aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2021-12-20 15:54:56 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2021-12-20 15:54:56 +0100
commit506ab3232b2c237a1d83c9e970dccdb9445d5d81 (patch)
tree3c94a1a8b4849bdcdbe56d12d0dd7b2e964b234f /id/server/idserverlib/src
parentfc0385dbeee71f1ce18783ef1c7a4d06288fdb0d (diff)
parent600369d4ffa753716a9572824de7a96a04cb05a7 (diff)
downloadmoa-id-spss-master.tar.gz
moa-id-spss-master.tar.bz2
moa-id-spss-master.zip
Merge branch 'master' of gitlab.iaik.tugraz.at:egiz/moa-idspssHEADmaster
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java7
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java34
4 files changed, 58 insertions, 38 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index b0f452861..baf4349e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -77,10 +77,10 @@ public class MOAIDAuthInitializer {
System.setProperty(
"https.cipherSuites",
//high secure RSA bases ciphers
- ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
- ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
- ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
- ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
//high secure ECC bases ciphers
",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index 8fdf1eab8..1bf240589 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
@@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil {
}
}
- public EncryptedData encrypt(byte[] data) throws BuildException {
- Cipher cipher;
-
+ public EncryptedData encrypt(byte[] data) throws BuildException {
if (secret != null) {
- try {
- final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
-
-// final byte[] nonce = new byte[GCM_NONCE_LENGTH];
-// SecureRandom.getInstanceStrong().nextBytes(nonce);
-
- GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
-
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
-
- Logger.debug("Encrypt MOASession");
-
- byte[] encdata = cipher.doFinal(data);
- byte[] iv = cipher.getIV();
-
- return new EncryptedData(encdata, iv);
+ try {
+ final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+ final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+ final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+ cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
+
+ final byte[] encdata = cipher.doFinal(data);
+ final byte[] iv = cipher.getIV();
+ Logger.trace("Encrypt MOASession");
+ return new EncryptedData(encdata, iv);
} catch (Exception e) {
Logger.warn("MOASession is not encrypted",e);
@@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil {
}
public byte[] decrypt(EncryptedData data) throws BuildException {
- Cipher cipher;
if (secret != null) {
- try {
- IvParameterSpec iv = new IvParameterSpec(data.getIv());
-
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.DECRYPT_MODE, secret, iv);
-
- Logger.debug("Decrypt MOASession");
- return cipher.doFinal(data.getEncData());
+ try {
+ final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+ final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv());
+ cipher.init(Cipher.DECRYPT_MODE, secret, iv);
+ Logger.trace("Decrypt MOASession");
+ return cipher.doFinal(data.getEncData());
} catch (Exception e) {
Logger.warn("MOASession is not decrypted",e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
index 498f8408b..d4a6ee786 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -32,14 +32,15 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil {
private static String key = null;
public static SessionEncrytionUtil getInstance() {
- if (instance == null) {
+ if (instance == null) {
try {
key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey();
- instance = new SessionEncrytionUtil();
+ instance = new SessionEncrytionUtil();
} catch (Exception e) {
Logger.warn("MOASession encryption can not be inizialized.", e);
-
+ throw new RuntimeException("MOASession encryption can not be inizialized.", e);
+
}
}
return instance;
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 645cb601f..a3a717072 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -1,9 +1,12 @@
package at.gv.egovernment.moa.id.config.auth.data;
+import static org.junit.Assert.assertEquals;
+
import java.io.ByteArrayInputStream;
import java.util.Arrays;
import java.util.List;
+import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
@@ -13,6 +16,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
@@ -153,6 +158,33 @@ public class AuthenticationDataBuilderTest {
}
+ @Test
+ public void genericDataTransfer() throws Exception {
+ TestRequestImpl pendingReq = new TestRequestImpl();
+ DummyOAConfig oaParam = new DummyOAConfig();
+ oaParam.setHasBaseIdTransferRestriction(false);
+ oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH");
+ oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a"));
+ pendingReq.setSpConfig(oaParam);
+
+ final AuthenticationSessionWrapper session = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+ session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink());
+
+ // set random data to transfer
+ String key = RandomStringUtils.randomAlphabetic(5);
+ String value = RandomStringUtils.randomAlphabetic(5);
+ session.setGenericDataToSession(key, value);
+
+
+ // execute test
+ IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);
+
+
+ assertEquals("generic data-transfer failed", value, authData.getGenericData(key, String.class));
+
+ }
+
@Test
public void buildAuthDataWithIDLOnly_1() throws Exception {
@@ -166,7 +198,7 @@ public class AuthenticationDataBuilderTest {
IAuthenticationSession session = new DummyAuthSession();
session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink());
pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession());
-
+
IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);