From f358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4 Mon Sep 17 00:00:00 2001 From: lalber Date: Fri, 6 Nov 2020 16:28:26 +0100 Subject: some improvements --- .../eidas/v2/tasks/CreateIdentityLinkTask.java | 65 ++++++++++------- .../tasks/CreateIdentityLinkTaskEidNewTest.java | 85 +++++++++++++--------- .../resources/config/junit_config_3.properties | 11 ++- 3 files changed, 97 insertions(+), 64 deletions(-) (limited to 'eidas_modules') diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java index f060a4cf..8626c709 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java @@ -60,7 +60,6 @@ import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import lombok.extern.slf4j.Slf4j; -import lombok.val; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.springframework.beans.factory.annotation.Autowired; @@ -77,6 +76,7 @@ import java.io.InputStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.Provider; +import java.security.PublicKey; import java.util.Base64; import java.util.HashMap; import java.util.List; @@ -102,7 +102,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { EaafKeyStoreFactory keyStoreFactory; private static final String EID_STATUS = "urn:eidgvat:eid.status.eidas"; - Pair ks; /* * (non-Javadoc) @@ -119,8 +118,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); final ILightResponse eidasResponse = authProcessData .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class); - String eidMode = pendingReq.getServiceProviderConfiguration() - .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old"); + boolean isNewEidMode = pendingReq.getServiceProviderConfiguration() + .isConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE, false); final Map simpleAttrMap = convertEidasAttrToSimpleMap( @@ -230,17 +229,31 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - if (eidMode.equals("new")) { - String keyAlias = pendingReq.getServiceProviderConfiguration().getConfigurationValue( - MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME, ""); - String keyPw = pendingReq.getServiceProviderConfiguration() - .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_PW, ""); + if (isNewEidMode) { + + // read Connector wide config data TODO connector wide! + String keyStoreAlias = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME); + String keyStorePw = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD); + String keyStorePath = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PATH); + String keyStoreType = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_TYPE); + // get verschlüsselte Stammzahl String vsz = szrClient.getEncryptedStammzahl(personInfo); // build Keystore - String pk64 = getPkFromKeystore(keyAlias, keyPw); + Pair keystoreProvider = initKeystore(keyStoreAlias, keyStorePw, keyStorePath, + keyStoreType); + + // get pubKey + PublicKey publicKey = keystoreProvider.getFirst().getCertificate(keyStoreAlias).getPublicKey(); + + // encode pubKey base64 + String pk64 = Base64.getEncoder().encodeToString(publicKey.getEncoded()); // get eIDAS bind String signedEidasBind = szrClient.getBcBind(vsz, pk64, EID_STATUS); @@ -250,7 +263,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier()); String jwsSignature = JoseUtils - .createSignature(ks, keyAlias, keyPw.toCharArray(), jwsPayload, false, keyAlias); + .createSignature(keystoreProvider, keyStoreAlias, keyStorePw.toCharArray(), jwsPayload, false, + keyStoreAlias); authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature); authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, signedEidasBind); @@ -275,8 +289,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { .getBasicConfigurationBoolean(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_DEBUG_USESRZFORBPKGENERATION, true)) { bpk = szrClient .getBpk(personInfo, pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(), - basicConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, - "no VKZ defined")).get(0); + basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")) + .get(0); } else { log.debug("Calculating bPK from baseId ... "); @@ -292,7 +307,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - if (eidMode.equals("new")) { + if (isNewEidMode) { authProcessData.setForeigner(true); authProcessData.setGenericDataToSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, EidasResponseUtils .parseEidasPersonalIdentifier((String) simpleAttrMap.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)) @@ -305,7 +320,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new SzrCommunicationException("ernb.00", null); } - revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED, + revisionsLogger.logEvent(pendingReq, + MsConnectorEventCodes.SZR_IDL_RECEIVED, identityLink.getSamlAssertion() .getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID)); @@ -348,18 +364,17 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } } - private String getPkFromKeystore(String keyAlias, String keyPw) throws EaafException, KeyStoreException { - KeyStoreConfiguration configuration = new KeyStoreConfiguration(); + private Pair initKeystore(String keyAlias, String keyPw, String path, String type) + throws EaafException, KeyStoreException { + KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration(); final String current = new java.io.File(".").toURI().toString(); - configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks"); - configuration.setSoftKeyStorePassword(keyPw); //TODO from config - configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS); - configuration.setFriendlyName(keyAlias); - configuration.setKeyStoreName(keyAlias); - ks = keyStoreFactory.buildNewKeyStore(configuration); - val publicKey = ks.getFirst().getCertificate(keyAlias).getPublicKey(); - return Base64.getEncoder().encodeToString(publicKey.getEncoded()); + keyStoreConfiguration.setSoftKeyStoreFilePath(current + path); + keyStoreConfiguration.setSoftKeyStorePassword(keyPw); + keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(type)); + keyStoreConfiguration.setFriendlyName(keyAlias); + keyStoreConfiguration.setKeyStoreName(keyAlias); + return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration); } private String extendBpkByPrefix(String bpk, String type) { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java index 00e01a2c..888b7631 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -1,8 +1,8 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME; -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_PW; -import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE; +import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME; +import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD; +import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; import static org.mockito.ArgumentMatchers.any; import static org.powermock.api.mockito.PowerMockito.when; @@ -69,8 +69,8 @@ public class CreateIdentityLinkTaskEidNewTest { @Autowired(required = true) private CreateIdentityLinkTask task; -// @Autowired(required = true) -// private FinalizeAuthenticationTask authTask; + // @Autowired(required = true) + // private FinalizeAuthenticationTask authTask; @Autowired(required = true) private DummySpecificCommunicationService commService; @Autowired(required = true) @@ -87,7 +87,7 @@ public class CreateIdentityLinkTaskEidNewTest { private static final String PW = "f/+saJBc3a}*/T^s"; private static final String ALIAS = "connectorkeypair"; - + @Rule public final SoapServiceRule soap = SoapServiceRule.newInstance(); @@ -99,8 +99,7 @@ public class CreateIdentityLinkTaskEidNewTest { @BeforeClass public static void classInitializer() throws IOException { final String current = new java.io.File(".").toURI().toString(); - System.setProperty("eidas.ms.configuration", current - + "src/test/resources/config/junit_config_3.properties"); + System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties"); } @@ -118,18 +117,17 @@ public class CreateIdentityLinkTaskEidNewTest { final Map spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); - spConfig.put(PROP_CONFIG_SP_EID_MODE, "new"); - spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_PW, PW); - spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_FRIENDLYNAME, ALIAS); + spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); + spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD, PW); + spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME, ALIAS); oaParam = new DummySpConfiguration(spConfig, basicConfig); pendingReq = new TestRequestImpl(); AuthenticationResponse response = buildDummyAuthResponse(); - - - pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); pendingReq.setSpConfig(oaParam); pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); pendingReq.setAuthUrl("http://test.com/"); @@ -143,33 +141,48 @@ public class CreateIdentityLinkTaskEidNewTest { @NotNull private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException { - AttributeDefinition attributeDef = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER) - .nameUri(new URI("ad", "sd", "ff")).personType(PersonType.LEGAL_PERSON) - .xmlType(new QName("http://saf", "as", "af")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - AttributeDefinition attributeDef2 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME) - .nameUri(new URI("ad", "sd", "fff")).personType(PersonType.LEGAL_PERSON) - .xmlType(new QName("http://saf", "as", "aff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); - AttributeDefinition attributeDef3 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME) - .nameUri(new URI("ad", "sd", "ffff")).personType(PersonType.LEGAL_PERSON) - .xmlType(new QName("http://saf", "as", "afff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); + AttributeDefinition attributeDef = AttributeDefinition.builder() + .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER) + .nameUri(new URI("ad", "sd", "ff")) + .personType(PersonType.LEGAL_PERSON) + .xmlType(new QName("http://saf", "as", "af")) + .attributeValueMarshaller( + "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller") + .build(); + AttributeDefinition attributeDef2 = AttributeDefinition.builder() + .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME) + .nameUri(new URI("ad", "sd", "fff")) + .personType(PersonType.LEGAL_PERSON) + .xmlType(new QName("http://saf", "as", "aff")) + .attributeValueMarshaller( + "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller") + .build(); + AttributeDefinition attributeDef3 = AttributeDefinition.builder() + .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME) + .nameUri(new URI("ad", "sd", "ffff")) + .personType(PersonType.LEGAL_PERSON) + .xmlType(new QName("http://saf", "as", "afff")) + .attributeValueMarshaller( + "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller") + .build(); AttributeDefinition attributeDef4 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH) - .nameUri(new URI("ad", "sd", "fffff")).personType(PersonType.LEGAL_PERSON) - .xmlType(new QName("http://saf", "as", "affff")) - .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build(); + .nameUri(new URI("ad", "sd", "fffff")) + .personType(PersonType.LEGAL_PERSON) + .xmlType(new QName("http://saf", "as", "affff")) + .attributeValueMarshaller( + "eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller") + .build(); - ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder().put(attributeDef, "de/st/" + RandomStringUtils.randomNumeric(64)) - .put(attributeDef2, RandomStringUtils.randomAlphabetic(10)) - .put(attributeDef3, RandomStringUtils.randomAlphabetic(10)) - .put(attributeDef4, "2001-01-01") - .build(); + ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder().put(attributeDef, "de/st/" + RandomStringUtils + .randomNumeric(64)).put(attributeDef2, RandomStringUtils.randomAlphabetic(10)).put(attributeDef3, + RandomStringUtils + .randomAlphabetic(10)) + .put(attributeDef4, "2001-01-01").build(); val b = new AuthenticationResponse.Builder(); - return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf") - .subjectNameIdFormat("afaf").attributes(attributeMap).build(); + return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat("afaf") + .attributes(attributeMap).build(); } @Test diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties index 33207118..79352734 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties @@ -47,6 +47,12 @@ eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 eidas.ms.auth.eIDAS.szrclient.timeout.response=30 eidas.ms.auth.eIDAS.szrclient.params.vkz= +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=src/test/resources/keystore/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks + + eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false @@ -93,9 +99,8 @@ eidas.ms.pvp2.metadata.validity=24 eidas.ms.sp.0.uniqueID= eidas.ms.sp.0.pvp2.metadata.truststore= eidas.ms.sp.0.pvp2.metadata.truststore.password= -eidas.ms.sp.0.eidMode=new -eidas.ms.sp.0.authblock.truststore.password=f/+saJBc3a}*/T^s -eidas.ms.sp.0.authblock.truststore.friendlyName=connectorkeypair +eidas.ms.sp.0.newEidMode=true + #eidas.ms.sp.0.friendlyName= #eidas.ms.sp.0.pvp2.metadata.url= -- cgit v1.2.3