aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java38
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java19
2 files changed, 37 insertions, 20 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index 5a551649..d2ce2f5d 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -33,7 +33,11 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
import javax.annotation.PostConstruct;
import javax.net.ssl.KeyManager;
@@ -57,7 +61,6 @@ import javax.xml.ws.handler.Handler;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.lang3.time.StopWatch;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
@@ -80,7 +83,20 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-import szrservices.*;
+import szrservices.GetBPK;
+import szrservices.GetBPKResponse;
+import szrservices.GetIdentityLinkEidas;
+import szrservices.GetIdentityLinkEidasResponse;
+import szrservices.IdentityLinkType;
+import szrservices.JwsHeaderParam;
+import szrservices.ObjectFactory;
+import szrservices.PersonInfoType;
+import szrservices.SZR;
+import szrservices.SZRException_Exception;
+import szrservices.SignContent;
+import szrservices.SignContentEntry;
+import szrservices.SignContentResponseType;
+
@Service("SZRClientForeIDAS")
public class SzrClient {
@@ -89,6 +105,13 @@ public class SzrClient {
private static final String CLIENT_DEFAULT = "DefaultClient";
private static final String CLIENT_RAW = "RawClient";
+ private static final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value";
+ private static final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys";
+ private static final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status";
+ private static final String KEY_BC_BIND = "bcBindReq";
+ private static final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype";
+ private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind";
+
@Autowired
private IConfiguration basicConfig;
@@ -232,13 +255,6 @@ public class SzrClient {
public String getBcBind(final String vsz, final String bindingPubKey, final String eidStatus)
throws SzrCommunicationException {
- final String ATTR_NAME_VSZ = "urn:eidgvat:attributes.vsz.value";
- final String ATTR_NAME_PUBKEYS = "urn:eidgvat:attributes.user.pubkeys";
- final String ATTR_NAME_STATUS = "urn:eidgvat:attributes.eid.status";
- final String KEY_BC_BIND = "bcBindReq";
- final String JOSE_HEADER_USERCERTPINNING_TYPE = "urn:at.gv.eid:bindtype";
- final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind";
-
final Map<String, Object> bcBindMap = new HashMap<>();
bcBindMap.put(ATTR_NAME_VSZ, vsz);
bcBindMap.put(ATTR_NAME_STATUS, eidStatus);
@@ -264,7 +280,7 @@ public class SzrClient {
if (resp == null
|| resp.getOut().isEmpty()
|| resp.getOut().get(0).getValue() == null) {
- throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"}); //TODO check error handling
+ throw new SzrCommunicationException("ernb.01", new Object[]{"BcBind response empty"});
}
return resp.getOut().get(0).getValue();
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 86f28561..765f7928 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -62,7 +62,6 @@ import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
import lombok.extern.slf4j.Slf4j;
import lombok.val;
import org.apache.commons.lang3.StringUtils;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.joda.time.DateTime;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -74,7 +73,7 @@ import szrservices.TravelDocumentType;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.*;
+import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
@@ -103,8 +102,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
EaafKeyStoreFactory keyStoreFactory;
Pair<KeyStore, Provider> ks;
- private final String KSPASSWORD = "f/+saJBc3a}*/T^s";
- private final String KSALIAS = "connectorkeypair";
+ private static final String KSPASSWORD = "f/+saJBc3a}*/T^s";
+ private static final String KSALIAS = "connectorkeypair";
/*
* (non-Javadoc)
@@ -238,18 +237,20 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
String vsz = szrClient.getEncryptedStammzahl(personInfo);
// build Keystore
- String pK64 = getPkFromKeystore();
+ String pk64 = getPkFromKeystore();
// setzte Keystore in config ?path? lade rein
// key pair art siehe jose utils
- String signedEidasBind = szrClient.getBcBind(vsz, pK64, "urn:eidgvat:eid.status.eidas"); //eidstatus TODO as config?
+ String signedEidasBind = szrClient.getBcBind(vsz, pk64, "urn:eidgvat:eid.status.eidas");
+ //TODO eidStatus as config?
//build AuthBlock JWS
ObjectMapper mapper = new ObjectMapper();
String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
- String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);
+ String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload,
+ false, KSALIAS);
authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
@@ -301,8 +302,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
- }
- else {
+
+ } else {
if (identityLink == null) {
log.error("ERnB did not return an identity link.");
throw new SzrCommunicationException("ernb.00", null);