Merge branch 'eIDAS_node_2.0_tests' into huge_refactoring

# Conflicts:
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
#	id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
#	id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
#	id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
#	id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
#	id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java

1 files changed, 85 insertions, 4 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index b60162f35..a13455972 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -28,8 +28,13 @@ import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.annotation.PostConstruct;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -87,6 +92,7 @@ import at.gv.util.client.szr.SZRClient;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
 import at.gv.util.wsdl.szr.SZRException;
 import at.gv.util.xsd.szr.PersonInfoType;
+import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
@@ -95,10 +101,30 @@ import at.gv.util.xsd.szr.PersonInfoType;
 @Service("AuthenticationDataBuilder")
 public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
 
+	public static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey";
+	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
 	@Autowired protected LoALevelMapper loaLevelMapper; 
 	
+	private Map<String, X509Certificate> encKeyMap = new HashMap<String, X509Certificate>();
+	
+	@PostConstruct
+	private void initialize() {
+		 Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
+		 for (Entry<String, String> el : pubKeyMap.entrySet()) {
+			 try {
+				encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false)));
+				Logger.info("Load foreign bPK encryption certificate for sector: " + el.getKey()); 
+				
+			 } catch (Exception e) {
+				Logger.warn("Can NOT load foreign bPK encryption certificate for sector: \" + el.getKey()", e); 
+				 
+			 }
+			 			 
+		 }		
+	}
+	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
 		try {
@@ -108,8 +134,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 			
 		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {
 			Logger.warn("Can not build authentication data from session information");
-			throw new EAAFAuthenticationException("TODO", new Object[]{},					
-					"Can not build authentication data from session information", e);
+			throw new EAAFAuthenticationException("TODO", new Object[]{}, e);
 			
 		}
 		
@@ -490,6 +515,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 				
 			}
 
+			//build foreign bPKs
+			generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); 
+			
 			//####################################################################
 			//copy all generic authentication information, which are not processed before to authData
 			Iterator<String> copyInterator = includedToGenericAuthData.iterator();
@@ -688,8 +716,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 				
 			} catch (MOAIDException e) {
 				Logger.warn("Can not build OA specific IDL. Reason: " + e.getMessage(), e);
-				throw new EAAFParserException("TODO", null, 
-						"Can not build OA specific IDL. Reason: " + e.getMessage(), e);
+				throw new EAAFParserException("TODO", null, e);
 				
 			}
 			
@@ -743,4 +770,58 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
         
 	}
 	
+	private void generateForeignbPK(MOAAuthenticationData authData, List<String> foreignSectors) {
+		if (foreignSectors != null && !foreignSectors.isEmpty()) {
+			Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");					
+			for (String foreignSector : foreignSectors) {
+				Logger.trace("Process sector: " + foreignSector + " ... ");
+				if (encKeyMap.containsKey(foreignSector)) {
+					try {
+						String sector = null;
+						//splitt sector into VKZ and target
+						if (foreignSector.startsWith("wbpk")) {
+							Logger.trace("Find foreign private sector " + foreignSector);
+							sector = Constants.URN_PREFIX + ":" + foreignSector;
+							
+						} else {
+							String[] split = foreignSector.split("+");
+							if (split.length != 2)  {
+								Logger.warn("Foreign sector: " + foreignSector + " looks WRONG. IGNORE IT!");
+								
+							} else {
+								Logger.trace("Find foreign public sector. VKZ: " + split[0] + " Target: " + split[1]);	
+								sector = Constants.URN_PREFIX_CDID + "+" + split[1];
+								
+							}
+															
+						}
+						
+						if (sector != null) {								
+							Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+									authData.getIdentificationValue(), 
+									authData.getIdentificationType(), 										
+									sector);								
+							String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());																		
+							authData.getEncbPKList().add("(" + foreignSector + "|" +  foreignbPK + ")");
+							Logger.debug("Foreign bPK for sector: " + foreignSector + " created.");
+							
+						}
+														
+					} catch (Exception e) {
+						Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e);
+						
+					}
+																		
+				} else { 
+					Logger.info("NO encryption cerfificate FOUND in configuration for sector: " + foreignSector);
+					Logger.info("Foreign bPK for sector: " + foreignSector + " is NOT possible");
+					
+				}				
+			}
+			
+		} else
+			Logger.debug("No foreign bPKs required for this service provider");
+		
+	}
+	
 }