aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2023-06-23 09:50:18 +0200
committerThomas <>2023-06-23 09:50:18 +0200
commit38bba13a16b041693850ddd1847adceba616d93b (patch)
treee9e8ff7fe114556224db135b2a42411f01bb5c28
parentad42c0d94412597de4b28e1dad292b49482e0f33 (diff)
downloadmoa-sig-38bba13a16b041693850ddd1847adceba616d93b.tar.gz
moa-sig-38bba13a16b041693850ddd1847adceba616d93b.tar.bz2
moa-sig-38bba13a16b041693850ddd1847adceba616d93b.zip
test(core): add some more PDF and PAdES validation checks
-rw-r--r--moaSig/moa-sig-lib/src/test/resources/data/ee.crt46
-rw-r--r--moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java43
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-corporate-light-02.crt27
-rw-r--r--moaSig/moa-sig/src/test/resources/testdata/pades/TestAmtssignatur_Sign.pdfbin0 -> 67794 bytes
4 files changed, 110 insertions, 6 deletions
diff --git a/moaSig/moa-sig-lib/src/test/resources/data/ee.crt b/moaSig/moa-sig-lib/src/test/resources/data/ee.crt
new file mode 100644
index 0000000..aec405b
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/test/resources/data/ee.crt
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIIMTCCBeWgAwIBAgIQDca62Dh9eRP0D2jYSKfJoTBBBgkqhkiG9w0BAQowNKAP
+MA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC
+ASAwgZ8xIzAhBgNVBAMMGlN3aXNzY29tIERpYW1hbnQgRVUgQ0EgNC4xMSUwIwYD
+VQQLDBxEaWdpdGFsIENlcnRpZmljYXRlIFNlcnZpY2VzMRgwFgYDVQRhDA9WQVRB
+VC1VNjQ3NDEyNDgxKjAoBgNVBAoMIVN3aXNzY29tIElUIFNlcnZpY2VzIEZpbmFu
+Y2UgUy5FLjELMAkGA1UEBhMCQVQwHhcNMjMwNjE0MTY1OTU1WhcNMjMwNjE0MTcw
+OTU0WjBpMSQwIgYDVQQFExtSQVM2M2UzZDg1OWE5ZjIyYjFlOWNhNjZkMjAxFDAS
+BgNVBAMMC0FsbWEgU3RlZ2VyMQ0wCwYDVQQqDARBbG1hMQ8wDQYDVQQEDAZTdGVn
+ZXIxCzAJBgNVBAYTAkFUMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA
+1WmVUoOx2YymRERHE4+SZZxFsYy/uQOXwJjIDNkxZ1Y1bbFB3GZju2QkMHf0ejXP
+XveT4ZtFz//kU/VFUvZtW+NEjcNinDQq6Qj1hKcIhj3gITs6qDhdpZQzNfujhXUF
+SA69laXIhN7YH7jur9aArP4UjnluDszjYBS9LvmF/CE/FMCSfIK5Yus8gy7L+8TT
+cjaK4a9xbnYwl+HnyhTPjCHJj5w6gB44Ivusx7WNmYHt4j4cADYetlr8L0lQ3QNj
+7DtSUdh9bq5b2WnajOAiuqGRt3FDluT87AoOVdfHxcsLO6PyF+1+mTdTbOQ6N/xy
+HFeXTv1mXEAdLGgzSLYM8tRYtLJF3f7VF2bjN+kpRkNzDmmVMPqdbped3z9OwLb+
+AJsqMgjTsQGnvsCrP/oemqp/Bzgr8Yc7cDhrVssLsJqSBCj0fazFXOkrZxiEOvAv
+641R2o2O9czYn1bENbd9QM8wgkuQCXdIuz6PtuopUk3E+TjWnF1G1r/cw9oIP78l
+AgMBAAGjggK0MIICsDCBpwYDVR0RBIGfMIGcpIGZMIGWMTEwLwYDVQQFEyhBSVMt
+NjBhZTQ5YWUtNTU3ZS00NjM2LWFiMTAtYTQzMmM2OWNhN2I5MSowKAYJYIV0AVOB
+SAAADBtSQVM2M2UzZDg1OWE5ZjIyYjFlOWNhNjZkMjAxGTAXBgNVBEEMEE1JRENI
+RUJXMFUxQTdVTzkxDDAKBgNVBCkMA04vQTEMMAoGA1UEDQwDTi9BMEQGA1UdEgQ9
+MDukOTA3MSQwIgYDVQQFExtaSW55ZXFndnA3aFpHUVdPMHFTNlB3QUFBR0kxDzAN
+BgNVBA0MBnBvcy5hZzAfBgNVHSMEGDAWgBRrSnzjpxw/4Lh+9jf4RgOUiQk6yzCB
+iwYIKwYBBQUHAQEEfzB9MD4GCCsGAQUFBzAChjJodHRwOi8vYWlhLnN3aXNzZGln
+aWNlcnQuY2gvc2Rjcy1kaWFtYW50NC4xLWV1LmNydDA7BggrBgEFBQcwAYYvaHR0
+cDovL29jc3Auc3dpc3NkaWdpY2VydC5jaC9zZGNzLWRpYW1hbnQ0LjEtZXUwUAYD
+VR0gBEkwRzAJBgcEAIvsQAECMDoGCGCFdAFTZAQBMC4wLAYIKwYBBQUHAgEWIGh0
+dHA6Ly93d3cuc3dpc3NkaWdpY2VydC5jaC9jcHMvMBQGA1UdJQQNMAsGCSqGSIb3
+LwEBBTB4BggrBgEFBQcBAwRsMGowCAYGBACORgEBMAgGBgQAjkYBBDATBgYEAI5G
+AQYwCQYHBACORgEGATA/BgYEAI5GAQUwNTAzFi1odHRwczovL3d3dy5zd2lzc2Rp
+Z2ljZXJ0LmNoL2RpYW1hbnQ0ZXUtbi5wZGYTAmVuMB0GA1UdDgQWBBTW0EoVfQ9Y
+285kFc+DksKA1NLcdzAOBgNVHQ8BAf8EBAMCBkAwQQYJKoZIhvcNAQEKMDSgDzAN
+BglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEg
+A4ICAQAfCi8y+q4K+s+T6tstzDMYq+bLXxGcTfv9IY0OCT2h1pSmgkiEv6DlrrbK
+mqjB3zfav1/2JveFa8DZ3jfbHkXaJz9gBcV+FwLFvomvr2zKibIfc5Y5d7X9vcNR
+e52NnIpTETYFMpUVPCyRwxsdRcz6rBDmk02AyLeiIhCbQCLZqpG5UCtsZgK1i0YQ
+vQuIxvMYEiJ9oiZS+bSgJX8Bqigi6tSmiFYVgOrISHZimQkOAFDVfLqU41W4pSU6
+rM6haKttqjTD512dWBa53i6qp+zJECCVQNo4TqdCG1ppuUxMnlvEepJj78FOHuUj
+xwQB+HUijprDFQBuMffBq42n3V+EWR1UaPWIGMsJobHrvpuLwjR6mZKAG/q7Hgba
+0vMkabaSJP3XibDpnJmHgwaqtoCDne3pcTFOBgzMd3i7JxFjCdQxFrWvXMdnCaU5
+RqbR8WtP/SjDTR+F/YgKOC8JjZt+pAg2WWMlUs83/HcbgvvNpjIdDxCotUU5dxq1
+FfVzBPg8U3yHPXdE2U9PqwEbJjJPqlHwOMDoGcIf/8CrPq1F25ShUqhL3fSVMP+e
+wUtGq98rN36bLURAz4TQB4hPGq/9f4N1R5HxEbrsLCq7pCRaYdOfFe5RPc+TIMqC
+pzRet1e8CJogXw8i66OFTqV1lYh5lVIe8oce7+kvTaZ/te3S9g==
+-----END CERTIFICATE-----
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
index e210ddf..9cee722 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
@@ -11,6 +11,7 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
+import java.util.Base64;
import java.util.Date;
import org.apache.commons.io.IOUtils;
@@ -88,7 +89,6 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
}
- @Ignore
@Test
public void basicValidationCadesSignature() throws MOAException, IOException {
final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
@@ -124,7 +124,6 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
}
- @Ignore
@Test
public void extendedValidationCadesSignature() throws MOAException, IOException {
final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
@@ -163,7 +162,9 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck());
assertEquals("ext. val major", 1, cmsResult.getExtendedCertificateCheck().getMajorCode());
- assertEquals("ext. val major", 24, cmsResult.getExtendedCertificateCheck().getMinorCode());
+
+ // because was signed by using SHA1 after xxxx
+ assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMinorCode());
assertNotNull("byteRange", cmsResult.getByteRangeOfSignature());
assertEquals("used sig alg", "SHA1withRSA", cmsResult.getSignatureAlgorithm());
@@ -202,11 +203,38 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
// perform test
final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
-
+
// verify result
assertNotNull("verification result", result);
+ final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result
+ .getResponseElements().get(0);
+ assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode());
+ assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode());
+
+ assertTrue("Amtssignatur", cmsResult.getSignerInfo().isPublicAuthority());
+ assertEquals("Amtssignatur", "L4AL", cmsResult.getSignerInfo().getPublicAuhtorityID());
+
+ assertFalse("QC", cmsResult.getSignerInfo().isQualifiedCertificate());
+ assertFalse("SSCD", cmsResult.getSignerInfo().isSSCD());
+
+ assertEquals("CountryCode", "AT", cmsResult.getSignerInfo().getIssuerCountryCode());
+
+ assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck());
+ assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode());
+ // it's no valid CAdES signature because it does not include SignatureCertificateInfo extension
+ assertEquals("ext. val major", 13, cmsResult.getExtendedCertificateCheck().getMinorCode());
+
+ assertNotNull("form val. result", cmsResult.getAdESFormResults());
+ assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size());
+
+ //it's not valid because it's no CAdES signature, it's a "adbe.pkcs7.detached"
+ for (final Object el : cmsResult.getAdESFormResults()) {
+ assertEquals("Find wrong form val status", 2, ((AdESFormResults) el).getCode().longValue());
+
+ }
+
}
@Ignore
@@ -224,8 +252,11 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
// verify result
assertNotNull("verification result", result);
-
-
+ final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result
+ .getResponseElements().get(0);
+ assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode());
+ assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode());
+ assertEquals("Amtssignatur", "", cmsResult.getSignerInfo().getPublicAuhtorityID());
}
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-corporate-light-02.crt b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-corporate-light-02.crt
new file mode 100644
index 0000000..717466c
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-corporate-light-02.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEizCCA3OgAwIBAgIDFTtJMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0xNDA5MDUxMzQwMTVa
+Fw0yNDA5MDUxMTQwMTVaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw
+IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM
+LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS
+dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS
+p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/
+vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O
+sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G
+A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9
+KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk
+YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz
+dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz
+cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQAT
+LnGyoe38+pkybrpLl/b3htAvX6nePU6rFPFS9P2NK+hG5yV8gfMdHdeEaKICVbhI
+Y8LFt5fF74GPFhEFT+6YiBJXFFZG229FbIPcVWReRl2XrFKJlRP/1eZyvqpxD1WE
+SqN73MKGwgpUSPzRESHAtAODl/baRn/M4Xpb+MChVI6BoMdo/08FeSZPbT7N63dm
+/Da3+Ywx84D40NKdoORu2yPUs8nMzeQVCnx7Lb9U7HRSR7wXgZrhwtULsrENRY0T
+tq/+o4sOWzs/NgZyEg6mmOAK4K5Vup3mikIMyF7Z92RwmsaMM6We/vIcc6DlWbKw
+WKniHZNw5/6aZAj4GX0R
+-----END CERTIFICATE-----
diff --git a/moaSig/moa-sig/src/test/resources/testdata/pades/TestAmtssignatur_Sign.pdf b/moaSig/moa-sig/src/test/resources/testdata/pades/TestAmtssignatur_Sign.pdf
new file mode 100644
index 0000000..bdc6fe3
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/testdata/pades/TestAmtssignatur_Sign.pdf
Binary files differ