NFC-46 Add web-eid-1.1 token support

Signed-off-by: Sander Kondratjev <[email protected]>

Author: SanderKondratjevNortal

src/main/java/eu/webeid/security/authtoken/SupportedSignatureAlgorithm.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2020-2025 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package eu.webeid.security.authtoken;
+
+public class SupportedSignatureAlgorithm {
+    private String cryptoAlgorithm;
+    private String hashFunction;
+    private String paddingScheme;
+
+    public String getCryptoAlgorithm() {
+        return cryptoAlgorithm;
+    }
+
+    public void setCryptoAlgorithm(String cryptoAlgorithm) {
+        this.cryptoAlgorithm = cryptoAlgorithm;
+    }
+
+    public String getHashFunction() {
+        return hashFunction;
+    }
+
+    public void setHashFunction(String hashFunction) {
+        this.hashFunction = hashFunction;
+    }
+
+    public String getPaddingScheme() {
+        return paddingScheme;
+    }
+
+    public void setPaddingScheme(String paddingScheme) {
+        this.paddingScheme = paddingScheme;
+    }
+}

src/main/java/eu/webeid/security/authtoken/WebEidAuthToken.java

@@ -24,6 +24,8 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 
+import java.util.List;
+
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class WebEidAuthToken {
 
@@ -32,6 +34,9 @@ public class WebEidAuthToken {
     private String algorithm;
     private String format;
 
+    private String unverifiedSigningCertificate;
+    private List<SupportedSignatureAlgorithm> supportedSignatureAlgorithms;
+
     public String getUnverifiedCertificate() {
         return unverifiedCertificate;
     }
@@ -64,4 +69,19 @@ public void setFormat(String format) {
         this.format = format;
     }
 
+    public String getUnverifiedSigningCertificate() {
+        return unverifiedSigningCertificate;
+    }
+
+    public void setUnverifiedSigningCertificate(String unverifiedSigningCertificate) {
+        this.unverifiedSigningCertificate = unverifiedSigningCertificate;
+    }
+
+    public List<SupportedSignatureAlgorithm> getSupportedSignatureAlgorithms() {
+        return supportedSignatureAlgorithms;
+    }
+
+    public void setSupportedSignatureAlgorithms(List<SupportedSignatureAlgorithm> supportedSignatureAlgorithms) {
+        this.supportedSignatureAlgorithms = supportedSignatureAlgorithms;
+    }
 }

src/main/java/eu/webeid/security/challenge/ChallengeNonceStore.java

@@ -22,8 +22,8 @@
 
 package eu.webeid.security.challenge;
 
-import eu.webeid.security.exceptions.ChallengeNonceExpiredException;
 import eu.webeid.security.exceptions.AuthTokenException;
+import eu.webeid.security.exceptions.ChallengeNonceExpiredException;
 import eu.webeid.security.exceptions.ChallengeNonceNotFoundException;
 
 import static eu.webeid.security.util.DateAndTime.utcNow;

src/main/java/eu/webeid/security/validator/AuthTokenValidationConfiguration.java

@@ -40,7 +40,7 @@
 import static eu.webeid.security.util.DateAndTime.requirePositiveDuration;
 
 /**
- * Stores configuration parameters for {@link AuthTokenValidatorImpl}.
+ * Stores configuration parameters for {@link AuthTokenValidatorManager}.
  */
 public final class AuthTokenValidationConfiguration {
 
@@ -79,15 +79,15 @@ void setSiteOrigin(URI siteOrigin) {
         this.siteOrigin = siteOrigin;
     }
 
-    URI getSiteOrigin() {
+    public URI getSiteOrigin() {
         return siteOrigin;
     }
 
-    Collection<X509Certificate> getTrustedCACertificates() {
+    public Collection<X509Certificate> getTrustedCACertificates() {
         return trustedCACertificates;
     }
 
-    boolean isUserCertificateRevocationCheckWithOcspEnabled() {
+    public boolean isUserCertificateRevocationCheckWithOcspEnabled() {
         return isUserCertificateRevocationCheckWithOcspEnabled;
     }
 
@@ -152,7 +152,7 @@ void validate() {
         requirePositiveDuration(maxOcspResponseThisUpdateAge, "Max OCSP response thisUpdate age");
     }
 
-    AuthTokenValidationConfiguration copy() {
+    public AuthTokenValidationConfiguration copy() {
         return new AuthTokenValidationConfiguration(this);
     }
 

src/main/java/eu/webeid/security/validator/AuthTokenValidator.java

@@ -34,8 +34,6 @@
  */
 public interface AuthTokenValidator {
 
-    String CURRENT_TOKEN_FORMAT_VERSION = "web-eid:1";
-
     /**
      * Parses the Web eID authentication token signed by the subject.
      *

src/main/java/eu/webeid/security/validator/AuthTokenValidatorBuilder.java

@@ -214,7 +214,7 @@ public AuthTokenValidator build() throws NullPointerException, IllegalArgumentEx
         if (configuration.isUserCertificateRevocationCheckWithOcspEnabled() && ocspClient == null) {
             ocspClient = OcspClientImpl.build(configuration.getOcspRequestTimeout());
         }
-        return new AuthTokenValidatorImpl(configuration, ocspClient);
+        return new AuthTokenValidatorManager(configuration, ocspClient);
     }
 
 }