summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java')
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java151
1 files changed, 128 insertions, 23 deletions
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 854718e5..79f39e65 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -2,8 +2,10 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -19,11 +21,16 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument;
import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -69,13 +76,20 @@ public class SignatureVerificationService extends AbstractSignatureService
@Nullable
public ICmsSignatureVerificationResponse verifyCmsSignature(final byte[] signature,
final String trustProfileID) throws MoaSigServiceException {
+ return verifyCmsSignature(signature, trustProfileID, false);
+
+ }
+
+ @Override
+ public ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID,
+ boolean performExtendedValidation) throws MoaSigServiceException {
try {
// setup context
setUpContexts(Thread.currentThread().getName());
// verify signature
final VerifyCMSSignatureRequest cmsSigVerifyReq =
- buildVerfifyCmsRequest(signature, trustProfileID, false, false);
+ buildVerfifyCmsRequest(signature, trustProfileID, false, performExtendedValidation);
final VerifyCMSSignatureResponse cmsSigVerifyResp =
cadesInvoker.verifyCMSSignature(cmsSigVerifyReq);
return parseCmsVerificationResult(cmsSigVerifyResp);
@@ -93,9 +107,43 @@ public class SignatureVerificationService extends AbstractSignatureService
tearDownContexts();
}
-
}
+
+ @Override
+ public List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID)
+ throws MoaSigServiceException {
+ return verifyPdfSignature(pdf, trustProfileID, false);
+
+ }
+
+ @Override
+ public List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID,
+ boolean performExtendedValidation) throws MoaSigServiceException {
+ try {
+ // setup context
+ setUpContexts(Thread.currentThread().getName());
+
+ // verify signature
+ final VerifyCMSSignatureResponse cmsSigVerifyResp = cadesInvoker.verifyCMSSignature(
+ buildVerfifyCmsRequest(pdf, trustProfileID, true, performExtendedValidation));
+
+ return parsePdfVerificationResult(cmsSigVerifyResp);
+
+ } catch (final MOAException e) {
+ log.warn("PDF signature verification has an error.", e);
+ throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e);
+
+ } catch (final CertificateEncodingException e) {
+ log.warn("Can NOT serialize X509 certificate from PDF/PAdES signature-verification response",
+ e);
+ throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e);
+ } finally {
+ tearDownContexts();
+
+ }
+ }
+
/*
* (non-Javadoc)
*
@@ -106,7 +154,7 @@ public class SignatureVerificationService extends AbstractSignatureService
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID) throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null,
- Collections.EMPTY_MAP);
+ Collections.emptyMap());
}
@@ -122,7 +170,7 @@ public class SignatureVerificationService extends AbstractSignatureService
final String trustProfileID, final List<String> verifyTransformsInfoProfileID)
throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID,
- DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP);
+ DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap());
}
/*
@@ -136,14 +184,14 @@ public class SignatureVerificationService extends AbstractSignatureService
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID, final String signatureLocationXpath)
throws MoaSigServiceException {
- return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.EMPTY_MAP);
+ return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.emptyMap());
}
@Override
public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
Date signingDate) throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, null,
- DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.EMPTY_MAP);
+ DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.emptyMap());
}
@@ -152,7 +200,7 @@ public class SignatureVerificationService extends AbstractSignatureService
final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation,
- signingDate, Collections.EMPTY_MAP);
+ signingDate, Collections.emptyMap());
}
@Override
@@ -208,33 +256,90 @@ public class SignatureVerificationService extends AbstractSignatureService
log.warn(
"CMS or CAdES signature contains more than one technical signatures. Only validate the first signature");
}
+
+ return (ICmsSignatureVerificationResponse) parseBasisSignatureInformation(
+ new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(),
+ (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0));
+ }
+
+ private List<IPdfSignatureVerificationResponse> parsePdfVerificationResult(
+ VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException {
+
+ List<IPdfSignatureVerificationResponse> result = new ArrayList<>();
+ if (cmsSigVerifyResp.getResponseElements() == null
+ || cmsSigVerifyResp.getResponseElements().isEmpty()) {
+ log.info("No CMS signature FOUND. ");
+
+ } else {
+ Iterator<?> it = cmsSigVerifyResp.getResponseElements().iterator();
+ while (it.hasNext()) {
+ VerifyCMSSignatureResponseElement el = (VerifyCMSSignatureResponseElement) it.next();
+ VerifyPdfSignatureResponse pdfSigResult =
+ (VerifyPdfSignatureResponse) parseBasisSignatureInformation(new VerifyPdfSignatureResponse(), el);
+
+ pdfSigResult.setSignatureCoversFullDocument(
+ el.getCoversFullDocument() != null
+ ? el.getCoversFullDocument() ? CoversFullDocument.YES : CoversFullDocument.NO
+ : CoversFullDocument.UNKNOWN);
+ pdfSigResult.setByteRange(convertByteRanges(el.getByteRangeOfSignature()));
+ result.add(pdfSigResult);
+
+ }
+ }
+
+ return result;
+
+ }
+
+ private List<Pair<Integer, Integer>> convertByteRanges(int[] byteRangeOfSignature) {
+ List<Pair<Integer, Integer>> result = new ArrayList<>();
+
+ if (byteRangeOfSignature != null) {
+ for (int i = 0; i < byteRangeOfSignature.length / 2; i++) {
+ result.add(Pair.newInstance(
+ Integer.valueOf(byteRangeOfSignature[i]),
+ Integer.valueOf(byteRangeOfSignature[i + 1])));
+
+ }
+ } else {
+ log.debug("PDF signature-verification result contains no byte-range information");
+
+ }
+
+ return result;
+ }
- final VerifyCMSSignatureResponseElement firstSig =
- (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0);
-
- final at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse result =
- new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse();
-
+ private GenericSignatureVerificationResponse parseBasisSignatureInformation(
+ GenericSignatureVerificationResponse result, VerifyCMSSignatureResponseElement resp)
+ throws CertificateEncodingException {
// parse results into response container
- result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode());
- result.setCertificateCheckCode(firstSig.getCertificateCheck().getCode());
+ result.setSignatureCheckCode(resp.getSignatureCheck().getCode());
+ result.setCertificateCheckCode(resp.getCertificateCheck().getCode());
- if (firstSig.getSignerInfo() != null) {
- result.setSigningDateTime(firstSig.getSignerInfo().getSigningTime());
+ if (resp.getSignerInfo() != null) {
+ result.setSigningDateTime(resp.getSignerInfo().getSigningTime());
result
- .setX509CertificateEncoded(firstSig.getSignerInfo().getSignerCertificate().getEncoded());
- result.setQualifiedCertificate(firstSig.getSignerInfo().isQualifiedCertificate());
+ .setX509CertificateEncoded(resp.getSignerInfo().getSignerCertificate().getEncoded());
+ result.setQualifiedCertificate(resp.getSignerInfo().isQualifiedCertificate());
- result.setPublicAuthority(firstSig.getSignerInfo().isPublicAuthority());
- result.setPublicAuthorityCode(firstSig.getSignerInfo().getPublicAuhtorityID());
+ result.setPublicAuthority(resp.getSignerInfo().isPublicAuthority());
+ result.setPublicAuthorityCode(resp.getSignerInfo().getPublicAuhtorityID());
} else {
log.info("CMS or CAdES verification result contains no SignerInfo");
+
}
-
+
+
+ //TODO: add extended validation infos
+ result.setSignatureAlgorithmIdentifier(resp.getSignatureAlgorithm());
+ result.setExtendedCertificateCheckResult(resp.getExtendedCertificateCheck());
+ result.setFormValidationResults(resp.getAdESFormResults());
+
return result;
+
}
-
+
/**
* Build a VerifyCMS-Siganture request for MOA-Sig. <br>
* <br>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-11 21:00:19 +0000