From 458817bd97058c5a975006dca45cdfe6eead07b5 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 8 Apr 2021 10:48:50 +0200
Subject: add new verification methods into MOA-Sig module to verify PAdES
 documents and to perform extended validation

---
 .../verify/SignatureVerificationServiceTest.java   | 106 +++++++++++++++++++++
 1 file changed, 106 insertions(+)

(limited to 'eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceTest.java')

diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceTest.java b/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceTest.java
index 5066d220..71c4b1af 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceTest.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceTest.java
@@ -1,8 +1,14 @@
 package at.gv.egiz.eaaf.modules.sigverify.moasig.test.verify;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
 
 import java.io.IOException;
+import java.util.List;
 
 import org.apache.commons.io.IOUtils;
 import org.junit.AfterClass;
@@ -10,6 +16,7 @@ import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.annotation.DirtiesContext.ClassMode;
@@ -17,9 +24,13 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse;
 import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
 import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException;
+import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import ch.qos.logback.classic.Level;
+import ch.qos.logback.classic.Logger;
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
@@ -43,6 +54,10 @@ public class SignatureVerificationServiceTest {
     System.setProperty("moa.spss.server.configuration",
         current + "/src/test/resources/config/moaspss_config/MOASPSSConfiguration.xml");
 
+    ((Logger) LoggerFactory.getLogger("at.gv.egovernment.moa")).setLevel(Level.DEBUG);
+    ((Logger) LoggerFactory.getLogger("iaik.server")).setLevel(Level.INFO);
+    ((Logger) LoggerFactory.getLogger("iaik.pki")).setLevel(Level.INFO);
+    
   }
   
   /**
@@ -92,5 +107,96 @@ public class SignatureVerificationServiceTest {
     Assert.assertFalse("qcCert flag", result.isQualifiedCertificate());
     
   }
+  
+  @Test
+  public void noCertPathByMissingX509Extensions() throws MoaSigServiceException, IOException {
+    // load signature
+    byte[] signature = IOUtils.resourceToByteArray("/data/zuse/signed-notification-with-pdf.xml");
+        
+    //start verification
+    IXmlSignatureVerificationResponse result = 
+        service.verifyXmlSignature(signature, "default-trustprofile");
+    
+    //verify result
+    Assert.assertEquals("cert. checkCode", 1, result.getCertificateCheckCode());
+    
+  }
+  
+  @Test
+  public void simplePdfSignatureTest() throws IOException, MoaSigServiceException {
+    // load signature
+    byte[] signature = IOUtils.resourceToByteArray(
+        "/data/pades/Plugtest2019_ESIG-P_AT_SIT_Signature-P-AT_SIT-4.pdf");
+    
+    List<IPdfSignatureVerificationResponse> result = 
+        service.verifyPdfSignature(signature, "MOAIDBuergerkarteAuthentisierungsDaten");
+    
+    assertNotNull("result", result);
+    assertFalse("result is empty", result.isEmpty());
+    assertEquals("missing signature", 2, result.size());
+    
+    assertNull("sigAlg 1", result.get(0).getSignatureAlgorithmIdentifier());
+    assertNull("formCheck 1", result.get(0).getExtendedCertificateValidation());
+    assertTrue("ext. certCheck 1", result.get(0).getFormValidationResults().isEmpty());
+    assertEquals("coversFullDoc 1", CoversFullDocument.UNKNOWN, result.get(0).getSignatureCoversFullDocument());
+        
+    assertNull("SigAlg 2", result.get(1).getSignatureAlgorithmIdentifier());
+    assertNull("formCheck 2", result.get(1).getExtendedCertificateValidation());        
+    assertTrue("ext. certCheck 2", result.get(1).getFormValidationResults().isEmpty());
+    assertEquals("coversFullDoc 2", CoversFullDocument.UNKNOWN, result.get(1).getSignatureCoversFullDocument());
+    
+  }
+  
+  @Test
+  public void extendedPdfSignatureTest() throws IOException, MoaSigServiceException {
+    // load signature
+    byte[] signature = IOUtils.resourceToByteArray(
+        "/data/pades/Plugtest2019_ESIG-P_AT_SIT_Signature-P-AT_SIT-4.pdf");
+    
+    List<IPdfSignatureVerificationResponse> result = 
+        service.verifyPdfSignature(signature, "MOAIDBuergerkarteAuthentisierungsDaten", true);
+    
+    assertNotNull("result", result);
+    assertFalse("result is empty", result.isEmpty());
+    assertEquals("missing signature", 2, result.size());
+    
+    assertEquals("sigCheckCode", 0, result.get(0).getSignatureCheckCode());
+    assertEquals("certCheckCode", 0, result.get(0).getCertificateCheckCode());
+    
+    assertNotNull("sigAlg 1", result.get(0).getSignatureAlgorithmIdentifier());
+    assertNotNull("formCheck 1", result.get(0).getExtendedCertificateValidation());
+    assertFalse("ext. certCheck 1", result.get(0).getFormValidationResults().isEmpty());
+    assertEquals("coversFullDoc 1", CoversFullDocument.NO, result.get(0).getSignatureCoversFullDocument());
+    
+    //valid ext. cert result
+    assertEquals("ext. cert. check code", 2, 
+        result.get(0).getExtendedCertificateValidation().getMajorResult().getCode());
+    assertEquals("ext. cert. check info", "INDETERMINATE", 
+        result.get(0).getExtendedCertificateValidation().getMajorResult().getInfo());
+    assertEquals("ext. cert. check code", 24, 
+        result.get(0).getExtendedCertificateValidation().getMinorResult().getCode());
+    assertEquals("ext. cert. check info", "ERROR", 
+        result.get(0).getExtendedCertificateValidation().getMinorResult().getInfo());
+    
+    
+    //validate form-check result
+    assertEquals("ext. formcheck size", 4, result.get(0).getFormValidationResults().size());
+    assertEquals("wrong PAdES-B Code", 0, result.get(0).getFormValidationResults().stream()
+        .filter(el -> el.getInfo().equals("B-B"))
+        .findFirst()
+        .get().getCode());
+    
+    result.get(0).getFormValidationResults().stream()
+      .filter(el -> !el.getInfo().equals("B-B"))
+      .forEach(el -> assertEquals("wrong form check-code", 2, el.getCode()));
+    
+    
+    assertNotNull("SigAlg 2", result.get(1).getSignatureAlgorithmIdentifier());
+    assertNotNull("formCheck 2", result.get(1).getExtendedCertificateValidation());        
+    assertFalse("ext. certCheck 2", result.get(1).getFormValidationResults().isEmpty());
+    assertEquals("coversFullDoc 2", CoversFullDocument.YES, result.get(1).getSignatureCoversFullDocument());
+    
+  }
     
 }
+
-- 
cgit v1.2.3