/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.builder;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
/**
* Builder for the bPK, as defined in
* "Ableitung f¨r die bereichsspezifische Personenkennzeichnung"
* version 1.0.1 from "reference.e-government.gv.at".
*
* @author Paul Schamberger
* @version $Id$
*/
public class BPKBuilder {
/**
* Builds the bPK from the given parameters.
*
* @param identificationValue Base64 encoded "Stammzahl"
* @param target "Bereich lt. Verordnung des BKA"
* @return bPK in a BASE64 encoding
* @throws BuildException if an error occurs on building the bPK
*/
public String buildBPK(String identificationValue, String target)
throws BuildException {
if ((identificationValue == null ||
identificationValue.length() == 0 ||
target == null ||
target.length() == 0)) {
throw new BuildException("builder.00",
new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",target=" + target});
}
String basisbegriff;
if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
basisbegriff = identificationValue + "+" + target;
else
basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
return calculatebPKwbPK(basisbegriff);
}
/**
* Builds the wbPK from the given parameters.
*
* @param identificationValue Base64 encoded "Stammzahl"
* @param registerAndOrdNr type of register + "+" + number in register.
* @return wbPK in a BASE64 encoding
* @throws BuildException if an error occurs on building the wbPK
*/
public String buildWBPK(String identificationValue, String registerAndOrdNr)
throws BuildException {
if ((identificationValue == null ||
identificationValue.length() == 0 ||
registerAndOrdNr == null ||
registerAndOrdNr.length() == 0)) {
throw new BuildException("builder.00",
new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
}
String basisbegriff;
if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+"))
basisbegriff = identificationValue + "+" + registerAndOrdNr;
else
basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
return calculatebPKwbPK(basisbegriff);
}
public String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException {
if (MiscUtil.isEmpty(baseID) ||
!(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") ||
bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") ||
bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) {
throw new BuildException("builder.00",
new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget
+ " has an unkown prefix."});
}
return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget);
}
public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
MiscUtil.assertNotNull(bpk, "BPK");
MiscUtil.assertNotNull(publicKey, "publicKey");
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
String input = "V1::urn:publicid:gv.at:cdid+" + target + "::"
+ bpk + "::"
+ sdf.format(new Date());
System.out.println(input);
byte[] result;
try {
byte[] inputBytes = input.getBytes("ISO-8859-1");
result = encrypt(inputBytes, publicKey);
return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", "");
} catch (Exception e) {
throw new BuildException("bPK encryption FAILED", null, e);
}
}
public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException {
MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK");
MiscUtil.assertNotNull(privateKey, "Private key");
String decryptedString;
try {
byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1");
byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
decryptedString = new String(decryptedBytes, "ISO-8859-1");
} catch (Exception e) {
throw new BuildException("bPK decryption FAILED", null, e);
}
String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
String sector = tmp.substring(0, tmp.indexOf("::"));
tmp = tmp.substring(tmp.indexOf("::") + 2);
String bPK = tmp.substring(0, tmp.indexOf("::"));
if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
if (target.equals(sector))
return bPK;
else {
Logger.error("Decrypted bPK does not match to request bPK target.");
return null;
}
}
/**
* Builds the storkeid from the given parameters.
*
* @param baseID baseID of the citizen
* @param baseIDType Type of the baseID
* @param sourceCountry CountryCode of that country, which build the eIDAs ID
* @param destinationCountry CountryCode of that country, which receives the eIDAs ID
*
* @return Pair in a BASE64 encoding
* @throws BuildException if an error occurs on building the wbPK
*/
public Pair buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry)
throws BuildException {
String bPK = null;
String bPKType = null;
// check if we have been called by public sector application
if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) {
bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry;
Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);
bPK = calculatebPKwbPK(baseID + "+" + bPKType);
} else { // if not, sector identification value is already calculated by BKU
Logger.debug("eIDAS eIdentifier already provided by BKU");
bPK = baseID;
}
if ((MiscUtil.isEmpty(bPK) ||
MiscUtil.isEmpty(sourceCountry) ||
MiscUtil.isEmpty(destinationCountry))) {
throw new BuildException("builder.00",
new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" +
bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
}
Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]");
String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK;
return Pair.newInstance(eIdentifier, baseIDType);
}
private String calculatebPKwbPK(String basisbegriff) throws BuildException {
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
String hashBase64 = Base64Utils.encode(hash);
return hashBase64;
} catch (Exception ex) {
throw new BuildException("builder.00", new Object[]{"bPK/wbPK", ex.toString()}, ex);
}
}
private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
byte[] result;
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
} catch(NoSuchAlgorithmException e) {
cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
}
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
result = cipher.doFinal(inputBytes);
return result;
}
private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey)
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
byte[] result;
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
} catch(NoSuchAlgorithmException e) {
cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
}
cipher.init(Cipher.DECRYPT_MODE, privateKey);
result = cipher.doFinal(encryptedBytes);
return result;
}
}