From 1bb05a848206fb1e3bd77b744068c1ee5b344d73 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Thu, 4 Mar 2021 16:02:22 +0100 Subject: Prevent SZRClient from creating ERnP entry if person does not exist --- .../modules/auth/eidas/v2/szr/SzrClient.java | 60 +++++++++++----------- 1 file changed, 30 insertions(+), 30 deletions(-) (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java index dc6df967..5bad738b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java @@ -27,6 +27,7 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.net.URL; +import java.nio.charset.StandardCharsets; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -34,7 +35,7 @@ import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.UnrecoverableKeyException; import java.util.ArrayList; -import java.util.Arrays; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -117,6 +118,7 @@ public class SzrClient { private static final String JOSE_HEADER_USERCERTPINNING_EIDASBIND = "urn:at.gv.eid:eidasBind"; public static final String ATTR_NAME_MDS = "urn:eidgvat:mds"; + @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") @Autowired private IConfiguration basicConfig; @@ -126,10 +128,6 @@ public class SzrClient { // RAW client is needed for identitylink private Dispatch dispatch = null; - private SzrService szrService = null; - private String szrUrl = null; - private QName qname = null; - final ObjectMapper mapper = new ObjectMapper(); /** @@ -164,7 +162,7 @@ public class SzrClient { .createUnmarshaller().unmarshal(new ByteArrayInputStream(szrResponse)); // build response - log.trace(new String(szrResponse, "UTF-8")); + log.trace(new String(szrResponse, StandardCharsets.UTF_8)); // ok, we have success final Document doc = DomUtils.parseDocument( @@ -223,7 +221,11 @@ public class SzrClient { } /** - * Request a encryped baseId from SRZ. + * Request a encrypted baseId from SZR. + * + * Note: Previously, this method did create a new ERnP entry, if it did not exist. This is + * not the case any more. See + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateNewErnpEntryTask} for that functionality. * * @param personInfo Minimum dataset of person * @return encrypted baseId @@ -234,10 +236,7 @@ public class SzrClient { final String resp; try { - //TODO wirklich immer "insertERnP=true"? - // wenn insertErnP=false dann returns vsz oder fehler - // wenn insertErnp = true dann returns vsz, ggf vom neuen Eintrag - resp = this.szr.getStammzahlEncrypted(personInfo, true); + resp = this.szr.getStammzahlEncrypted(personInfo, false); } catch (SZRException_Exception e) { throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } @@ -253,8 +252,8 @@ public class SzrClient { /** * Sign an eidasBind data-structure that combines vsz with user's pubKey and E-ID status. * - * @param vsz encryped baseId - * @param bindingPubKey binding PublikKey as PKCS1# (ASN.1) container + * @param vsz encrypted baseId + * @param bindingPubKey binding PublicKey as PKCS1# (ASN.1) container * @param eidStatus Status of the E-ID * @param eidData eID information that was used for ERnP registration * @return bPK for this person @@ -266,7 +265,7 @@ public class SzrClient { final Map eidsaBindMap = new HashMap<>(); eidsaBindMap.put(ATTR_NAME_VSZ, vsz); eidsaBindMap.put(ATTR_NAME_STATUS, eidStatus); - eidsaBindMap.put(ATTR_NAME_PUBKEYS, Arrays.asList(bindingPubKey)); + eidsaBindMap.put(ATTR_NAME_PUBKEYS, Collections.singletonList(bindingPubKey)); eidsaBindMap.put(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, eidData.getCitizenCountryCode()); injectMdsIfAvailableAndActive(eidsaBindMap, eidData); @@ -296,7 +295,7 @@ public class SzrClient { return resp.getOut().get(0).getValue(); } catch (final JsonProcessingException | SZRException_Exception e) { - log.warn("Requesting bcBind by using SZR FAILED. Reason: {}", e.getMessage(), null, e); + log.warn("Requesting bcBind by using SZR FAILED.", e); throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e); } @@ -311,6 +310,9 @@ public class SzrClient { Constants.CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE, true); + SzrService szrService; + QName qname; + String szrUrl; if (useTestSzr) { log.debug("Initializing SZR test environment configuration."); qname = SzrService.SZRTestumgebung; @@ -350,20 +352,20 @@ public class SzrClient { // inject handler log.info("Use SZR service-URL: " + szrUrl); - injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT); - injectBindingProvider(dispatch, CLIENT_RAW); + injectBindingProvider((BindingProvider) szr, CLIENT_DEFAULT, szrUrl); + injectBindingProvider(dispatch, CLIENT_RAW, szrUrl); // inject http parameters and SSL context log.debug("Inject HTTP client settings ... "); - injectHttpClient(szr, CLIENT_DEFAULT); - injectHttpClient(dispatch, CLIENT_RAW); + injectHttpClient(szr, CLIENT_DEFAULT, szrUrl); + injectHttpClient(dispatch, CLIENT_RAW, szrUrl); log.info("SZR-Client initialization successfull"); } - private void injectHttpClient(Object raw, String clientType) { + private void injectHttpClient(Object raw, String clientType, String szrUrl) { // extract client from implementation - Client client = null; + Client client; if (raw instanceof DispatchImpl) { client = ((DispatchImpl) raw).getClient(); } else if (raw instanceof Client) { @@ -378,14 +380,12 @@ public class SzrClient { // set timeout policy final HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); - httpClientPolicy.setConnectionTimeout( - Integer.parseInt(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, - Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION)) * 1000); - httpClientPolicy.setReceiveTimeout( - Integer.parseInt(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, - Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE)) * 1000); + String connectionTimeout = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_CONNECTION, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_CONNECTION); + httpClientPolicy.setConnectionTimeout(Integer.parseInt(connectionTimeout) * 1000L); + String responseTimeout = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_TIMEOUT_RESPONSE, Constants.HTTP_CLIENT_DEFAULT_TIMEOUT_RESPONSE); + httpClientPolicy.setReceiveTimeout(Integer.parseInt(responseTimeout) * 1000L); http.setClient(httpClientPolicy); // inject SSL context in case of https @@ -400,7 +400,7 @@ public class SzrClient { } - private void injectBindingProvider(BindingProvider bindingProvider, String clientType) { + private void injectBindingProvider(BindingProvider bindingProvider, String clientType, String szrUrl) { final Map requestContext = bindingProvider.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, szrUrl); -- cgit v1.2.3