From 132d79f5b4dca0beb10743a81899c8afa09913f9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 6 Jul 2020 08:56:58 +0200 Subject: update Cache encryption layer --- .../java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index 8fdf1eab8..d3a9486b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -72,7 +72,7 @@ public abstract class AbstractEncrytionUtil { PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray()); SecretKeyFactory factory = SecretKeyFactory.getInstance("PKCS#5", "IAIK"); - PBEKey pbeKey = (PBEKey)factory.generateSecret(keySpec); + SecretKey pbeKey = factory.generateSecret(keySpec); SecureRandom random = new SecureRandom(); KeyGenerator pbkdf2 = KeyGenerator.getInstance("PBKDF2", "IAIK"); @@ -82,7 +82,7 @@ public abstract class AbstractEncrytionUtil { salt.getBytes(), 2000, 16); - + pbkdf2.init(parameterSpec, random); SecretKey derivedKey = pbkdf2.generateKey(); -- cgit v1.2.3 From d562d102601db1321bf6f1b55a02ac0308449d3e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 6 Jul 2020 20:27:17 +0200 Subject: update BPKList and EncBpkList attribute-builder to inject attributes from existing PVP values --- .../attributes/BPKListAttributeBuilder.java | 41 ++++++++++------ .../attributes/EncryptedBPKAttributeBuilder.java | 55 +++++++++++++--------- 2 files changed, 60 insertions(+), 36 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java index c5a8d88b7..8891dc6ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKListAttributeBuilder.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; +import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -28,25 +29,35 @@ public class BPKListAttributeBuilder extends BPKAttributeBuilder implements IPVP public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { - String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END; - //add additional bPKs if someone are available - if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { - log.info("Adding additional bPKs into bPK attribute"); - for (Pair el : authData.getAdditionalbPKs()) { - result += DELIMITER_BPK_LIST - + LIST_ELEMENT_START - + removeBpkTypePrefix(el.getSecond()) - + DELIMITER_BPKTYPE_BPK - + attrMaxSize(el.getFirst()) - + LIST_ELEMENT_END; + //get PVP attribute directly, if exists + String bpkListAttribute = authData.getGenericData(BPK_LIST_NAME, String.class); + if (StringUtils.isEmpty(bpkListAttribute)) { + String result = LIST_ELEMENT_START + getBpkForSP(authData) + LIST_ELEMENT_END; + + //add additional bPKs if someone are available + if (authData.getAdditionalbPKs() != null && !authData.getAdditionalbPKs().isEmpty()) { + log.info("Adding additional bPKs into bPK attribute"); + for (Pair el : authData.getAdditionalbPKs()) { + result += DELIMITER_BPK_LIST + + LIST_ELEMENT_START + + removeBpkTypePrefix(el.getSecond()) + + DELIMITER_BPKTYPE_BPK + + attrMaxSize(el.getFirst()) + + LIST_ELEMENT_END; + } + log.trace("Authenticate user with bPK-List: " + result); } - log.trace("Authenticate user with bPK-List: " + result); - } - log.trace("Authenticate user with bPK/wbPK: " + result); - return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result); + log.trace("Authenticate user with bPK/wbPK: " + result); + return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, result); + + } else { + log.trace("Authenticate user with bPK/wbPK: " + bpkListAttribute); + return g.buildStringAttribute(BPK_LIST_FRIENDLY_NAME, BPK_LIST_NAME, bpkListAttribute); + + } } public ATT buildEmpty(IAttributeGenerator g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index bf7187e51..bd9d5b953 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -22,6 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.builder.attributes; +import org.apache.commons.lang3.StringUtils; + import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; @@ -45,33 +47,44 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) throws AttributeBuilderException { - if (authData instanceof IMOAAuthData) { - if (((IMOAAuthData)authData).getEncbPKList() != null && - ((IMOAAuthData)authData).getEncbPKList().size() > 0) { - Pair value = ((IMOAAuthData)authData).getEncbPKList().get(0); - String result = BPKListAttributeBuilder.LIST_ELEMENT_START - + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst() - + BPKListAttributeBuilder.LIST_ELEMENT_END; - - for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) { - Pair el = ((IMOAAuthData)authData).getEncbPKList().get(i); - result += BPKListAttributeBuilder.DELIMITER_BPK_LIST - + BPKListAttributeBuilder.LIST_ELEMENT_START - + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst() - + BPKListAttributeBuilder.LIST_ELEMENT_END; + String encBpkListAttribute = authData.getGenericData(ENC_BPK_LIST_NAME, String.class); + if (StringUtils.isEmpty(encBpkListAttribute)) { + if (authData instanceof IMOAAuthData) { + if (((IMOAAuthData)authData).getEncbPKList() != null && + ((IMOAAuthData)authData).getEncbPKList().size() > 0) { + Pair value = ((IMOAAuthData)authData).getEncbPKList().get(0); + String result = BPKListAttributeBuilder.LIST_ELEMENT_START + + value.getSecond() + DELIMITER_ENCBPK_TARGET + value.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++) { + Pair el = ((IMOAAuthData)authData).getEncbPKList().get(i); + result += BPKListAttributeBuilder.DELIMITER_BPK_LIST + + BPKListAttributeBuilder.LIST_ELEMENT_START + + el.getSecond() + DELIMITER_ENCBPK_TARGET + el.getFirst() + + BPKListAttributeBuilder.LIST_ELEMENT_END; + + } + + return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, + result); + } - - return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, - result); - + + } else { + Logger.info(ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context"); + } - } else - Logger.info(ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context"); + } else { + return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, + encBpkListAttribute); + + } throw new UnavailableAttributeException(ENC_BPK_LIST_NAME); - + + } public ATT buildEmpty(IAttributeGenerator g) { -- cgit v1.2.3 From 0d76368b681d439e3c044a772a858556cf6d8a24 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 7 Jul 2020 14:46:47 +0200 Subject: Revert "update Cache encryption layer" This reverts commit 132d79f5b4dca0beb10743a81899c8afa09913f9. --- .../java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java index d3a9486b0..8fdf1eab8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java @@ -72,7 +72,7 @@ public abstract class AbstractEncrytionUtil { PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray()); SecretKeyFactory factory = SecretKeyFactory.getInstance("PKCS#5", "IAIK"); - SecretKey pbeKey = factory.generateSecret(keySpec); + PBEKey pbeKey = (PBEKey)factory.generateSecret(keySpec); SecureRandom random = new SecureRandom(); KeyGenerator pbkdf2 = KeyGenerator.getInstance("PBKDF2", "IAIK"); @@ -82,7 +82,7 @@ public abstract class AbstractEncrytionUtil { salt.getBytes(), 2000, 16); - + pbkdf2.init(parameterSpec, random); SecretKey derivedKey = pbkdf2.generateKey(); -- cgit v1.2.3