aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java158
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java39
3 files changed, 79 insertions, 131 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 91159ad4e..afac80df9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -106,13 +106,14 @@ import iaik.x509.X509Certificate;
@Service("AuthenticationDataBuilder")
public class AuthenticationDataBuilder extends MOAIDAuthConstants {
- private static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey";
+ public static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey";
+
+ @Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage;
+ @Autowired(required=true) protected AuthConfiguration authConfig;
+ @Autowired(required=false) private MOAMetadataProvider metadataProvider;
+ @Autowired(required=false) private AttributQueryBuilder attributQueryBuilder;
+ @Autowired(required=false) private SAMLVerificationEngineSP samlVerificationEngine;
- @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
- @Autowired protected AuthConfiguration authConfig;
- @Autowired private AttributQueryBuilder attributQueryBuilder;
- @Autowired private SAMLVerificationEngineSP samlVerificationEngine;
- @Autowired(required=true) private MOAMetadataProvider metadataProvider;
private Map<String, X509Certificate> encKeyMap = new HashMap<String, X509Certificate>();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index 04df32309..14de65e36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -149,121 +149,7 @@ public class BPKBuilder {
}
}
}
-
-
- /**
- * Builds the storkeid from the given parameters.
- *
- * @param baseID baseID of the citizen
- * @param baseIDType Type of the baseID
- * @param sourceCountry CountryCode of that country, which build the eIDAs ID
- * @param destinationCountry CountryCode of that country, which receives the eIDAs ID
- *
- * @return Pair<eIDAs, bPKType> in a BASE64 encoding
- * @throws BuildException if an error occurs on building the wbPK
- */
- private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry)
- throws BuildException {
- String bPK = null;
- String bPKType = null;
-
- // check if we have been called by public sector application
- if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) {
- bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry;
- Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);
- bPK = calculatebPKwbPK(baseID + "+" + bPKType);
-
- } else { // if not, sector identification value is already calculated by BKU
- Logger.debug("eIDAS eIdentifier already provided by BKU");
- bPK = baseID;
- }
-
- if ((MiscUtil.isEmpty(bPK) ||
- MiscUtil.isEmpty(sourceCountry) ||
- MiscUtil.isEmpty(destinationCountry))) {
- throw new BuildException("builder.00",
- new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" +
- bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
- }
-
- Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]");
- String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK;
-
- return Pair.newInstance(eIdentifier, bPKType);
- }
-
-// /**
-// * Builds the bPK from the given parameters.
-// *
-// * @param identificationValue Base64 encoded "Stammzahl"
-// * @param target "Bereich lt. Verordnung des BKA"
-// * @return bPK in a BASE64 encoding
-// * @throws BuildException if an error occurs on building the bPK
-// */
-// private String buildBPK(String identificationValue, String target)
-// throws BuildException {
-//
-// if ((identificationValue == null ||
-// identificationValue.length() == 0 ||
-// target == null ||
-// target.length() == 0)) {
-// throw new BuildException("builder.00",
-// new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" +
-// identificationValue + ",target=" + target});
-// }
-// String basisbegriff;
-// if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-// basisbegriff = identificationValue + "+" + target;
-// else
-// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
-//
-// return calculatebPKwbPK(basisbegriff);
-// }
-//
-// /**
-// * Builds the wbPK from the given parameters.
-// *
-// * @param identificationValue Base64 encoded "Stammzahl"
-// * @param registerAndOrdNr type of register + "+" + number in register.
-// * @return wbPK in a BASE64 encoding
-// * @throws BuildException if an error occurs on building the wbPK
-// */
-// private String buildWBPK(String identificationValue, String registerAndOrdNr)
-// throws BuildException {
-//
-// if ((identificationValue == null ||
-// identificationValue.length() == 0 ||
-// registerAndOrdNr == null ||
-// registerAndOrdNr.length() == 0)) {
-// throw new BuildException("builder.00",
-// new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
-// identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
-// }
-//
-// String basisbegriff;
-// if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+"))
-// basisbegriff = identificationValue + "+" + registerAndOrdNr;
-// else
-// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
-//
-// return calculatebPKwbPK(basisbegriff);
-// }
-//
-// private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException {
-// if (MiscUtil.isEmpty(baseID) ||
-// !(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") ||
-// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") ||
-// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) {
-// throw new BuildException("builder.00",
-// new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget
-// + " has an unkown prefix."});
-//
-// }
-//
-// return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget);
-//
-// }
-
+
public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
MiscUtil.assertNotNull(bpk, "BPK");
MiscUtil.assertNotNull(target, "sector");
@@ -332,6 +218,48 @@ public class BPKBuilder {
}
}
+
+ /**
+ * Builds the storkeid from the given parameters.
+ *
+ * @param baseID baseID of the citizen
+ * @param baseIDType Type of the baseID
+ * @param sourceCountry CountryCode of that country, which build the eIDAs ID
+ * @param destinationCountry CountryCode of that country, which receives the eIDAs ID
+ *
+ * @return Pair<eIDAs, bPKType> in a BASE64 encoding
+ * @throws BuildException if an error occurs on building the wbPK
+ */
+ private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry)
+ throws BuildException {
+ String bPK = null;
+ String bPKType = null;
+
+ // check if we have been called by public sector application
+ if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) {
+ bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry;
+ Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);
+ bPK = calculatebPKwbPK(baseID + "+" + bPKType);
+
+ } else { // if not, sector identification value is already calculated by BKU
+ Logger.debug("eIDAS eIdentifier already provided by BKU");
+ bPK = baseID;
+ }
+
+ if ((MiscUtil.isEmpty(bPK) ||
+ MiscUtil.isEmpty(sourceCountry) ||
+ MiscUtil.isEmpty(destinationCountry))) {
+ throw new BuildException("builder.00",
+ new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" +
+ bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
+ }
+
+ Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]");
+ String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK;
+
+ return Pair.newInstance(eIdentifier, bPKType);
+ }
+
private String calculatebPKwbPK(String basisbegriff) throws BuildException {
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
index a90d71a18..a32159dd0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.util.FileUtils;
@@ -35,26 +36,44 @@ public class UserWhitelistStore {
@PostConstruct
private void initialize() {
String whiteListUrl = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE);
- if (MiscUtil.isEmpty(whiteListUrl))
- Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file.");
+ String internalTarget = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR);
+ if (MiscUtil.isEmpty(whiteListUrl) || MiscUtil.isEmpty(internalTarget))
+ Logger.debug("Do not initialize user whitelist. Reason: NO configuration path to CSV file or NO internal bPK target for whitelist");
else {
- absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir());
- try {
- InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
+ if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_CDID))
+ internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_CDID.length());
+ else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_WPBK))
+ internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_WPBK.length());
+ else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_EIDAS))
+ internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_EIDAS.length());
+ else {
+ Logger.warn("Sector: " + internalTarget + " is NOT supported for user whitelist.");
+ Logger.info("User whitelist-store MAY NOT contains all user from whitelist");
+ }
+
+ try {
+ absWhiteListUrl = new URL(FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir()))
+ .toURI().toString().substring("file:".length());
+ InputStream is = new FileInputStream(new File(absWhiteListUrl));
String whiteListString = IOUtils.toString(new InputStreamReader(is));
List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+
+
//remove prefix if required
for (String bPK : preWhitelist) {
String[] bPKSplit = bPK.split(":");
if (bPKSplit.length == 1)
whitelist.add(bPK);
- else if (bPKSplit.length ==2 )
- whitelist.add(bPKSplit[1]);
-
- else
+ else if (bPKSplit.length ==2 ) {
+ if (internalTarget.equals(bPKSplit[0]))
+ whitelist.add(bPKSplit[1]);
+ else
+ Logger.info("Whitelist entry: " + bPK + " has an unsupported target. Entry will be removed ...");
+
+ } else
Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ...");
}
@@ -108,7 +127,7 @@ public class UserWhitelistStore {
public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) {
try {
if (absWhiteListUrl != null) {
- InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
+ InputStream is = new FileInputStream(new File(absWhiteListUrl));
String whiteListString = IOUtils.toString(new InputStreamReader(is));
if (whiteListString != null && whiteListString.contains(bPK)) {
Logger.trace("Find user with dynamic whitelist check");