add foreign bPK generation into AuthenticationDataBuilder

7 files changed, 128 insertions, 11 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index b93de5119..91159ad4e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -30,9 +30,13 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
 
+import javax.annotation.PostConstruct;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
@@ -102,12 +106,32 @@ import iaik.x509.X509Certificate;
 @Service("AuthenticationDataBuilder")
 public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 
+	private static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey";
+	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
 	@Autowired private AttributQueryBuilder attributQueryBuilder;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
+	private Map<String, X509Certificate> encKeyMap = new HashMap<String, X509Certificate>();
+	
+	@PostConstruct
+	private void initialize() {
+		 Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
+		 for (Entry<String, String> el : pubKeyMap.entrySet()) {
+			 try {
+				encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false)));
+				Logger.info("Load foreign bPK encryption certificate for sector: " + el.getKey()); 
+				
+			 } catch (Exception e) {
+				Logger.warn("Can NOT load foreign bPK encryption certificate for sector: \" + el.getKey()", e); 
+				 
+			 }
+			 			 
+		 }		
+	}
+	
 	
 	public IAuthData buildAuthenticationData(IRequest pendingReq, 
             IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
@@ -648,7 +672,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 					Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found");				
 
 				
-				//set bPK and IdenityLink for all other
+				//set bPK and IdentityLink for all other
 			} else {
 				//build bPK
 				String pvpbPKValue = getbPKValueFromPVPAttribute(session);
@@ -724,7 +748,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 						
 					}					
 				}
-								
+				
+				//build foreign bPKs
+				generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); 
+				
+				
 				//build IdentityLink
 				if (identityLink != null)
 					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType()));
@@ -810,6 +838,61 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 	}
 
+	private void generateForeignbPK(AuthenticationData authData, List<String> foreignSectors) {
+		if (foreignSectors != null && !foreignSectors.isEmpty()) {
+			Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");					
+			for (String foreignSector : foreignSectors) {
+				Logger.trace("Process sector: " + foreignSector + " ... ");
+				if (encKeyMap.containsKey(foreignSector)) {
+					try {
+						String sector = null;
+						//splitt sector into VKZ and target
+						if (foreignSector.startsWith("wbpk")) {
+							Logger.trace("Find foreign private sector " + foreignSector);
+							sector = Constants.URN_PREFIX + ":" + foreignSector;
+							
+						} else {
+							String[] split = foreignSector.split("+");
+							if (split.length != 2)  {
+								Logger.warn("Foreign sector: " + foreignSector + " looks WRONG. IGNORE IT!");
+								
+							} else {
+								Logger.trace("Find foreign public sector. VKZ: " + split[0] + " Target: " + split[1]);	
+								sector = Constants.URN_PREFIX_CDID + "+" + split[1];
+								
+							}
+															
+						}
+						
+						if (sector != null) {								
+							Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+									authData.getIdentificationValue(), 
+									authData.getIdentificationType(), 										
+									sector);								
+							String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());																		
+							authData.getEncbPKList().add("(" + foreignSector + "|" +  foreignbPK + ")");
+							Logger.debug("Foreign bPK for sector: " + foreignSector + " created.");
+							
+						}
+														
+					} catch (Exception e) {
+						Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e);
+						
+					}
+																		
+				} else { 
+					Logger.info("NO encryption cerfificate FOUND in configuration for sector: " + foreignSector);
+					Logger.info("Foreign bPK for sector: " + foreignSector + " is NOT possible");
+					
+				}				
+			}
+			
+		} else
+			Logger.debug("No foreign bPKs required for this service provider");
+		
+	}
+	
+	
 	/**
 	 * Check a bPK-Type against a Service-Provider configuration <br>
 	 * If bPK-Type is <code>null</code> the result is <code>false</code>.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index a7f6e873f..04df32309 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -266,16 +266,21 @@ public class BPKBuilder {
     
 	public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
 		MiscUtil.assertNotNull(bpk, "BPK");
+		MiscUtil.assertNotNull(target, "sector");
 		MiscUtil.assertNotNull(publicKey, "publicKey");
-		
+			
 		SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
-		if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-			target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
 		
-		String input = "V1::urn:publicid:gv.at:cdid+" + target + "::"
+		if (!target.startsWith(Constants.URN_PREFIX)) {
+			throw new BuildException("bPK encryption FAILED. bPK target does NOT starts with a valid prefix", null);
+			
+		}
+		
+		String input = "V1::" 
+			+ target + "::"
 		    + bpk + "::"
 		    + sdf.format(new Date());
-		System.out.println(input);
+		Logger.trace("Foreign bPK: " + input);
 		byte[] result;
 		try {
 			byte[] inputBytes = input.getBytes("ISO-8859-1");
@@ -287,6 +292,17 @@ public class BPKBuilder {
 		}		
 	}
 
+	
+	/**
+	 * Currently only works for bPKs!!!!
+	 * 
+	 * 
+	 * @param encryptedBpk
+	 * @param target
+	 * @param privateKey
+	 * @return
+	 * @throws BuildException
+	 */
 	public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException {
 		MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK");
 		MiscUtil.assertNotNull(privateKey, "Private key");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 0fba2d3f6..3a0a002e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -209,7 +209,7 @@ public class VerifyXMLSignatureResponseParser {
       
       String signingTimeElement = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNING_TIME_XPATH,"");
       if (MiscUtil.isNotEmpty(signingTimeElement)) {
-    	  DateTime datetime = ISODateTimeFormat.dateTimeNoMillis().parseDateTime(signingTimeElement);
+    	  DateTime datetime = ISODateTimeFormat.dateOptionalTimeParser().parseDateTime(signingTimeElement);
     	  respData.setSigningDateTime(datetime.toDate());
     	  
       }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 59bd3893d..140ebcfc8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -54,10 +54,8 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 import java.util.Set;
 
 import org.apache.commons.lang.SerializationUtils;
@@ -935,4 +933,16 @@ public String toString() {
 	return "Object not initialized";
 }
 
+
+@Override
+public List<String> foreignbPKSectorsRequested() {
+	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN);
+	if (MiscUtil.isNotEmpty(value))
+		return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value));
+		
+	else
+		return null;
+	
+}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f3db82315..31b894604 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -531,5 +531,11 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return false;
 	}
 
+	@Override
+	public List<String> foreignbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 7f56f519b..4cd9ecd6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -691,6 +691,8 @@ public class AuthenticationData  implements IAuthData, Serializable {
 	 * @return the encbPKList
 	 */
 	public List<String> getEncbPKList() {
+		if (encbPKList == null)
+			encbPKList = new ArrayList<String>();
 		return encbPKList;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 9dfbe00b2..f5c48b826 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -41,7 +41,7 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 
 		if (authData.getEncbPKList() != null &&
 				authData.getEncbPKList().size() > 0) {
-			String value = authData.getEncbPKList().get(0);
+			String value = "(" + authData.getEncbPKList().get(0) + ")";
 			for (int i=1; i<authData.getEncbPKList().size(); i++)
 				value += ";"+authData.getEncbPKList().get(i);