diff options
Diffstat (limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks')
2 files changed, 38 insertions, 31 deletions
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index 43043ddd6..0cbf009ad 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -53,16 +53,16 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParseException; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -88,9 +88,9 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { private static final String EIDCONTAINER_KEY_SALT = "salt"; private static final String EIDCONTAINER_KEY_IV = "iv"; private static final String EIDCONTAINER_EID = "eid"; - private static final String EIDCONTAINER_KEY_IDL = "idl"; + private static final String EIDCONTAINER_KEY_IDL = "idl"; private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert"; - + public static final String REQ_PARAM_eID_BLOW = "eidToken"; @Autowired(required=true) private AuthConfiguration authConfig; @@ -111,7 +111,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { throw new MOAIDException("NO eID data blob included!", null); } - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64); + parseDemoValuesIntoMOASession(pendingReq, eIDBlobRawB64); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); @@ -133,7 +133,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { * @throws MOAIDException * @throws IOException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession, String eIDBlobRawB64) throws MOAIDException, IOException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException { Logger.debug("Check eID blob signature ... "); byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false); @@ -201,14 +201,14 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { Logger.debug("Parse eID information into MOA-Session ..."); byte[] rawIDL = Base64Utils.decode(idlB64, false); IIdentityLink identityLink = new IdentityLinkAssertionParser(new ByteArrayInputStream(rawIDL)).parseIdentityLink(); + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moaSession.setIdentityLink(identityLink); moaSession.setUseMandates(false); moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_1_3); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL); Logger.info("Session Restore completed"); - - + } catch (MOAIDException e) { throw e; @@ -243,7 +243,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } private SecretKey generateDecryptionKey(byte[] salt) throws MOAIDException { - String decryptionPassPhrase = authConfig.getBasicMOAIDConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); + String decryptionPassPhrase = authConfig.getBasicConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); try { SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); KeySpec spec = new PBEKeySpec(decryptionPassPhrase.toCharArray(), salt, 2000, 128); @@ -276,7 +276,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } SignerInfo signerInfos = verifySigResult.getSignerInfo(); DateTime date = new DateTime(signerInfos.getSigningTime().getTime()); - Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicMOAIDConfiguration(CONF_SIGNING_TIME_JITTER, "5")); + Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicConfiguration(CONF_SIGNING_TIME_JITTER, "5")); if (date.plusMinutes(signingTimeJitter).isBeforeNow()) { Logger.warn("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter)); throw new MOAIDException("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter), null); @@ -290,7 +290,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { cmsSigVerifyReq.setSignatories(VerifyCMSSignatureRequestImpl.ALL_SIGNATORIES); cmsSigVerifyReq.setExtended(false); cmsSigVerifyReq.setPDF(false); - cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicMOAIDConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); + cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); cmsSigVerifyReq.setCMSSignature(new ByteArrayInputStream(eIDBlobRaw)); return cmsSigVerifyReq; } diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java index 4b18e7112..bb5700bd7 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java @@ -29,20 +29,23 @@ import java.net.URL; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; /** * @author tlenz @@ -50,17 +53,19 @@ import at.gv.egovernment.moa.util.FileUtils; */ @Component("SecondBKAMobileAuthTask") public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { - + + @Autowired AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - + try { Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication"); - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession()); + parseDemoValuesIntoMOASession(pendingReq); // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -78,27 +83,29 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { * @param pendingReq * @param moaSession * @throws MOAIDException + * @throws EAAFStorageException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession) throws MOAIDException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException { + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moaSession.setUseMandates(false); moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); try { - String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir()); + String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir()); URL keystoreURL = new URL(idlurl); InputStream idlstream = keystoreURL.openStream(); IIdentityLink identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); moaSession.setIdentityLink(identityLink); - + } catch (ParseException | IOException e) { Logger.error("IdentityLink is not parseable.", e); throw new MOAIDException("IdentityLink is not parseable.", null); } - + } } |