diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2021-12-20 15:54:56 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2021-12-20 15:54:56 +0100 |
commit | 506ab3232b2c237a1d83c9e970dccdb9445d5d81 (patch) | |
tree | 3c94a1a8b4849bdcdbe56d12d0dd7b2e964b234f /id/server/idserverlib | |
parent | fc0385dbeee71f1ce18783ef1c7a4d06288fdb0d (diff) | |
parent | 600369d4ffa753716a9572824de7a96a04cb05a7 (diff) | |
download | moa-id-spss-master.tar.gz moa-id-spss-master.tar.bz2 moa-id-spss-master.zip |
Diffstat (limited to 'id/server/idserverlib')
5 files changed, 82 insertions, 44 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 28d0b3f68..995d15476 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<groupId>MOA.id.server</groupId>
@@ -228,6 +228,10 @@ <artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ </dependency>
<!-- <dependency>
<groupId>MOA</groupId>
@@ -287,6 +291,10 @@ <artifactId>bcprov-jdk15on</artifactId>
<groupId>org.bouncycastle</groupId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -321,7 +329,17 @@ <type>test-jar</type>
<classifier>tests</classifier>
<version>1.0.0</version>
- <scope>test</scope>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- <dependency>
<groupId>org.opensaml</groupId>
@@ -495,13 +513,13 @@ <dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
- <version>2.9.0</version>
+ <version>2.11.1</version>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<!-- version>3.0.1</version -->
- <version>3.3.0</version>
+ <version>3.7.1</version>
</dependency>
<!-- <dependency>
@@ -694,8 +712,8 @@ <artifactId>maven-compiler-plugin</artifactId>
<version>3.6.1</version>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index b0f452861..baf4349e8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -77,10 +77,10 @@ public class MOAIDAuthInitializer { System.setProperty( "https.cipherSuites", //high secure RSA bases ciphers - ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" + - ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + - ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + - ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" + + ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + + ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" + //high secure ECC bases ciphers ",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index 8fdf1eab8..1bf240589 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; @@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil { } } - public EncryptedData encrypt(byte[] data) throws BuildException { - Cipher cipher; - + public EncryptedData encrypt(byte[] data) throws BuildException { if (secret != null) { - try { - final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); - -// final byte[] nonce = new byte[GCM_NONCE_LENGTH]; -// SecureRandom.getInstanceStrong().nextBytes(nonce); - - GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.ENCRYPT_MODE, secret, spec); - - Logger.debug("Encrypt MOASession"); - - byte[] encdata = cipher.doFinal(data); - byte[] iv = cipher.getIV(); - - return new EncryptedData(encdata, iv); + try { + final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); + final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.ENCRYPT_MODE, secret, spec); + + final byte[] encdata = cipher.doFinal(data); + final byte[] iv = cipher.getIV(); + Logger.trace("Encrypt MOASession"); + return new EncryptedData(encdata, iv); } catch (Exception e) { Logger.warn("MOASession is not encrypted",e); @@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil { } public byte[] decrypt(EncryptedData data) throws BuildException { - Cipher cipher; if (secret != null) { - try { - IvParameterSpec iv = new IvParameterSpec(data.getIv()); - - cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); - cipher.init(Cipher.DECRYPT_MODE, secret, iv); - - Logger.debug("Decrypt MOASession"); - return cipher.doFinal(data.getEncData()); + try { + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv()); + cipher.init(Cipher.DECRYPT_MODE, secret, iv); + Logger.trace("Decrypt MOASession"); + return cipher.doFinal(data.getEncData()); } catch (Exception e) { Logger.warn("MOASession is not decrypted",e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java index 498f8408b..d4a6ee786 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java @@ -32,14 +32,15 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil { private static String key = null; public static SessionEncrytionUtil getInstance() { - if (instance == null) { + if (instance == null) { try { key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey(); - instance = new SessionEncrytionUtil(); + instance = new SessionEncrytionUtil(); } catch (Exception e) { Logger.warn("MOASession encryption can not be inizialized.", e); - + throw new RuntimeException("MOASession encryption can not be inizialized.", e); + } } return instance; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java index 645cb601f..a3a717072 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -1,9 +1,12 @@ package at.gv.egovernment.moa.id.config.auth.data; +import static org.junit.Assert.assertEquals; + import java.io.ByteArrayInputStream; import java.util.Arrays; import java.util.List; +import org.apache.commons.lang3.RandomStringUtils; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -13,6 +16,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; + import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.data.IMOAAuthData; @@ -153,6 +158,33 @@ public class AuthenticationDataBuilderTest { } + @Test + public void genericDataTransfer() throws Exception { + TestRequestImpl pendingReq = new TestRequestImpl(); + DummyOAConfig oaParam = new DummyOAConfig(); + oaParam.setHasBaseIdTransferRestriction(false); + oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH"); + oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a")); + pendingReq.setSpConfig(oaParam); + + final AuthenticationSessionWrapper session = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink()); + + // set random data to transfer + String key = RandomStringUtils.randomAlphabetic(5); + String value = RandomStringUtils.randomAlphabetic(5); + session.setGenericDataToSession(key, value); + + + // execute test + IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq); + + + assertEquals("generic data-transfer failed", value, authData.getGenericData(key, String.class)); + + } + @Test public void buildAuthDataWithIDLOnly_1() throws Exception { @@ -166,7 +198,7 @@ public class AuthenticationDataBuilderTest { IAuthenticationSession session = new DummyAuthSession(); session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink()); pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession()); - + IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq); |