diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-08-19 15:03:42 +0200 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-08-19 15:03:42 +0200 | 
| commit | 1ab0f1d4d991464b906c34befefe2ecaf485d485 (patch) | |
| tree | e84f4deb090dda11b5fb318019b6e0bce9efc86c /id/server/idserverlib | |
| parent | 296ebbfb36ef207abe4611cb8d3727d2f86a692b (diff) | |
| download | moa-id-spss-1ab0f1d4d991464b906c34befefe2ecaf485d485.tar.gz moa-id-spss-1ab0f1d4d991464b906c34befefe2ecaf485d485.tar.bz2 moa-id-spss-1ab0f1d4d991464b906c34befefe2ecaf485d485.zip | |
add interfederation without attributequery request which use encrypted bPKs
 (this functionality is required for federation with USP)
Diffstat (limited to 'id/server/idserverlib')
21 files changed, 1058 insertions, 233 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index ddcc6e1d1..3c029f261 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -24,31 +24,35 @@ package at.gv.egovernment.moa.id.auth.builder;  import iaik.x509.X509Certificate; +import java.io.ByteArrayOutputStream;  import java.io.IOException;  import java.io.InputStream; +import java.security.PrivateKey;  import java.util.ArrayList; +import java.util.Arrays;  import java.util.Date; -import java.util.GregorianCalendar;  import java.util.List;  import javax.naming.ldap.LdapName;  import javax.naming.ldap.Rdn; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; -import org.opensaml.saml2.core.Assertion;  import org.opensaml.saml2.core.Attribute;  import org.opensaml.saml2.core.AttributeQuery; -import org.opensaml.saml2.core.AttributeStatement;  import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.core.StatusResponseType;  import org.opensaml.ws.soap.common.SOAPException;  import org.opensaml.xml.XMLObject;  import org.opensaml.xml.security.SecurityException;  import org.w3c.dom.Element;  import org.w3c.dom.Node; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; - +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; @@ -151,7 +155,6 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  				}				  			} -			  		}  		InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); @@ -295,9 +298,13 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  					throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);  				} +				 +				//create assertion attribute extractor from AttributeQuery response +				extractor = new AssertionAttributeExtractor(intfResp); +				  			}  			//parse response information to authData -			buildAuthDataFormInterfederationResponse(authdata, session, intfResp);			 +			buildAuthDataFormInterfederationResponse(authdata, session, extractor, oaParam);			  		} catch (SOAPException e) {  			throw new BuildException("builder.06", null, e); @@ -320,146 +327,242 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  		}  	} -	private static void buildAuthDataFormInterfederationResponse(AuthenticationData authData, AuthenticationSession session,  -			Response intfResp) throws BuildException, AssertionAttributeExtractorExeption { +	private static void buildAuthDataFormInterfederationResponse( +			AuthenticationData authData,  +			AuthenticationSession session,  +			AssertionAttributeExtractor extractor, +			IOAAuthParameters oaParam)  +					throws BuildException, AssertionAttributeExtractorExeption {  		Logger.debug("Build AuthData from assertion starts ...."); -		Assertion assertion = intfResp.getAssertions().get(0); +		authData.setFamilyName(extractor.getAttribute(PVPConstants.PRINCIPAL_NAME_NAME));		 +		authData.setGivenName(extractor.getAttribute(PVPConstants.GIVEN_NAME_NAME));		 +		authData.setDateOfBirth(extractor.getAttribute(PVPConstants.BIRTHDATE_NAME)); +		authData.setBPKType(extractor.getAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)); +		authData.setCcc(extractor.getAttribute(PVPConstants.EID_ISSUING_NATION_NAME));		 +		authData.setBkuURL(extractor.getAttribute(PVPConstants.EID_CCS_URL_NAME)); +		authData.setIdentificationValue(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_NAME));		 +		authData.setIdentificationType(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); -		if (assertion.getAttributeStatements().size() == 0) { -			Logger.warn("Can not build AuthData from Assertion. NO Attributes included."); -			throw new AssertionAttributeExtractorExeption("Can not build AuthData from Assertion. NO Attributes included.", null); -			 +		if (extractor.containsAttribute(PVPConstants.BPK_NAME)) { +			String pvpbPK = extractor.getAttribute(PVPConstants.BPK_NAME);				 +			authData.setBPK(pvpbPK.split(":")[1]);  		} -		AttributeStatement attrStat = assertion.getAttributeStatements().get(0); -		for (Attribute attr : attrStat.getAttributes()) { -			 -			if (attr.getName().equals(PVPConstants.PRINCIPAL_NAME_NAME)) -				authData.setFamilyName(attr.getAttributeValues().get(0).getDOM().getTextContent()); -			 -			if (attr.getName().equals(PVPConstants.GIVEN_NAME_NAME)) -				authData.setGivenName(attr.getAttributeValues().get(0).getDOM().getTextContent()); -			 -			if (attr.getName().equals(PVPConstants.BIRTHDATE_NAME)) -				authData.setDateOfBirth(attr.getAttributeValues().get(0).getDOM().getTextContent()); -			 -			if (attr.getName().equals(PVPConstants.BPK_NAME)) { -				String pvpbPK = attr.getAttributeValues().get(0).getDOM().getTextContent();				 -				authData.setBPK(pvpbPK.split(":")[1]); -			} -			 -			if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) -				authData.setBPKType(attr.getAttributeValues().get(0).getDOM().getTextContent()); -			 -			if (attr.getName().equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) -				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +   -						attr.getAttributeValues().get(0).getDOM().getTextContent()); -			 -			if (attr.getName().equals(PVPConstants.EID_ISSUING_NATION_NAME)) -				authData.setCcc(attr.getAttributeValues().get(0).getDOM().getTextContent()); +		if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) { +			List<String> encbPKList = Arrays.asList( +					extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";"));							 +			authData.setEncbPKList(encbPKList);			 +			for (String fullEncbPK : encbPKList) { +				int index = fullEncbPK.indexOf("|");								  +				if (index >= 0) { +					String encbPK = fullEncbPK.substring(index+1); +					String second = fullEncbPK.substring(0, index);					 +					int secIndex = second.indexOf("+"); +					if (secIndex >= 0) { +						if (oaParam.getTarget().equals(second.substring(secIndex+1))) { +							Logger.debug("Found encrypted bPK for online-application "  +									+ oaParam.getPublicURLPrefix() +									+ " Start decryption process ..."); +							PrivateKey privKey = oaParam.getBPKDecBpkDecryptionKey(); +							if (privKey != null) { +								try { +									String bPK = BPKBuilder.decryptBPK(encbPK, oaParam.getTarget(), privKey); +									if (MiscUtil.isNotEmpty(bPK)) { +										if (MiscUtil.isEmpty(authData.getBPK())) { +											authData.setBPK(bPK); +											authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); +											Logger.info("bPK decryption process finished successfully."); +										} +																				 +									} else { +										Logger.error("bPK decryption FAILED."); +									 +									} +								} catch (BuildException e) { +									Logger.error("bPK decryption FAILED.", e); +									 +								} +								 +							} else { +								Logger.info("bPK decryption FAILED, because no valid decryption key is found."); +								 +							}							 +							 +						} else { +							Logger.info("Found encrypted bPK but " + +									"encrypted bPK target does not match to online-application target");  +							 +						} +					}					 +				}							 +			}						 +		} +		 +		if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0) { +			Logger.error("Federated assertion include no bPK or encrypted bPK"); +			throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME +					+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME); -			if (attr.getName().equals(PVPConstants.EID_CCS_URL_NAME)) -				authData.setBkuURL(attr.getAttributeValues().get(0).getDOM().getTextContent()); +		} +		 +		if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) +			authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +   +					extractor.getAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); +		 +		if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) { +			try { +				byte[] authBlock = Base64Utils.decode(extractor.getAttribute(PVPConstants.EID_AUTH_BLOCK_NAME), false);				 +				authData.setAuthBlock(new String(authBlock, "UTF-8")); -			if (attr.getName().equals(PVPConstants.EID_AUTH_BLOCK_NAME)) { -				try { -					byte[] authBlock = Base64Utils.decode(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);				 -					authData.setAuthBlock(new String(authBlock, "UTF-8")); +			} catch (IOException e) { +				Logger.error("Received AuthBlock is not valid", e); -				} catch (IOException e) { -					Logger.error("Received AuthBlock is not valid", e); -					 -				} -			} -			 -			if (attr.getName().equals(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) { -				try { -					authData.setSignerCertificate(Base64Utils.decode( -							attr.getAttributeValues().get(0).getDOM().getTextContent(), false)); -					 -				} catch (IOException e) { -					Logger.error("Received SignerCertificate is not valid", e); -					 -				}				 -			} -			 -			if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_NAME)) -				authData.setIdentificationValue(attr.getAttributeValues().get(0).getDOM().getTextContent()); -			 -			if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)) -				authData.setIdentificationType(attr.getAttributeValues().get(0).getDOM().getTextContent()); -			 -			if (attr.getName().equals(PVPConstants.EID_IDENTITY_LINK_NAME)) { -				try { -					InputStream idlStream = Base64Utils.decodeToStream(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);				 -					IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();				 -					authData.setIdentityLink(idl); -					 -				} catch (ParseException e) { -					Logger.error("Received IdentityLink is not valid", e); -					 -				} catch (Exception e) { -					Logger.error("Received IdentityLink is not valid", e); -					 -				}  			} -							 -			if (attr.getName().equals(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)) -				authData.setMandateReferenceValue(attr.getAttributeValues().get(0).getDOM().getTextContent()); -			 -			 -			if (attr.getName().equals(PVPConstants.MANDATE_FULL_MANDATE_NAME)) { -				try { -					byte[] mandate = Base64Utils.decode( -							attr.getAttributeValues().get(0).getDOM().getTextContent(), false); -					 -					if (authData.getMISMandate() == null) -						authData.setMISMandate(new MISMandate()); -					authData.getMISMandate().setMandate(mandate); +		} +		 +		if (extractor.containsAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) { +			try { +				authData.setSignerCertificate(Base64Utils.decode( +						extractor.getAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); +				 +			} catch (IOException e) { +				Logger.error("Received SignerCertificate is not valid", e); +				 +			}				 +		} +				 +		if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) { +			try { +				InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false);				 +				IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();				 +				authData.setIdentityLink(idl); +				 +			} catch (ParseException e) { +				Logger.error("Received IdentityLink is not valid", e); +				 +			} catch (Exception e) { +				Logger.error("Received IdentityLink is not valid", e); -					authData.setUseMandate(true); -					 -				} catch (Exception e) { -					Logger.error("Received Mandate is not valid", e); -					throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME); -					 -				}				  			} -			 -			if (attr.getName().equals(PVPConstants.MANDATE_PROF_REP_OID_NAME)) { +		} +		 +		 +		// set mandate attributes +		authData.setMandateReferenceValue(extractor.getAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); +				 +		if (extractor.containsAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)) { +			try { +				byte[] mandate = Base64Utils.decode( +						(extractor.getAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); +				  				if (authData.getMISMandate() == null)  					authData.setMISMandate(new MISMandate()); -				authData.getMISMandate().setProfRep( -						attr.getAttributeValues().get(0).getDOM().getTextContent()); +				authData.getMISMandate().setMandate(mandate); +				authData.getMISMandate().setFullMandateIncluded(true);				 +				authData.setUseMandate(true); +								 +			} catch (Exception e) { +				Logger.error("Received Mandate is not valid", e); +				throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME); +				 +			}				 +		} + +		//TODO: build short mandate if full mandate is no included. +		if (authData.getMISMandate() == null &&  +				(extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)  +					|| extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME) +					|| extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)) ) { +			Logger.info("Federated assertion contains no full mandate. Start short mandate generation process ... "); +			 +			MISMandate misMandate = new MISMandate(); +			misMandate.setFullMandateIncluded(false); +			 +			Mandate mandateObject = new Mandate(); +			Mandator mandator = new Mandator(); +			mandateObject.setMandator(mandator); +			 +			//build legal person short mandate +			if (extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME) && +					extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME) && +					extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)) {				 +				CorporateBodyType legalperson = new CorporateBodyType(); +				IdentificationType legalID = new IdentificationType(); +				Value idvalue = new Value(); +				legalID.setValue(idvalue ); +				legalperson.getIdentification().add(legalID ); +				mandator.setCorporateBody(legalperson ); +				 +				legalperson.setFullName(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); +				legalID.setType(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); +				idvalue.setValue(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); +							 +			//build natural person short mandate +			} else if ( (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME) ||  +						extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME)) && +					extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME) && +					extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME) &&  +					extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME)) { +				throw new AssertionAttributeExtractorExeption("Federation with short mandates for natural persons are not supported!", null); +				 +				 +				 +			} else { +				Logger.error("Short mandate could not generated. Assertion contains not all attributes which are necessary."); +				throw new AssertionAttributeExtractorExeption("Assertion contains not all attributes which are necessary for mandate generation", null); -			} -						 -			if (attr.getName().equals(PVPConstants.EID_STORK_TOKEN_NAME)) {				 -				authData.setStorkAuthnResponse(attr.getAttributeValues().get(0).getDOM().getTextContent());				 -				authData.setForeigner(true);  			} -			if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {	 +			try { +				JAXBContext jc = JAXBContext.newInstance("at.gv.e_government.reference.namespace.mandates._20040701_"); +				Marshaller m = jc.createMarshaller(); +				ByteArrayOutputStream stream = new ByteArrayOutputStream(); +				m.marshal(mandateObject, stream);				 +				misMandate.setMandate(Base64Utils.encode(stream.toByteArray()).getBytes()); +				stream.close(); -				if (authData.getStorkAttributes() == null) -					authData.setStorkAttributes(new PersonalAttributeList());					 +			} catch (JAXBException e) { +				Logger.error("Failed to parse short mandate", e); +				throw new AssertionAttributeExtractorExeption(); +				 +			} catch (IOException e) {				 +				Logger.error("Failed to parse short mandate", e); +				throw new AssertionAttributeExtractorExeption(); -				List<String> storkAttrValues = new ArrayList<String>(); -				storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent()); -				PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),  -						false, storkAttrValues , "Available"); -				authData.getStorkAttributes().put(attr.getName(), storkAttr ); -				authData.setForeigner(true); -			} -						 +			}			 +			authData.setUseMandate(true); +			  		} + +		if (extractor.containsAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME)) { +			if (authData.getMISMandate() == null) +				authData.setMISMandate(new MISMandate()); +			authData.getMISMandate().setProfRep( +					extractor.getAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME)); +			 +		} +			 +	 +		//set STORK attributes +		if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {				 +			authData.setStorkAuthnResponse(extractor.getAttribute(PVPConstants.EID_STORK_TOKEN_NAME));				 +			authData.setForeigner(true); +			 +		} +	 +		if (!extractor.getSTORKAttributes().isEmpty()) { +			authData.setStorkAttributes(extractor.getSTORKAttributes()); +			authData.setForeigner(true); +			 +		} +				  		authData.setSsoSession(true); -		if (assertion.getConditions() != null && assertion.getConditions().getNotOnOrAfter() != null) -			authData.setSsoSessionValidTo(assertion.getConditions().getNotOnOrAfter().toDate()); +		if (extractor.getFullAssertion().getConditions() != null && extractor.getFullAssertion().getConditions().getNotOnOrAfter() != null) +			authData.setSsoSessionValidTo(extractor.getFullAssertion().getConditions().getNotOnOrAfter().toDate());  		//only for SAML1  		if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel())) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 20641ca7c..b122ba17e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -46,13 +46,27 @@  package at.gv.egovernment.moa.id.auth.builder; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.data.IdentityLink;  import at.gv.egovernment.moa.id.auth.exception.BuildException;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Base64Utils;  import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; +import java.io.UnsupportedEncodingException; +import java.security.InvalidKeyException;  import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.text.SimpleDateFormat; +import java.util.Date; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException;  /**   * Builder for the bPK, as defined in @@ -135,6 +149,58 @@ public class BPKBuilder {          }      } +	public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException { +		MiscUtil.assertNotNull(bpk, "BPK"); +		MiscUtil.assertNotNull(publicKey, "publicKey"); +		 +		SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); +		if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) +			target = target.substring((Constants.URN_PREFIX_CDID + "+").length()); +		 +		String input = "V1::urn:publicid:gv.at:cdid+" + target + "::" +		    + bpk + "::" +		    + sdf.format(new Date()); +		System.out.println(input); +		byte[] result; +		try { +			byte[] inputBytes = input.getBytes("ISO-8859-1"); +			result = encrypt(inputBytes, publicKey); +			return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", ""); +			 +		} catch (Exception e) { +			throw new BuildException("bPK encryption FAILED", null, e); +		}		 +	} + +	public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException { +		MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK"); +		MiscUtil.assertNotNull(privateKey, "Private key"); +		String decryptedString; +		try { +			byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1"); +			byte[] decryptedBytes = decrypt(encryptedBytes, privateKey); +			decryptedString = new String(decryptedBytes, "ISO-8859-1"); +			 +		} catch (Exception e) { +			throw new BuildException("bPK decryption FAILED", null, e); +		} +		String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1); +		String sector = tmp.substring(0, tmp.indexOf("::")); +		tmp = tmp.substring(tmp.indexOf("::") + 2); +		String bPK = tmp.substring(0, tmp.indexOf("::")); + +		if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) +			target = target.substring((Constants.URN_PREFIX_CDID + "+").length()); +		 +		if (target.equals(sector)) +			return bPK; +		 +		else { +			Logger.error("Decrypted bPK does not match to request bPK target."); +			return null; +		}		 +	} +          /**       * Builds the storkeid from the given parameters.       * @@ -214,6 +280,34 @@ public class BPKBuilder {              throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex);          }      } +     +	private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { +		byte[] result; +		Cipher cipher = null; +		try { +			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle +		} catch(NoSuchAlgorithmException e) { +			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider +		} +		cipher.init(Cipher.ENCRYPT_MODE, publicKey); +		result = cipher.doFinal(inputBytes); +		 +		return result; +	} + +	private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey)  +			throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{ +		byte[] result; +		Cipher cipher = null; +		try { +			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle +		} catch(NoSuchAlgorithmException e) { +			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider +		} +		cipher.init(Cipher.DECRYPT_MODE, privateKey); +		result = cipher.doFinal(encryptedBytes); +		return result; +	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java new file mode 100644 index 000000000..69802d7e6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java @@ -0,0 +1,46 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +/** + * @author tlenz + * + */ +public class DatabaseEncryptionException extends MOAIDException { + +	/** +	 *  +	 */ +	private static final long serialVersionUID = 6387519847869308880L; + +	/** +	 * @param messageId +	 * @param parameters +	 * @param wrapped +	 */ +	public DatabaseEncryptionException(String messageId, Object[] parameters, +			Throwable wrapped) { +		super(messageId, parameters, wrapped); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 6fc1d28c1..a62de27fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -961,6 +961,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {  		  return prop;    } +  /** +   * @return +   */ +  public String getMOAConfigurationEncryptionKey() { +	  String prop = props.getProperty("configuration.moaconfig.key");   +	  if (MiscUtil.isEmpty(prop)) +		  return null; +	  else +		  return prop; +  } +      public boolean isIdentityLinkResigning() {  	  String prop = props.getProperty("configuration.resignidentitylink.active", "false");  	  return Boolean.valueOf(prop); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index 6398de34f..4c6519b57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -22,6 +22,7 @@   */  package at.gv.egovernment.moa.id.config.auth; +import java.security.PrivateKey;  import java.util.List;  import java.util.Map; @@ -31,6 +32,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;  import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;  import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;  import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters;  /**   * @author tlenz @@ -149,4 +151,6 @@ public interface IOAAuthParameters {  	List<String> getTestCredentialOIDs(); +	PrivateKey getBPKDecBpkDecryptionKey(); +	  }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index f58fe2495..673d23373 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -46,11 +46,15 @@  package at.gv.egovernment.moa.id.config.auth; +import java.security.PrivateKey;  import java.util.ArrayList;  import java.util.HashMap;  import java.util.List;  import java.util.Map; +import org.apache.commons.lang.SerializationUtils; + +import at.gv.egovernment.moa.id.auth.exception.BuildException;  import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;  import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;  import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; @@ -71,6 +75,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials;  import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;  import at.gv.egovernment.moa.id.config.ConfigurationUtils;  import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; +import at.gv.egovernment.moa.id.data.EncryptedData; +import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil;  import at.gv.egovernment.moa.id.util.FormBuildUtils;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; @@ -555,4 +562,33 @@ public List<String> getTestCredentialOIDs() {  		return null;	  } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters() + */ +@Override +public PrivateKey getBPKDecBpkDecryptionKey() { + +	try {		 +		EncryptedData encdata = new EncryptedData( +			oa_auth.getEncBPKInformation().getBPKDecryption().getKeyInformation(),  +			oa_auth.getEncBPKInformation().getBPKDecryption().getIv()); +		byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata); +		BPKDecryptionParameters data =  +				(BPKDecryptionParameters) SerializationUtils.deserialize(serializedData); +		 +		return data.getPrivateKey(); +				 +	} catch (BuildException e) { +		// TODO Auto-generated catch block +		Logger.error("Can not decrypt key information for bPK decryption", e); +		 +	} catch (NullPointerException e) { +		Logger.error("No keyInformation found for bPK decryption"); +		 +	}	 +	return null; +	 +} +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java new file mode 100644 index 000000000..787a480f0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java @@ -0,0 +1,127 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.Serializable; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; + +import org.apache.commons.lang.SerializationUtils; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.KeyStoreUtils; + + +/** + * @author tlenz + * + */ +public class BPKDecryptionParameters implements Serializable{ + +	private static final long serialVersionUID = 1L; +	 +	private byte[] keyStore = null; +	private String keyStorePassword = null; +	private String keyAlias = null; +	private String keyPassword = null; +	 +	/** +	 * @return +	 */ +	public PrivateKey getPrivateKey() {		 +		try { +			InputStream in = new ByteArrayInputStream(keyStore); +			KeyStore store = KeyStoreUtils.loadKeyStore(in , keyStorePassword); +			 +		    char[] chPassword = " ".toCharArray(); +		    if (keyPassword != null) +		      chPassword = keyPassword.toCharArray(); +		     +//		    Certificate test = store.getCertificate(keyAlias); +//		    Base64Utils.encode(test.getPublicKey().getEncoded()); +		     +			return (PrivateKey) store.getKey(keyAlias, chPassword); +			 +			 +		} catch (KeyStoreException e) { +			Logger.error("Can not load private key from keystore.", e); +			 +		} catch (IOException e) { +			Logger.error("Can not load private key from keystore.", e); +			 +		} catch (UnrecoverableKeyException e) { +			Logger.error("Can not load private key from keystore.", e); + +		} catch (NoSuchAlgorithmException e) { +			Logger.error("Can not load private key from keystore.", e); +			 +		} +		 +		return null;		 +	} +	 +	public byte[] serialize() { +		return SerializationUtils.serialize(this); +		 +	} + +	/** +	 * @param keyStore the keyStore to set +	 */ +	public void setKeyStore(byte[] keyStore) { +		this.keyStore = keyStore; +	} + +	/** +	 * @param keyStorePassword the keyStorePassword to set +	 */ +	public void setKeyStorePassword(String keyStorePassword) { +		this.keyStorePassword = keyStorePassword; +	} + +	/** +	 * @param keyAlias the keyAlias to set +	 */ +	public void setKeyAlias(String keyAlias) { +		this.keyAlias = keyAlias; +	} + +	/** +	 * @param keyPassword the keyPassword to set +	 */ +	public void setKeyPassword(String keyPassword) { +		this.keyPassword = keyPassword; +	} +	 +	 +	 +	 +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index eddf605a6..7dbdcfa52 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -22,6 +22,7 @@   */  package at.gv.egovernment.moa.id.config.auth.data; +import java.security.PrivateKey;  import java.util.List;  import java.util.Map; @@ -399,6 +400,15 @@ public class DynamicOAAuthParameters implements IOAAuthParameters {  		return null;  	} +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters() +	 */ +	@Override +	public PrivateKey getBPKDecBpkDecryptionKey() { +		// TODO Auto-generated method stub +		return null; +	} +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 5685977bc..6fd327add 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -27,6 +27,7 @@ import java.text.DateFormat;  import java.text.ParseException;  import java.text.SimpleDateFormat;  import java.util.Date; +import java.util.List;  import org.w3c.dom.Element; @@ -126,7 +127,9 @@ public class AuthenticationData  implements IAuthData, Serializable {  	  private byte[] signerCertificate = null;  	  private String authBlock = null;  - +	  private List<String> encbPKList = null; +	   +	    	  private boolean useMandate = false;  	  private MISMandate mandate = null;  	  private String mandateReferenceValue = null; @@ -672,6 +675,22 @@ public class AuthenticationData  implements IAuthData, Serializable {  		this.ssoSessionValidTo = ssoSessionValidTo;  	} +	/** +	 * @return the encbPKList +	 */ +	public List<String> getEncbPKList() { +		return encbPKList; +	} + +	/** +	 * @param encbPKList the encbPKList to set +	 */ +	public void setEncbPKList(List<String> encbPKList) { +		this.encbPKList = encbPKList; +	} +	 +	 + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedbPK.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedbPK.java new file mode 100644 index 000000000..da6840fd7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedbPK.java @@ -0,0 +1,33 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +/** + * @author tlenz + * + */ +public class EncryptedbPK { +	private String vkz = null; +	private String target = null; +	private String encbPK = null; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index 7e421da0f..8ce33021d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -23,6 +23,7 @@  package at.gv.egovernment.moa.id.data;  import java.util.Date; +import java.util.List;  import org.w3c.dom.Element; @@ -62,6 +63,8 @@ public interface IAuthData {  	 String getBkuURL(); +	 List<String> getEncbPKList(); +	   	 IdentityLink getIdentityLink();  	 byte[] getSignerCertificate();  	 String getAuthBlock(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EncryptedBPKAttributeBuilder.java new file mode 100644 index 000000000..b3256ac9a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -0,0 +1,70 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { +	 +	public String getName() { +		return ENC_BPK_LIST_NAME; +	} +	 +	public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, +			IAttributeGenerator<ATT> g) throws AttributeException { + +		if (authData.getEncbPKList() != null && +				authData.getEncbPKList().size() > 0) { +			String value = authData.getEncbPKList().get(0); +			for (int i=1; i<authData.getEncbPKList().size(); i++) +				value += ";"+authData.getEncbPKList().get(i);			 +			 +			return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,  +					value); +			 +		}  +		 +		throw new UnavailableAttributeException(ENC_BPK_LIST_NAME); +		 +//		String encbpk = "XXX01234567890XXX"; +//		String type = "Bereich"; +//		String vkz = "Verfahrenskennzeichen"; +//		 +//		//TODO: implement encrypted bPK support +//		 +//		Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk); +//		 +//		return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,  +//				vkz + "+" + type + "|" + encbpk); +	} +	 +	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { +		return g.buildEmptyAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME); +	} +	 +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java index 670398ff6..790c1e8ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.data.AuthenticationData;  import at.gv.egovernment.moa.id.data.IAuthData;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Base64Utils;  import at.gv.egovernment.moa.util.DOMUtils; @@ -44,7 +45,9 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder  	public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,  			IAttributeGenerator<ATT> g) throws AttributeException {  		if (authData.isUseMandate()) { -			if (authData.getMandate() != null) { +			//only provide full mandate if it is included.  +			//In case of federation only a short mandate could be include  +			if (authData.getMandate() != null && authData.getMISMandate().isFullMandateIncluded()) {  				String fullMandate;  				try {  					fullMandate = DOMUtils.serializeNode(authData @@ -57,6 +60,8 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder  					Logger.error("Failed to generate Full Mandate", e);  				}  			} +			throw new NoMandateDataAttributeException(); +			  		}  		return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index 9aadfdc28..1c12e7398 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -22,16 +22,25 @@   *******************************************************************************/  package at.gv.egovernment.moa.id.protocols.pvp2x.utils; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap;  import java.util.List; +import java.util.Map;  import org.opensaml.saml2.core.Assertion;  import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement;  import org.opensaml.saml2.core.AuthnContextClassRef;  import org.opensaml.saml2.core.AuthnStatement;  import org.opensaml.saml2.core.Response;  import org.opensaml.saml2.core.StatusResponseType;  import org.opensaml.saml2.core.Subject; +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; @@ -39,6 +48,14 @@ import at.gv.egovernment.moa.util.MiscUtil;  public class AssertionAttributeExtractor {  	private Assertion assertion = null; +	private Map<String, String> attributs = new HashMap<String, String>(); +	private PersonalAttributeList storkAttributes = new PersonalAttributeList(); +		 +	private final List<String> minimalAttributeNameList = Arrays.asList( +			PVPConstants.PRINCIPAL_NAME_NAME,  +			PVPConstants.GIVEN_NAME_NAME, +			PVPConstants.BIRTHDATE_NAME); +	  	public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {  		if (samlResponse != null && samlResponse instanceof Response) { @@ -49,24 +66,80 @@ public class AssertionAttributeExtractor {  			else if (assertions.size() > 1)  				Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used."); -			assertion = assertions.get(0);			 -					 +			assertion = assertions.get(0); + +			if (assertion.getAttributeStatements() != null && +					assertion.getAttributeStatements().size() > 0) { +				AttributeStatement attrStat = assertion.getAttributeStatements().get(0); +				for (Attribute attr : attrStat.getAttributes()) { +					if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {							 +						List<String> storkAttrValues = new ArrayList<String>(); +						storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent()); +						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),  +								false, storkAttrValues , "Available"); +						storkAttributes.put(attr.getName(), storkAttr ); +						 +					} else 					 +						attributs.put(attr.getName(), attr.getAttributeValues().get(0).getDOM().getTextContent()); +			} +				 +			} +			 +			attributs.put(PVPConstants.ENC_BPK_LIST_NAME, "Test+BF|sKWq790t2mn1Uw7xTMQTu1LNYD1xbhjOpZ7/dO+zvzSZB8eClH0HIoH71YLxktykMor268y0IEG7UgLfs9Zviy/naprdeRhJxgxCFpQJdIlqc1qv4ll8q7Z55Qhge1he8ZYibqylaa7GSOXeoEBcto5LeWd0e6QnI4JgFqwalZlTVY0+2xH2G3cAMX0OGIw5bqqrjL+wl0DztDD610I4oxTtxPzvIX8Jk9wg0Of2RvDfxxj+SSibNS+8+/QOavrQ+iaghOxtPzZQWvW26O1BrFenszCn5J/IrrylKIK6kAi/raBzVnzgKlgmNhaqYZIKeP1Urc2wgXMJGov1R9P6tw=="); +			  		} else   			throw new AssertionAttributeExtractorExeption();		  	} +	/** +	 * check attributes from assertion with minimal required attribute list +	 * @return +	 */  	public boolean containsAllRequiredAttributes() { -		//TODO: add default attribute list -		return containsAllRequiredAttributes(null); +		return containsAllRequiredAttributes(minimalAttributeNameList);  	} -	public boolean containsAllRequiredAttributes(List<Attribute> attributs) {		 -		//TODO: add validation		 +	/** +	 * check attributes from assertion with attributeNameList +	 * bPK or enc_bPK is always needed +	 *  +	 * @param List of attributes which are required +	 *  +	 * @return +	 */ +	public boolean containsAllRequiredAttributes(List<String> attributeNameList) {		 +		 +		//first check if a bPK or an encrypted bPK is available +		if (attributs.containsKey(PVPConstants.ENC_BPK_LIST_NAME) ||  +				(attributs.containsKey(PVPConstants.BPK_NAME) && attributs.containsKey(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME))) { +			boolean flag = true; +			for (String attr : attributeNameList) { +				if (!attributs.containsKey(attr)) +					flag = false; +			} +			 +			return flag; +			 +		}			  		return false;  	} +	public boolean containsAttribute(String attributeName) { +		return attributs.containsKey(attributeName); +		 +	} +	 +	public String getAttribute(String attributeName) { +		return attributs.get(attributeName); +		 +	} +	 +	public PersonalAttributeList getSTORKAttributes() { +		return storkAttributes; +	} +	  	public String getNameID() throws AssertionAttributeExtractorExeption {		  		if (assertion.getSubject() != null) { @@ -113,6 +186,10 @@ public class AssertionAttributeExtractor {  		throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");		  	} +	public Assertion getFullAssertion() { +		return assertion; +	} +	  	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {  		List<AuthnStatement> authnList = assertion.getAuthnStatements();  		if (authnList.size() == 0) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 08f40f888..fe0d27804 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -208,7 +208,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {  			if (authData.isUseMandate()) {  				List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); -				if (saml1parameter.isProvideFullMandatorData()) { +				//only provide full mandate if it is included.  +				//In case of federation only a short mandate could be include  +				if (saml1parameter.isProvideFullMandatorData()  +						&& authData.getMISMandate().isFullMandateIncluded()) {  					try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 350c4e9da..a9f5ed60a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -898,7 +898,7 @@ public class AuthenticationSessionStoreage {  	private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException {  		byte[] serialized = SerializationUtils.serialize(session); -		EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized); +		EncryptedData encdata = SessionEncrytionUtil.getInstance().encrypt(serialized);  		dbsession.setSession(encdata.getEncData());  		dbsession.setIv(encdata.getIv());  	} @@ -906,7 +906,7 @@ public class AuthenticationSessionStoreage {  	private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException {  		EncryptedData encdata = new EncryptedData(dbsession.getSession(),  				dbsession.getIv()); -		byte[] decrypted = SessionEncrytionUtil.decrypt(encdata); +		byte[] decrypted = SessionEncrytionUtil.getInstance().decrypt(encdata);  		return (AuthenticationSession) SerializationUtils.deserialize(decrypted); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java new file mode 100644 index 000000000..f246c55e1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -0,0 +1,157 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.util; + +import iaik.security.cipher.PBEKey; +import iaik.security.spec.PBEKeyAndParameterSpec; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.SecureRandom; +import java.security.spec.InvalidKeySpecException; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + + +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.data.EncryptedData; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public abstract class AbstractEncrytionUtil { +	protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding"; +	protected static final String KEYNAME = "AES"; + +	private SecretKey secret = null; +	 +	public AbstractEncrytionUtil() throws DatabaseEncryptionException { +		initialize(getKey(), getSalt()); +	} +	 +	protected abstract String getSalt(); +	protected abstract String getKey(); + +	protected void initialize(String key, String salt) throws DatabaseEncryptionException { +		try { +			if (MiscUtil.isNotEmpty(key)) {			 +				if (MiscUtil.isEmpty(salt)) +					salt = "TestSalt"; +			 +				PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray()); +				SecretKeyFactory factory = SecretKeyFactory.getInstance("PKCS#5", "IAIK"); +				PBEKey pbeKey = (PBEKey)factory.generateSecret(keySpec); +							 +				SecureRandom random = new SecureRandom(); +				KeyGenerator pbkdf2 = KeyGenerator.getInstance("PBKDF2", "IAIK"); +				 +				PBEKeyAndParameterSpec parameterSpec = +						   new PBEKeyAndParameterSpec(pbeKey.getEncoded(), +								   					  salt.getBytes(), +						                              2000, +						                              16); +					 +				pbkdf2.init(parameterSpec, random); +				SecretKey derivedKey = pbkdf2.generateKey(); +				 +				SecretKeySpec spec = new SecretKeySpec(derivedKey.getEncoded(), KEYNAME); +				SecretKeyFactory kf = SecretKeyFactory.getInstance(KEYNAME, "IAIK"); +				secret = kf.generateSecret(spec); +				 +			} else { +				Logger.error("Database encryption can not initialized. No key found!"); +				 +			} +						 +		} catch (NoSuchAlgorithmException e) { +			Logger.error("Database encryption can not initialized", e); +			throw new DatabaseEncryptionException("Database encryption can not initialized", null, e); + +		} catch (NoSuchProviderException e) { +			Logger.error("Database encryption can not initialized", e); +			throw new DatabaseEncryptionException("Database encryption can not initialized", null, e); +			 +		} catch (InvalidKeySpecException e) { +			Logger.error("Database encryption can not initialized", e); +			throw new DatabaseEncryptionException("Database encryption can not initialized", null, e); +			 +		} catch (InvalidAlgorithmParameterException e) { +			Logger.error("Database encryption can not initialized", e); +			throw new DatabaseEncryptionException("Database encryption can not initialized", null, e); +			 +		}		 +	} +	 +	public EncryptedData encrypt(byte[] data) throws BuildException { +		Cipher cipher; +		 +		if (secret != null) { +			try { +				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); +			    cipher.init(Cipher.ENCRYPT_MODE, secret); +				 +			    Logger.debug("Encrypt MOASession"); +			     +			    byte[] encdata = cipher.doFinal(data); +			    byte[] iv = cipher.getIV(); +			     +			    return new EncryptedData(encdata, iv); +			     +			} catch (Exception e) { +				Logger.warn("MOASession is not encrypted",e); +				throw new BuildException("MOASession is not encrypted", new Object[]{}, e); +			} +		} else +			return new EncryptedData(data, null); +	} +	 +	public byte[] decrypt(EncryptedData data) throws BuildException { +		Cipher cipher; +		 +		if (secret != null) { +			try { +				IvParameterSpec iv = new IvParameterSpec(data.getIv()); +				 +				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); +			    cipher.init(Cipher.DECRYPT_MODE, secret, iv); +				 +			    Logger.debug("Decrypt MOASession"); +			    return cipher.doFinal(data.getEncData()); +			     +			} catch (Exception e) { +				Logger.warn("MOASession is not decrypted",e); +				throw new BuildException("MOASession is not decrypted", new Object[]{}, e); +			} +		} else +		return data.getEncData(); +	} +	 +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java new file mode 100644 index 000000000..10221604c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java @@ -0,0 +1,71 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.util; + +import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; + +public class ConfigurationEncrytionUtil extends AbstractEncrytionUtil { +	 +	private static ConfigurationEncrytionUtil instance = null;	 +	private static String key = null; +	 +	public static ConfigurationEncrytionUtil getInstance() { +		if (instance == null) { +			try { +				key = AuthConfigurationProvider.getInstance().getMOAConfigurationEncryptionKey();			 +				instance =  new ConfigurationEncrytionUtil(); +								 +			} catch (Exception e) { +				Logger.warn("MOAConfiguration encryption initialization FAILED.", e); +				 +			}					 +		} +		return instance; +	} + +	/** +	 * @throws DatabaseEncryptionException +	 */ +	private ConfigurationEncrytionUtil() throws DatabaseEncryptionException { +		super(); +	} +	 +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt() +	 */ +	@Override +	protected String getSalt() { +		return "Configuration-Salt"; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey() +	 */ +	@Override +	protected String getKey() { +		return key; +	} +	 +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java index acc2a7273..8660f7c09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java @@ -22,110 +22,50 @@   *******************************************************************************/  package at.gv.egovernment.moa.id.util; -import iaik.security.cipher.PBEKey; -import iaik.security.spec.PBEKeyAndParameterSpec; - -import java.security.SecureRandom; -import java.security.spec.KeySpec; - -import javax.crypto.Cipher; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; - -import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.data.EncryptedData;  import at.gv.egovernment.moa.logging.Logger; -public class SessionEncrytionUtil { - -	private static final String CIPHER_MODE = "AES/CBC/PKCS5Padding"; -	private static final String KEYNAME = "AES"; -	 -	static private SecretKey secret = null; +public class SessionEncrytionUtil extends AbstractEncrytionUtil { -	static { -		try { -			String key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey(); -			 -			if (key != null) { - -					PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray()); -					SecretKeyFactory factory = SecretKeyFactory.getInstance("PKCS#5", "IAIK"); -					PBEKey pbeKey = (PBEKey)factory.generateSecret(keySpec); -					 -					 -					SecureRandom random = new SecureRandom(); -					KeyGenerator pbkdf2 = KeyGenerator.getInstance("PBKDF2", "IAIK"); -					 -					PBEKeyAndParameterSpec parameterSpec = -							   new PBEKeyAndParameterSpec(pbeKey.getEncoded(), -									   					  "TestSALT".getBytes(), -							                              2000, -							                              16); -						 -					pbkdf2.init(parameterSpec, random); -					SecretKey derivedKey = pbkdf2.generateKey(); -					 -					SecretKeySpec spec = new SecretKeySpec(derivedKey.getEncoded(), KEYNAME); -					SecretKeyFactory kf = SecretKeyFactory.getInstance(KEYNAME, "IAIK"); -					secret = kf.generateSecret(spec); -					 -			} else { -				Logger.warn("MOASession encryption is deaktivated."); -			} -			 -		} catch (Exception e) { -			Logger.warn("MOASession encryption can not be inizialized.", e); -		} -		 -	} +	private static SessionEncrytionUtil instance = null;	 +	private static String key = null; -	public static EncryptedData encrypt(byte[] data) throws BuildException { -		Cipher cipher; -		 -		if (secret != null) { +	public static SessionEncrytionUtil getInstance() { +		if (instance == null) {  			try { -				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); -			    cipher.init(Cipher.ENCRYPT_MODE, secret); -				 -			    Logger.debug("Encrypt MOASession"); -			     -			    byte[] encdata = cipher.doFinal(data); -			    byte[] iv = cipher.getIV(); -			     -			    return new EncryptedData(encdata, iv); -			     +				key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey();			 +				instance =  new SessionEncrytionUtil(); +								  			} catch (Exception e) { -				Logger.warn("MOASession is not encrypted",e); -				throw new BuildException("MOASession is not encrypted", new Object[]{}, e); -			} -		} else -			return new EncryptedData(data, null); +				Logger.warn("MOASession encryption can not be inizialized.", e); +				 +			}					 +		} +		return instance; +	} + +	/** +	 * @throws DatabaseEncryptionException +	 */ +	private SessionEncrytionUtil() throws DatabaseEncryptionException { +		super();  	} -	public static byte[] decrypt(EncryptedData data) throws BuildException { -		Cipher cipher; -		 -		if (secret != null) { -			try { -				IvParameterSpec iv = new IvParameterSpec(data.getIv()); -				 -				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK"); -			    cipher.init(Cipher.DECRYPT_MODE, secret, iv); -				 -			    Logger.debug("Decrypt MOASession"); -			    return cipher.doFinal(data.getEncData()); -			     -			} catch (Exception e) { -				Logger.warn("MOASession is not decrypted",e); -				throw new BuildException("MOASession is not decrypted", new Object[]{}, e); -			} -		} else -		return data.getEncData(); +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt() +	 */ +	@Override +	protected String getSalt() { +		return "Session-Salt";  	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey() +	 */ +	@Override +	protected String getKey() { +		return key; +	} +	  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index f7785d2c2..20cabaf4d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -70,6 +70,7 @@ public class MISMandate implements Serializable{  	private String oid = null;
  	private byte[] mandate = null;
  	private String owBPK = null;
 +	private boolean isFullMandateIncluded = false;
  	public String getProfRep() {
    	return oid;
 @@ -109,5 +110,18 @@ public class MISMandate implements Serializable{  		}
  	}
 +	/**
 +	 * @return the isFullMandateIncluded
 +	 */
 +	public boolean isFullMandateIncluded() {
 +		return isFullMandateIncluded;
 +	}
 +	/**
 +	 * @param isFullMandateIncluded the isFullMandateIncluded to set
 +	 */
 +	public void setFullMandateIncluded(boolean isFullMandateIncluded) {
 +		this.isFullMandateIncluded = isFullMandateIncluded;
 +	}
 +	
  }
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index aaf793987..15b2a89b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -145,6 +145,8 @@ public class MISSimpleClient {  				//misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate)));
  				misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate).getBytes()));
 +				misMandate.setFullMandateIncluded(true);
 +				
  				foundMandates.add(misMandate);
  			}
  			return foundMandates;
 | 
