diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java')
3 files changed, 79 insertions, 60 deletions
| diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java index 64cf6af2..85743585 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/Constants.java @@ -60,6 +60,7 @@ public class Constants {  	public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingdate";  	public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.issuingauthority";  	public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.usedummykeys"; +	public static final String CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION= CONIG_PROPS_EIDAS_SZRCLIENT + ".params.useSZRForbPKCalculation";  	//http endpoint descriptions  	public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post"; @@ -99,12 +100,16 @@ public class Constants {  	 public static final String HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE = "60";    //seconds +	 public static final String SZR_SCHEMA_LOCATIONS = +			    ("urn:SZRServices" + " " + "/szr_client/szr.xsd"); +	   	 //Default values for SZR communication  	 public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT";  	 //TODO remove!!!  	 public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01";  	 public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT"; -	 public final static byte[] SZR_CONSTANTS_DEFAULT_PUBL_KEY = new byte[] {48, -127, -97, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -127, -115, 0, 48, -127, -119, 2, -127, -127, 0, -106, 114, -113, -1, -84, 116, 35, 3, 70, -81, 81, -110, -10, -59, 114, 4, -109, 86, 127, -50, 125, 47, 4, 80, 79, 53, 117, -36, 15, -16, -61, 110, 39, 89, 29, -43, 37, -127, 80, -109, -38, 65, 125, -119, 44, -111, -21, 47, -98, 38, -112, -24, 107, -110, 17, -10, 51, -4, -36, -72, -28, -18, -14, 117, -67, 76, -31, 32, 92, 104, -21, 68, 31, -12, 30, -104, -104, 42, -107, 126, 84, 50, 85, -117, 44, -100, -4, 102, -100, 52, -68, 77, -32, 9, -16, -30, -104, -90, 107, -88, 7, 97, -94, 72, -61, -40, 80, -112, -65, -25, -72, -19, -95, -54, 31, 15, 24, -105, 123, -81, 23, -123, 92, -103, -101, 47, 47, -105, 2, 3, 1, 0, 1}; - +  	 public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT = "AQAB"; +	 public static final String SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS = "AJZyj/+sdCMDRq9RkvbFcgSTVn/OfS8EUE81ddwP8MNuJ1kd1SWBUJPaQX2JLJHrL54mkOhrkhH2M/zcuOTu8nW9TOEgXGjrRB/0HpiYKpV+VDJViyyc/GacNLxN4Anw4pima6gHYaJIw9hQkL/nuO2hyh8PGJd7rxeFXJmbLy+X"; +	   } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java index cec36d4b..4840a5e0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/szr/SZRClient.java @@ -88,21 +88,28 @@ public class SZRClient {  	private SZRService szrService = null;  	private String szrURL = null;  	private QName qname = null; -	 -	public IdentityLinkType getIdentityLink(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException  { -		try { -			return szr.getIdentityLink( -					personInfo,  -					keyValue,   -					insertERnP); -			  -		} catch (SZRException_Exception e) { -			log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); -			throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e); -			 -		} -				 -	} + +	/* +	 * This method does not return a valid signed IDL, because Apache CXF XML parser switch namespaces!!!! +	 */ +//	public IdentityLinkType getIdentityLink(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException  { +//		try { +//			return szr.getIdentityLink( +//					personInfo,  +//					keyValue,   +//					insertERnP); +//			  +//		} catch (SZRException_Exception | SOAPFaultException e) { +//			log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); +//			throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e); +//			 +//		} catch (Exception e) { +//			log.warn("SZR communication FAILED. Reason: " + e.getMessage(), e); +//			throw new SZRCommunicationException("ernb.02", new Object[] {e.getMessage()}, e); +//			 +//		} +//				 +//	}  	public IdentityLinkType getIdentityLinkInRawMode(PersonInfoType personInfo, List<KeyValueType> keyValue, Boolean insertERnP) throws SZRCommunicationException  {					  		try { @@ -139,7 +146,9 @@ public class SZRClient {  				// ok, we have success  				Document doc = DOMUtils.parseDocument(  							new ByteArrayInputStream(szrResponse), -							true, XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS, null, null +							true,  +							XMLNamespaceConstants.ALL_SCHEMA_LOCATIONS + " " + Constants.SZR_SCHEMA_LOCATIONS,  +							null, null  						);				  				String xpathExpression = "//saml:Assertion";				  				Element nsNode = doc.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "saml:NSNode"); @@ -288,7 +297,8 @@ public class SZRClient {  	  		LoggingHandler loggingHandler = new LoggingHandler();  	  		handlerList.add(loggingHandler); -	  	}		 +	  	} +	  	bindingProvider.getBinding().setHandlerChain(handlerList);  	}  	private SSLContext createSSLContext(String clientType) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java index c5d33b73..9882bab2 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java @@ -3,13 +3,7 @@  package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks;  import java.io.InputStream; -import java.math.BigInteger; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; +import java.security.MessageDigest;  import java.text.SimpleDateFormat;  import java.util.ArrayList;  import java.util.HashMap; @@ -38,6 +32,7 @@ import at.asitplus.eidas.specific.connector.MSConnectorEventCodes;  import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants;  import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException;  import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException; +import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;  import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient;  import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils;  import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; @@ -174,8 +169,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {  				String dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate());  				Trible<String, String, String> eIdentifier =   						eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj); -				String uniqueId = (String)eIdentifierObj;  				String citizenCountry = eIdentifier.getFirst(); +				 +				//hash unique identifier as work-around for uniqueId length restriction +				String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); +				  				//person information  				personName.setFamilyName((String)familyNameObj); @@ -191,20 +189,14 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {  				//TODO: that should be removed  				eDocument.setIssueDate(basicConfig.getBasicConfiguration( -						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE,  -						Constants.SZR_CONSTANTS_DEFAULT_ISSUING_DATE)); +						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE));  				eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration( -						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY,  -						Constants.SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY)); +						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY));  				//TODO: keys are not available in eIDAS				  				List<KeyValueType> keyValue = dummyCodeForKeys(); -				/*TODO:  -				 *  Validate if IDL signature is valid after using this method -				*   MAYBE we had to switch to 'getIdentityLinkInRawMode' method! -				*/ -				IdentityLinkType result = szrClient.getIdentityLink( +				IdentityLinkType result = szrClient.getIdentityLinkInRawMode(  											personInfo,   											keyValue,   											basicConfig.getBasicMOAIDConfigurationBoolean( @@ -217,12 +209,24 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {  				//get bPK from SZR -				bPK = szrClient.getBPK( +				if (basicConfig.getBasicMOAIDConfigurationBoolean( +						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { +					bPK = szrClient.getBPK(  						personInfo,   						pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),   						basicConfig.getBasicConfiguration(  								Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,   								"no VKZ defined")); +					 +				} else { +					log.debug("Calculating bPK from baseId ... "); +					Pair<String, String> bPKCalc = new BPKBuilder().generateAreaSpecificPersonIdentifier( +		            		identityLink.getIdentificationValue(),  +		            		identityLink.getIdentificationType(),  +		            		pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); +		            bPK = bPKCalc.getFirst(); +					 +				}  			} @@ -278,36 +282,36 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {  		}  	} +	private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException { +		try { +            MessageDigest md = MessageDigest.getInstance("SHA-256"); +            byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); +            String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); +            return hashBase64; +             +        } catch (Exception ex) { +            throw new eIDASAuthenticationException("internal.03", new Object[]{},  ex); +             +        } +	} +  	private List<KeyValueType> dummyCodeForKeys() {  		if (basicConfig.getBasicMOAIDConfigurationBoolean(  				Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY,   				false)) {  			List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>(); -			try {			 -				PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Constants.SZR_CONSTANTS_DEFAULT_PUBL_KEY); -				KeyFactory kf = KeyFactory.getInstance("RSA"); -				PublicKey pb = kf.generatePublic(spec); -				 -				RSAPublicKey rsapb = (RSAPublicKey)pb;	         -				BigInteger modulus = rsapb.getModulus(); -				BigInteger exponent = rsapb.getPublicExponent(); -		           	            -				// set key values -				RSAKeyValueType rsa = new RSAKeyValueType(); -				rsa.setExponent(new String(Base64Utils.encode(exponent.toByteArray()))); -				rsa.setModulus(new String(Base64Utils.encode(modulus.toByteArray()))); +			// set key values +			RSAKeyValueType rsa = new RSAKeyValueType(); +			rsa.setExponent(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT); +			rsa.setModulus(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS); +					 +			KeyValueType key = new KeyValueType(); +			key.setRSAKeyValue(rsa); -				KeyValueType key = new KeyValueType(); -				key.setRSAKeyValue(rsa); -							 -				keyvalueList.add(key); -			 -				return keyvalueList; -			} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { -				log.error("TestCode has an internal ERROR", e); -				 -			} +			keyvalueList.add(key); + +			return keyvalueList;  		} | 
