aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java65
1 files changed, 40 insertions, 25 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index f060a4cf..8626c709 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -60,7 +60,6 @@ import eu.eidas.auth.commons.attribute.AttributeValue;
import eu.eidas.auth.commons.light.ILightResponse;
import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
import lombok.extern.slf4j.Slf4j;
-import lombok.val;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
@@ -77,6 +76,7 @@ import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
+import java.security.PublicKey;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
@@ -102,7 +102,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
EaafKeyStoreFactory keyStoreFactory;
private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas";
- Pair<KeyStore, Provider> ks;
/*
* (non-Javadoc)
@@ -119,8 +118,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
final ILightResponse eidasResponse = authProcessData
.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
- String eidMode = pendingReq.getServiceProviderConfiguration()
- .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+ boolean isNewEidMode = pendingReq.getServiceProviderConfiguration()
+ .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false);
final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(
@@ -230,17 +229,31 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- if (eidMode.equals("new")) {
- String keyAlias = pendingReq.getServiceProviderConfiguration().getConfigurationValue(
- MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME, "");
- String keyPw = pendingReq.getServiceProviderConfiguration()
- .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_PW, "");
+ if (isNewEidMode) {
+
+ // read Connector wide config data TODO connector wide!
+ String keyStoreAlias = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME);
+ String keyStorePw = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD);
+ String keyStorePath = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PATH);
+ String keyStoreType = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_TYPE);
+
// get verschlüsselte Stammzahl
String vsz = szrClient.getEncryptedStammzahl(personInfo);
// build Keystore
- String pk64 = getPkFromKeystore(keyAlias, keyPw);
+ Pair<KeyStore, Provider> keystoreProvider = initKeystore(keyStoreAlias, keyStorePw, keyStorePath,
+ keyStoreType);
+
+ // get pubKey
+ PublicKey publicKey = keystoreProvider.getFirst().getCertificate(keyStoreAlias).getPublicKey();
+
+ // encode pubKey base64
+ String pk64 = Base64.getEncoder().encodeToString(publicKey.getEncoded());
// get eIDAS bind
String signedEidasBind = szrClient.getBcBind(vsz, pk64, EID_STATUS);
@@ -250,7 +263,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
String jwsSignature = JoseUtils
- .createSignature(ks, keyAlias, keyPw.toCharArray(), jwsPayload, false, keyAlias);
+ .createSignature(keystoreProvider, keyStoreAlias, keyStorePw.toCharArray(), jwsPayload, false,
+ keyStoreAlias);
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
@@ -275,8 +289,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
bpk = szrClient
.getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
- basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
- "no VKZ defined")).get(0);
+ basicConfig
+ .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"))
+ .get(0);
} else {
log.debug("Calculating bPK from baseId ... ");
@@ -292,7 +307,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- if (eidMode.equals("new")) {
+ if (isNewEidMode) {
authProcessData.setForeigner(true);
authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
.parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
@@ -305,7 +320,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
throw new SzrCommunicationException("ernb.00", null);
}
- revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
+ revisionsLogger.logEvent(pendingReq,
+ MsConnectorEventCodes.SZR_IDL_RECEIVED,
identityLink.getSamlAssertion()
.getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
@@ -348,18 +364,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
}
}
- private String getPkFromKeystore(String keyAlias, String keyPw) throws EaafException, KeyStoreException {
- KeyStoreConfiguration configuration = new KeyStoreConfiguration();
+ private Pair<KeyStore, Provider> initKeystore(String keyAlias, String keyPw, String path, String type)
+ throws EaafException, KeyStoreException {
+ KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration();
final String current = new java.io.File(".").toURI().toString();
- configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
- configuration.setSoftKeyStorePassword(keyPw); //TODO from config
- configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
- configuration.setFriendlyName(keyAlias);
- configuration.setKeyStoreName(keyAlias);
- ks = keyStoreFactory.buildNewKeyStore(configuration);
- val publicKey = ks.getFirst().getCertificate(keyAlias).getPublicKey();
- return Base64.getEncoder().encodeToString(publicKey.getEncoded());
+ keyStoreConfiguration.setSoftKeyStoreFilePath(current + path);
+ keyStoreConfiguration.setSoftKeyStorePassword(keyPw);
+ keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(type));
+ keyStoreConfiguration.setFriendlyName(keyAlias);
+ keyStoreConfiguration.setKeyStoreName(keyAlias);
+ return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
}
private String extendBpkByPrefix(String bpk, String type) {