package at.gv.egiz.eaaf.modules.sigverify.moasig.test.verify; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import java.io.IOException; import java.util.List; import org.apache.commons.io.IOUtils; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import ch.qos.logback.classic.Level; import ch.qos.logback.classic.Logger; import lombok.extern.slf4j.Slf4j; @Slf4j @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/moa-sig-service.beans.xml") @DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class SignatureVerificationServiceTest { @Autowired ISignatureVerificationService service; /** * jUnit class initializer. * * @throws IOException In case of an error * @throws ConfigurationException In case of an error */ @BeforeClass public static void moaSpssInitialize() throws IOException, ConfigurationException { log.info("Loading Java security providers."); final String current = new java.io.File(".").getCanonicalPath(); System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/config/moaspss_config/MOASPSSConfiguration.xml"); ((Logger) LoggerFactory.getLogger("at.gv.egovernment.moa")).setLevel(Level.DEBUG); ((Logger) LoggerFactory.getLogger("iaik.server")).setLevel(Level.INFO); ((Logger) LoggerFactory.getLogger("iaik.pki")).setLevel(Level.INFO); } /** * Reset MOA-SPSS configuration. */ @AfterClass public static void removeMoaSpssConfig() { System.setProperty("moa.spss.server.configuration", ""); } @Test public void unknownTrustProfile() throws IOException { // load signature byte[] signature = IOUtils.resourceToByteArray("/data/xml/zuse_sig_1.xml"); // start verification MoaSigServiceException exception = assertThrows(MoaSigServiceException.class, () -> service.verifyXmlSignature(signature, "notexist")); // verify state Assert.assertEquals("wrong exception", "service.moasig.03", exception.getErrorId()); } @Test public void simpleSignaturVerificationTest() throws MoaSigServiceException, IOException { // load signature byte[] signature = IOUtils.resourceToByteArray("/data/xml/zuse_sig_1.xml"); //start verification IXmlSignatureVerificationResponse result = service.verifyXmlSignature(signature, "MOAIDBuergerkarteAuthentisierungsDaten"); //verify result Assert.assertEquals("sig. checkCode", 0, result.getSignatureCheckCode()); Assert.assertEquals("cert. checkCode", 1, result.getCertificateCheckCode()); Assert.assertEquals("XML manifest. checkCode", 0, result.getXmlDsigManifestCheckCode()); Assert.assertEquals("manifest. checkCode", 0, result.getSignatureManifestCheckCode()); Assert.assertNotNull("X509Cert", result.getX509Certificate()); Assert.assertNotNull("X509Cert encoded", result.getX509CertificateEncoded()); Assert.assertFalse("PubAuthority flag", result.isPublicAuthority()); Assert.assertNull("PubAuthorityIdentifer", result.getPublicAuthorityCode()); Assert.assertFalse("qcCert flag", result.isQualifiedCertificate()); } @Test public void noCertPathByMissingX509Extensions() throws MoaSigServiceException, IOException { // load signature byte[] signature = IOUtils.resourceToByteArray("/data/zuse/signed-notification-with-pdf.xml"); //start verification IXmlSignatureVerificationResponse result = service.verifyXmlSignature(signature, "default-trustprofile"); //verify result Assert.assertEquals("cert. checkCode", 1, result.getCertificateCheckCode()); } @Test public void simplePdfSignatureTest() throws IOException, MoaSigServiceException { // load signature byte[] signature = IOUtils.resourceToByteArray( "/data/pades/Plugtest2019_ESIG-P_AT_SIT_Signature-P-AT_SIT-4.pdf"); List result = service.verifyPdfSignature(signature, "MOAIDBuergerkarteAuthentisierungsDaten"); assertNotNull("result", result); assertFalse("result is empty", result.isEmpty()); assertEquals("missing signature", 2, result.size()); assertNull("sigAlg 1", result.get(0).getSignatureAlgorithmIdentifier()); assertNull("formCheck 1", result.get(0).getExtendedCertificateValidation()); assertTrue("ext. certCheck 1", result.get(0).getFormValidationResults().isEmpty()); assertEquals("coversFullDoc 1", CoversFullDocument.UNKNOWN, result.get(0).getSignatureCoversFullDocument()); assertNull("SigAlg 2", result.get(1).getSignatureAlgorithmIdentifier()); assertNull("formCheck 2", result.get(1).getExtendedCertificateValidation()); assertTrue("ext. certCheck 2", result.get(1).getFormValidationResults().isEmpty()); assertEquals("coversFullDoc 2", CoversFullDocument.UNKNOWN, result.get(1).getSignatureCoversFullDocument()); } @Test public void extendedPdfSignatureTest() throws IOException, MoaSigServiceException { // load signature byte[] signature = IOUtils.resourceToByteArray( "/data/pades/Plugtest2019_ESIG-P_AT_SIT_Signature-P-AT_SIT-4.pdf"); List result = service.verifyPdfSignature(signature, "MOAIDBuergerkarteAuthentisierungsDaten", true); assertNotNull("result", result); assertFalse("result is empty", result.isEmpty()); assertEquals("missing signature", 2, result.size()); assertEquals("sigCheckCode", 0, result.get(0).getSignatureCheckCode()); assertEquals("certCheckCode", 0, result.get(0).getCertificateCheckCode()); assertNotNull("sigAlg 1", result.get(0).getSignatureAlgorithmIdentifier()); assertNotNull("formCheck 1", result.get(0).getExtendedCertificateValidation()); assertFalse("ext. certCheck 1", result.get(0).getFormValidationResults().isEmpty()); assertEquals("coversFullDoc 1", CoversFullDocument.NO, result.get(0).getSignatureCoversFullDocument()); //valid ext. cert result assertEquals("ext. cert. check code", 2, result.get(0).getExtendedCertificateValidation().getMajorResult().getCode()); assertEquals("ext. cert. check info", "INDETERMINATE", result.get(0).getExtendedCertificateValidation().getMajorResult().getInfo()); assertEquals("ext. cert. check code", 24, result.get(0).getExtendedCertificateValidation().getMinorResult().getCode()); assertEquals("ext. cert. check info", "ERROR", result.get(0).getExtendedCertificateValidation().getMinorResult().getInfo()); //validate form-check result assertEquals("ext. formcheck size", 4, result.get(0).getFormValidationResults().size()); assertEquals("wrong PAdES-B Code", 0, result.get(0).getFormValidationResults().stream() .filter(el -> el.getInfo().equals("B-B")) .findFirst() .get().getCode()); result.get(0).getFormValidationResults().stream() .filter(el -> !el.getInfo().equals("B-B")) .forEach(el -> assertEquals("wrong form check-code", 2, el.getCode())); assertNotNull("SigAlg 2", result.get(1).getSignatureAlgorithmIdentifier()); assertNotNull("formCheck 2", result.get(1).getExtendedCertificateValidation()); assertFalse("ext. certCheck 2", result.get(1).getFormValidationResults().isEmpty()); assertEquals("coversFullDoc 2", CoversFullDocument.YES, result.get(1).getSignatureCoversFullDocument()); } }