Merge branch 'master' of gitlab.iaik.tugraz.at:egiz/moa-idspssHEAD master

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2021-12-20 15:54:56 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2021-12-20 15:54:56 +0100
commit: 506ab3232b2c237a1d83c9e970dccdb9445d5d81 (patch)
tree: 3c94a1a8b4849bdcdbe56d12d0dd7b2e964b234f /id/server/idserverlib
parent: fc0385dbeee71f1ce18783ef1c7a4d06288fdb0d (diff)
parent: 600369d4ffa753716a9572824de7a96a04cb05a7 (diff)
download: moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.tar.gz
moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.tar.bz2
moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.zip
5 files changed, 82 insertions, 44 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 28d0b3f68..995d15476 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>4.1.5</version>
+		<version>4.2.0</version>
 	</parent>
 
 	<groupId>MOA.id.server</groupId>
@@ -228,6 +228,10 @@
 			<artifactId>junit</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+    		<groupId>commons-beanutils</groupId>
+    		<artifactId>commons-beanutils</artifactId>
+		</dependency>		
 		
 <!-- 		<dependency>
 			<groupId>MOA</groupId>
@@ -287,6 +291,10 @@
 					<artifactId>bcprov-jdk15on</artifactId>
 					<groupId>org.bouncycastle</groupId>
 				</exclusion>
+				<exclusion>
+					<groupId>log4j</groupId>
+					<artifactId>log4j</artifactId>
+				</exclusion>
   			</exclusions>
   		</dependency>
 		<dependency>
@@ -321,7 +329,17 @@
   			<type>test-jar</type>
   			<classifier>tests</classifier>
   			<version>1.0.0</version>
-  			<scope>test</scope>  
+  			<scope>test</scope>
+  			<exclusions>
+  				<exclusion>
+  					<groupId>log4j</groupId>
+  					<artifactId>log4j</artifactId>
+  				</exclusion>
+  				<exclusion>
+  					<groupId>org.slf4j</groupId>
+  					<artifactId>slf4j-log4j12</artifactId>
+  				</exclusion>
+  			</exclusions>
 		</dependency>						
 <!-- 		<dependency>
   			<groupId>org.opensaml</groupId>
@@ -495,13 +513,13 @@
 	    <dependency>
 	    	<groupId>org.apache.commons</groupId>
 	    	<artifactId>commons-pool2</artifactId>
-	    	<version>2.9.0</version>
+	    	<version>2.11.1</version>
 	    </dependency>
 	    <dependency>
 	    	<groupId>redis.clients</groupId>
 	    	<artifactId>jedis</artifactId>
 	    	<!-- version>3.0.1</version -->
-	    	<version>3.3.0</version>
+	    	<version>3.7.1</version>
 	    </dependency>
 	
 <!-- 	    <dependency>
@@ -694,8 +712,8 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.6.1</version>
                 <configuration>
-                    <source>1.7</source>
-                    <target>1.7</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                     <encoding>UTF-8</encoding>
                 </configuration>
             </plugin>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index b0f452861..baf4349e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -77,10 +77,10 @@ public class MOAIDAuthInitializer {
         	System.setProperty(
         			"https.cipherSuites",
         					//high secure RSA bases ciphers
-							",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
-							",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
-							",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
-        					",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+							    "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+							    ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+							    ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+        				  ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
 							
         					//high secure ECC bases ciphers
         					",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index 8fdf1eab8..1bf240589 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
@@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil {
 		}		
 	}
 	
-	public EncryptedData encrypt(byte[] data) throws BuildException {
-		Cipher cipher;
-		
+	public EncryptedData encrypt(byte[] data) throws BuildException {		
 		if (secret != null) {
-			try {
-				final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
-				
-//				final byte[] nonce = new byte[GCM_NONCE_LENGTH];				
-//				SecureRandom.getInstanceStrong().nextBytes(nonce);
-		        
-				GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
-		        
-				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");				
-			    cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
-				
-			    Logger.debug("Encrypt MOASession");
-			    
-			    byte[] encdata = cipher.doFinal(data);
-			    byte[] iv = cipher.getIV();
-			    
-			    return new EncryptedData(encdata, iv);
+			try {				
+	      final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+	      final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+	      final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+	      cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
+			  
+	      final byte[] encdata = cipher.doFinal(data);
+	      final byte[] iv = cipher.getIV();	      				
+			  Logger.trace("Encrypt MOASession");			   
+			  return new EncryptedData(encdata, iv);
 			    
 			} catch (Exception e) {
 				Logger.warn("MOASession is not encrypted",e);
@@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil {
 	}
 	
 	public byte[] decrypt(EncryptedData data) throws BuildException {
-		Cipher cipher;
 		
 		if (secret != null) {
-			try {
-				IvParameterSpec iv = new IvParameterSpec(data.getIv());
-				
-				cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
-			    cipher.init(Cipher.DECRYPT_MODE, secret, iv);
-				
-			    Logger.debug("Decrypt MOASession");
-			    return cipher.doFinal(data.getEncData());
+			try {			    			    
+			    final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+			    final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv());
+		      cipher.init(Cipher.DECRYPT_MODE, secret, iv);
+		      Logger.trace("Decrypt MOASession");
+		      return cipher.doFinal(data.getEncData());
 			    
 			} catch (Exception e) {
 				Logger.warn("MOASession is not decrypted",e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
index 498f8408b..d4a6ee786 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -32,14 +32,15 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil {
 	private static String key = null;
 	
 	public static SessionEncrytionUtil getInstance() {
-		if (instance == null) {
+		if (instance == null) {		  		  
 			try {
 				key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey();			
-				instance =  new SessionEncrytionUtil();
+				instance =  new SessionEncrytionUtil();	
 								
 			} catch (Exception e) {
 				Logger.warn("MOASession encryption can not be inizialized.", e);
-				
+				throw new RuntimeException("MOASession encryption can not be inizialized.", e);
+								
 			}					
 		}
 		return instance;
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 645cb601f..a3a717072 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -1,9 +1,12 @@
 package at.gv.egovernment.moa.id.config.auth.data;
 
+import static org.junit.Assert.assertEquals;
+
 import java.io.ByteArrayInputStream;
 import java.util.Arrays;
 import java.util.List;
 
+import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -13,6 +16,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
@@ -153,6 +158,33 @@ public class AuthenticationDataBuilderTest {
 		
 	}  
 	  
+	@Test
+	public void genericDataTransfer() throws Exception {	  
+	   TestRequestImpl pendingReq = new TestRequestImpl();
+	   DummyOAConfig oaParam = new DummyOAConfig();
+	   oaParam.setHasBaseIdTransferRestriction(false);
+	   oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH");
+	   oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a"));
+	   pendingReq.setSpConfig(oaParam);
+	  
+	   final AuthenticationSessionWrapper session = pendingReq.getSessionData(
+         AuthenticationSessionWrapper.class);
+	   session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink());
+	   
+	   // set random data to transfer
+	   String key = RandomStringUtils.randomAlphabetic(5);
+	   String value = RandomStringUtils.randomAlphabetic(5);
+     session.setGenericDataToSession(key, value);
+	   
+     
+     // execute test
+     IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);
+     
+	   
+     assertEquals("generic data-transfer failed", value, authData.getGenericData(key, String.class));
+     
+	}
+	
 	  
 	@Test
 	public void buildAuthDataWithIDLOnly_1() throws Exception {
@@ -166,7 +198,7 @@ public class AuthenticationDataBuilderTest {
 		IAuthenticationSession session = new DummyAuthSession();
 		session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink());
 		pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession());
-		
+				
 		
 		IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2021-12-20 15:54:56 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2021-12-20 15:54:56 +0100
commit	506ab3232b2c237a1d83c9e970dccdb9445d5d81 (patch)
tree	3c94a1a8b4849bdcdbe56d12d0dd7b2e964b234f /id/server/idserverlib
parent	fc0385dbeee71f1ce18783ef1c7a4d06288fdb0d (diff)
parent	600369d4ffa753716a9572824de7a96a04cb05a7 (diff)
download	moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.tar.gz moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.tar.bz2 moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.zip