diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-12 09:20:52 +0200 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-12 09:20:52 +0200 | 
| commit | 721d4261b72a12dc6147687d72b81738014be20b (patch) | |
| tree | d95504e0168f897172bc502e88267878a6c9cfa1 /id/server/idserverlib/src/main/java | |
| parent | cb8ae73a6196813c3c749e4396977e5e1e3304b9 (diff) | |
| download | moa-id-spss-721d4261b72a12dc6147687d72b81738014be20b.tar.gz moa-id-spss-721d4261b72a12dc6147687d72b81738014be20b.tar.bz2 moa-id-spss-721d4261b72a12dc6147687d72b81738014be20b.zip | |
add jUnit simple test for AuthDataBuilder and foreign bPK generation
Diffstat (limited to 'id/server/idserverlib/src/main/java')
3 files changed, 79 insertions, 131 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 91159ad4e..afac80df9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -106,13 +106,14 @@ import iaik.x509.X509Certificate;  @Service("AuthenticationDataBuilder")  public class AuthenticationDataBuilder extends MOAIDAuthConstants { -	private static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey"; +	public static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey"; +	 +	@Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage; +	@Autowired(required=true) protected AuthConfiguration authConfig; +	@Autowired(required=false) private MOAMetadataProvider metadataProvider; +	@Autowired(required=false) private AttributQueryBuilder attributQueryBuilder; +	@Autowired(required=false) private SAMLVerificationEngineSP samlVerificationEngine; -	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; -	@Autowired protected AuthConfiguration authConfig; -	@Autowired private AttributQueryBuilder attributQueryBuilder; -	@Autowired private SAMLVerificationEngineSP samlVerificationEngine; -	@Autowired(required=true) private MOAMetadataProvider metadataProvider;  	private Map<String, X509Certificate> encKeyMap = new HashMap<String, X509Certificate>(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 04df32309..14de65e36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -149,121 +149,7 @@ public class BPKBuilder {  			}			  		}						  	} -	 -	 -    /** -     * Builds the storkeid from the given parameters. -     * -     * @param baseID baseID of the citizen -     * @param baseIDType Type of the baseID -     * @param sourceCountry CountryCode of that country, which build the eIDAs ID -     * @param destinationCountry CountryCode of that country, which receives the eIDAs ID -     *  -     * @return Pair<eIDAs, bPKType> in a BASE64 encoding -     * @throws BuildException if an error occurs on building the wbPK -     */ -    private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) -            throws BuildException {         -        String bPK = null; -        String bPKType = null; -         -        // check if we have been called by public sector application -        if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { -        	bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; -            Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);          -            bPK = calculatebPKwbPK(baseID + "+"  + bPKType); -             -        } else { // if not, sector identification value is already calculated by BKU -            Logger.debug("eIDAS eIdentifier already provided by BKU"); -            bPK = baseID; -        } - -        if ((MiscUtil.isEmpty(bPK) || -                MiscUtil.isEmpty(sourceCountry) || -                	MiscUtil.isEmpty(destinationCountry))) { -            throw new BuildException("builder.00", -                    new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + -                            bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); -        } -         -        Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); -        String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; -         -        return Pair.newInstance(eIdentifier, bPKType); -    } -	 -//    /** -//     * Builds the bPK from the given parameters. -//     * -//     * @param identificationValue Base64 encoded "Stammzahl" -//     * @param target              "Bereich lt. Verordnung des BKA" -//     * @return bPK in a BASE64 encoding -//     * @throws BuildException if an error occurs on building the bPK -//     */ -//    private String buildBPK(String identificationValue, String target) -//            throws BuildException { -// -//        if ((identificationValue == null || -//                identificationValue.length() == 0 || -//                target == null || -//                target.length() == 0)) { -//            throw new BuildException("builder.00", -//                    new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" + -//                            identificationValue + ",target=" + target}); -//        } -//        String basisbegriff; -//        if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) -//            basisbegriff = identificationValue + "+" + target; -//        else -//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; -// -//        return calculatebPKwbPK(basisbegriff); -//    } -// -//    /** -//     * Builds the wbPK from the given parameters. -//     * -//     * @param identificationValue Base64 encoded "Stammzahl" -//     * @param registerAndOrdNr    type of register + "+" + number in register. -//     * @return wbPK in a BASE64 encoding -//     * @throws BuildException if an error occurs on building the wbPK -//     */ -//    private String buildWBPK(String identificationValue, String registerAndOrdNr) -//            throws BuildException { -// -//        if ((identificationValue == null || -//                identificationValue.length() == 0 || -//                registerAndOrdNr == null || -//                registerAndOrdNr.length() == 0)) { -//            throw new BuildException("builder.00", -//                    new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" + -//                            identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); -//        } -// -//        String basisbegriff; -//        if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+")) -//            basisbegriff = identificationValue + "+" + registerAndOrdNr; -//        else -//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; -// -//        return calculatebPKwbPK(basisbegriff); -//    } -// -//    private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException { -//    	if (MiscUtil.isEmpty(baseID) ||  -//    			!(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") ||  -//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") ||  -//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) { -//    		throw new BuildException("builder.00", -//                    new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget  -//    					+ " has an unkown prefix."}); -//    		 -//    	} -//    	 -//    	return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget); -//    	 -//    } -     +		      	public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {  		MiscUtil.assertNotNull(bpk, "BPK");  		MiscUtil.assertNotNull(target, "sector"); @@ -332,6 +218,48 @@ public class BPKBuilder {  		}		  	} +	 +    /** +     * Builds the storkeid from the given parameters. +     * +     * @param baseID baseID of the citizen +     * @param baseIDType Type of the baseID +     * @param sourceCountry CountryCode of that country, which build the eIDAs ID +     * @param destinationCountry CountryCode of that country, which receives the eIDAs ID +     *  +     * @return Pair<eIDAs, bPKType> in a BASE64 encoding +     * @throws BuildException if an error occurs on building the wbPK +     */ +    private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) +            throws BuildException {         +        String bPK = null; +        String bPKType = null; +         +        // check if we have been called by public sector application +        if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { +        	bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; +            Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);          +            bPK = calculatebPKwbPK(baseID + "+"  + bPKType); +             +        } else { // if not, sector identification value is already calculated by BKU +            Logger.debug("eIDAS eIdentifier already provided by BKU"); +            bPK = baseID; +        } + +        if ((MiscUtil.isEmpty(bPK) || +                MiscUtil.isEmpty(sourceCountry) || +                	MiscUtil.isEmpty(destinationCountry))) { +            throw new BuildException("builder.00", +                    new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + +                            bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); +        } +         +        Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); +        String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; +         +        return Pair.newInstance(eIdentifier, bPKType); +    } +	      private String calculatebPKwbPK(String basisbegriff) throws BuildException {      	try {              MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java index a90d71a18..a32159dd0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java @@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;  import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;  import at.gv.egovernment.moa.util.FileUtils; @@ -35,26 +36,44 @@ public class UserWhitelistStore {  	@PostConstruct  	private void initialize() {  		String whiteListUrl = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE); -		if (MiscUtil.isEmpty(whiteListUrl))  -			Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file."); +		String internalTarget = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR);		 +		if (MiscUtil.isEmpty(whiteListUrl) || MiscUtil.isEmpty(internalTarget))  +			Logger.debug("Do not initialize user whitelist. Reason: NO configuration path to CSV file or NO internal bPK target for whitelist");  		else { -			absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir()); -			try {			 -				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); +			if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_CDID)) +				internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_CDID.length());			 +			else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_WPBK)) +				internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_WPBK.length()); +			else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) +				internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_EIDAS.length()); +			else { +				Logger.warn("Sector: " + internalTarget + " is NOT supported for user whitelist."); +				Logger.info("User whitelist-store MAY NOT contains all user from whitelist"); +			} +			 +			try {				 +				absWhiteListUrl = new URL(FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir())) +											.toURI().toString().substring("file:".length());						 +				InputStream is = new FileInputStream(new File(absWhiteListUrl));  				String whiteListString = IOUtils.toString(new InputStreamReader(is));  				List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString)); +				 +				  				//remove prefix if required  				for (String bPK : preWhitelist) {  					String[] bPKSplit = bPK.split(":");  					if (bPKSplit.length == 1)  						whitelist.add(bPK); -					else if (bPKSplit.length ==2 ) -						whitelist.add(bPKSplit[1]); -					 -					else +					else if (bPKSplit.length ==2 ) { +						if (internalTarget.equals(bPKSplit[0])) +							whitelist.add(bPKSplit[1]); +						else +							Logger.info("Whitelist entry: " + bPK + " has an unsupported target. Entry will be removed ..."); +						 +					} else  						Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ...");  				} @@ -108,7 +127,7 @@ public class UserWhitelistStore {  	public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) {  		try {  			if (absWhiteListUrl != null) { -				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); +				InputStream is = new FileInputStream(new File(absWhiteListUrl));  				String whiteListString = IOUtils.toString(new InputStreamReader(is));  				if (whiteListString != null && whiteListString.contains(bPK)) {  					Logger.trace("Find user with dynamic whitelist check"); | 
