aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-06-12 06:25:41 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-06-12 06:25:41 +0200
commitb53d2f387282b731ea72806ec7d410a1c27a878d (patch)
tree636ba240e98107d44dedab8c0b9453b057cfcb8d /id/server/idserverlib
parent23201ce112d9aa132783f984e0765c0cacca95a5 (diff)
downloadmoa-id-spss-b53d2f387282b731ea72806ec7d410a1c27a878d.tar.gz
moa-id-spss-b53d2f387282b731ea72806ec7d410a1c27a878d.tar.bz2
moa-id-spss-b53d2f387282b731ea72806ec7d410a1c27a878d.zip
add foreign bPK generation into AuthenticationDataBuilder
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java87
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java2
7 files changed, 128 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index b93de5119..91159ad4e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -30,9 +30,13 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
+import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import javax.annotation.PostConstruct;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
@@ -102,12 +106,32 @@ import iaik.x509.X509Certificate;
@Service("AuthenticationDataBuilder")
public class AuthenticationDataBuilder extends MOAIDAuthConstants {
+ private static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey";
+
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected AuthConfiguration authConfig;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+ private Map<String, X509Certificate> encKeyMap = new HashMap<String, X509Certificate>();
+
+ @PostConstruct
+ private void initialize() {
+ Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
+ for (Entry<String, String> el : pubKeyMap.entrySet()) {
+ try {
+ encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false)));
+ Logger.info("Load foreign bPK encryption certificate for sector: " + el.getKey());
+
+ } catch (Exception e) {
+ Logger.warn("Can NOT load foreign bPK encryption certificate for sector: \" + el.getKey()", e);
+
+ }
+
+ }
+ }
+
public IAuthData buildAuthenticationData(IRequest pendingReq,
IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
@@ -648,7 +672,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found");
- //set bPK and IdenityLink for all other
+ //set bPK and IdentityLink for all other
} else {
//build bPK
String pvpbPKValue = getbPKValueFromPVPAttribute(session);
@@ -724,7 +748,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
}
-
+
+ //build foreign bPKs
+ generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested());
+
+
//build IdentityLink
if (identityLink != null)
authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType()));
@@ -810,6 +838,61 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
+ private void generateForeignbPK(AuthenticationData authData, List<String> foreignSectors) {
+ if (foreignSectors != null && !foreignSectors.isEmpty()) {
+ Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");
+ for (String foreignSector : foreignSectors) {
+ Logger.trace("Process sector: " + foreignSector + " ... ");
+ if (encKeyMap.containsKey(foreignSector)) {
+ try {
+ String sector = null;
+ //splitt sector into VKZ and target
+ if (foreignSector.startsWith("wbpk")) {
+ Logger.trace("Find foreign private sector " + foreignSector);
+ sector = Constants.URN_PREFIX + ":" + foreignSector;
+
+ } else {
+ String[] split = foreignSector.split("+");
+ if (split.length != 2) {
+ Logger.warn("Foreign sector: " + foreignSector + " looks WRONG. IGNORE IT!");
+
+ } else {
+ Logger.trace("Find foreign public sector. VKZ: " + split[0] + " Target: " + split[1]);
+ sector = Constants.URN_PREFIX_CDID + "+" + split[1];
+
+ }
+
+ }
+
+ if (sector != null) {
+ Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ authData.getIdentificationValue(),
+ authData.getIdentificationType(),
+ sector);
+ String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());
+ authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")");
+ Logger.debug("Foreign bPK for sector: " + foreignSector + " created.");
+
+ }
+
+ } catch (Exception e) {
+ Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e);
+
+ }
+
+ } else {
+ Logger.info("NO encryption cerfificate FOUND in configuration for sector: " + foreignSector);
+ Logger.info("Foreign bPK for sector: " + foreignSector + " is NOT possible");
+
+ }
+ }
+
+ } else
+ Logger.debug("No foreign bPKs required for this service provider");
+
+ }
+
+
/**
* Check a bPK-Type against a Service-Provider configuration <br>
* If bPK-Type is <code>null</code> the result is <code>false</code>.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index a7f6e873f..04df32309 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -266,16 +266,21 @@ public class BPKBuilder {
public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
MiscUtil.assertNotNull(bpk, "BPK");
+ MiscUtil.assertNotNull(target, "sector");
MiscUtil.assertNotNull(publicKey, "publicKey");
-
+
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
- if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
- target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
- String input = "V1::urn:publicid:gv.at:cdid+" + target + "::"
+ if (!target.startsWith(Constants.URN_PREFIX)) {
+ throw new BuildException("bPK encryption FAILED. bPK target does NOT starts with a valid prefix", null);
+
+ }
+
+ String input = "V1::"
+ + target + "::"
+ bpk + "::"
+ sdf.format(new Date());
- System.out.println(input);
+ Logger.trace("Foreign bPK: " + input);
byte[] result;
try {
byte[] inputBytes = input.getBytes("ISO-8859-1");
@@ -287,6 +292,17 @@ public class BPKBuilder {
}
}
+
+ /**
+ * Currently only works for bPKs!!!!
+ *
+ *
+ * @param encryptedBpk
+ * @param target
+ * @param privateKey
+ * @return
+ * @throws BuildException
+ */
public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException {
MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK");
MiscUtil.assertNotNull(privateKey, "Private key");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 0fba2d3f6..3a0a002e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -209,7 +209,7 @@ public class VerifyXMLSignatureResponseParser {
String signingTimeElement = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNING_TIME_XPATH,"");
if (MiscUtil.isNotEmpty(signingTimeElement)) {
- DateTime datetime = ISODateTimeFormat.dateTimeNoMillis().parseDateTime(signingTimeElement);
+ DateTime datetime = ISODateTimeFormat.dateOptionalTimeParser().parseDateTime(signingTimeElement);
respData.setSigningDateTime(datetime.toDate());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 59bd3893d..140ebcfc8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -54,10 +54,8 @@ import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
-import java.util.Map.Entry;
import java.util.Set;
import org.apache.commons.lang.SerializationUtils;
@@ -935,4 +933,16 @@ public String toString() {
return "Object not initialized";
}
+
+@Override
+public List<String> foreignbPKSectorsRequested() {
+ String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN);
+ if (MiscUtil.isNotEmpty(value))
+ return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value));
+
+ else
+ return null;
+
+}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f3db82315..31b894604 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -531,5 +531,11 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
return false;
}
+ @Override
+ public List<String> foreignbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 7f56f519b..4cd9ecd6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -691,6 +691,8 @@ public class AuthenticationData implements IAuthData, Serializable {
* @return the encbPKList
*/
public List<String> getEncbPKList() {
+ if (encbPKList == null)
+ encbPKList = new ArrayList<String>();
return encbPKList;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 9dfbe00b2..f5c48b826 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -41,7 +41,7 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
if (authData.getEncbPKList() != null &&
authData.getEncbPKList().size() > 0) {
- String value = authData.getEncbPKList().get(0);
+ String value = "(" + authData.getEncbPKList().get(0) + ")";
for (int i=1; i<authData.getEncbPKList().size(); i++)
value += ";"+authData.getEncbPKList().get(i);