diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java')
-rw-r--r-- | eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java | 151 |
1 files changed, 128 insertions, 23 deletions
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java index 854718e5..79f39e65 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -2,8 +2,10 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; import java.io.ByteArrayInputStream; import java.security.cert.CertificateEncodingException; +import java.util.ArrayList; import java.util.Collections; import java.util.Date; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -19,11 +21,16 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException; import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument; import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -69,13 +76,20 @@ public class SignatureVerificationService extends AbstractSignatureService @Nullable public ICmsSignatureVerificationResponse verifyCmsSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { + return verifyCmsSignature(signature, trustProfileID, false); + + } + + @Override + public ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException { try { // setup context setUpContexts(Thread.currentThread().getName()); // verify signature final VerifyCMSSignatureRequest cmsSigVerifyReq = - buildVerfifyCmsRequest(signature, trustProfileID, false, false); + buildVerfifyCmsRequest(signature, trustProfileID, false, performExtendedValidation); final VerifyCMSSignatureResponse cmsSigVerifyResp = cadesInvoker.verifyCMSSignature(cmsSigVerifyReq); return parseCmsVerificationResult(cmsSigVerifyResp); @@ -93,9 +107,43 @@ public class SignatureVerificationService extends AbstractSignatureService tearDownContexts(); } - } + + @Override + public List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID) + throws MoaSigServiceException { + return verifyPdfSignature(pdf, trustProfileID, false); + + } + + @Override + public List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException { + try { + // setup context + setUpContexts(Thread.currentThread().getName()); + + // verify signature + final VerifyCMSSignatureResponse cmsSigVerifyResp = cadesInvoker.verifyCMSSignature( + buildVerfifyCmsRequest(pdf, trustProfileID, true, performExtendedValidation)); + + return parsePdfVerificationResult(cmsSigVerifyResp); + + } catch (final MOAException e) { + log.warn("PDF signature verification has an error.", e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); + + } catch (final CertificateEncodingException e) { + log.warn("Can NOT serialize X509 certificate from PDF/PAdES signature-verification response", + e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); + } finally { + tearDownContexts(); + + } + } + /* * (non-Javadoc) * @@ -106,7 +154,7 @@ public class SignatureVerificationService extends AbstractSignatureService public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, - Collections.EMPTY_MAP); + Collections.emptyMap()); } @@ -122,7 +170,7 @@ public class SignatureVerificationService extends AbstractSignatureService final String trustProfileID, final List<String> verifyTransformsInfoProfileID) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, - DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP); + DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap()); } /* @@ -136,14 +184,14 @@ public class SignatureVerificationService extends AbstractSignatureService public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final String signatureLocationXpath) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.EMPTY_MAP); + return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.emptyMap()); } @Override public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, Date signingDate) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, null, - DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.EMPTY_MAP); + DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.emptyMap()); } @@ -152,7 +200,7 @@ public class SignatureVerificationService extends AbstractSignatureService final String trustProfileID, final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation, - signingDate, Collections.EMPTY_MAP); + signingDate, Collections.emptyMap()); } @Override @@ -208,33 +256,90 @@ public class SignatureVerificationService extends AbstractSignatureService log.warn( "CMS or CAdES signature contains more than one technical signatures. Only validate the first signature"); } + + return (ICmsSignatureVerificationResponse) parseBasisSignatureInformation( + new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(), + (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0)); + } + + private List<IPdfSignatureVerificationResponse> parsePdfVerificationResult( + VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException { + + List<IPdfSignatureVerificationResponse> result = new ArrayList<>(); + if (cmsSigVerifyResp.getResponseElements() == null + || cmsSigVerifyResp.getResponseElements().isEmpty()) { + log.info("No CMS signature FOUND. "); + + } else { + Iterator<?> it = cmsSigVerifyResp.getResponseElements().iterator(); + while (it.hasNext()) { + VerifyCMSSignatureResponseElement el = (VerifyCMSSignatureResponseElement) it.next(); + VerifyPdfSignatureResponse pdfSigResult = + (VerifyPdfSignatureResponse) parseBasisSignatureInformation(new VerifyPdfSignatureResponse(), el); + + pdfSigResult.setSignatureCoversFullDocument( + el.getCoversFullDocument() != null + ? el.getCoversFullDocument() ? CoversFullDocument.YES : CoversFullDocument.NO + : CoversFullDocument.UNKNOWN); + pdfSigResult.setByteRange(convertByteRanges(el.getByteRangeOfSignature())); + result.add(pdfSigResult); + + } + } + + return result; + + } + + private List<Pair<Integer, Integer>> convertByteRanges(int[] byteRangeOfSignature) { + List<Pair<Integer, Integer>> result = new ArrayList<>(); + + if (byteRangeOfSignature != null) { + for (int i = 0; i < byteRangeOfSignature.length / 2; i++) { + result.add(Pair.newInstance( + Integer.valueOf(byteRangeOfSignature[i]), + Integer.valueOf(byteRangeOfSignature[i + 1]))); + + } + } else { + log.debug("PDF signature-verification result contains no byte-range information"); + + } + + return result; + } - final VerifyCMSSignatureResponseElement firstSig = - (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0); - - final at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse result = - new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(); - + private GenericSignatureVerificationResponse parseBasisSignatureInformation( + GenericSignatureVerificationResponse result, VerifyCMSSignatureResponseElement resp) + throws CertificateEncodingException { // parse results into response container - result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode()); - result.setCertificateCheckCode(firstSig.getCertificateCheck().getCode()); + result.setSignatureCheckCode(resp.getSignatureCheck().getCode()); + result.setCertificateCheckCode(resp.getCertificateCheck().getCode()); - if (firstSig.getSignerInfo() != null) { - result.setSigningDateTime(firstSig.getSignerInfo().getSigningTime()); + if (resp.getSignerInfo() != null) { + result.setSigningDateTime(resp.getSignerInfo().getSigningTime()); result - .setX509CertificateEncoded(firstSig.getSignerInfo().getSignerCertificate().getEncoded()); - result.setQualifiedCertificate(firstSig.getSignerInfo().isQualifiedCertificate()); + .setX509CertificateEncoded(resp.getSignerInfo().getSignerCertificate().getEncoded()); + result.setQualifiedCertificate(resp.getSignerInfo().isQualifiedCertificate()); - result.setPublicAuthority(firstSig.getSignerInfo().isPublicAuthority()); - result.setPublicAuthorityCode(firstSig.getSignerInfo().getPublicAuhtorityID()); + result.setPublicAuthority(resp.getSignerInfo().isPublicAuthority()); + result.setPublicAuthorityCode(resp.getSignerInfo().getPublicAuhtorityID()); } else { log.info("CMS or CAdES verification result contains no SignerInfo"); + } - + + + //TODO: add extended validation infos + result.setSignatureAlgorithmIdentifier(resp.getSignatureAlgorithm()); + result.setExtendedCertificateCheckResult(resp.getExtendedCertificateCheck()); + result.setFormValidationResults(resp.getAdESFormResults()); + return result; + } - + /** * Build a VerifyCMS-Siganture request for MOA-Sig. <br> * <br> |