summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_moa-sig/src/main/java
diff options
context:
space:
mode:
authorThomas <>2021-04-08 10:48:50 +0200
committerThomas <>2021-04-08 10:48:50 +0200
commit458817bd97058c5a975006dca45cdfe6eead07b5 (patch)
treed6cade442dabafe2e645a5a36a95502e5fc103b9 /eaaf_modules/eaaf_module_moa-sig/src/main/java
parentb28e12c77d655ec0d9c6c879025426c594bef7f2 (diff)
downloadEAAF-Components-458817bd97058c5a975006dca45cdfe6eead07b5.tar.gz
EAAF-Components-458817bd97058c5a975006dca45cdfe6eead07b5.tar.bz2
EAAF-Components-458817bd97058c5a975006dca45cdfe6eead07b5.zip
add new verification methods into MOA-Sig module to verify PAdES documents and to perform extended validation
Diffstat (limited to 'eaaf_modules/eaaf_module_moa-sig/src/main/java')
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java47
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java36
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java29
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java151
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java146
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java4
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java30
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java88
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java9
9 files changed, 377 insertions, 163 deletions
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java
index e4577cae..1a0df63c 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java
@@ -5,6 +5,7 @@ import java.util.List;
import java.util.Map;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException;
@@ -18,7 +19,7 @@ public interface ISignatureVerificationService {
*
* @param signature Enveloped CMS or CAdES signature
* @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
- * @return @link {@link ICmsSignatureVerificationResponse}, or null if no
+ * @return {@link ICmsSignatureVerificationResponse}, or null if no
* signature was found
* @throws MoaSigServiceException on signatue-verification error
*/
@@ -26,6 +27,50 @@ public interface ISignatureVerificationService {
throws MoaSigServiceException;
/**
+ * Verify a CAdES or CMS signature. <br>
+ * <br>
+ * <i>This method only validates the first CMS or CAdES signature if more than
+ * one signature exists</i>
+ *
+ * @param signature Enveloped CMS or CAdES signature
+ * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
+ * @param performExtendedValidation If <code>true</code> than MOA-Sig perform extended validation on this signature.
+ * @return {@link ICmsSignatureVerificationResponse}, or null if no
+ * signature was found
+ * @throws MoaSigServiceException on signatue-verification error
+ */
+ ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID,
+ boolean performExtendedValidation) throws MoaSigServiceException;
+
+
+ /**
+ * Verify a PAdES or PDF signature.
+ *
+ * @param pdf PDF document
+ * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
+ * @return {@link List} of {@link IPdfSignatureVerificationResponse}, or null if no
+ * signature was found
+ * @throws MoaSigServiceException on signatue-verification error
+ */
+ List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID)
+ throws MoaSigServiceException;
+
+
+ /**
+ * Verify a PAdES or PDF signature.
+ *
+ * @param pdf PDF document
+ * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
+ * @param performExtendedValidation If <code>true</code> than MOA-Sig perform extended validation on this signature.
+ * @return {@link List} of {@link IPdfSignatureVerificationResponse}, or null if no
+ * signature was found
+ * @throws MoaSigServiceException on signatue-verification error
+ */
+ List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID,
+ boolean performExtendedValidation) throws MoaSigServiceException;
+
+
+ /**
* Verify a XML or XAdES signature. <br>
* <br>
* <i>This method only validates the first XML or XAdES signature if more than
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java
index e7de6958..8e8511fa 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java
@@ -1,11 +1,15 @@
package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data;
import java.util.Date;
+import java.util.List;
-import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException;
+import javax.annotation.Nonnull;
import org.springframework.lang.Nullable;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse.ExtendedCertificateValidation;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse.ExtendedResult;
import iaik.x509.X509Certificate;
public interface IGenericSignatureVerificationResponse {
@@ -72,4 +76,34 @@ public interface IGenericSignatureVerificationResponse {
@Nullable
String getPublicAuthorityCode();
+
+ /**
+ * Return the signature-algorithm that was used for signing or <code>null</code> if no result exists.
+ * <br>
+ * <p>This result requires extended validation.</p>
+ *
+ * @return
+ */
+ @Nullable
+ String getSignatureAlgorithmIdentifier();
+
+ /**
+ * Return the extended certificate-validation result or <code>null</code> if no result exists.
+ * <br>
+ * <p>This result requires extended validation.</p>
+ *
+ * @return
+ */
+ @Nullable
+ ExtendedCertificateValidation getExtendedCertificateValidation();
+
+ /**
+ * Return the form-validation result or an empty list if no result exists.
+ * <br>
+ * <p>This result requires extended validation.</p>
+ *
+ * @return
+ */
+ @Nonnull
+ List<ExtendedResult> getFormValidationResults();
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java
new file mode 100644
index 00000000..1bf2d7b2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java
@@ -0,0 +1,29 @@
+package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data;
+
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument;
+
+/**
+ * PDF specific signature-verification response.
+ *
+ * @author tlenz
+ *
+ */
+public interface IPdfSignatureVerificationResponse extends IGenericSignatureVerificationResponse {
+
+ /**
+ * Flag if signature covers the full pdf-document.
+ *
+ * @return
+ */
+ CoversFullDocument getSignatureCoversFullDocument();
+
+ /**
+ * PDF signing ranges as {@link List} of {@link Pair} of starting-byte and byte-length.
+ *
+ * @return
+ */
+ List<Pair<Integer, Integer>> getByteRange();
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 854718e5..79f39e65 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -2,8 +2,10 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -19,11 +21,16 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument;
import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -69,13 +76,20 @@ public class SignatureVerificationService extends AbstractSignatureService
@Nullable
public ICmsSignatureVerificationResponse verifyCmsSignature(final byte[] signature,
final String trustProfileID) throws MoaSigServiceException {
+ return verifyCmsSignature(signature, trustProfileID, false);
+
+ }
+
+ @Override
+ public ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID,
+ boolean performExtendedValidation) throws MoaSigServiceException {
try {
// setup context
setUpContexts(Thread.currentThread().getName());
// verify signature
final VerifyCMSSignatureRequest cmsSigVerifyReq =
- buildVerfifyCmsRequest(signature, trustProfileID, false, false);
+ buildVerfifyCmsRequest(signature, trustProfileID, false, performExtendedValidation);
final VerifyCMSSignatureResponse cmsSigVerifyResp =
cadesInvoker.verifyCMSSignature(cmsSigVerifyReq);
return parseCmsVerificationResult(cmsSigVerifyResp);
@@ -93,9 +107,43 @@ public class SignatureVerificationService extends AbstractSignatureService
tearDownContexts();
}
-
}
+
+ @Override
+ public List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID)
+ throws MoaSigServiceException {
+ return verifyPdfSignature(pdf, trustProfileID, false);
+
+ }
+
+ @Override
+ public List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID,
+ boolean performExtendedValidation) throws MoaSigServiceException {
+ try {
+ // setup context
+ setUpContexts(Thread.currentThread().getName());
+
+ // verify signature
+ final VerifyCMSSignatureResponse cmsSigVerifyResp = cadesInvoker.verifyCMSSignature(
+ buildVerfifyCmsRequest(pdf, trustProfileID, true, performExtendedValidation));
+
+ return parsePdfVerificationResult(cmsSigVerifyResp);
+
+ } catch (final MOAException e) {
+ log.warn("PDF signature verification has an error.", e);
+ throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e);
+
+ } catch (final CertificateEncodingException e) {
+ log.warn("Can NOT serialize X509 certificate from PDF/PAdES signature-verification response",
+ e);
+ throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e);
+ } finally {
+ tearDownContexts();
+
+ }
+ }
+
/*
* (non-Javadoc)
*
@@ -106,7 +154,7 @@ public class SignatureVerificationService extends AbstractSignatureService
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID) throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null,
- Collections.EMPTY_MAP);
+ Collections.emptyMap());
}
@@ -122,7 +170,7 @@ public class SignatureVerificationService extends AbstractSignatureService
final String trustProfileID, final List<String> verifyTransformsInfoProfileID)
throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID,
- DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP);
+ DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap());
}
/*
@@ -136,14 +184,14 @@ public class SignatureVerificationService extends AbstractSignatureService
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID, final String signatureLocationXpath)
throws MoaSigServiceException {
- return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.EMPTY_MAP);
+ return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.emptyMap());
}
@Override
public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
Date signingDate) throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, null,
- DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.EMPTY_MAP);
+ DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.emptyMap());
}
@@ -152,7 +200,7 @@ public class SignatureVerificationService extends AbstractSignatureService
final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation,
- signingDate, Collections.EMPTY_MAP);
+ signingDate, Collections.emptyMap());
}
@Override
@@ -208,33 +256,90 @@ public class SignatureVerificationService extends AbstractSignatureService
log.warn(
"CMS or CAdES signature contains more than one technical signatures. Only validate the first signature");
}
+
+ return (ICmsSignatureVerificationResponse) parseBasisSignatureInformation(
+ new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(),
+ (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0));
+ }
+
+ private List<IPdfSignatureVerificationResponse> parsePdfVerificationResult(
+ VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException {
+
+ List<IPdfSignatureVerificationResponse> result = new ArrayList<>();
+ if (cmsSigVerifyResp.getResponseElements() == null
+ || cmsSigVerifyResp.getResponseElements().isEmpty()) {
+ log.info("No CMS signature FOUND. ");
+
+ } else {
+ Iterator<?> it = cmsSigVerifyResp.getResponseElements().iterator();
+ while (it.hasNext()) {
+ VerifyCMSSignatureResponseElement el = (VerifyCMSSignatureResponseElement) it.next();
+ VerifyPdfSignatureResponse pdfSigResult =
+ (VerifyPdfSignatureResponse) parseBasisSignatureInformation(new VerifyPdfSignatureResponse(), el);
+
+ pdfSigResult.setSignatureCoversFullDocument(
+ el.getCoversFullDocument() != null
+ ? el.getCoversFullDocument() ? CoversFullDocument.YES : CoversFullDocument.NO
+ : CoversFullDocument.UNKNOWN);
+ pdfSigResult.setByteRange(convertByteRanges(el.getByteRangeOfSignature()));
+ result.add(pdfSigResult);
+
+ }
+ }
+
+ return result;
+
+ }
+
+ private List<Pair<Integer, Integer>> convertByteRanges(int[] byteRangeOfSignature) {
+ List<Pair<Integer, Integer>> result = new ArrayList<>();
+
+ if (byteRangeOfSignature != null) {
+ for (int i = 0; i < byteRangeOfSignature.length / 2; i++) {
+ result.add(Pair.newInstance(
+ Integer.valueOf(byteRangeOfSignature[i]),
+ Integer.valueOf(byteRangeOfSignature[i + 1])));
+
+ }
+ } else {
+ log.debug("PDF signature-verification result contains no byte-range information");
+
+ }
+
+ return result;
+ }
- final VerifyCMSSignatureResponseElement firstSig =
- (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0);
-
- final at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse result =
- new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse();
-
+ private GenericSignatureVerificationResponse parseBasisSignatureInformation(
+ GenericSignatureVerificationResponse result, VerifyCMSSignatureResponseElement resp)
+ throws CertificateEncodingException {
// parse results into response container
- result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode());
- result.setCertificateCheckCode(firstSig.getCertificateCheck().getCode());
+ result.setSignatureCheckCode(resp.getSignatureCheck().getCode());
+ result.setCertificateCheckCode(resp.getCertificateCheck().getCode());
- if (firstSig.getSignerInfo() != null) {
- result.setSigningDateTime(firstSig.getSignerInfo().getSigningTime());
+ if (resp.getSignerInfo() != null) {
+ result.setSigningDateTime(resp.getSignerInfo().getSigningTime());
result
- .setX509CertificateEncoded(firstSig.getSignerInfo().getSignerCertificate().getEncoded());
- result.setQualifiedCertificate(firstSig.getSignerInfo().isQualifiedCertificate());
+ .setX509CertificateEncoded(resp.getSignerInfo().getSignerCertificate().getEncoded());
+ result.setQualifiedCertificate(resp.getSignerInfo().isQualifiedCertificate());
- result.setPublicAuthority(firstSig.getSignerInfo().isPublicAuthority());
- result.setPublicAuthorityCode(firstSig.getSignerInfo().getPublicAuhtorityID());
+ result.setPublicAuthority(resp.getSignerInfo().isPublicAuthority());
+ result.setPublicAuthorityCode(resp.getSignerInfo().getPublicAuhtorityID());
} else {
log.info("CMS or CAdES verification result contains no SignerInfo");
+
}
-
+
+
+ //TODO: add extended validation infos
+ result.setSignatureAlgorithmIdentifier(resp.getSignatureAlgorithm());
+ result.setExtendedCertificateCheckResult(resp.getExtendedCertificateCheck());
+ result.setFormValidationResults(resp.getAdESFormResults());
+
return result;
+
}
-
+
/**
* Build a VerifyCMS-Siganture request for MOA-Sig. <br>
* <br>
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
index 52fedb62..28501c54 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java
@@ -2,23 +2,30 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data;
import java.io.Serializable;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
import java.util.Date;
+import java.util.List;
import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IGenericSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceParserException;
+import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
+import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
import iaik.x509.X509Certificate;
-
+import lombok.Builder;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@Getter
+@Setter
public class GenericSignatureVerificationResponse
implements IGenericSignatureVerificationResponse, Serializable {
private static final long serialVersionUID = -7751001050689401118L;
- private static final Logger log =
- LoggerFactory.getLogger(GenericSignatureVerificationResponse.class);
/** The signing time. */
private Date signingDateTime;
@@ -39,7 +46,16 @@ public class GenericSignatureVerificationResponse
private boolean qualifiedCertificate;
private byte[] x509CertificateEncoded;
-
+
+ /**
+ * Identifier of the signing algorithm.
+ */
+ private String signatureAlgorithmIdentifier;
+
+ private ExtendedCertificateValidation extendedCertificateValidation;
+
+ private List<ExtendedResult> formValidationResults = new ArrayList<>();
+
@Override
public Date getSigningDateTime() {
if (this.signingDateTime != null) {
@@ -50,24 +66,6 @@ public class GenericSignatureVerificationResponse
}
@Override
- public int getSignatureCheckCode() {
- return this.signatureCheckCode;
-
- }
-
- @Override
- public int getCertificateCheckCode() {
- return this.certificateCheckCode;
-
- }
-
- @Override
- public boolean isQualifiedCertificate() {
- return this.qualifiedCertificate;
-
- }
-
- @Override
public X509Certificate getX509Certificate() throws MoaSigServiceException {
if (x509CertificateEncoded != null) {
try {
@@ -96,12 +94,6 @@ public class GenericSignatureVerificationResponse
}
@Override
- public boolean isPublicAuthority() {
- return this.publicAuthority;
-
- }
-
- @Override
public String getPublicAuthorityCode() {
if (StringUtils.isNotEmpty(this.publicAuthorityCode)) {
return this.publicAuthorityCode;
@@ -124,26 +116,6 @@ public class GenericSignatureVerificationResponse
}
}
- public void setSignatureCheckCode(final int signatureCheckCode) {
- this.signatureCheckCode = signatureCheckCode;
- }
-
- public void setCertificateCheckCode(final int certificateCheckCode) {
- this.certificateCheckCode = certificateCheckCode;
- }
-
- public void setPublicAuthority(final boolean publicAuthority) {
- this.publicAuthority = publicAuthority;
- }
-
- public void setPublicAuthorityCode(final String publicAuthorityCode) {
- this.publicAuthorityCode = publicAuthorityCode;
- }
-
- public void setQualifiedCertificate(final boolean qualifiedCertificate) {
- this.qualifiedCertificate = qualifiedCertificate;
- }
-
/**
* Set encoded signer certificate.
*
@@ -156,4 +128,78 @@ public class GenericSignatureVerificationResponse
}
}
+ /**
+ * Set extended certificate-validation result.
+ *
+ * @param extendedCertificateCheck Extended result from MOA-Sig
+ */
+ public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extendedCertificateCheck) {
+ if (extendedCertificateCheck != null) {
+ this.extendedCertificateValidation = ExtendedCertificateValidation.builder()
+ .majorResult(ExtendedResult.builder()
+ .code(extendedCertificateCheck.getMajorCode())
+ .info(extendedCertificateCheck.getMajorInfo())
+ .build())
+ .minorResult(ExtendedResult.builder()
+ .code(extendedCertificateCheck.getMinorCode())
+ .info(extendedCertificateCheck.getMinorInfo())
+ .build())
+ .build();
+
+ } else {
+ log.debug("No extended verification-result. Skipping certificate-result extraction ... ");
+
+ }
+ }
+
+ /**
+ * Set form-validation result.
+ *
+ * @param formCheckResult Extended form-validation result from MOA-Sig
+ */
+ public void setFormValidationResults(List<?> formCheckResult) {
+ if (formCheckResult != null) {
+ for (Object elObj : formCheckResult) {
+ if (elObj instanceof AdESFormResults) {
+ AdESFormResults el = (AdESFormResults)elObj;
+ formValidationResults.add(ExtendedResult.builder()
+ .code(el.getCode())
+ .info(el.getName())
+ .build());
+
+ } else {
+ log.warn("Skip unknown form-validation result of type: {}", elObj.getClass().getName());
+
+ }
+ }
+
+ } else {
+ log.debug("No extended verification-result. Skipping form-validation result extraction ... ");
+
+ }
+
+ }
+
+ @Getter
+ @Builder
+ public static class ExtendedCertificateValidation implements Serializable {
+
+ private static final long serialVersionUID = -7800026008655393276L;
+
+ private ExtendedResult majorResult;
+ private ExtendedResult minorResult;
+
+ }
+
+ @Getter
+ @Builder
+ public static class ExtendedResult implements Serializable {
+
+ private static final long serialVersionUID = 8523769744476971010L;
+
+ private int code;
+ private String info;
+
+ }
+
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java
index 244aa223..a812db56 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java
@@ -1,7 +1,11 @@
package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
+import lombok.Getter;
+import lombok.Setter;
+@Getter
+@Setter
public class VerifyCmsSignatureResponse extends GenericSignatureVerificationResponse
implements ICmsSignatureVerificationResponse {
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java
new file mode 100644
index 00000000..740ac55a
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java
@@ -0,0 +1,30 @@
+package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data;
+
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse;
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class VerifyPdfSignatureResponse extends VerifyCmsSignatureResponse
+ implements IPdfSignatureVerificationResponse {
+
+ private static final long serialVersionUID = 1835687958341837826L;
+
+ /**
+ * Flag if signature covers the full pdf-document.
+ */
+ private CoversFullDocument signatureCoversFullDocument = CoversFullDocument.UNKNOWN;
+
+ /**
+ * PDF signing ranges as {@link List} of {@link Pair} of starting-byte and byte-length.
+ */
+ private List<Pair<Integer, Integer>> byteRange;
+
+
+ public enum CoversFullDocument { YES, NO, UNKNOWN }
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java
index cbce53b7..4021a90b 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java
@@ -1,6 +1,8 @@
package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
+import lombok.Getter;
+import lombok.Setter;
/**
* MOA-Sig signature verification response for XML based signatures.
@@ -9,6 +11,8 @@ import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificati
*
*/
+@Getter
+@Setter
public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResponse
implements IXmlSignatureVerificationResponse {
@@ -28,88 +32,4 @@ public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResp
*/
private int signatureManifestCheckCode = -1;
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
- * getXmlDSIGManifestCheckCode()
- */
- @Override
- public int getXmlDsigManifestCheckCode() {
- return xmlDsigManifestCheckCode;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
- * getXmlDsigSubjectName()
- */
- @Override
- public String getXmlDsigSubjectName() {
- return xmlDsigSubjectName;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
- * setXmlDSIGManifestCheckCode( int)
- */
- public void setXmlDsigManifestCheckCode(final int xmlDsigManifestCheckCode) {
- this.xmlDsigManifestCheckCode = xmlDsigManifestCheckCode;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
- * setXmlDsigSubjectName(java.lang .String)
- */
- public void setXmlDsigSubjectName(final String xmlDsigSubjectName) {
- this.xmlDsigSubjectName = xmlDsigSubjectName;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
- * isXmlDSIGManigest()
- */
- @Override
- public boolean isXmlDsigManigest() {
- return xmlDsigManigest;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
- * setXmlDSIGManigest(boolean)
- */
- public void setXmlDsigManigest(final boolean xmlDsigManigest) {
- this.xmlDsigManigest = xmlDsigManigest;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
- * getSignatureManifestCheckCode()
- */
- @Override
- public int getSignatureManifestCheckCode() {
- return signatureManifestCheckCode;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#
- * setSignatureManifestCheckCode( int)
- */
- public void setSignatureManifestCheckCode(final int signatureManifestCheckCode) {
- this.signatureManifestCheckCode = signatureManifestCheckCode;
- }
-
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java
index b7fc8200..746b5461 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java
@@ -5,8 +5,6 @@ import java.io.InputStream;
import org.joda.time.DateTime;
import org.joda.time.format.ISODateTimeFormat;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.lang.NonNull;
import org.w3c.dom.Element;
@@ -19,9 +17,10 @@ import at.gv.egovernment.moaspss.util.DOMUtils;
import at.gv.egovernment.moaspss.util.XPathUtils;
import iaik.utils.Base64InputStream;
import iaik.x509.X509Certificate;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class VerifyXmlSignatureResponseParser {
- private static final Logger log = LoggerFactory.getLogger(VerifyXmlSignatureResponseParser.class);
//
// XPath namespace prefix shortcuts
@@ -180,7 +179,9 @@ public class VerifyXmlSignatureResponseParser {
respData.setSigningDateTime(datetime.toDate());
}
-
+
+ //TODO: parse extended validation results
+
return respData;
} catch (final Throwable t) {