From 458817bd97058c5a975006dca45cdfe6eead07b5 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 8 Apr 2021 10:48:50 +0200 Subject: add new verification methods into MOA-Sig module to verify PAdES documents and to perform extended validation --- .../moasig/api/ISignatureVerificationService.java | 47 ++++++- .../IGenericSignatureVerificationResponse.java | 36 ++++- .../data/IPdfSignatureVerificationResponse.java | 29 ++++ .../moasig/impl/SignatureVerificationService.java | 151 +++++++++++++++++---- .../data/GenericSignatureVerificationResponse.java | 146 +++++++++++++------- .../impl/data/VerifyCmsSignatureResponse.java | 4 + .../impl/data/VerifyPdfSignatureResponse.java | 30 ++++ .../impl/data/VerifyXmlSignatureResponse.java | 88 +----------- .../parser/VerifyXmlSignatureResponseParser.java | 9 +- 9 files changed, 377 insertions(+), 163 deletions(-) create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java (limited to 'eaaf_modules/eaaf_module_moa-sig/src/main') diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java index e4577cae..1a0df63c 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java @@ -5,6 +5,7 @@ import java.util.List; import java.util.Map; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; @@ -18,13 +19,57 @@ public interface ISignatureVerificationService { * * @param signature Enveloped CMS or CAdES signature * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @return @link {@link ICmsSignatureVerificationResponse}, or null if no + * @return {@link ICmsSignatureVerificationResponse}, or null if no * signature was found * @throws MoaSigServiceException on signatue-verification error */ ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID) throws MoaSigServiceException; + /** + * Verify a CAdES or CMS signature.
+ *
+ * This method only validates the first CMS or CAdES signature if more than + * one signature exists + * + * @param signature Enveloped CMS or CAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param performExtendedValidation If true than MOA-Sig perform extended validation on this signature. + * @return {@link ICmsSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException; + + + /** + * Verify a PAdES or PDF signature. + * + * @param pdf PDF document + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @return {@link List} of {@link IPdfSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + List verifyPdfSignature(byte[] pdf, String trustProfileID) + throws MoaSigServiceException; + + + /** + * Verify a PAdES or PDF signature. + * + * @param pdf PDF document + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param performExtendedValidation If true than MOA-Sig perform extended validation on this signature. + * @return {@link List} of {@link IPdfSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + List verifyPdfSignature(byte[] pdf, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException; + + /** * Verify a XML or XAdES signature.
*
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java index e7de6958..8e8511fa 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java @@ -1,11 +1,15 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; import java.util.Date; +import java.util.List; -import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import javax.annotation.Nonnull; import org.springframework.lang.Nullable; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse.ExtendedCertificateValidation; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse.ExtendedResult; import iaik.x509.X509Certificate; public interface IGenericSignatureVerificationResponse { @@ -72,4 +76,34 @@ public interface IGenericSignatureVerificationResponse { @Nullable String getPublicAuthorityCode(); + + /** + * Return the signature-algorithm that was used for signing or null if no result exists. + *
+ *

This result requires extended validation.

+ * + * @return + */ + @Nullable + String getSignatureAlgorithmIdentifier(); + + /** + * Return the extended certificate-validation result or null if no result exists. + *
+ *

This result requires extended validation.

+ * + * @return + */ + @Nullable + ExtendedCertificateValidation getExtendedCertificateValidation(); + + /** + * Return the form-validation result or an empty list if no result exists. + *
+ *

This result requires extended validation.

+ * + * @return + */ + @Nonnull + List getFormValidationResults(); } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java new file mode 100644 index 00000000..1bf2d7b2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java @@ -0,0 +1,29 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; + +import java.util.List; + +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument; + +/** + * PDF specific signature-verification response. + * + * @author tlenz + * + */ +public interface IPdfSignatureVerificationResponse extends IGenericSignatureVerificationResponse { + + /** + * Flag if signature covers the full pdf-document. + * + * @return + */ + CoversFullDocument getSignatureCoversFullDocument(); + + /** + * PDF signing ranges as {@link List} of {@link Pair} of starting-byte and byte-length. + * + * @return + */ + List> getByteRange(); +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java index 854718e5..79f39e65 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -2,8 +2,10 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; import java.io.ByteArrayInputStream; import java.security.cert.CertificateEncodingException; +import java.util.ArrayList; import java.util.Collections; import java.util.Date; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -19,11 +21,16 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException; import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument; import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -69,13 +76,20 @@ public class SignatureVerificationService extends AbstractSignatureService @Nullable public ICmsSignatureVerificationResponse verifyCmsSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { + return verifyCmsSignature(signature, trustProfileID, false); + + } + + @Override + public ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException { try { // setup context setUpContexts(Thread.currentThread().getName()); // verify signature final VerifyCMSSignatureRequest cmsSigVerifyReq = - buildVerfifyCmsRequest(signature, trustProfileID, false, false); + buildVerfifyCmsRequest(signature, trustProfileID, false, performExtendedValidation); final VerifyCMSSignatureResponse cmsSigVerifyResp = cadesInvoker.verifyCMSSignature(cmsSigVerifyReq); return parseCmsVerificationResult(cmsSigVerifyResp); @@ -93,9 +107,43 @@ public class SignatureVerificationService extends AbstractSignatureService tearDownContexts(); } - } + + @Override + public List verifyPdfSignature(byte[] pdf, String trustProfileID) + throws MoaSigServiceException { + return verifyPdfSignature(pdf, trustProfileID, false); + + } + + @Override + public List verifyPdfSignature(byte[] pdf, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException { + try { + // setup context + setUpContexts(Thread.currentThread().getName()); + + // verify signature + final VerifyCMSSignatureResponse cmsSigVerifyResp = cadesInvoker.verifyCMSSignature( + buildVerfifyCmsRequest(pdf, trustProfileID, true, performExtendedValidation)); + + return parsePdfVerificationResult(cmsSigVerifyResp); + + } catch (final MOAException e) { + log.warn("PDF signature verification has an error.", e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); + + } catch (final CertificateEncodingException e) { + log.warn("Can NOT serialize X509 certificate from PDF/PAdES signature-verification response", + e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); + } finally { + tearDownContexts(); + + } + } + /* * (non-Javadoc) * @@ -106,7 +154,7 @@ public class SignatureVerificationService extends AbstractSignatureService public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, - Collections.EMPTY_MAP); + Collections.emptyMap()); } @@ -122,7 +170,7 @@ public class SignatureVerificationService extends AbstractSignatureService final String trustProfileID, final List verifyTransformsInfoProfileID) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, - DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP); + DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap()); } /* @@ -136,14 +184,14 @@ public class SignatureVerificationService extends AbstractSignatureService public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final String signatureLocationXpath) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.EMPTY_MAP); + return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.emptyMap()); } @Override public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, Date signingDate) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, null, - DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.EMPTY_MAP); + DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.emptyMap()); } @@ -152,7 +200,7 @@ public class SignatureVerificationService extends AbstractSignatureService final String trustProfileID, final List verifyTransformsInfoProfileID, final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation, - signingDate, Collections.EMPTY_MAP); + signingDate, Collections.emptyMap()); } @Override @@ -208,33 +256,90 @@ public class SignatureVerificationService extends AbstractSignatureService log.warn( "CMS or CAdES signature contains more than one technical signatures. Only validate the first signature"); } + + return (ICmsSignatureVerificationResponse) parseBasisSignatureInformation( + new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(), + (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0)); + } + + private List parsePdfVerificationResult( + VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException { + + List result = new ArrayList<>(); + if (cmsSigVerifyResp.getResponseElements() == null + || cmsSigVerifyResp.getResponseElements().isEmpty()) { + log.info("No CMS signature FOUND. "); + + } else { + Iterator it = cmsSigVerifyResp.getResponseElements().iterator(); + while (it.hasNext()) { + VerifyCMSSignatureResponseElement el = (VerifyCMSSignatureResponseElement) it.next(); + VerifyPdfSignatureResponse pdfSigResult = + (VerifyPdfSignatureResponse) parseBasisSignatureInformation(new VerifyPdfSignatureResponse(), el); + + pdfSigResult.setSignatureCoversFullDocument( + el.getCoversFullDocument() != null + ? el.getCoversFullDocument() ? CoversFullDocument.YES : CoversFullDocument.NO + : CoversFullDocument.UNKNOWN); + pdfSigResult.setByteRange(convertByteRanges(el.getByteRangeOfSignature())); + result.add(pdfSigResult); + + } + } + + return result; + + } + + private List> convertByteRanges(int[] byteRangeOfSignature) { + List> result = new ArrayList<>(); + + if (byteRangeOfSignature != null) { + for (int i = 0; i < byteRangeOfSignature.length / 2; i++) { + result.add(Pair.newInstance( + Integer.valueOf(byteRangeOfSignature[i]), + Integer.valueOf(byteRangeOfSignature[i + 1]))); + + } + } else { + log.debug("PDF signature-verification result contains no byte-range information"); + + } + + return result; + } - final VerifyCMSSignatureResponseElement firstSig = - (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0); - - final at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse result = - new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(); - + private GenericSignatureVerificationResponse parseBasisSignatureInformation( + GenericSignatureVerificationResponse result, VerifyCMSSignatureResponseElement resp) + throws CertificateEncodingException { // parse results into response container - result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode()); - result.setCertificateCheckCode(firstSig.getCertificateCheck().getCode()); + result.setSignatureCheckCode(resp.getSignatureCheck().getCode()); + result.setCertificateCheckCode(resp.getCertificateCheck().getCode()); - if (firstSig.getSignerInfo() != null) { - result.setSigningDateTime(firstSig.getSignerInfo().getSigningTime()); + if (resp.getSignerInfo() != null) { + result.setSigningDateTime(resp.getSignerInfo().getSigningTime()); result - .setX509CertificateEncoded(firstSig.getSignerInfo().getSignerCertificate().getEncoded()); - result.setQualifiedCertificate(firstSig.getSignerInfo().isQualifiedCertificate()); + .setX509CertificateEncoded(resp.getSignerInfo().getSignerCertificate().getEncoded()); + result.setQualifiedCertificate(resp.getSignerInfo().isQualifiedCertificate()); - result.setPublicAuthority(firstSig.getSignerInfo().isPublicAuthority()); - result.setPublicAuthorityCode(firstSig.getSignerInfo().getPublicAuhtorityID()); + result.setPublicAuthority(resp.getSignerInfo().isPublicAuthority()); + result.setPublicAuthorityCode(resp.getSignerInfo().getPublicAuhtorityID()); } else { log.info("CMS or CAdES verification result contains no SignerInfo"); + } - + + + //TODO: add extended validation infos + result.setSignatureAlgorithmIdentifier(resp.getSignatureAlgorithm()); + result.setExtendedCertificateCheckResult(resp.getExtendedCertificateCheck()); + result.setFormValidationResults(resp.getAdESFormResults()); + return result; + } - + /** * Build a VerifyCMS-Siganture request for MOA-Sig.
*
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java index 52fedb62..28501c54 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java @@ -2,23 +2,30 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; import java.io.Serializable; import java.security.cert.CertificateException; +import java.util.ArrayList; import java.util.Date; +import java.util.List; import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IGenericSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; +import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; import iaik.x509.X509Certificate; - +import lombok.Builder; +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Getter +@Setter public class GenericSignatureVerificationResponse implements IGenericSignatureVerificationResponse, Serializable { private static final long serialVersionUID = -7751001050689401118L; - private static final Logger log = - LoggerFactory.getLogger(GenericSignatureVerificationResponse.class); /** The signing time. */ private Date signingDateTime; @@ -39,7 +46,16 @@ public class GenericSignatureVerificationResponse private boolean qualifiedCertificate; private byte[] x509CertificateEncoded; - + + /** + * Identifier of the signing algorithm. + */ + private String signatureAlgorithmIdentifier; + + private ExtendedCertificateValidation extendedCertificateValidation; + + private List formValidationResults = new ArrayList<>(); + @Override public Date getSigningDateTime() { if (this.signingDateTime != null) { @@ -49,24 +65,6 @@ public class GenericSignatureVerificationResponse } - @Override - public int getSignatureCheckCode() { - return this.signatureCheckCode; - - } - - @Override - public int getCertificateCheckCode() { - return this.certificateCheckCode; - - } - - @Override - public boolean isQualifiedCertificate() { - return this.qualifiedCertificate; - - } - @Override public X509Certificate getX509Certificate() throws MoaSigServiceException { if (x509CertificateEncoded != null) { @@ -95,12 +93,6 @@ public class GenericSignatureVerificationResponse } - @Override - public boolean isPublicAuthority() { - return this.publicAuthority; - - } - @Override public String getPublicAuthorityCode() { if (StringUtils.isNotEmpty(this.publicAuthorityCode)) { @@ -124,26 +116,6 @@ public class GenericSignatureVerificationResponse } } - public void setSignatureCheckCode(final int signatureCheckCode) { - this.signatureCheckCode = signatureCheckCode; - } - - public void setCertificateCheckCode(final int certificateCheckCode) { - this.certificateCheckCode = certificateCheckCode; - } - - public void setPublicAuthority(final boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - public void setPublicAuthorityCode(final String publicAuthorityCode) { - this.publicAuthorityCode = publicAuthorityCode; - } - - public void setQualifiedCertificate(final boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - /** * Set encoded signer certificate. * @@ -156,4 +128,78 @@ public class GenericSignatureVerificationResponse } } + /** + * Set extended certificate-validation result. + * + * @param extendedCertificateCheck Extended result from MOA-Sig + */ + public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extendedCertificateCheck) { + if (extendedCertificateCheck != null) { + this.extendedCertificateValidation = ExtendedCertificateValidation.builder() + .majorResult(ExtendedResult.builder() + .code(extendedCertificateCheck.getMajorCode()) + .info(extendedCertificateCheck.getMajorInfo()) + .build()) + .minorResult(ExtendedResult.builder() + .code(extendedCertificateCheck.getMinorCode()) + .info(extendedCertificateCheck.getMinorInfo()) + .build()) + .build(); + + } else { + log.debug("No extended verification-result. Skipping certificate-result extraction ... "); + + } + } + + /** + * Set form-validation result. + * + * @param formCheckResult Extended form-validation result from MOA-Sig + */ + public void setFormValidationResults(List formCheckResult) { + if (formCheckResult != null) { + for (Object elObj : formCheckResult) { + if (elObj instanceof AdESFormResults) { + AdESFormResults el = (AdESFormResults)elObj; + formValidationResults.add(ExtendedResult.builder() + .code(el.getCode()) + .info(el.getName()) + .build()); + + } else { + log.warn("Skip unknown form-validation result of type: {}", elObj.getClass().getName()); + + } + } + + } else { + log.debug("No extended verification-result. Skipping form-validation result extraction ... "); + + } + + } + + @Getter + @Builder + public static class ExtendedCertificateValidation implements Serializable { + + private static final long serialVersionUID = -7800026008655393276L; + + private ExtendedResult majorResult; + private ExtendedResult minorResult; + + } + + @Getter + @Builder + public static class ExtendedResult implements Serializable { + + private static final long serialVersionUID = 8523769744476971010L; + + private int code; + private String info; + + } + } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java index 244aa223..a812db56 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java @@ -1,7 +1,11 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import lombok.Getter; +import lombok.Setter; +@Getter +@Setter public class VerifyCmsSignatureResponse extends GenericSignatureVerificationResponse implements ICmsSignatureVerificationResponse { diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java new file mode 100644 index 00000000..740ac55a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java @@ -0,0 +1,30 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; + +import java.util.List; + +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse; +import lombok.Getter; +import lombok.Setter; + +@Getter +@Setter +public class VerifyPdfSignatureResponse extends VerifyCmsSignatureResponse + implements IPdfSignatureVerificationResponse { + + private static final long serialVersionUID = 1835687958341837826L; + + /** + * Flag if signature covers the full pdf-document. + */ + private CoversFullDocument signatureCoversFullDocument = CoversFullDocument.UNKNOWN; + + /** + * PDF signing ranges as {@link List} of {@link Pair} of starting-byte and byte-length. + */ + private List> byteRange; + + + public enum CoversFullDocument { YES, NO, UNKNOWN } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java index cbce53b7..4021a90b 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java @@ -1,6 +1,8 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import lombok.Getter; +import lombok.Setter; /** * MOA-Sig signature verification response for XML based signatures. @@ -9,6 +11,8 @@ import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificati * */ +@Getter +@Setter public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResponse implements IXmlSignatureVerificationResponse { @@ -28,88 +32,4 @@ public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResp */ private int signatureManifestCheckCode = -1; - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * getXmlDSIGManifestCheckCode() - */ - @Override - public int getXmlDsigManifestCheckCode() { - return xmlDsigManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * getXmlDsigSubjectName() - */ - @Override - public String getXmlDsigSubjectName() { - return xmlDsigSubjectName; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setXmlDSIGManifestCheckCode( int) - */ - public void setXmlDsigManifestCheckCode(final int xmlDsigManifestCheckCode) { - this.xmlDsigManifestCheckCode = xmlDsigManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setXmlDsigSubjectName(java.lang .String) - */ - public void setXmlDsigSubjectName(final String xmlDsigSubjectName) { - this.xmlDsigSubjectName = xmlDsigSubjectName; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * isXmlDSIGManigest() - */ - @Override - public boolean isXmlDsigManigest() { - return xmlDsigManigest; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setXmlDSIGManigest(boolean) - */ - public void setXmlDsigManigest(final boolean xmlDsigManigest) { - this.xmlDsigManigest = xmlDsigManigest; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * getSignatureManifestCheckCode() - */ - @Override - public int getSignatureManifestCheckCode() { - return signatureManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setSignatureManifestCheckCode( int) - */ - public void setSignatureManifestCheckCode(final int signatureManifestCheckCode) { - this.signatureManifestCheckCode = signatureManifestCheckCode; - } - } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java index b7fc8200..746b5461 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java @@ -5,8 +5,6 @@ import java.io.InputStream; import org.joda.time.DateTime; import org.joda.time.format.ISODateTimeFormat; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.lang.NonNull; import org.w3c.dom.Element; @@ -19,9 +17,10 @@ import at.gv.egovernment.moaspss.util.DOMUtils; import at.gv.egovernment.moaspss.util.XPathUtils; import iaik.utils.Base64InputStream; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class VerifyXmlSignatureResponseParser { - private static final Logger log = LoggerFactory.getLogger(VerifyXmlSignatureResponseParser.class); // // XPath namespace prefix shortcuts @@ -180,7 +179,9 @@ public class VerifyXmlSignatureResponseParser { respData.setSigningDateTime(datetime.toDate()); } - + + //TODO: parse extended validation results + return respData; } catch (final Throwable t) { -- cgit v1.2.3