From a9009a6f89c41dc19b85331dda676993c8a273b9 Mon Sep 17 00:00:00 2001
From: lalber <lukas.alber@iaik.tugraz.at>
Date: Wed, 4 Nov 2020 16:42:46 +0100
Subject: fix pw aliasname

---
 .../eidas/v2/tasks/CreateIdentityLinkTask.java     | 187 ++++++++++-----------
 1 file changed, 89 insertions(+), 98 deletions(-)

(limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules')

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 765f7928..af260528 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -102,8 +102,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
   EaafKeyStoreFactory keyStoreFactory;
 
   Pair<KeyStore, Provider> ks;
-  private static final String KSPASSWORD = "f/+saJBc3a}*/T^s";
-  private static final String KSALIAS = "connectorkeypair";
 
   /*
    * (non-Javadoc)
@@ -114,19 +112,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
    * javax.servlet.http.HttpServletResponse)
    */
   @Override
-  public void execute(ExecutionContext executionContext,
-                      HttpServletRequest request, HttpServletResponse response)
+  public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
       throws TaskExecutionException {
     try {
       final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
-      final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession(
-          Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
+      final ILightResponse eidasResponse = authProcessData
+          .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
       String eidMode = pendingReq.getServiceProviderConfiguration()
-          .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+                                 .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
 
 
-      final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes()
-          .getAttributeMap());
+      final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(
+          eidasResponse.getAttributes().getAttributeMap());
 
       IIdentityLink identityLink = null;
       String bpk = null;
@@ -138,13 +135,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
       writeMdsLogInformation(eidData);
 
       // connect SZR-Gateway
-      if (basicConfig.getBasicConfigurationBoolean(
-          Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
+      if (basicConfig.getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USEDUMMY, false)) {
         log.warn("SZR-Dummy IS ACTIVE! IdentityLink is NOT VALID!!!!");
         // create fake IdL
         // - fetch IdL template from resources
-        final InputStream s = CreateIdentityLinkTask.class.getResourceAsStream(
-            "/resources/xmldata/fakeIdL_IdL_template.xml");
+        final InputStream s = CreateIdentityLinkTask.class
+            .getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml");
         final Element idlTemplate = DomUtils.parseXmlValidating(s);
 
         identityLink = new SimpleIdentityLinkAssertionParser(idlTemplate).parseIdentityLink();
@@ -153,33 +149,34 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
         final Element idlassertion = identityLink.getSamlAssertion();
 
         // - set fake baseID;
-        final Node prIdentification = XPathUtils.selectSingleNode(idlassertion,
-            SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+        final Node prIdentification = XPathUtils
+            .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
         prIdentification.getFirstChild().setNodeValue(eidData.getPseudonym());
 
         // - set last name
-        final Node prFamilyName = XPathUtils.selectSingleNode(idlassertion,
-            SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
+        final Node prFamilyName = XPathUtils
+            .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
         prFamilyName.getFirstChild().setNodeValue(eidData.getFamilyName());
 
         // - set first name
-        final Node prGivenName = XPathUtils.selectSingleNode(idlassertion,
-            SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
+        final Node prGivenName = XPathUtils
+            .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
         prGivenName.getFirstChild().setNodeValue(eidData.getGivenName());
 
         // - set date of birth
-        final Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion,
-            SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
+        final Node prDateOfBirth = XPathUtils
+            .selectSingleNode(idlassertion, SimpleIdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
 
         prDateOfBirth.getFirstChild().setNodeValue(eidData.getFormatedDateOfBirth());
 
         identityLink = new SimpleIdentityLinkAssertionParser(idlassertion).parseIdentityLink();
 
         new BpkBuilder();
-        final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(
-            identityLink.getIdentificationValue(),
-            identityLink.getIdentificationType(),
-            pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+        final Pair<String, String> bpkCalc = BpkBuilder
+            .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
+                                                  identityLink.getIdentificationType(),
+                                                  pendingReq.getServiceProviderConfiguration()
+                                                            .getAreaSpecificTargetIdentifier());
         bpk = bpkCalc.getFirst();
 
       } else {
@@ -202,16 +199,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
         eDocument.setDocumentNumber(eidData.getPseudonym());
 
         // eID document information
-        eDocument.setDocumentType(basicConfig.getBasicConfiguration(
-            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
-            Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
+        eDocument.setDocumentType(basicConfig
+                                      .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
+                                                             Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
 
         // set PlaceOfBirth if available
         if (eidData.getPlaceOfBirth() != null) {
           log.trace("Find 'PlaceOfBirth' attribute: " + eidData.getPlaceOfBirth());
-          if (basicConfig.getBasicConfigurationBoolean(
-              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE,
-              true)) {
+          if (basicConfig
+              .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETPLACEOFBIRTHIFAVAILABLE,
+                                            true)) {
             naturalPerson.setPlaceOfBirth(eidData.getPlaceOfBirth());
             log.trace("Adding 'PlaceOfBirth' to ERnB request ... ");
 
@@ -221,9 +218,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
         // set BirthName if available
         if (eidData.getBirthName() != null) {
           log.trace("Find 'BirthName' attribute: " + eidData.getBirthName());
-          if (basicConfig.getBasicConfigurationBoolean(
-              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE,
-              true)) {
+          if (basicConfig
+              .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_SETBIRTHNAMEIFAVAILABLE,
+                                            true)) {
             final AlternativeNameType alternativeName = new AlternativeNameType();
             naturalPerson.setAlternativeName(alternativeName);
             alternativeName.setFamilyName(eidData.getBirthName());
@@ -234,12 +231,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
         if (eidMode.equals("new")) {
 
+          String keyAlias = pendingReq.getServiceProviderConfiguration().getConfigurationValue(
+              MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME, "");
+
+          String keyPw = pendingReq.getServiceProviderConfiguration()
+                                    .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_PW, "");
+
           String vsz = szrClient.getEncryptedStammzahl(personInfo);
 
           // build Keystore
-          String pk64 = getPkFromKeystore();
-          // setzte Keystore in config ?path? lade rein
-          // key pair art siehe jose utils
+          String pk64 = getPkFromKeystore(keyAlias, keyPw);
 
 
           String signedEidasBind = szrClient.getBcBind(vsz, pk64, "urn:eidgvat:eid.status.eidas");
@@ -249,8 +250,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           ObjectMapper mapper = new ObjectMapper();
           String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
 
-          String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload,
-              false, KSALIAS);
+
+          String jwsSignature = JoseUtils
+              .createSignature(ks, keyAlias, keyPw.toCharArray(), jwsPayload, false, keyAlias);
 
           authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
           authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind);
@@ -264,31 +266,29 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           // write ERnB inputdata into revisionlog
           if (basicConfig.getBasicConfigurationBoolean(
               Constants.CONIG_PROPS_EIDAS_SZRCLIENT_WORKAROUND_REVISIONLOGDATASTORE_ACTIVE, false)) {
-            revisionsLogger.logEvent(pendingReq,
-                MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
-                (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
-            revisionsLogger.logEvent(pendingReq,
-                MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
+            revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_RAW_ID,
+                                     (String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER));
+            revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_ERNB_EIDAS_ERNB_ID, eidData.getPseudonym());
 
           }
 
           // get bPK from SZR
-          if (basicConfig.getBasicConfigurationBoolean(
-              Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
-            bpk = szrClient.getBpk(
-                personInfo,
-                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
-                basicConfig.getBasicConfiguration(
-                    Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
-                    "no VKZ defined")).get(0);
+          if (basicConfig
+              .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) {
+            bpk = szrClient
+                .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
+                        basicConfig
+                            .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"))
+                .get(0);
 
           } else {
             log.debug("Calculating bPK from baseId ... ");
             new BpkBuilder();
-            final Pair<String, String> bpkCalc = BpkBuilder.generateAreaSpecificPersonIdentifier(
-                identityLink.getIdentificationValue(),
-                identityLink.getIdentificationType(),
-                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+            final Pair<String, String> bpkCalc = BpkBuilder
+                .generateAreaSpecificPersonIdentifier(identityLink.getIdentificationValue(),
+                                                      identityLink.getIdentificationType(),
+                                                      pendingReq.getServiceProviderConfiguration()
+                                                                .getAreaSpecificTargetIdentifier());
             bpk = bpkCalc.getFirst();
 
           }
@@ -297,10 +297,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
       if (eidMode.equals("new")) {
         authProcessData.setForeigner(true);
-        authProcessData.setGenericDataToSession(
-            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
-            EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
-                Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
+        authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
+            .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+            .getFirst());
         authProcessData.setQaaLevel(eidasResponse.getLevelOfAssurance());
 
       } else {
@@ -310,11 +309,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
         }
         revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
-            identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
+                                 identityLink.getSamlAssertion()
+                                             .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
 
         if (bpk == null) {
           log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
-              .getAreaSpecificTargetIdentifier());
+                                                                         .getAreaSpecificTargetIdentifier());
           throw new SzrCommunicationException("ernb.01", null);
 
         }
@@ -324,20 +324,16 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
         authProcessData.setForeigner(true);
         authProcessData.setIdentityLink(identityLink);
-        authProcessData.setGenericDataToSession(
-            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
-            EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
-                Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
+        authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils
+            .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
+            .getFirst());
 
         // set bPK and bPKType into auth session
-        authProcessData.setGenericDataToSession(
-            PvpAttributeDefinitions.BPK_NAME,
-            extendBpkByPrefix(
-                bpk,
-                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
-        authProcessData.setGenericDataToSession(
-            PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
-            pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+        authProcessData.setGenericDataToSession(PvpAttributeDefinitions.BPK_NAME, extendBpkByPrefix(bpk, pendingReq
+            .getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+        authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+                                                pendingReq.getServiceProviderConfiguration()
+                                                          .getAreaSpecificTargetIdentifier());
 
         // store pending-request
         requestStoreage.storePendingRequest(pendingReq);
@@ -355,17 +351,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
     }
   }
 
-  private String getPkFromKeystore() throws EaafException, KeyStoreException {
+  private String getPkFromKeystore(String keyAlias, String keyPw) throws EaafException, KeyStoreException {
     KeyStoreConfiguration configuration = new KeyStoreConfiguration();
 
     final String current = new java.io.File(".").toURI().toString();
     configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
-    configuration.setSoftKeyStorePassword(KSPASSWORD); //TODO from config
+    configuration.setSoftKeyStorePassword(keyPw); //TODO from config
     configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
-    configuration.setFriendlyName(KSALIAS);
-    configuration.setKeyStoreName(KSALIAS);
+    configuration.setFriendlyName(keyAlias);
+    configuration.setKeyStoreName(keyAlias);
     ks = keyStoreFactory.buildNewKeyStore(configuration);
-    val publicKey = ks.getFirst().getCertificate(KSALIAS).getPublicKey();
+    val publicKey = ks.getFirst().getCertificate(keyAlias).getPublicKey();
     return Base64.getEncoder().encodeToString(publicKey.getEncoded());
   }
 
@@ -400,8 +396,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
       final Class parameterizedType = el.getParameterizedType();
       if (DateTime.class.equals(parameterizedType)) {
-        final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el)
-            .asList());
+        final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList());
         if (attribute != null) {
           result.put(el.getFriendlyName(), attribute);
           log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + attribute.toString());
@@ -411,8 +406,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
         }
 
       } else if (PostalAddress.class.equals(parameterizedType)) {
-        final PostalAddress addressAttribute = EidasResponseUtils.translateAddressAttribute(el, attributeMap
-            .get(el).asList());
+        final PostalAddress addressAttribute = EidasResponseUtils
+            .translateAddressAttribute(el, attributeMap.get(el).asList());
         if (addressAttribute != null) {
           result.put(el.getFriendlyName(), addressAttribute);
           log.trace("Find attr '" + el.getFriendlyName() + "' with value: " + addressAttribute.toString());
@@ -422,8 +417,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
         }
 
       } else {
-        final List<String> natPersonIdObj = EidasResponseUtils.translateStringListAttribute(el, attributeMap
-            .get(el).asList());
+        final List<String> natPersonIdObj = EidasResponseUtils
+            .translateStringListAttribute(el, attributeMap.get(el).asList());
         final String stringAttr = natPersonIdObj.get(0);
         if (StringUtils.isNotEmpty(stringAttr)) {
           result.put(el.getFriendlyName(), stringAttr);
@@ -443,23 +438,19 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
   private void writeMdsLogInformation(ErnbEidData eidData) {
     // log MDS and country code into technical log
-    if (basicConfig.getBasicConfigurationBoolean(
-        MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) {
-      log.info("eIDAS Auth. for user: "
-          + eidData.getGivenName() + " "
-          + eidData.getFamilyName() + " "
-          + eidData.getFormatedDateOfBirth() + " "
-          + "from " + eidData.getCitizenCountryCode());
+    if (basicConfig
+        .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_TECHNICALLOG_WRITE_MDS_INTO_TECH_LOG, false)) {
+      log.info("eIDAS Auth. for user: " + eidData.getGivenName() + " " + eidData.getFamilyName() + " " + eidData
+          .getFormatedDateOfBirth() + " " + "from " + eidData.getCitizenCountryCode());
     }
 
     // log MDS and country code into revision log
-    if (basicConfig.getBasicConfigurationBoolean(
-        MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG, false)) {
+    if (basicConfig
+        .getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_WRITE_MDS_INTO_REVISION_LOG,
+                                      false)) {
       revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.RESPONSE_FROM_EIDAS_MDSDATA,
-          "{" + eidData.getGivenName() + ","
-              + eidData.getFamilyName() + ","
-              + eidData.getFormatedDateOfBirth() + ","
-              + eidData.getCitizenCountryCode() + "}");
+                               "{" + eidData.getGivenName() + "," + eidData.getFamilyName() + "," + eidData
+                                   .getFormatedDateOfBirth() + "," + eidData.getCitizenCountryCode() + "}");
     }
 
   }
-- 
cgit v1.2.3