diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-08-19 15:03:42 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-08-19 15:03:42 +0200 |
commit | 1ab0f1d4d991464b906c34befefe2ecaf485d485 (patch) | |
tree | e84f4deb090dda11b5fb318019b6e0bce9efc86c /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth | |
parent | 296ebbfb36ef207abe4611cb8d3727d2f86a692b (diff) | |
download | moa-id-spss-1ab0f1d4d991464b906c34befefe2ecaf485d485.tar.gz moa-id-spss-1ab0f1d4d991464b906c34befefe2ecaf485d485.tar.bz2 moa-id-spss-1ab0f1d4d991464b906c34befefe2ecaf485d485.zip |
add interfederation without attributequery request which use encrypted bPKs
(this functionality is required for federation with USP)
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth')
5 files changed, 188 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 6fc1d28c1..a62de27fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -961,6 +961,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return prop; } + /** + * @return + */ + public String getMOAConfigurationEncryptionKey() { + String prop = props.getProperty("configuration.moaconfig.key"); + if (MiscUtil.isEmpty(prop)) + return null; + else + return prop; + } + public boolean isIdentityLinkResigning() { String prop = props.getProperty("configuration.resignidentitylink.active", "false"); return Boolean.valueOf(prop); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index 6398de34f..4c6519b57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.config.auth; +import java.security.PrivateKey; import java.util.List; import java.util.Map; @@ -31,6 +32,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; /** * @author tlenz @@ -149,4 +151,6 @@ public interface IOAAuthParameters { List<String> getTestCredentialOIDs(); + PrivateKey getBPKDecBpkDecryptionKey(); + }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index f58fe2495..673d23373 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -46,11 +46,15 @@ package at.gv.egovernment.moa.id.config.auth; +import java.security.PrivateKey; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import org.apache.commons.lang.SerializationUtils; + +import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; @@ -71,6 +75,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; +import at.gv.egovernment.moa.id.data.EncryptedData; +import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -555,4 +562,33 @@ public List<String> getTestCredentialOIDs() { return null; } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters() + */ +@Override +public PrivateKey getBPKDecBpkDecryptionKey() { + + try { + EncryptedData encdata = new EncryptedData( + oa_auth.getEncBPKInformation().getBPKDecryption().getKeyInformation(), + oa_auth.getEncBPKInformation().getBPKDecryption().getIv()); + byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata); + BPKDecryptionParameters data = + (BPKDecryptionParameters) SerializationUtils.deserialize(serializedData); + + return data.getPrivateKey(); + + } catch (BuildException e) { + // TODO Auto-generated catch block + Logger.error("Can not decrypt key information for bPK decryption", e); + + } catch (NullPointerException e) { + Logger.error("No keyInformation found for bPK decryption"); + + } + return null; + +} + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java new file mode 100644 index 000000000..787a480f0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java @@ -0,0 +1,127 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.Serializable; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; + +import org.apache.commons.lang.SerializationUtils; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.KeyStoreUtils; + + +/** + * @author tlenz + * + */ +public class BPKDecryptionParameters implements Serializable{ + + private static final long serialVersionUID = 1L; + + private byte[] keyStore = null; + private String keyStorePassword = null; + private String keyAlias = null; + private String keyPassword = null; + + /** + * @return + */ + public PrivateKey getPrivateKey() { + try { + InputStream in = new ByteArrayInputStream(keyStore); + KeyStore store = KeyStoreUtils.loadKeyStore(in , keyStorePassword); + + char[] chPassword = " ".toCharArray(); + if (keyPassword != null) + chPassword = keyPassword.toCharArray(); + +// Certificate test = store.getCertificate(keyAlias); +// Base64Utils.encode(test.getPublicKey().getEncoded()); + + return (PrivateKey) store.getKey(keyAlias, chPassword); + + + } catch (KeyStoreException e) { + Logger.error("Can not load private key from keystore.", e); + + } catch (IOException e) { + Logger.error("Can not load private key from keystore.", e); + + } catch (UnrecoverableKeyException e) { + Logger.error("Can not load private key from keystore.", e); + + } catch (NoSuchAlgorithmException e) { + Logger.error("Can not load private key from keystore.", e); + + } + + return null; + } + + public byte[] serialize() { + return SerializationUtils.serialize(this); + + } + + /** + * @param keyStore the keyStore to set + */ + public void setKeyStore(byte[] keyStore) { + this.keyStore = keyStore; + } + + /** + * @param keyStorePassword the keyStorePassword to set + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * @param keyAlias the keyAlias to set + */ + public void setKeyAlias(String keyAlias) { + this.keyAlias = keyAlias; + } + + /** + * @param keyPassword the keyPassword to set + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index eddf605a6..7dbdcfa52 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.config.auth.data; +import java.security.PrivateKey; import java.util.List; import java.util.Map; @@ -399,6 +400,15 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters() + */ + @Override + public PrivateKey getBPKDecBpkDecryptionKey() { + // TODO Auto-generated method stub + return null; + } + } |