From 242818b75bf379e8a12770991dc67c2058e071b9 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 16 Aug 2018 16:38:29 +0200
Subject: update SZR client after first tests

---
 .../tasks/CreateIdentityLinkTask.java              | 86 +++++++++++-----------
 1 file changed, 45 insertions(+), 41 deletions(-)

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java')

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
index c5d33b73..9882bab2 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/authmodule_eIDASv2/tasks/CreateIdentityLinkTask.java
@@ -3,13 +3,7 @@
 package at.asitplus.eidas.specific.modules.authmodule_eIDASv2.tasks;
 
 import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.MessageDigest;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -38,6 +32,7 @@ import at.asitplus.eidas.specific.connector.MSConnectorEventCodes;
 import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.Constants;
 import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.SZRCommunicationException;
 import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAttributeException;
+import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException;
 import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient;
 import at.asitplus.eidas.specific.modules.authmodule_eIDASv2.utils.eIDASResponseUtils;
 import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
@@ -174,8 +169,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 				String dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirthObj).toDate());
 				Trible<String, String, String> eIdentifier = 
 						eIDASResponseUtils.parseEidasPersonalIdentifier((String)eIdentifierObj);
-				String uniqueId = (String)eIdentifierObj;
 				String citizenCountry = eIdentifier.getFirst();
+				
+				//hash unique identifier as work-around for uniqueId length restriction
+				String uniqueId = createHashFromUniqueId(eIdentifier.getThird());
+				
 							
 				//person information
 				personName.setFamilyName((String)familyNameObj);
@@ -191,20 +189,14 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 				
 				//TODO: that should be removed
 				eDocument.setIssueDate(basicConfig.getBasicConfiguration(
-						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE, 
-						Constants.SZR_CONSTANTS_DEFAULT_ISSUING_DATE));
+						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_DATE));
 				eDocument.setIssuingAuthority(basicConfig.getBasicConfiguration(
-						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY, 
-						Constants.SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY));
+						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_ISSUING_AUTHORITY));
 				
 				//TODO: keys are not available in eIDAS				
 				List<KeyValueType> keyValue = dummyCodeForKeys();
 				
-				/*TODO: 
-				 *  Validate if IDL signature is valid after using this method
-				*   MAYBE we had to switch to 'getIdentityLinkInRawMode' method!
-				*/
-				IdentityLinkType result = szrClient.getIdentityLink(
+				IdentityLinkType result = szrClient.getIdentityLinkInRawMode(
 											personInfo, 
 											keyValue, 
 											basicConfig.getBasicMOAIDConfigurationBoolean(
@@ -217,12 +209,24 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 				
 				
 				//get bPK from SZR
-				bPK = szrClient.getBPK(
+				if (basicConfig.getBasicMOAIDConfigurationBoolean(
+						Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
+					bPK = szrClient.getBPK(
 						personInfo, 
 						pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), 
 						basicConfig.getBasicConfiguration(
 								Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, 
 								"no VKZ defined"));
+					
+				} else {
+					log.debug("Calculating bPK from baseId ... ");
+					Pair<String, String> bPKCalc = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+		            		identityLink.getIdentificationValue(), 
+		            		identityLink.getIdentificationType(), 
+		            		pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+		            bPK = bPKCalc.getFirst();
+					
+				}
 								
 			}
 						
@@ -278,36 +282,36 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 		}
 	}
 
+	private String createHashFromUniqueId(String uniqueId) throws eIDASAuthenticationException {
+		try {
+            MessageDigest md = MessageDigest.getInstance("SHA-256");
+            byte[] hash = md.digest(uniqueId.getBytes("UTF-8"));
+            String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", "");
+            return hashBase64;
+            
+        } catch (Exception ex) {
+            throw new eIDASAuthenticationException("internal.03", new Object[]{},  ex);
+            
+        }
+	}
+
 	private List<KeyValueType> dummyCodeForKeys() {
 		if (basicConfig.getBasicMOAIDConfigurationBoolean(
 				Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_KEYS_USEDUMMY, 
 				false)) {
 			List<KeyValueType> keyvalueList = new ArrayList<KeyValueType>();
-			try {			
-				PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Constants.SZR_CONSTANTS_DEFAULT_PUBL_KEY);
-				KeyFactory kf = KeyFactory.getInstance("RSA");
 
-				PublicKey pb = kf.generatePublic(spec);
-				
-				RSAPublicKey rsapb = (RSAPublicKey)pb;	        
-				BigInteger modulus = rsapb.getModulus();
-				BigInteger exponent = rsapb.getPublicExponent();
-		           	           
-				// set key values
-				RSAKeyValueType rsa = new RSAKeyValueType();
-				rsa.setExponent(new String(Base64Utils.encode(exponent.toByteArray())));
-				rsa.setModulus(new String(Base64Utils.encode(modulus.toByteArray())));
+			// set key values
+			RSAKeyValueType rsa = new RSAKeyValueType();
+			rsa.setExponent(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_EXPONENT);
+			rsa.setModulus(Constants.SZR_CONSTANTS_DEFAULT_PUBKEY_MODULUS);
+					
+			KeyValueType key = new KeyValueType();
+			key.setRSAKeyValue(rsa);
 						
-				KeyValueType key = new KeyValueType();
-				key.setRSAKeyValue(rsa);
-							
-				keyvalueList.add(key);
-			
-				return keyvalueList;
-			} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
-				log.error("TestCode has an internal ERROR", e);
-				
-			}
+			keyvalueList.add(key);
+
+			return keyvalueList;
 			
 		}
 		
-- 
cgit v1.2.3