From d01abea064f33d1c985464aadf3e2326c6ba3219 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 27 Nov 2020 09:07:27 +0100
Subject: upatate AuthBlock format in case of E-ID like authentication

---
 eidas_modules/authmodule-eIDAS-v2/pom.xml          |  6 ++-
 .../eidas/v2/service/AuthBlockSigningService.java  | 52 ++++++++++++++++++++--
 .../eidas/v2/tasks/CreateIdentityLinkTask.java     |  2 +-
 .../tasks/CreateIdentityLinkTaskEidNewTest.java    | 37 ++-------------
 4 files changed, 57 insertions(+), 40 deletions(-)

(limited to 'eidas_modules')

diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index 4fe2bb36..b2e841fb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -123,8 +123,10 @@
       <groupId>org.apache.cxf</groupId>
       <artifactId>cxf-rt-transports-http</artifactId>
     </dependency>
-    <!-- <dependency> <groupId>org.xerial</groupId> <artifactId>sqlite-jdbc</artifactId> 
-      <version>${org.xerial.sqlite-jdbc.version}</version> </dependency> -->
+    <dependency>
+      <groupId>com.fasterxml.jackson.datatype</groupId>
+      <artifactId>jackson-datatype-jsr310</artifactId>
+    </dependency>
 
     <dependency>
       <groupId>javax.servlet</groupId>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
index ccc6eb0c..ad9b1082 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/service/AuthBlockSigningService.java
@@ -1,11 +1,15 @@
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.service;
 
+import java.io.Serializable;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.Provider;
 import java.security.cert.X509Certificate;
+import java.time.LocalDateTime;
+import java.time.temporal.ChronoUnit;
 import java.util.Base64;
+import java.util.UUID;
 
 import javax.annotation.PostConstruct;
 
@@ -14,11 +18,18 @@ import org.jose4j.lang.JoseException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
 
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -27,6 +38,7 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
 import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 
 /**
@@ -55,18 +67,22 @@ public class AuthBlockSigningService {
   /**
    * Build and sign an AuthBlock for E-ID system. 
    * 
-   * @param dataToSign data that should be added into AuthBlock
+   * @param pendingReq data that should be added into AuthBlock
    * @return serialized JWS
    * @throws JsonProcessingException In case of a AuthBlock generation error 
    * @throws JoseException  In case of a JWS signing error
    * @throws EaafException  In case of a KeyStore or Key error
    */
-  public String buildSignedAuthBlock(String dataToSign) 
+  public String buildSignedAuthBlock(IRequest pendingReq) 
       throws JsonProcessingException, EaafException, JoseException {
-    log.debug("Building and sign authBlock with data: {}", dataToSign);
     
     // build AuthBlock
-    String jwsPayload = mapper.writeValueAsString(dataToSign);
+    EidasAuchBlock authBlock = new EidasAuchBlock();
+    authBlock.setChallenge(UUID.randomUUID().toString());
+    authBlock.setTimestamp(LocalDateTime.now().truncatedTo(ChronoUnit.SECONDS));
+    authBlock.setUniqueId(pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));    
+    String jwsPayload = mapper.writeValueAsString(authBlock);
+    log.debug("Building and sign authBlock with data: {}", jwsPayload);
     
     //sign JWS
     return JoseUtils
@@ -148,4 +164,32 @@ public class AuthBlockSigningService {
         .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEY_ALIAS);
     
   }
+  
+  /**
+   * Technical AuthBlock for eIDAS Authentication.
+   * 
+   * @author tlenz
+   *
+   */
+  @Data
+  public class EidasAuchBlock implements Serializable {
+
+    private static final long serialVersionUID = -2013435642666124497L;
+
+    @JsonProperty("challenge")
+    private String challenge;
+    
+    @JsonProperty("timestamp")
+    @JsonSerialize(using = LocalDateTimeSerializer.class)
+    @JsonDeserialize(using = LocalDateTimeDeserializer.class)
+    @JsonFormat(pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+    private LocalDateTime timestamp;
+    
+    @JsonProperty("appId")
+    private String uniqueId;
+    
+    
+  }
+
+  
 }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 80142b09..f9142f8e 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -157,7 +157,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
               EID_STATUS);
 
           //get signed AuthBlock
-          String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq.getUniqueTransactionIdentifier());
+          String jwsSignature = authBlockSigner.buildSignedAuthBlock(pendingReq);
        
           //inject personal-data into session
           authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index d08855f2..dd485ee6 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -2,9 +2,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
 
 import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.doThrow;
 import static org.powermock.api.mockito.PowerMockito.when;
 
 import java.io.IOException;
@@ -21,19 +18,14 @@ import java.util.Map;
 
 import javax.xml.namespace.QName;
 
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.jetbrains.annotations.NotNull;
 import org.jose4j.jwa.AlgorithmConstraints;
 import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
 import org.jose4j.jws.AlgorithmIdentifiers;
-import org.jose4j.lang.JoseException;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
-import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -51,6 +43,8 @@ import com.skjolberg.mockito.soap.SoapServiceRule;
 
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
@@ -61,6 +55,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
 import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
@@ -75,7 +70,6 @@ import eu.eidas.auth.commons.attribute.PersonType;
 import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
 import lombok.val;
 import szrservices.SZR;
-import szrservices.SZRException_Exception;
 import szrservices.SignContentEntry;
 import szrservices.SignContentResponseType;
 
@@ -193,7 +187,7 @@ public class CreateIdentityLinkTaskEidNewTest {
         .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
     JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
     Assert.assertTrue("AuthBlock not valid", result.isValid());
-
+    
   }
 
   @Test
@@ -225,29 +219,6 @@ public class CreateIdentityLinkTaskEidNewTest {
     }
   }
 
-  @Ignore
-  @Test
-  public void exceptionTest() throws Exception {
-    try {
-      when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
-      val signContentResp = new SignContentResponseType();
-      final SignContentEntry signContentEntry = new SignContentEntry();
-      signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
-      signContentResp.getOut().add(signContentEntry);
-      when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
-      doThrow(new EaafException("test")).when(authBlockSigner)
-          .buildSignedAuthBlock(pendingReq.getUniqueTransactionIdentifier());
-
-      task.execute(pendingReq, executionContext);
-    } catch (TaskExecutionException e) {
-      Assert.assertEquals("Incorrect exception thrown", e.getMessage(),
-          "IdentityLink generation for foreign person " + "FAILED.");
-      Assert.assertTrue("Incorrect exception thrown", e.getCause() instanceof EaafException);
-      Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("test"));
-    }
-
-  }
-
   private Pair<KeyStore, Provider> getKeyStore() throws EaafException {
     // read Connector wide config data TODO connector wide!
     String keyStoreName = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME);
-- 
cgit v1.2.3