpkBuilder
+ .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
+ identityLink.getIdentificationType(),
pendingReq.getServiceProviderConfiguration()
.getAreaSpecificTargetIdentifier());
+ bpk = bpkCalc.getFirst();
- // store pending-request
- requestStoreage.storePendingRequest(pendingReq);
- }
- } catch (final EidasAttributeException e) {
- throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
+ }
+
+ return new SzrResultHolder(identityLink, bpk);
+
+ }
+
+ private void checkStateAndWriteRevisionLog(SzrResultHolder idlResult) throws SzrCommunicationException {
+ // write some infos into revision log
+ if (idlResult.getIdentityLink() == null) {
+ log.error("ERnB did not return an identity link.");
+ throw new SzrCommunicationException("ernb.00", null);
- } catch (final EaafException e) {
- throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+ }
+ revisionsLogger.logEvent(pendingReq,
+ MsConnectorEventCodes.SZR_IDL_RECEIVED,
+ idlResult.getIdentityLink().getSamlAssertion()
+ .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
- } catch (final Exception e) {
- log.error("IdentityLink generation for foreign person FAILED.", e);
- throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+ if (idlResult.getBpK() == null) {
+ log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
+ throw new SzrCommunicationException("ernb.01", null);
}
+ revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
+ log.debug("ERnB communication was successfull");
+
}
-
- private Pair<KeyStore, Provider> initKeystore(String keyAlias, String keyPw, String path, String type)
- throws EaafException, KeyStoreException {
- KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration();
-
- final String current = new java.io.File(".").toURI().toString();
- keyStoreConfiguration.setSoftKeyStoreFilePath(current + path);
- keyStoreConfiguration.setSoftKeyStorePassword(keyPw);
- keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(type));
- keyStoreConfiguration.setFriendlyName(keyAlias);
- keyStoreConfiguration.setKeyStoreName(keyAlias);
- return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
- }
-
+
private String extendBpkByPrefix(String bpk, String type) {
String bpkType = null;
@@ -406,7 +356,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
for (final AttributeDefinition<?> el : attributeMap.keySet()) {
- final Class parameterizedType = el.getParameterizedType();
+ final Class<?> parameterizedType = el.getParameterizedType();
if (DateTime.class.equals(parameterizedType)) {
final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList());
if (attribute != null) {
@@ -466,5 +416,72 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
+
+ @Data
+ private static class SzrResultHolder {
+ final IIdentityLink identityLink;
+ final String bpK;
+
+ }
+
+ /**
+ * Build a dummy IdentityLink and a dummy bPK based on eIDAS information.
+ *
+ * <br><br>
+ * <b>FOR LOCAL TESTING ONLY!!!</b>
+ *
+ * @param eidData Information from eIDAS response
+ * @return IdentityLink and bPK
+ * @throws ParserConfigurationException In case of an IDL processing error
+ * @throws SAXException In case of an IDL processing error
+ * @throws IOException In case of an IDL processing error
+ * @throws EaafException In case of a bPK generation error
+ */
+ private SzrResultHolder createDummyIdentityLinkForTestDeployment(ErnbEidData eidData)
+ throws ParserConfigurationException, SAXException, IOException, EaafException {
+ log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!");
+ // create fake IdL
+ // - fetch IdL template from resources
+ final InputStream s = CreateIdentityLinkTask.class
+ .getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
+ final Element idlTemplate = DomUtils.parseXmlValidating(s);
+
+ IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
+
+ // replace data
+ final Element idlassertion = identityLink.getSamlAssertion();
+
+ // - set fake baseID;
+ final Node prIdentification = XPathUtils
+ .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ prIdentification.getFirstChild().setNodeValue(eidData.getPseudonym());
+
+ // - set last name
+ final Node prFamilyName = XPathUtils
+ .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+ prFamilyName.getFirstChild().setNodeValue(eidData.getFamilyName());
+
+ // - set first name
+ final Node prGivenName = XPathUtils
+ .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
+ prGivenName.getFirstChild().setNodeValue(eidData.getGivenName());
+
+ // - set date of birth
+ final Node prDateOfBirth = XPathUtils
+ .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+
+ prDateOfBirth.getFirstChild().setNodeValue(eidData.getFormatedDateOfBirth());
+
+ identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink();
+
+ new BpkBuilder();
+ final Pair<String, String> bpkCalc = BpkBuilder
+ .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
+ identityLink.getIdentificationType(),
+ pendingReq.getServiceProviderConfiguration()
+ .getAreaSpecificTargetIdentifier());
+ return new SzrResultHolder(identityLink, bpkCalc.getFirst());
+
+ }
}