add interfederation without attributequery request which use encrypted bPKs

 (this functionality is required for federation with USP)

5 files changed, 188 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 6fc1d28c1..a62de27fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -961,6 +961,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 		  return prop;
   }
   
+  /**
+   * @return
+   */
+  public String getMOAConfigurationEncryptionKey() {
+	  String prop = props.getProperty("configuration.moaconfig.key");  
+	  if (MiscUtil.isEmpty(prop))
+		  return null;
+	  else
+		  return prop;
+  }
+  
   public boolean isIdentityLinkResigning() {
 	  String prop = props.getProperty("configuration.resignidentitylink.active", "false");
 	  return Boolean.valueOf(prop);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index 6398de34f..4c6519b57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.config.auth;
 
+import java.security.PrivateKey;
 import java.util.List;
 import java.util.Map;
 
@@ -31,6 +32,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
 import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
 import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
 import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters;
 
 /**
  * @author tlenz
@@ -149,4 +151,6 @@ public interface IOAAuthParameters {
 
 	List<String> getTestCredentialOIDs();
 	
+	PrivateKey getBPKDecBpkDecryptionKey();
+	
 }
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index f58fe2495..673d23373 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -46,11 +46,15 @@
 
 package at.gv.egovernment.moa.id.config.auth;
 
+import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.commons.lang.SerializationUtils;
+
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
 import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
 import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType;
@@ -71,6 +75,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials;
 import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
 import at.gv.egovernment.moa.id.config.ConfigurationUtils;
 import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters;
+import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil;
 import at.gv.egovernment.moa.id.util.FormBuildUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -555,4 +562,33 @@ public List<String> getTestCredentialOIDs() {
 		return null;	
 }
 
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters()
+ */
+@Override
+public PrivateKey getBPKDecBpkDecryptionKey() {
+
+	try {		
+		EncryptedData encdata = new EncryptedData(
+			oa_auth.getEncBPKInformation().getBPKDecryption().getKeyInformation(), 
+			oa_auth.getEncBPKInformation().getBPKDecryption().getIv());
+		byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata);
+		BPKDecryptionParameters data = 
+				(BPKDecryptionParameters) SerializationUtils.deserialize(serializedData);
+		
+		return data.getPrivateKey();
+				
+	} catch (BuildException e) {
+		// TODO Auto-generated catch block
+		Logger.error("Can not decrypt key information for bPK decryption", e);
+		
+	} catch (NullPointerException e) {
+		Logger.error("No keyInformation found for bPK decryption");
+		
+	}	
+	return null;
+	
+}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java
new file mode 100644
index 000000000..787a480f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+
+import org.apache.commons.lang.SerializationUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class BPKDecryptionParameters implements Serializable{
+
+	private static final long serialVersionUID = 1L;
+	
+	private byte[] keyStore = null;
+	private String keyStorePassword = null;
+	private String keyAlias = null;
+	private String keyPassword = null;
+	
+	/**
+	 * @return
+	 */
+	public PrivateKey getPrivateKey() {		
+		try {
+			InputStream in = new ByteArrayInputStream(keyStore);
+			KeyStore store = KeyStoreUtils.loadKeyStore(in , keyStorePassword);
+			
+		    char[] chPassword = " ".toCharArray();
+		    if (keyPassword != null)
+		      chPassword = keyPassword.toCharArray();
+		    
+//		    Certificate test = store.getCertificate(keyAlias);
+//		    Base64Utils.encode(test.getPublicKey().getEncoded());
+		    
+			return (PrivateKey) store.getKey(keyAlias, chPassword);
+			
+			
+		} catch (KeyStoreException e) {
+			Logger.error("Can not load private key from keystore.", e);
+			
+		} catch (IOException e) {
+			Logger.error("Can not load private key from keystore.", e);
+			
+		} catch (UnrecoverableKeyException e) {
+			Logger.error("Can not load private key from keystore.", e);
+
+		} catch (NoSuchAlgorithmException e) {
+			Logger.error("Can not load private key from keystore.", e);
+			
+		}
+		
+		return null;		
+	}
+	
+	public byte[] serialize() {
+		return SerializationUtils.serialize(this);
+		
+	}
+
+	/**
+	 * @param keyStore the keyStore to set
+	 */
+	public void setKeyStore(byte[] keyStore) {
+		this.keyStore = keyStore;
+	}
+
+	/**
+	 * @param keyStorePassword the keyStorePassword to set
+	 */
+	public void setKeyStorePassword(String keyStorePassword) {
+		this.keyStorePassword = keyStorePassword;
+	}
+
+	/**
+	 * @param keyAlias the keyAlias to set
+	 */
+	public void setKeyAlias(String keyAlias) {
+		this.keyAlias = keyAlias;
+	}
+
+	/**
+	 * @param keyPassword the keyPassword to set
+	 */
+	public void setKeyPassword(String keyPassword) {
+		this.keyPassword = keyPassword;
+	}
+	
+	
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index eddf605a6..7dbdcfa52 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.config.auth.data;
 
+import java.security.PrivateKey;
 import java.util.List;
 import java.util.Map;
 
@@ -399,6 +400,15 @@ public class DynamicOAAuthParameters implements IOAAuthParameters {
 		return null;
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters()
+	 */
+	@Override
+	public PrivateKey getBPKDecBpkDecryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 	
 
 }