diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java | 187 |
1 files changed, 89 insertions, 98 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index 765f7928..af260528 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -102,8 +102,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { EaafKeyStoreFactory keyStoreFactory; Pair<KeyStore, Provider> ks; - private static final String KSPASSWORD = "f/+saJBc3a}*/T^s"; - private static final String KSALIAS = "connectorkeypair"; /* * (non-Javadoc) @@ -114,19 +112,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { * javax.servlet.http.HttpServletResponse) */ @Override - public void execute(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession( - Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); + final ILightResponse eidasResponse = authProcessData + .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); String eidMode = pendingReq.getServiceProviderConfiguration() - .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); + .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); - final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes() - .getAttributeMap()); + final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap( + eidasResponse.getAttributes().getAttributeMap()); IIdentityLink identityLink = null; String bpk = null; @@ -138,13 +135,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { writeMdsLogInformation(eidData); // connect SZR-Gateway - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { + if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) { log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!"); // create fake IdL // - fetch IdL template from resources - final InputStream s = CreateIdentityLinkTask.class.getResourceAsStream( - "/resources/xmldata/fakeIdL_IdL_template.xml"); + final InputStream s = CreateIdentityLinkTask.class + .getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); final Element idlTemplate = DomUtils.parseXmlValidating(s); identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); @@ -153,33 +149,34 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { final Element idlassertion = identityLink.getSamlAssertion(); // - set fake baseID; - final Node prIdentification = XPathUtils.selectSingleNode(idlassertion, - SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + final Node prIdentification = XPathUtils + .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); prIdentification.getFirstChild().setNodeValue(eidData.getPseudonym()); // - set last name - final Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, - SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); + final Node prFamilyName = XPathUtils + .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); prFamilyName.getFirstChild().setNodeValue(eidData.getFamilyName()); // - set first name - final Node prGivenName = XPathUtils.selectSingleNode(idlassertion, - SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); + final Node prGivenName = XPathUtils + .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); prGivenName.getFirstChild().setNodeValue(eidData.getGivenName()); // - set date of birth - final Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, - SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); + final Node prDateOfBirth = XPathUtils + .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); prDateOfBirth.getFirstChild().setNodeValue(eidData.getFormatedDateOfBirth()); identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink(); new BpkBuilder(); - final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + final Pair<String, String> bpkCalc = BpkBuilder + .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); bpk = bpkCalc.getFirst(); } else { @@ -202,16 +199,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { eDocument.setDocumentNumber(eidData.getPseudonym()); // eID document information - eDocument.setDocumentType(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, - Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + eDocument.setDocumentType(basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); // set PlaceOfBirth if available if (eidData.getPlaceOfBirth() != null) { log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth()); - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, - true)) { + if (basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE, + true)) { naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth()); log.trace("Adding 'PlaceOfBirth' to ERnB request ... "); @@ -221,9 +218,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { // set BirthName if available if (eidData.getBirthName() != null) { log.trace("Find 'BirthName' attribute: " + eidData.getBirthName()); - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, - true)) { + if (basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE, + true)) { final AlternativeNameType alternativeName = new AlternativeNameType(); naturalPerson.setAlternativeName(alternativeName); alternativeName.setFamilyName(eidData.getBirthName()); @@ -234,12 +231,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { if (eidMode.equals("new")) { + String keyAlias = pendingReq.getServiceProviderConfiguration().getConfigurationValue( + MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME, ""); + + String keyPw = pendingReq.getServiceProviderConfiguration() + .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_PW, ""); + String vsz = szrClient.getEncryptedStammzahl(personInfo); // build Keystore - String pk64 = getPkFromKeystore(); - // setzte Keystore in config ?path? lade rein - // key pair art siehe jose utils + String pk64 = getPkFromKeystore(keyAlias, keyPw); String signedEidasBind = szrClient.getBcBind(vsz, pk64, "urn:eidgvat:eid.status.eidas"); @@ -249,8 +250,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { ObjectMapper mapper = new ObjectMapper(); String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); - String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, - false, KSALIAS); + + String jwsSignature = JoseUtils + .createSignature(ks, keyAlias, keyPw.toCharArray(), jwsPayload, false, keyAlias); authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); @@ -264,31 +266,29 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { // write ERnB inputdata into revisionlog if (basicConfig.getBasicConfigurationBoolean( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) { - revisionsLogger.logEvent(pendingReq, - MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, - (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); - revisionsLogger.logEvent(pendingReq, - MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID, + (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym()); } // get bPK from SZR - if (basicConfig.getBasicConfigurationBoolean( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { - bpk = szrClient.getBpk( - personInfo, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, - "no VKZ defined")).get(0); + if (basicConfig + .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { + bpk = szrClient + .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), + basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")) + .get(0); } else { log.debug("Calculating bPK from baseId ... "); new BpkBuilder(); - final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + final Pair<String, String> bpkCalc = BpkBuilder + .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); bpk = bpkCalc.getFirst(); } @@ -297,10 +297,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { if (eidMode.equals("new")) { authProcessData.setForeigner(true); - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils + .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) + .getFirst()); authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance()); } else { @@ -310,11 +309,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED, - identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); + identityLink.getSamlAssertion() + .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); if (bpk == null) { log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration() - .getAreaSpecificTargetIdentifier()); + .getAreaSpecificTargetIdentifier()); throw new SzrCommunicationException("ernb.01", null); } @@ -324,20 +324,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { authProcessData.setForeigner(true); authProcessData.setIdentityLink(identityLink); - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get( - Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst()); + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils + .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) + .getFirst()); // set bPK and bPKType into auth session - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.BPK_NAME, - extendBpkByPrefix( - bpk, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); - authProcessData.setGenericDataToSession( - PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(bpk, pendingReq + .getServiceProviderConfiguration().getAreaSpecificTargetIdentifier())); + authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, + pendingReq.getServiceProviderConfiguration() + .getAreaSpecificTargetIdentifier()); // store pending-request requestStoreage.storePendingRequest(pendingReq); @@ -355,17 +351,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - private String getPkFromKeystore() throws EaafException, KeyStoreException { + private String getPkFromKeystore(String keyAlias, String keyPw) throws EaafException, KeyStoreException { KeyStoreConfiguration configuration = new KeyStoreConfiguration(); final String current = new java.io.File(".").toURI().toString(); configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks"); - configuration.setSoftKeyStorePassword(KSPASSWORD); //TODO from config + configuration.setSoftKeyStorePassword(keyPw); //TODO from config configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS); - configuration.setFriendlyName(KSALIAS); - configuration.setKeyStoreName(KSALIAS); + configuration.setFriendlyName(keyAlias); + configuration.setKeyStoreName(keyAlias); ks = keyStoreFactory.buildNewKeyStore(configuration); - val publicKey = ks.getFirst().getCertificate(KSALIAS).getPublicKey(); + val publicKey = ks.getFirst().getCertificate(keyAlias).getPublicKey(); return Base64.getEncoder().encodeToString(publicKey.getEncoded()); } @@ -400,8 +396,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { final Class parameterizedType = el.getParameterizedType(); if (DateTime.class.equals(parameterizedType)) { - final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el) - .asList()); + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); if (attribute != null) { result.put(el.getFriendlyName(), attribute); log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString()); @@ -411,8 +406,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } else if (PostalAddress.class.equals(parameterizedType)) { - final PostalAddress addressAttribute = EidasResponseUtils.translateAddressAttribute(el, attributeMap - .get(el).asList()); + final PostalAddress addressAttribute = EidasResponseUtils + .translateAddressAttribute(el, attributeMap.get(el).asList()); if (addressAttribute != null) { result.put(el.getFriendlyName(), addressAttribute); log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString()); @@ -422,8 +417,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } else { - final List<String> natPersonIdObj = EidasResponseUtils.translateStringListAttribute(el, attributeMap - .get(el).asList()); + final List<String> natPersonIdObj = EidasResponseUtils + .translateStringListAttribute(el, attributeMap.get(el).asList()); final String stringAttr = natPersonIdObj.get(0); if (StringUtils.isNotEmpty(stringAttr)) { result.put(el.getFriendlyName(), stringAttr); @@ -443,23 +438,19 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { private void writeMdsLogInformation(ErnbEidData eidData) { // log MDS and country code into technical log - if (basicConfig.getBasicConfigurationBoolean( - MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) { - log.info("eIDAS Auth. for user: " - + eidData.getGivenName() + " " - + eidData.getFamilyName() + " " - + eidData.getFormatedDateOfBirth() + " " - + "from " + eidData.getCitizenCountryCode()); + if (basicConfig + .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) { + log.info("eIDAS Auth. for user: " + eidData.getGivenName() + " " + eidData.getFamilyName() + " " + eidData + .getFormatedDateOfBirth() + " " + "from " + eidData.getCitizenCountryCode()); } // log MDS and country code into revision log - if (basicConfig.getBasicConfigurationBoolean( - MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, false)) { + if (basicConfig + .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, + false)) { revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA, - "{" + eidData.getGivenName() + "," - + eidData.getFamilyName() + "," - + eidData.getFormatedDateOfBirth() + "," - + eidData.getCitizenCountryCode() + "}"); + "{" + eidData.getGivenName() + "," + eidData.getFamilyName() + "," + eidData + .getFormatedDateOfBirth() + "," + eidData.getCitizenCountryCode() + "}"); } } |