aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2021-12-20 15:54:56 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2021-12-20 15:54:56 +0100
commit506ab3232b2c237a1d83c9e970dccdb9445d5d81 (patch)
tree3c94a1a8b4849bdcdbe56d12d0dd7b2e964b234f /id/server/idserverlib
parentfc0385dbeee71f1ce18783ef1c7a4d06288fdb0d (diff)
parent600369d4ffa753716a9572824de7a96a04cb05a7 (diff)
downloadmoa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.tar.gz
moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.tar.bz2
moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.zip
Merge branch 'master' of gitlab.iaik.tugraz.at:egiz/moa-idspssHEADmaster
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/pom.xml30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java7
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java34
5 files changed, 82 insertions, 44 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 28d0b3f68..995d15476 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<groupId>MOA.id.server</groupId>
@@ -228,6 +228,10 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ </dependency>
<!-- <dependency>
<groupId>MOA</groupId>
@@ -287,6 +291,10 @@
<artifactId>bcprov-jdk15on</artifactId>
<groupId>org.bouncycastle</groupId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -321,7 +329,17 @@
<type>test-jar</type>
<classifier>tests</classifier>
<version>1.0.0</version>
- <scope>test</scope>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- <dependency>
<groupId>org.opensaml</groupId>
@@ -495,13 +513,13 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
- <version>2.9.0</version>
+ <version>2.11.1</version>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<!-- version>3.0.1</version -->
- <version>3.3.0</version>
+ <version>3.7.1</version>
</dependency>
<!-- <dependency>
@@ -694,8 +712,8 @@
<artifactId>maven-compiler-plugin</artifactId>
<version>3.6.1</version>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index b0f452861..baf4349e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -77,10 +77,10 @@ public class MOAIDAuthInitializer {
System.setProperty(
"https.cipherSuites",
//high secure RSA bases ciphers
- ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
- ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
- ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
- ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
//high secure ECC bases ciphers
",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index 8fdf1eab8..1bf240589 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
@@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil {
}
}
- public EncryptedData encrypt(byte[] data) throws BuildException {
- Cipher cipher;
-
+ public EncryptedData encrypt(byte[] data) throws BuildException {
if (secret != null) {
- try {
- final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
-
-// final byte[] nonce = new byte[GCM_NONCE_LENGTH];
-// SecureRandom.getInstanceStrong().nextBytes(nonce);
-
- GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
-
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
-
- Logger.debug("Encrypt MOASession");
-
- byte[] encdata = cipher.doFinal(data);
- byte[] iv = cipher.getIV();
-
- return new EncryptedData(encdata, iv);
+ try {
+ final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+ final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+ final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+ cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
+
+ final byte[] encdata = cipher.doFinal(data);
+ final byte[] iv = cipher.getIV();
+ Logger.trace("Encrypt MOASession");
+ return new EncryptedData(encdata, iv);
} catch (Exception e) {
Logger.warn("MOASession is not encrypted",e);
@@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil {
}
public byte[] decrypt(EncryptedData data) throws BuildException {
- Cipher cipher;
if (secret != null) {
- try {
- IvParameterSpec iv = new IvParameterSpec(data.getIv());
-
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.DECRYPT_MODE, secret, iv);
-
- Logger.debug("Decrypt MOASession");
- return cipher.doFinal(data.getEncData());
+ try {
+ final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+ final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv());
+ cipher.init(Cipher.DECRYPT_MODE, secret, iv);
+ Logger.trace("Decrypt MOASession");
+ return cipher.doFinal(data.getEncData());
} catch (Exception e) {
Logger.warn("MOASession is not decrypted",e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
index 498f8408b..d4a6ee786 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -32,14 +32,15 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil {
private static String key = null;
public static SessionEncrytionUtil getInstance() {
- if (instance == null) {
+ if (instance == null) {
try {
key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey();
- instance = new SessionEncrytionUtil();
+ instance = new SessionEncrytionUtil();
} catch (Exception e) {
Logger.warn("MOASession encryption can not be inizialized.", e);
-
+ throw new RuntimeException("MOASession encryption can not be inizialized.", e);
+
}
}
return instance;
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 645cb601f..a3a717072 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -1,9 +1,12 @@
package at.gv.egovernment.moa.id.config.auth.data;
+import static org.junit.Assert.assertEquals;
+
import java.io.ByteArrayInputStream;
import java.util.Arrays;
import java.util.List;
+import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
@@ -13,6 +16,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
@@ -153,6 +158,33 @@ public class AuthenticationDataBuilderTest {
}
+ @Test
+ public void genericDataTransfer() throws Exception {
+ TestRequestImpl pendingReq = new TestRequestImpl();
+ DummyOAConfig oaParam = new DummyOAConfig();
+ oaParam.setHasBaseIdTransferRestriction(false);
+ oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH");
+ oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a"));
+ pendingReq.setSpConfig(oaParam);
+
+ final AuthenticationSessionWrapper session = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+ session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink());
+
+ // set random data to transfer
+ String key = RandomStringUtils.randomAlphabetic(5);
+ String value = RandomStringUtils.randomAlphabetic(5);
+ session.setGenericDataToSession(key, value);
+
+
+ // execute test
+ IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);
+
+
+ assertEquals("generic data-transfer failed", value, authData.getGenericData(key, String.class));
+
+ }
+
@Test
public void buildAuthDataWithIDLOnly_1() throws Exception {
@@ -166,7 +198,7 @@ public class AuthenticationDataBuilderTest {
IAuthenticationSession session = new DummyAuthSession();
session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink());
pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession());
-
+
IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);