diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-03-24 11:08:57 +0000 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-03-24 11:08:57 +0000 |
commit | 666d8c9f8cec7573e60a14ab039c0874f6a9ec53 (patch) | |
tree | d9b2506506cf544ea3758322fd5488c913073427 /moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java | |
parent | d003a873fdeec22b1dd57d61590a12a1691ae137 (diff) | |
parent | cd65b47cc30e7119593bbb05afa48d4f896a4859 (diff) | |
download | moa-sig-666d8c9f8cec7573e60a14ab039c0874f6a9ec53.tar.gz moa-sig-666d8c9f8cec7573e60a14ab039c0874f6a9ec53.tar.bz2 moa-sig-666d8c9f8cec7573e60a14ab039c0874f6a9ec53.zip |
Merge branch 'feature/codestyle_and_gitlab_ci' into 'master'
Feature/codestyle and gitlab ci
See merge request egiz/moa-sig!1
Diffstat (limited to 'moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java')
-rw-r--r-- | moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java | 293 |
1 files changed, 150 insertions, 143 deletions
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java index 4dda99f..62ac1c8 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java @@ -1,5 +1,19 @@ package at.gv.egiz.asic.impl.verifier; +import java.io.IOException; +import java.security.DigestInputStream; +import java.security.MessageDigest; +import java.util.ArrayList; +import java.util.Date; +import java.util.Iterator; +import java.util.List; + +import javax.xml.bind.JAXB; + +import org.apache.commons.codec.binary.Hex; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.asic.ASiCManifestType; import at.gv.egiz.asic.DataObjectReferenceType; import at.gv.egiz.asic.api.ASiC; @@ -11,162 +25,155 @@ import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.SPSSFactory; -import at.gv.egovernment.moa.spss.api.cmsverify.*; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; -import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; -import org.apache.commons.codec.binary.Hex; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.xml.bind.JAXB; -import java.io.IOException; -import java.security.DigestInputStream; -import java.security.MessageDigest; -import java.util.ArrayList; -import java.util.Date; -import java.util.Iterator; -import java.util.List; /** * Created by Andreas Fitzek on 6/17/16. */ public class ExtendedCAdESVerifier extends CAdESVerifier { - private static final Logger logger = LoggerFactory.getLogger(ExtendedCAdESVerifier.class); + private static final Logger logger = LoggerFactory.getLogger(ExtendedCAdESVerifier.class); - @Override - public boolean handles(ASiC asic) { - return super.handles(asic) && ASiCFormat.ASiCE.equals(asic.getFormat()); - } + @Override + public boolean handles(ASiC asic) { + return super.handles(asic) && ASiCFormat.ASiCE.equals(asic.getFormat()); + } + + @Override + public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) + throws MOAException { + try { + final Iterator<ASiCEntry> informationsIterator = asic.getInformationEntries().iterator(); - @Override - public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) throws MOAException { - try { - Iterator<ASiCEntry> informationsIterator = asic.getInformationEntries().iterator(); + while (informationsIterator.hasNext()) { + final ASiCEntry informationEntry = informationsIterator.next(); + + if (informationEntry.getEntryName().startsWith("META-INF/") && informationEntry.getEntryName() + .endsWith(".xml") + && informationEntry.getEntryName().contains("ASiCManifest")) { + // Got ASiC Manifest + final ASiCManifestType asiCManifestType = JAXB.unmarshal(informationEntry.getContents(), + ASiCManifestType.class); + final String signatureName = asiCManifestType.getSigReference().getURI(); + + ASiCEntry cadesSignature = null; + + // find referenced signature + final Iterator<ASiCEntry> cadesSignatureIterator = asic.getSignaturesEntries().iterator(); + + while (cadesSignatureIterator.hasNext()) { + final ASiCEntry tmpCadesSignature = cadesSignatureIterator.next(); + if (signatureName.equalsIgnoreCase(tmpCadesSignature.getEntryName())) { + cadesSignature = tmpCadesSignature; + break; + } + } - while (informationsIterator.hasNext()) { - ASiCEntry informationEntry = informationsIterator.next(); - - if (informationEntry.getEntryName().startsWith("META-INF/") && informationEntry.getEntryName().endsWith(".xml") - && informationEntry.getEntryName().contains("ASiCManifest")) { - // Got ASiC Manifest - ASiCManifestType asiCManifestType = JAXB.unmarshal(informationEntry.getContents(), ASiCManifestType.class); - String signatureName = asiCManifestType.getSigReference().getURI(); - - ASiCEntry cadesSignature = null; - - // find referenced signature - Iterator<ASiCEntry> cadesSignatureIterator = asic.getSignaturesEntries().iterator(); - - while (cadesSignatureIterator.hasNext()) { - ASiCEntry tmpCadesSignature = cadesSignatureIterator.next(); - if (signatureName.equalsIgnoreCase(tmpCadesSignature.getEntryName())) { - cadesSignature = tmpCadesSignature; - break; - } - } - - if (cadesSignature == null) { - throw new MOAApplicationException("asic.0004", new Object[]{signatureName}); - } - - // verify all references - - boolean allReferencesValid = true; - List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>(); - Iterator<DataObjectReferenceType> dataObjectReferenceTypeIterator = asiCManifestType.getDataObjectReference().iterator(); - while (dataObjectReferenceTypeIterator.hasNext()) { - DataObjectReferenceType dataObjectReferenceType = dataObjectReferenceTypeIterator.next(); - - String mdURI = dataObjectReferenceType.getDigestMethod().getAlgorithm(); - String uri = dataObjectReferenceType.getURI(); - signedFiles.add(new AsicSignedFilesContainer(uri, mdURI)); - - Iterator<ASiCEntry> dataEntryIterator = asic.getDataEntries().iterator(); - - while (dataEntryIterator.hasNext()) { - ASiCEntry dataEntry = dataEntryIterator.next(); - if (uri.equalsIgnoreCase(dataEntry.getEntryName())) { - MessageDigest md = this.getMessageDigestFromURI(mdURI); - if (md == null) { - throw new MOAApplicationException("asic.0005", new Object[]{mdURI}); - } - DigestInputStream dis = new DigestInputStream(dataEntry.getContents(), md); - byte[] buffer = new byte[8096]; - while (dis.read(buffer) > 0) ; - - if (!this.compareHash(dataObjectReferenceType.getDigestValue(), md.digest(), uri)) { - allReferencesValid = false; - } - - dataEntry.getContents().reset(); - break; - } - } - } - - if (allReferencesValid) { - logger.info("ASiCManifest {} references do match data files!", - informationEntry.getEntryName()); - } - - informationEntry.getContents().reset(); - MessageDigest md = this.getMessageDigestFromURI("SHA-256"); - DigestInputStream dis = new DigestInputStream(informationEntry.getContents(), md); - - VerifyCMSSignatureResponse verifyResponse = - this.runCMSVerification(dis, cadesSignature.getContents(), trustProfileID, date); - - dis.close(); - - String fullDigest = Hex.encodeHexString(md.digest()); - logger.debug("CMS Input data {}", fullDigest); - - if (!allReferencesValid) { - logger.warn("ASiCManifest {} References do not match data files!", - informationEntry.getEntryName()); - List responseElements = new ArrayList(); - - SignerInfo signerInfo; - - - // add SignerInfo element - Iterator responseElementIterator = verifyResponse.getResponseElements().iterator(); - while (responseElementIterator.hasNext()) { - VerifyCMSSignatureResponseElement orig = (VerifyCMSSignatureResponseElement) - responseElementIterator.next(); - - CheckResult signatureCheck; - CheckResult certificateCheck; - - // add SignatureCheck element - signatureCheck = SPSSFactory.getInstance().createCheckResult(1, null); - - // build the response element - VerifyCMSSignatureResponseElement responseElement = - SPSSFactory.getInstance().createVerifyCMSSignatureResponseElement( - orig.getSignerInfo(), - signatureCheck, - orig.getCertificateCheck(), - orig.getAdESFormResults(), - orig.getExtendedCertificateCheck(), - orig.getSignatureAlgorithm(), - null, - null); - responseElements.add(responseElement); - } - VerifyCMSSignatureResponse verifyCMSSignatureResponse = SPSSFactory.getInstance(). - createVerifyCMSSignatureResponse(responseElements); - response.add(new ASiCVerificationResult(signedFiles, verifyCMSSignatureResponse)); - continue; - } else { - response.add(new ASiCVerificationResult(signedFiles, verifyResponse)); - } + if (cadesSignature == null) { + throw new MOAApplicationException("asic.0004", new Object[] { signatureName }); + } + + // verify all references + + boolean allReferencesValid = true; + final List<AsicSignedFilesContainer> signedFiles = new ArrayList<>(); + final Iterator<DataObjectReferenceType> dataObjectReferenceTypeIterator = asiCManifestType + .getDataObjectReference().iterator(); + while (dataObjectReferenceTypeIterator.hasNext()) { + final DataObjectReferenceType dataObjectReferenceType = dataObjectReferenceTypeIterator.next(); + + final String mdURI = dataObjectReferenceType.getDigestMethod().getAlgorithm(); + final String uri = dataObjectReferenceType.getURI(); + signedFiles.add(new AsicSignedFilesContainer(uri, mdURI)); + + final Iterator<ASiCEntry> dataEntryIterator = asic.getDataEntries().iterator(); + + while (dataEntryIterator.hasNext()) { + final ASiCEntry dataEntry = dataEntryIterator.next(); + if (uri.equalsIgnoreCase(dataEntry.getEntryName())) { + final MessageDigest md = this.getMessageDigestFromURI(mdURI); + if (md == null) { + throw new MOAApplicationException("asic.0005", new Object[] { mdURI }); } + final DigestInputStream dis = new DigestInputStream(dataEntry.getContents(), md); + final byte[] buffer = new byte[8096]; + while (dis.read(buffer) > 0) { + ; + } + + if (!this.compareHash(dataObjectReferenceType.getDigestValue(), md.digest(), uri)) { + allReferencesValid = false; + } + + dataEntry.getContents().reset(); + break; + } + } + } + + if (allReferencesValid) { + logger.info("ASiCManifest {} references do match data files!", + informationEntry.getEntryName()); + } + + informationEntry.getContents().reset(); + final MessageDigest md = this.getMessageDigestFromURI("SHA-256"); + final DigestInputStream dis = new DigestInputStream(informationEntry.getContents(), md); + + final VerifyCMSSignatureResponse verifyResponse = + this.runCMSVerification(dis, cadesSignature.getContents(), trustProfileID, date); + + dis.close(); + + final String fullDigest = Hex.encodeHexString(md.digest()); + logger.debug("CMS Input data {}", fullDigest); + + if (!allReferencesValid) { + logger.warn("ASiCManifest {} References do not match data files!", + informationEntry.getEntryName()); + final List responseElements = new ArrayList(); + + final SignerInfo signerInfo; + + // add SignerInfo element + final Iterator responseElementIterator = verifyResponse.getResponseElements().iterator(); + while (responseElementIterator.hasNext()) { + final VerifyCMSSignatureResponseElement orig = + (VerifyCMSSignatureResponseElement) responseElementIterator.next(); + + CheckResult signatureCheck; + final CheckResult certificateCheck; + + // add SignatureCheck element + signatureCheck = SPSSFactory.getInstance().createCheckResult(1, null); + + // build the response element + final VerifyCMSSignatureResponseElement responseElement = + SPSSFactory.getInstance().createVerifyCMSSignatureResponseElement( + orig.getSignerInfo(), + signatureCheck, + orig.getCertificateCheck(), + orig.getAdESFormResults(), + orig.getExtendedCertificateCheck(), + orig.getSignatureAlgorithm(), + null, + null); + responseElements.add(responseElement); } - } catch (IOException ex) { - throw new MOASystemException("asic.0003", null, ex); + final VerifyCMSSignatureResponse verifyCMSSignatureResponse = SPSSFactory.getInstance() + .createVerifyCMSSignatureResponse(responseElements); + response.add(new ASiCVerificationResult(signedFiles, verifyCMSSignatureResponse)); + continue; + } else { + response.add(new ASiCVerificationResult(signedFiles, verifyResponse)); + } } + } + } catch (final IOException ex) { + throw new MOASystemException("asic.0003", null, ex); } + } } |