PDF-AS integration, AdES Form validation results from IAIK-MOA, for XAdES

author: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2015-11-05 14:01:45 +0100
committer: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2015-11-05 14:01:45 +0100
commit: 6c09d652d6317d1514924518c3186470498247a9 (patch)
tree: 02347bacaf505431c03cda6accc1316307bc3729 /moaSig/moa-sig/src
parent: 0872d2d8a64fd701776b272f49222428d8def07f (diff)
download: moa-sig-6c09d652d6317d1514924518c3186470498247a9.tar.gz
moa-sig-6c09d652d6317d1514924518c3186470498247a9.tar.bz2
moa-sig-6c09d652d6317d1514924518c3186470498247a9.zip
8 files changed, 49 insertions, 23 deletions
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
index bacd7cb..aaa41c1 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java
@@ -1,14 +1,22 @@
 package at.gv.egovernment.moa.spss.server.initializer;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.init.ExternalInitializer;
 import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker;
 
 public class PDFASInitializer implements ExternalInitializer {
 
+	private static final Logger logger = LoggerFactory.getLogger(PDFASInitializer.class);
+	
 	@Override
 	public void initialize(ConfigurationProvider configurationProvider) {
 		String pdfAsConfiguration = configurationProvider.getPDFASConfiguration();
+		
+		logger.info("Running PDFASInitializer with pdf as cfg: {}", pdfAsConfiguration);
+		
 		if(pdfAsConfiguration != null) {
 			PDFASInvoker
 			.init(pdfAsConfiguration);
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
index 97bf58b..7f638fa 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java
@@ -18,8 +18,11 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter;
 import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
 import at.gv.egiz.pdfas.sigs.pades.PAdESSigner;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.pdfas.InternalMoaConnector;
+import at.gv.egovernment.moa.spss.server.pdfas.InternalMoaVerifier;
 import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRequest;
 import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRespone;
 import at.gv.egovernment.moa.spss.server.xmlbind.PDFSignatureInfo;
@@ -48,7 +51,7 @@ public class PDFASInvoker {
 		return instance;
 	}
 
-	public VerifyPDFResponse verifyPDFSignature(VerifyPDFRequest verifyPDFRequest, String transactionId) {
+	public VerifyPDFResponse verifyPDFSignature(VerifyPDFRequest verifyPDFRequest) throws MOAException {
 		Configuration pdfConfiguration = this.pdfAS.getConfiguration();
 		
 		VerifyPDFResponse verifyPDFResponse = new VerifyPDFResponse();
@@ -56,21 +59,14 @@ public class PDFASInvoker {
 		VerifyParameter verifyParameter = PdfAsFactory.createVerifyParameter(pdfConfiguration, new ByteArrayDataSource(
 				verifyPDFRequest.getSignedPDF()));
 		
+		pdfConfiguration.setValue(InternalMoaVerifier.MOA_TRUSTPROFILE, verifyPDFRequest.getTrustProfileID());
+		
 		try {
 			List<VerifyResult> verifyResults = this.pdfAS.verify(verifyParameter);
-			verifyPDFResponse.setResponseType(VerifyPDFResponse.SUCCESS_SIGNATURE);
 			verifyPDFResponse.setVerificationResults(verifyResults);
 		} catch (Throwable e) {
-			if (e instanceof PDFASError) {
-				PDFASError pdfAsError = (PDFASError) e;
-				Logger.warn("Failed to generate signed PDF document", e);
-				verifyPDFResponse.setErrorCode((int) pdfAsError.getCode());
-				verifyPDFResponse.setErrorInfo(pdfAsError.getInfo());
-			} else {
-				Logger.error("Unknown exception!: ", e);
-				verifyPDFResponse.setErrorCode(9999);
-				verifyPDFResponse.setErrorInfo("Nicht klassifizierter Fehler");
-			}
+			Logger.warn("Failed to generate signed PDF document", e);
+			throw new MOAApplicationException("Failed to generate signed PDF document", null, e);
 		}
 		
 		return verifyPDFResponse;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
index 6edee0d..f12a2d1 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java
@@ -13,6 +13,8 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
+import at.gv.egiz.pdfas.common.exceptions.PDFASError;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsErrorCarrier;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
 import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
 import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
@@ -52,9 +54,10 @@ public class InternalMoaConnector implements ISignatureConnector {
 		this.transactionId = transactionId;
 		this.clientCert = clientCert;
 	}
-
+	@SuppressWarnings({ "rawtypes", "unchecked" })
 	private Set buildKeySet(String keyGroupID, KeyModule module) throws ConfigurationException {
 		ConfigurationProvider config = ConfigurationProvider.getInstance();
+		
 		Set keyGroupEntries;
 
 		// get the KeyGroup entries from the configuration
@@ -95,6 +98,7 @@ public class InternalMoaConnector implements ISignatureConnector {
 	}
 
 	@Override
+	@SuppressWarnings("rawtypes")
 	public X509Certificate getCertificate(SignParameter parameter) throws PdfAsException {
 		KeyModule module = KeyModuleFactory.getInstance(this.transactionId);
 
@@ -161,6 +165,7 @@ public class InternalMoaConnector implements ISignatureConnector {
 		throw new PdfAsException("Failed to find keys available for Key Identifier: " + this.keyIdentifier);
 	}
 
+	@SuppressWarnings("unchecked")
 	@Override
 	public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter, RequestedSignature requestedSignature)
 			throws PdfAsException {
@@ -207,6 +212,8 @@ public class InternalMoaConnector implements ISignatureConnector {
 			if(createCMSSignatureResponseElement.getResponseType() 
 					== CreateCMSSignatureResponseElement.ERROR_RESPONSE) { 
 				ErrorResponse errorResponse = (ErrorResponse) createCMSSignatureResponseElement;
+				Logger.error("Failed to create signature " + errorResponse.getErrorCode() + " " + errorResponse.getInfo());
+				throw new PdfAsErrorCarrier(new PDFASError(errorResponse.getErrorCode(), errorResponse.getInfo()));
 			} else if(createCMSSignatureResponseElement.getResponseType() 
 					== CreateCMSSignatureResponseElement.CMS_SIGNATURE ) {
 				CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) createCMSSignatureResponseElement;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
index f937495..e59fe50 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java
@@ -18,7 +18,6 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLeve
 import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
 import at.gv.egiz.pdfas.lib.impl.verify.IVerifier;
 import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
-import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
@@ -68,6 +67,7 @@ public class InternalMoaVerifier implements IVerifier {
 		try {
 			VerifyCMSSignatureResponse verifyCMSSignatureResponse = CMSSignatureVerificationInvoker.getInstance()
 					.verifyCMSSignature(verifyCMSSignatureRequest);
+			@SuppressWarnings("rawtypes")
 			Iterator iter;
 			for (iter = verifyCMSSignatureResponse.getResponseElements().iterator(); iter.hasNext();) {
 				VerifyCMSSignatureResponseElement responseElement = (VerifyCMSSignatureResponseElement) iter.next();
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
index c8a0f68..5fe96ef 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
@@ -55,6 +55,7 @@ public class CertificateProviderServlet extends HttpServlet {
 	 *         available keys.
 	 * @throws ConfigurationException
 	 */
+	@SuppressWarnings({ "rawtypes", "unchecked" })
 	private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module)
 			throws ConfigurationException {
 		ConfigurationProvider config = ConfigurationProvider.getInstance();
@@ -108,6 +109,7 @@ public class CertificateProviderServlet extends HttpServlet {
 		return null;
 	}
 
+	@SuppressWarnings("rawtypes")
 	public void doGet(HttpServletRequest request, HttpServletResponse response)
 			throws ServletException, IOException {
 		try {
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
index 8bdfb65..bfefaec 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -67,6 +67,7 @@ public class ConfigurationServlet extends HttpServlet {
    * 
    * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
    */
+  @SuppressWarnings({ "rawtypes", "unchecked" })
   public void doGet(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
 
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
index 40b287d..8f579cb 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java
@@ -39,9 +39,14 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker;
 import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFRequest;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFRequestParser;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFResponse;
+import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFResponseBuilder;
 import at.gv.egovernment.moa.util.StreamUtils;
 
 /**
@@ -63,20 +68,20 @@ public class SignatureVerificationService {
 	   */
 	  public Element[] VerifyPDFSignatureRequest(Element[] request)
 	    throws AxisFault {
-	    CMSSignatureVerificationInvoker invoker =
-	      CMSSignatureVerificationInvoker.getInstance();
+	    PDFASInvoker invoker =
+	    		PDFASInvoker.getInstance();
 	    Element[] response = new Element[1];
 	    
 	    try {
 	             
 	      // create a parser and builder for binding API objects to/from XML
-	      VerifyCMSSignatureRequestParser requestParser =
-	        new VerifyCMSSignatureRequestParser();
-	      VerifyCMSSignatureResponseBuilder responseBuilder =
-	        new VerifyCMSSignatureResponseBuilder();
+	      VerifyPDFRequestParser requestParser =
+	        new VerifyPDFRequestParser();
+	      VerifyPDFResponseBuilder responseBuilder =
+	        new VerifyPDFResponseBuilder();
 	      Element reparsedReq;
-	      VerifyCMSSignatureRequest requestObj;
-	      VerifyCMSSignatureResponse responseObj;
+	      VerifyPDFRequest requestObj;
+	      VerifyPDFResponse responseObj;
 
 	      //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
 	      TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
@@ -87,7 +92,7 @@ public class SignatureVerificationService {
 	      requestObj = requestParser.parse(reparsedReq);
 
 	      // invoke the core logic
-	      responseObj = invoker.verifyCMSSignature(requestObj);
+	      responseObj = invoker.verifyPDFSignature(requestObj);
 
 	      // map back to XML
 	      response[0] = responseBuilder.build(responseObj).getDocumentElement();
diff --git a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
index 3b852ca..67a897c 100644
--- a/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
+++ b/moaSig/moa-sig/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd
@@ -279,6 +279,7 @@
 			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
 			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
 			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+			<xsd:element name="FormCheckResult" type="FormResultType" minOccurs="0" maxOccurs="unbounded"/>
 		</xsd:sequence>
 	</xsd:complexType>
 	<xsd:simpleType name="ProfileIdentifierType">
@@ -412,6 +413,12 @@
 			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
 		</xsd:sequence>
 	</xsd:complexType>
+	<xsd:complexType name="FormResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger" minOccurs="1" maxOccurs="1"/>
+			<xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+		</xsd:sequence>
+	</xsd:complexType>
 	<xsd:complexType name="ReferencesCheckResultType">
 		<xsd:complexContent>
 			<xsd:restriction base="CheckResultType">
author	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2015-11-05 14:01:45 +0100
committer	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2015-11-05 14:01:45 +0100
commit	6c09d652d6317d1514924518c3186470498247a9 (patch)
tree	02347bacaf505431c03cda6accc1316307bc3729 /moaSig/moa-sig/src
parent	0872d2d8a64fd701776b272f49222428d8def07f (diff)
download	moa-sig-6c09d652d6317d1514924518c3186470498247a9.tar.gz moa-sig-6c09d652d6317d1514924518c3186470498247a9.tar.bz2 moa-sig-6c09d652d6317d1514924518c3186470498247a9.zip