diff options
Diffstat (limited to 'moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier')
7 files changed, 567 insertions, 525 deletions
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/BaseVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/BaseVerifier.java index cc2d363..3060f67 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/BaseVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/BaseVerifier.java @@ -1,61 +1,61 @@ package at.gv.egiz.asic.impl.verifier; -import at.gv.egiz.asic.impl.Verifier; -import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; -import org.apache.commons.codec.binary.Hex; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.HashMap; import java.util.Map; +import org.apache.commons.codec.binary.Hex; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.asic.impl.Verifier; + /** * Created by Andreas Fitzek on 6/17/16. */ public abstract class BaseVerifier implements Verifier { - protected static Map<String, String> hashTranslator = new HashMap<String, String>(); - - static { - hashTranslator.put("http://www.w3.org/2000/09/xmldsig#sha1", "SHA-1"); - hashTranslator.put("http://www.w3.org/2001/04/xmldsig-more#sha224", "SHA-224"); - hashTranslator.put("http://www.w3.org/2001/04/xmlenc#sha256", "SHA-256"); - hashTranslator.put("http://www.w3.org/2001/04/xmldsig-more#sha384", "SHA-384"); - hashTranslator.put("http://www.w3.org/2001/04/xmlenc#sha512", "SHA-512"); - hashTranslator.put("http://www.w3.org/2001/04/xmlenc#ripemd160", "RIPEMD-160"); - } - - private static final Logger logger = LoggerFactory.getLogger(BaseVerifier.class); - - protected boolean compareHash(byte[] reference, byte[] calculated, String refName) { - String referenceHex = Hex.encodeHexString(reference); - String calculatedHex = Hex.encodeHexString(calculated); - if(Arrays.equals(reference, calculated)) { - logger.debug("Digest from manifest do match for {}", refName); - return true; - } else { - logger.info("Digest from manifest do not match for {}", refName); - logger.info("Digest from manifest for {} : {}", refName, referenceHex); - logger.info("Digest from calculated for {} : {}", refName, calculatedHex); - return false; - } + protected static Map<String, String> hashTranslator = new HashMap<>(); + + static { + hashTranslator.put("http://www.w3.org/2000/09/xmldsig#sha1", "SHA-1"); + hashTranslator.put("http://www.w3.org/2001/04/xmldsig-more#sha224", "SHA-224"); + hashTranslator.put("http://www.w3.org/2001/04/xmlenc#sha256", "SHA-256"); + hashTranslator.put("http://www.w3.org/2001/04/xmldsig-more#sha384", "SHA-384"); + hashTranslator.put("http://www.w3.org/2001/04/xmlenc#sha512", "SHA-512"); + hashTranslator.put("http://www.w3.org/2001/04/xmlenc#ripemd160", "RIPEMD-160"); + } + + private static final Logger logger = LoggerFactory.getLogger(BaseVerifier.class); + + protected boolean compareHash(byte[] reference, byte[] calculated, String refName) { + final String referenceHex = Hex.encodeHexString(reference); + final String calculatedHex = Hex.encodeHexString(calculated); + if (Arrays.equals(reference, calculated)) { + logger.debug("Digest from manifest do match for {}", refName); + return true; + } else { + logger.info("Digest from manifest do not match for {}", refName); + logger.info("Digest from manifest for {} : {}", refName, referenceHex); + logger.info("Digest from calculated for {} : {}", refName, calculatedHex); + return false; } + } - protected MessageDigest getMessageDigestFromURI(String uri) { - try { + protected MessageDigest getMessageDigestFromURI(String uri) { + try { - String algo = hashTranslator.get(uri); + String algo = hashTranslator.get(uri); - if(algo == null) { - algo = uri; - } + if (algo == null) { + algo = uri; + } - return MessageDigest.getInstance(algo); - } catch (NoSuchAlgorithmException e) { - return null; - } + return MessageDigest.getInstance(algo); + } catch (final NoSuchAlgorithmException e) { + return null; } + } } diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/CAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/CAdESVerifier.java index 5ab677c..ac96f90 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/CAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/CAdESVerifier.java @@ -1,5 +1,8 @@ package at.gv.egiz.asic.impl.verifier; +import java.io.InputStream; +import java.util.Date; + import at.gv.egiz.asic.api.ASiC; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SPSSFactory; @@ -9,35 +12,34 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; -import java.io.InputStream; -import java.util.Date; - /** * Created by Andreas Fitzek on 6/17/16. */ public abstract class CAdESVerifier extends BaseVerifier { - @Override - public boolean handles(ASiC asic) { - return asic.isCAdES(); - } + @Override + public boolean handles(ASiC asic) { + return asic.isCAdES(); + } - protected VerifyCMSSignatureResponse runCMSVerification(InputStream signedData, InputStream cmsSignature, - String trustProfileID, Date date) throws MOAException { - CMSContent cmsContent = SPSSFactory.getInstance().createCMSContent(signedData); - CMSDataObject cmsDataObject = SPSSFactory.getInstance().createCMSDataObject(null, cmsContent, null, null); + protected VerifyCMSSignatureResponse runCMSVerification(InputStream signedData, InputStream cmsSignature, + String trustProfileID, Date date) throws MOAException { + final CMSContent cmsContent = SPSSFactory.getInstance().createCMSContent(signedData); + final CMSDataObject cmsDataObject = SPSSFactory.getInstance().createCMSDataObject(null, cmsContent, null, + null); - VerifyCMSSignatureRequest verifyCMSSignatureRequest = - SPSSFactory.getInstance().createVerifyCMSSignatureRequest( - VerifyCMSSignatureRequest.ALL_SIGNATORIES, - date, - cmsSignature, - cmsDataObject, - trustProfileID, - false, - true); + final VerifyCMSSignatureRequest verifyCMSSignatureRequest = + SPSSFactory.getInstance().createVerifyCMSSignatureRequest( + VerifyCMSSignatureRequest.ALL_SIGNATORIES, + date, + cmsSignature, + cmsDataObject, + trustProfileID, + false, + true); - VerifyCMSSignatureResponse verifyResponse = CMSSignatureVerificationInvoker.getInstance().verifyCMSSignature( - verifyCMSSignatureRequest); - return verifyResponse; - } + final VerifyCMSSignatureResponse verifyResponse = CMSSignatureVerificationInvoker.getInstance() + .verifyCMSSignature( + verifyCMSSignatureRequest); + return verifyResponse; + } } diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java index 4dda99f..62ac1c8 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedCAdESVerifier.java @@ -1,5 +1,19 @@ package at.gv.egiz.asic.impl.verifier; +import java.io.IOException; +import java.security.DigestInputStream; +import java.security.MessageDigest; +import java.util.ArrayList; +import java.util.Date; +import java.util.Iterator; +import java.util.List; + +import javax.xml.bind.JAXB; + +import org.apache.commons.codec.binary.Hex; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.asic.ASiCManifestType; import at.gv.egiz.asic.DataObjectReferenceType; import at.gv.egiz.asic.api.ASiC; @@ -11,162 +25,155 @@ import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.SPSSFactory; -import at.gv.egovernment.moa.spss.api.cmsverify.*; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; -import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; -import org.apache.commons.codec.binary.Hex; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.xml.bind.JAXB; -import java.io.IOException; -import java.security.DigestInputStream; -import java.security.MessageDigest; -import java.util.ArrayList; -import java.util.Date; -import java.util.Iterator; -import java.util.List; /** * Created by Andreas Fitzek on 6/17/16. */ public class ExtendedCAdESVerifier extends CAdESVerifier { - private static final Logger logger = LoggerFactory.getLogger(ExtendedCAdESVerifier.class); + private static final Logger logger = LoggerFactory.getLogger(ExtendedCAdESVerifier.class); - @Override - public boolean handles(ASiC asic) { - return super.handles(asic) && ASiCFormat.ASiCE.equals(asic.getFormat()); - } + @Override + public boolean handles(ASiC asic) { + return super.handles(asic) && ASiCFormat.ASiCE.equals(asic.getFormat()); + } + + @Override + public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) + throws MOAException { + try { + final Iterator<ASiCEntry> informationsIterator = asic.getInformationEntries().iterator(); - @Override - public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) throws MOAException { - try { - Iterator<ASiCEntry> informationsIterator = asic.getInformationEntries().iterator(); + while (informationsIterator.hasNext()) { + final ASiCEntry informationEntry = informationsIterator.next(); + + if (informationEntry.getEntryName().startsWith("META-INF/") && informationEntry.getEntryName() + .endsWith(".xml") + && informationEntry.getEntryName().contains("ASiCManifest")) { + // Got ASiC Manifest + final ASiCManifestType asiCManifestType = JAXB.unmarshal(informationEntry.getContents(), + ASiCManifestType.class); + final String signatureName = asiCManifestType.getSigReference().getURI(); + + ASiCEntry cadesSignature = null; + + // find referenced signature + final Iterator<ASiCEntry> cadesSignatureIterator = asic.getSignaturesEntries().iterator(); + + while (cadesSignatureIterator.hasNext()) { + final ASiCEntry tmpCadesSignature = cadesSignatureIterator.next(); + if (signatureName.equalsIgnoreCase(tmpCadesSignature.getEntryName())) { + cadesSignature = tmpCadesSignature; + break; + } + } - while (informationsIterator.hasNext()) { - ASiCEntry informationEntry = informationsIterator.next(); - - if (informationEntry.getEntryName().startsWith("META-INF/") && informationEntry.getEntryName().endsWith(".xml") - && informationEntry.getEntryName().contains("ASiCManifest")) { - // Got ASiC Manifest - ASiCManifestType asiCManifestType = JAXB.unmarshal(informationEntry.getContents(), ASiCManifestType.class); - String signatureName = asiCManifestType.getSigReference().getURI(); - - ASiCEntry cadesSignature = null; - - // find referenced signature - Iterator<ASiCEntry> cadesSignatureIterator = asic.getSignaturesEntries().iterator(); - - while (cadesSignatureIterator.hasNext()) { - ASiCEntry tmpCadesSignature = cadesSignatureIterator.next(); - if (signatureName.equalsIgnoreCase(tmpCadesSignature.getEntryName())) { - cadesSignature = tmpCadesSignature; - break; - } - } - - if (cadesSignature == null) { - throw new MOAApplicationException("asic.0004", new Object[]{signatureName}); - } - - // verify all references - - boolean allReferencesValid = true; - List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>(); - Iterator<DataObjectReferenceType> dataObjectReferenceTypeIterator = asiCManifestType.getDataObjectReference().iterator(); - while (dataObjectReferenceTypeIterator.hasNext()) { - DataObjectReferenceType dataObjectReferenceType = dataObjectReferenceTypeIterator.next(); - - String mdURI = dataObjectReferenceType.getDigestMethod().getAlgorithm(); - String uri = dataObjectReferenceType.getURI(); - signedFiles.add(new AsicSignedFilesContainer(uri, mdURI)); - - Iterator<ASiCEntry> dataEntryIterator = asic.getDataEntries().iterator(); - - while (dataEntryIterator.hasNext()) { - ASiCEntry dataEntry = dataEntryIterator.next(); - if (uri.equalsIgnoreCase(dataEntry.getEntryName())) { - MessageDigest md = this.getMessageDigestFromURI(mdURI); - if (md == null) { - throw new MOAApplicationException("asic.0005", new Object[]{mdURI}); - } - DigestInputStream dis = new DigestInputStream(dataEntry.getContents(), md); - byte[] buffer = new byte[8096]; - while (dis.read(buffer) > 0) ; - - if (!this.compareHash(dataObjectReferenceType.getDigestValue(), md.digest(), uri)) { - allReferencesValid = false; - } - - dataEntry.getContents().reset(); - break; - } - } - } - - if (allReferencesValid) { - logger.info("ASiCManifest {} references do match data files!", - informationEntry.getEntryName()); - } - - informationEntry.getContents().reset(); - MessageDigest md = this.getMessageDigestFromURI("SHA-256"); - DigestInputStream dis = new DigestInputStream(informationEntry.getContents(), md); - - VerifyCMSSignatureResponse verifyResponse = - this.runCMSVerification(dis, cadesSignature.getContents(), trustProfileID, date); - - dis.close(); - - String fullDigest = Hex.encodeHexString(md.digest()); - logger.debug("CMS Input data {}", fullDigest); - - if (!allReferencesValid) { - logger.warn("ASiCManifest {} References do not match data files!", - informationEntry.getEntryName()); - List responseElements = new ArrayList(); - - SignerInfo signerInfo; - - - // add SignerInfo element - Iterator responseElementIterator = verifyResponse.getResponseElements().iterator(); - while (responseElementIterator.hasNext()) { - VerifyCMSSignatureResponseElement orig = (VerifyCMSSignatureResponseElement) - responseElementIterator.next(); - - CheckResult signatureCheck; - CheckResult certificateCheck; - - // add SignatureCheck element - signatureCheck = SPSSFactory.getInstance().createCheckResult(1, null); - - // build the response element - VerifyCMSSignatureResponseElement responseElement = - SPSSFactory.getInstance().createVerifyCMSSignatureResponseElement( - orig.getSignerInfo(), - signatureCheck, - orig.getCertificateCheck(), - orig.getAdESFormResults(), - orig.getExtendedCertificateCheck(), - orig.getSignatureAlgorithm(), - null, - null); - responseElements.add(responseElement); - } - VerifyCMSSignatureResponse verifyCMSSignatureResponse = SPSSFactory.getInstance(). - createVerifyCMSSignatureResponse(responseElements); - response.add(new ASiCVerificationResult(signedFiles, verifyCMSSignatureResponse)); - continue; - } else { - response.add(new ASiCVerificationResult(signedFiles, verifyResponse)); - } + if (cadesSignature == null) { + throw new MOAApplicationException("asic.0004", new Object[] { signatureName }); + } + + // verify all references + + boolean allReferencesValid = true; + final List<AsicSignedFilesContainer> signedFiles = new ArrayList<>(); + final Iterator<DataObjectReferenceType> dataObjectReferenceTypeIterator = asiCManifestType + .getDataObjectReference().iterator(); + while (dataObjectReferenceTypeIterator.hasNext()) { + final DataObjectReferenceType dataObjectReferenceType = dataObjectReferenceTypeIterator.next(); + + final String mdURI = dataObjectReferenceType.getDigestMethod().getAlgorithm(); + final String uri = dataObjectReferenceType.getURI(); + signedFiles.add(new AsicSignedFilesContainer(uri, mdURI)); + + final Iterator<ASiCEntry> dataEntryIterator = asic.getDataEntries().iterator(); + + while (dataEntryIterator.hasNext()) { + final ASiCEntry dataEntry = dataEntryIterator.next(); + if (uri.equalsIgnoreCase(dataEntry.getEntryName())) { + final MessageDigest md = this.getMessageDigestFromURI(mdURI); + if (md == null) { + throw new MOAApplicationException("asic.0005", new Object[] { mdURI }); } + final DigestInputStream dis = new DigestInputStream(dataEntry.getContents(), md); + final byte[] buffer = new byte[8096]; + while (dis.read(buffer) > 0) { + ; + } + + if (!this.compareHash(dataObjectReferenceType.getDigestValue(), md.digest(), uri)) { + allReferencesValid = false; + } + + dataEntry.getContents().reset(); + break; + } + } + } + + if (allReferencesValid) { + logger.info("ASiCManifest {} references do match data files!", + informationEntry.getEntryName()); + } + + informationEntry.getContents().reset(); + final MessageDigest md = this.getMessageDigestFromURI("SHA-256"); + final DigestInputStream dis = new DigestInputStream(informationEntry.getContents(), md); + + final VerifyCMSSignatureResponse verifyResponse = + this.runCMSVerification(dis, cadesSignature.getContents(), trustProfileID, date); + + dis.close(); + + final String fullDigest = Hex.encodeHexString(md.digest()); + logger.debug("CMS Input data {}", fullDigest); + + if (!allReferencesValid) { + logger.warn("ASiCManifest {} References do not match data files!", + informationEntry.getEntryName()); + final List responseElements = new ArrayList(); + + final SignerInfo signerInfo; + + // add SignerInfo element + final Iterator responseElementIterator = verifyResponse.getResponseElements().iterator(); + while (responseElementIterator.hasNext()) { + final VerifyCMSSignatureResponseElement orig = + (VerifyCMSSignatureResponseElement) responseElementIterator.next(); + + CheckResult signatureCheck; + final CheckResult certificateCheck; + + // add SignatureCheck element + signatureCheck = SPSSFactory.getInstance().createCheckResult(1, null); + + // build the response element + final VerifyCMSSignatureResponseElement responseElement = + SPSSFactory.getInstance().createVerifyCMSSignatureResponseElement( + orig.getSignerInfo(), + signatureCheck, + orig.getCertificateCheck(), + orig.getAdESFormResults(), + orig.getExtendedCertificateCheck(), + orig.getSignatureAlgorithm(), + null, + null); + responseElements.add(responseElement); } - } catch (IOException ex) { - throw new MOASystemException("asic.0003", null, ex); + final VerifyCMSSignatureResponse verifyCMSSignatureResponse = SPSSFactory.getInstance() + .createVerifyCMSSignatureResponse(responseElements); + response.add(new ASiCVerificationResult(signedFiles, verifyCMSSignatureResponse)); + continue; + } else { + response.add(new ASiCVerificationResult(signedFiles, verifyResponse)); + } } + } + } catch (final IOException ex) { + throw new MOASystemException("asic.0003", null, ex); } + } } diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java index 86918bf..565921f 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/ExtendedXAdESVerifier.java @@ -1,5 +1,30 @@ package at.gv.egiz.asic.impl.verifier; +import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXB; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; + import at.gv.egiz.asic.ReferenceType; import at.gv.egiz.asic.SignatureType; import at.gv.egiz.asic.XAdESSignaturesType; @@ -15,187 +40,187 @@ import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; -import at.gv.egovernment.moa.spss.api.impl.SPSSFactoryImpl; import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile; import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo; import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; import at.gv.egovernment.moaspss.util.URLEncoder; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.w3c.dom.*; -import org.xml.sax.SAXException; - -import javax.xml.bind.*; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import java.io.*; -import java.util.*; /** * Created by Andreas Fitzek on 6/17/16. */ public class ExtendedXAdESVerifier extends XAdESVerifier { - private static final Logger logger = LoggerFactory.getLogger(ExtendedXAdESVerifier.class); + private static final Logger logger = LoggerFactory.getLogger(ExtendedXAdESVerifier.class); - private void resetStream(InputStream is) { - try { - is.reset(); - } catch (IOException e) { - throw new MOARuntimeException("Failed to reset inputStream", null, e); - } + private void resetStream(InputStream is) { + try { + is.reset(); + } catch (final IOException e) { + throw new MOARuntimeException("Failed to reset inputStream", null, e); } + } - @Override - public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) throws MOAException { - try { - Iterator<ASiCEntry> xadesSignatureIterator = asic.getSignaturesEntries().iterator(); + @Override + public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) + throws MOAException { + try { + final Iterator<ASiCEntry> xadesSignatureIterator = asic.getSignaturesEntries().iterator(); - while (xadesSignatureIterator.hasNext()) { - ASiCEntry xadesSignature = xadesSignatureIterator.next(); + while (xadesSignatureIterator.hasNext()) { + final ASiCEntry xadesSignature = xadesSignatureIterator.next(); - List<SignatureType> xmlSignatures = null; - //int signatureSize = 0; + List<SignatureType> xmlSignatures = null; + // int signatureSize = 0; - - // TODO: support not only XAdESSignaturesType object 4.4.3.2 + // TODO: support not only XAdESSignaturesType object 4.4.3.2 // XAdESSignaturesType xAdESSignaturesType = JAXB.unmarshal(xadesSignature.getContents(), XAdESSignaturesType.class); - // signatureSize = xAdESSignaturesType.getSignature().size(); - - // this.resetStream(xadesSignature.getContents()); - DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); - dbFactory.setNamespaceAware(true); - //dbFactory.setValidating(true); - DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); - Document doc = dBuilder.parse(xadesSignature.getContents()); - - this.resetStream(xadesSignature.getContents()); - - org.w3c.dom.Element rootElement = doc.getDocumentElement(); - - if ("http://www.w3.org/2000/09/xmldsig#".equals(rootElement.getNamespaceURI()) && - "Signature".equals(rootElement.getTagName())) { - JAXBContext jc = JAXBContext.newInstance("at.gv.egiz.asic"); - JAXBElement<SignatureType> xmlSignatureJaxb = jc.createUnmarshaller().unmarshal(rootElement, SignatureType.class); - SignatureType xmlSignature = xmlSignatureJaxb.getValue(); - xmlSignatures = new ArrayList<SignatureType>(); - xmlSignatures.add(xmlSignature); - } else if ("http://uri.etsi.org/02918/v1.2.1#".equals(rootElement.getNamespaceURI()) && - "XAdESSignatures".equals(rootElement.getLocalName())) { - XAdESSignaturesType xAdESSignaturesType = JAXB.unmarshal(xadesSignature.getContents(), XAdESSignaturesType.class); - xmlSignatures = xAdESSignaturesType.getSignature(); - - //TODO: maybe add additional XAdES version - } else if ("http://uri.etsi.org/02918/v1.1.1#".equals(rootElement.getNamespaceURI()) && - "XAdESSignatures".equals(rootElement.getLocalName())) { - - logger.warn("ASiC v1.1.1 is not supported any more. MOA-SP only supports v1.2.1 (http://uri.etsi.org/02918/v1.2.1#)"); - //XAdESSignaturesType xAdESSignaturesType = JAXB.unmarshal(xadesSignature.getContents(), XAdESSignaturesType.class); - //xmlSignatures = xAdESSignaturesType.getSignature(); - - } else { - NodeList childrenNodes = rootElement.getChildNodes(); - for(int i = 0; i < childrenNodes.getLength(); i++) { - Node node = childrenNodes.item(i); - JAXBContext jc = JAXBContext.newInstance("at.gv.egiz.asic"); - xmlSignatures = new ArrayList<SignatureType>(); - if ("http://www.w3.org/2000/09/xmldsig#".equals(node.getNamespaceURI()) && - "Signature".equals(rootElement.getTagName())) { - JAXBElement<SignatureType> xmlSignatureJaxb = jc.createUnmarshaller().unmarshal(rootElement, SignatureType.class); - SignatureType xmlSignature = xmlSignatureJaxb.getValue(); - xmlSignatures.add(xmlSignature); - } - } - } - - - this.resetStream(xadesSignature.getContents()); - - Map namespaces = new HashMap(); - - //namespaces.put("asic", "http://uri.etsi.org/02918/v1.2.1#"); - namespaces.put("ds", "http://www.w3.org/2000/09/xmldsig#"); - - if (xmlSignatures == null || xmlSignatures.size() == 0) { - logger.info("ASiC container does not include a signature or signature format is not supported"); - throw new MOAApplicationException("asic.0016", null); - - } - - for (int i = 0; i < xmlSignatures.size(); i++) { - //NodeList nodes = (NodeList) result; - - //for(int i = 0; i < nodes.getLength(); i++) { - //Node node = nodes.item(i); - //JAXBContext jc = JAXBContext.newInstance( "at.gv.egiz.asic" ); - //JAXBElement<SignatureType> xmlSignatureJaxb = jc.createUnmarshaller().unmarshal(node, SignatureType.class); - //SignatureType xmlSignature = xmlSignatureJaxb.getValue(); - List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>(); - - //Iterator<ReferenceType> it = xmlSignature.getSignedInfo().getReference().iterator(); - Iterator<ReferenceType> it = xmlSignatures.get(i).getSignedInfo().getReference().iterator(); - while (it.hasNext()) { - ReferenceType refType = it.next(); - if (!refType.getURI().startsWith("#")) { - signedFiles.add(new AsicSignedFilesContainer(refType.getURI(), refType.getDigestMethod().getAlgorithm())); - } - } - - Iterator<ASiCEntry> dataEntryIterator = asic.getDataEntries().iterator(); - - Content content = SPSSFactory.getInstance().createContent(xadesSignature.getContents(), null); - - List supplementsList = new ArrayList(); - while (dataEntryIterator.hasNext()) { - ASiCEntry dataEntry = dataEntryIterator.next(); - dataEntry.getContents().reset(); - String entryName = URLEncoder.encode(dataEntry.getEntryName(), "UTF-8") - .replaceAll("\\+", "%20") - .replaceAll("\\%21", "!") - .replaceAll("\\%2F", "/") - //.replaceAll("\\%27", "'") - //.replaceAll("\\%28", "(") - //.replaceAll("\\%29", ")") - .replaceAll("\\%7E", "~"); - logger.info("Adding Entry : {}", entryName); - Content dataContent = SPSSFactory.getInstance().createContent(dataEntry.getContents(), entryName); - XMLDataObjectAssociation association = SPSSFactoryImpl.getInstance().createXMLDataObjectAssociation(null, dataContent); - SupplementProfile profile = SPSSFactoryImpl.getInstance().createSupplementProfile(association); - supplementsList.add(profile); - } - String location = "(//ds:Signature)[" + (i + 1) + "]"; - - VerifySignatureLocation verifySignatureLocation = SPSSFactory.getInstance().createVerifySignatureLocation( - location, namespaces); - - VerifySignatureInfo verifySignatureInfo = SPSSFactory.getInstance().createVerifySignatureInfo(content, verifySignatureLocation); - - VerifyXMLSignatureRequest verifyXMLSignatureRequest = SPSSFactory.getInstance().createVerifyXMLSignatureRequest( - date, verifySignatureInfo, supplementsList, null, false, trustProfileID, true); - - response.add(new ASiCVerificationResult(signedFiles, - XMLSignatureVerificationInvoker.getInstance().verifyXMLSignature(verifyXMLSignatureRequest))); - } + // signatureSize = xAdESSignaturesType.getSignature().size(); + + // this.resetStream(xadesSignature.getContents()); + final DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance(); + dbFactory.setNamespaceAware(true); + // dbFactory.setValidating(true); + final DocumentBuilder dBuilder = dbFactory.newDocumentBuilder(); + final Document doc = dBuilder.parse(xadesSignature.getContents()); + + this.resetStream(xadesSignature.getContents()); + + final org.w3c.dom.Element rootElement = doc.getDocumentElement(); + + if ("http://www.w3.org/2000/09/xmldsig#".equals(rootElement.getNamespaceURI()) && + "Signature".equals(rootElement.getTagName())) { + final JAXBContext jc = JAXBContext.newInstance("at.gv.egiz.asic"); + final JAXBElement<SignatureType> xmlSignatureJaxb = jc.createUnmarshaller().unmarshal(rootElement, + SignatureType.class); + final SignatureType xmlSignature = xmlSignatureJaxb.getValue(); + xmlSignatures = new ArrayList<>(); + xmlSignatures.add(xmlSignature); + } else if ("http://uri.etsi.org/02918/v1.2.1#".equals(rootElement.getNamespaceURI()) && + "XAdESSignatures".equals(rootElement.getLocalName())) { + final XAdESSignaturesType xAdESSignaturesType = JAXB.unmarshal(xadesSignature.getContents(), + XAdESSignaturesType.class); + xmlSignatures = xAdESSignaturesType.getSignature(); + + // TODO: maybe add additional XAdES version + } else if ("http://uri.etsi.org/02918/v1.1.1#".equals(rootElement.getNamespaceURI()) && + "XAdESSignatures".equals(rootElement.getLocalName())) { + + logger.warn( + "ASiC v1.1.1 is not supported any more. MOA-SP only supports v1.2.1 (http://uri.etsi.org/02918/v1.2.1#)"); + // XAdESSignaturesType xAdESSignaturesType = + // JAXB.unmarshal(xadesSignature.getContents(), XAdESSignaturesType.class); + // xmlSignatures = xAdESSignaturesType.getSignature(); + + } else { + final NodeList childrenNodes = rootElement.getChildNodes(); + for (int i = 0; i < childrenNodes.getLength(); i++) { + final Node node = childrenNodes.item(i); + final JAXBContext jc = JAXBContext.newInstance("at.gv.egiz.asic"); + xmlSignatures = new ArrayList<>(); + if ("http://www.w3.org/2000/09/xmldsig#".equals(node.getNamespaceURI()) && + "Signature".equals(rootElement.getTagName())) { + final JAXBElement<SignatureType> xmlSignatureJaxb = jc.createUnmarshaller().unmarshal( + rootElement, SignatureType.class); + final SignatureType xmlSignature = xmlSignatureJaxb.getValue(); + xmlSignatures.add(xmlSignature); } - } catch( UnsupportedEncodingException e) { - logger.error("UTF8 encoding not supported by system. MOA will not work on this system!", e); - throw new MOARuntimeException("asic.0003", null, e); - } catch (IOException ex) { - throw new MOASystemException("asic.0003", null, ex); - } catch (ParserConfigurationException e) { - throw new MOASystemException("asic.0003", null, e); - } catch (SAXException e) { - throw new MOASystemException("asic.0003", null, e); - } catch (JAXBException e) { - throw new MOASystemException("asic.0003", null, e); + } } - } - @Override - public boolean handles(ASiC asic) { - return super.handles(asic) && ASiCFormat.ASiCE.equals(asic.getFormat()); + this.resetStream(xadesSignature.getContents()); + + final Map namespaces = new HashMap(); + + // namespaces.put("asic", "http://uri.etsi.org/02918/v1.2.1#"); + namespaces.put("ds", "http://www.w3.org/2000/09/xmldsig#"); + + if (xmlSignatures == null || xmlSignatures.size() == 0) { + logger.info("ASiC container does not include a signature or signature format is not supported"); + throw new MOAApplicationException("asic.0016", null); + + } + + for (int i = 0; i < xmlSignatures.size(); i++) { + // NodeList nodes = (NodeList) result; + + // for(int i = 0; i < nodes.getLength(); i++) { + // Node node = nodes.item(i); + // JAXBContext jc = JAXBContext.newInstance( "at.gv.egiz.asic" ); + // JAXBElement<SignatureType> xmlSignatureJaxb = + // jc.createUnmarshaller().unmarshal(node, SignatureType.class); + // SignatureType xmlSignature = xmlSignatureJaxb.getValue(); + final List<AsicSignedFilesContainer> signedFiles = new ArrayList<>(); + + // Iterator<ReferenceType> it = + // xmlSignature.getSignedInfo().getReference().iterator(); + final Iterator<ReferenceType> it = xmlSignatures.get(i).getSignedInfo().getReference().iterator(); + while (it.hasNext()) { + final ReferenceType refType = it.next(); + if (!refType.getURI().startsWith("#")) { + signedFiles.add(new AsicSignedFilesContainer(refType.getURI(), refType.getDigestMethod() + .getAlgorithm())); + } + } + + final Iterator<ASiCEntry> dataEntryIterator = asic.getDataEntries().iterator(); + + final Content content = SPSSFactory.getInstance().createContent(xadesSignature.getContents(), null); + + final List supplementsList = new ArrayList(); + while (dataEntryIterator.hasNext()) { + final ASiCEntry dataEntry = dataEntryIterator.next(); + dataEntry.getContents().reset(); + final String entryName = URLEncoder.encode(dataEntry.getEntryName(), "UTF-8") + .replaceAll("\\+", "%20") + .replaceAll("\\%21", "!") + .replaceAll("\\%2F", "/") + // .replaceAll("\\%27", "'") + // .replaceAll("\\%28", "(") + // .replaceAll("\\%29", ")") + .replaceAll("\\%7E", "~"); + logger.info("Adding Entry : {}", entryName); + final Content dataContent = SPSSFactory.getInstance().createContent(dataEntry.getContents(), + entryName); + final XMLDataObjectAssociation association = SPSSFactory.getInstance() + .createXMLDataObjectAssociation(null, dataContent); + final SupplementProfile profile = SPSSFactory.getInstance().createSupplementProfile(association); + supplementsList.add(profile); + } + final String location = "(//ds:Signature)[" + (i + 1) + "]"; + + final VerifySignatureLocation verifySignatureLocation = SPSSFactory.getInstance() + .createVerifySignatureLocation( + location, namespaces); + + final VerifySignatureInfo verifySignatureInfo = SPSSFactory.getInstance().createVerifySignatureInfo( + content, verifySignatureLocation); + + final VerifyXMLSignatureRequest verifyXMLSignatureRequest = SPSSFactory.getInstance() + .createVerifyXMLSignatureRequest( + date, verifySignatureInfo, supplementsList, null, false, trustProfileID, true); + + response.add(new ASiCVerificationResult(signedFiles, + XMLSignatureVerificationInvoker.getInstance().verifyXMLSignature(verifyXMLSignatureRequest))); + } + } + } catch (final UnsupportedEncodingException e) { + logger.error("UTF8 encoding not supported by system. MOA will not work on this system!", e); + throw new MOARuntimeException("asic.0003", null, e); + } catch (final IOException ex) { + throw new MOASystemException("asic.0003", null, ex); + } catch (final ParserConfigurationException e) { + throw new MOASystemException("asic.0003", null, e); + } catch (final SAXException e) { + throw new MOASystemException("asic.0003", null, e); + } catch (final JAXBException e) { + throw new MOASystemException("asic.0003", null, e); } + } + + @Override + public boolean handles(ASiC asic) { + return super.handles(asic) && ASiCFormat.ASiCE.equals(asic.getFormat()); + } } diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java index f1756fa..5af344a 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleCAdESVerifier.java @@ -1,47 +1,42 @@ package at.gv.egiz.asic.impl.verifier; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + import at.gv.egiz.asic.api.ASiC; import at.gv.egiz.asic.api.ASiCEntry; import at.gv.egiz.asic.api.ASiCFormat; import at.gv.egiz.asic.api.ASiCVerificationResult; import at.gv.egiz.asic.impl.AsicSignedFilesContainer; import at.gv.egovernment.moa.spss.MOAException; -import at.gv.egovernment.moa.spss.api.SPSSFactory; -import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; -import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; -import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; -import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; - -import java.util.ArrayList; -import java.util.Date; -import java.util.List; /** * Created by Andreas Fitzek on 6/17/16. */ public class SimpleCAdESVerifier extends CAdESVerifier { - @Override - public boolean handles(ASiC asic) { - return super.handles(asic) && ASiCFormat.ASiCS.equals(asic.getFormat()); - } + @Override + public boolean handles(ASiC asic) { + return super.handles(asic) && ASiCFormat.ASiCS.equals(asic.getFormat()); + } - @Override - public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) throws MOAException { - ASiCEntry cadesSignature = asic.getSignaturesEntries().get(0); + @Override + public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) + throws MOAException { + final ASiCEntry cadesSignature = asic.getSignaturesEntries().get(0); - //get first element - ASiCEntry dataEntry = asic.getDataEntries().iterator().next(); + // get first element + final ASiCEntry dataEntry = asic.getDataEntries().iterator().next(); - List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>(); - signedFiles.add(new AsicSignedFilesContainer(dataEntry.getEntryName(), null)); + final List<AsicSignedFilesContainer> signedFiles = new ArrayList<>(); + signedFiles.add(new AsicSignedFilesContainer(dataEntry.getEntryName(), null)); - VerifyCMSSignatureResponse verifyResponse = - this.runCMSVerification(dataEntry.getContents(), cadesSignature.getContents(), trustProfileID, date); - - response.add(new ASiCVerificationResult(signedFiles, - verifyResponse)); - } + final VerifyCMSSignatureResponse verifyResponse = + this.runCMSVerification(dataEntry.getContents(), cadesSignature.getContents(), trustProfileID, date); + response.add(new ASiCVerificationResult(signedFiles, + verifyResponse)); + } } diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java index b378d5b..bc418e2 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/SimpleXAdESVerifier.java @@ -1,5 +1,19 @@ package at.gv.egiz.asic.impl.verifier; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXB; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.asic.ReferenceType; import at.gv.egiz.asic.XAdESSignaturesType; import at.gv.egiz.asic.api.ASiC; @@ -13,117 +27,116 @@ import at.gv.egovernment.moa.spss.MOARuntimeException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; -import at.gv.egovernment.moa.spss.api.impl.SPSSFactoryImpl; import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile; import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo; import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; import at.gv.egovernment.moaspss.util.URLEncoder; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.xml.bind.JAXB; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.util.*; /** * Created by Andreas Fitzek on 6/17/16. */ public class SimpleXAdESVerifier extends XAdESVerifier { - private static final Logger logger = LoggerFactory.getLogger(SimpleXAdESVerifier.class); - - - @Override - public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) throws MOAException { - // XAdES - try { - ASiCEntry xadesSignature = asic.getSignaturesEntries().get(0); - - XAdESSignaturesType xAdESSignaturesType = null; - try { - xAdESSignaturesType = JAXB.unmarshal(xadesSignature.getContents(), XAdESSignaturesType.class); - } catch (Throwable ex) { - logger.warn("Failed to process xml signature: ex"); - throw new MOAApplicationException("asic.0003", null, ex); - } - - if (xAdESSignaturesType == null) { - throw new MOAApplicationException("asic.0003", null); - } - - int signatureSize = xAdESSignaturesType.getSignature().size(); - - try { - xadesSignature.getContents().reset(); - } catch (IOException e) { - throw new MOARuntimeException("asic.0003", null, e); - } - Map namespaces = new HashMap(); - - namespaces.put("asic", "http://uri.etsi.org/02918/v1.2.1#"); - namespaces.put("ds", "http://www.w3.org/2000/09/xmldsig#"); - - for (int i = 0; i < signatureSize; i++) { - - List<AsicSignedFilesContainer> signedFiles = new ArrayList<AsicSignedFilesContainer>(); - - Iterator<ReferenceType> it = xAdESSignaturesType.getSignature().get(i).getSignedInfo().getReference().iterator(); - while (it.hasNext()) { - ReferenceType refType = it.next(); - if (!refType.getURI().startsWith("#")) { - signedFiles.add(new AsicSignedFilesContainer(refType.getURI(), refType.getDigestMethod().getAlgorithm())); - } - } - - boolean addAll = signedFiles.isEmpty() && asic.getDataEntries().size() == 1; - - Iterator<ASiCEntry> dataEntryIterator = asic.getDataEntries().iterator(); - - Content content = SPSSFactory.getInstance().createContent(xadesSignature.getContents(), null); - List supplementsList = new ArrayList(); - while (dataEntryIterator.hasNext()) { - ASiCEntry dataEntry = dataEntryIterator.next(); - String uriName = URLEncoder.encode(dataEntry.getEntryName(), "UTF-8") - .replaceAll("\\+", "%20") - .replaceAll("\\%21", "!") - .replaceAll("\\%27", "'") - //.replaceAll("\\%28", "(") - //.replaceAll("\\%29", ")") - .replaceAll("\\%7E", "~"); - - Content dataContent = SPSSFactory.getInstance().createContent(dataEntry.getContents(), uriName); - XMLDataObjectAssociation association = SPSSFactoryImpl.getInstance().createXMLDataObjectAssociation(null, dataContent); - SupplementProfile profile = SPSSFactoryImpl.getInstance().createSupplementProfile(association); - supplementsList.add(profile); - - if (addAll) { - signedFiles.add(new AsicSignedFilesContainer(dataEntry.getEntryName(), null)); - } - } - String location = "(//ds:Signature)[" + (i + 1) + "]"; - - VerifySignatureLocation verifySignatureLocation = SPSSFactory.getInstance().createVerifySignatureLocation( - location, namespaces); - - VerifySignatureInfo verifySignatureInfo = SPSSFactory.getInstance().createVerifySignatureInfo(content, verifySignatureLocation); - - VerifyXMLSignatureRequest verifyXMLSignatureRequest = SPSSFactory.getInstance().createVerifyXMLSignatureRequest( - date, verifySignatureInfo, supplementsList, null, false, trustProfileID, true); - - response.add(new ASiCVerificationResult(signedFiles, - XMLSignatureVerificationInvoker.getInstance().verifyXMLSignature(verifyXMLSignatureRequest))); - } - } catch(UnsupportedEncodingException e) { - logger.error("UTF8 encoding not supported by system. MOA will not work on this system!", e); - throw new MOARuntimeException("asic.0003", null, e); + private static final Logger logger = LoggerFactory.getLogger(SimpleXAdESVerifier.class); + + @Override + public void verify(ASiC asic, String trustProfileID, Date date, List<ASiCVerificationResult> response) + throws MOAException { + // XAdES + try { + final ASiCEntry xadesSignature = asic.getSignaturesEntries().get(0); + + XAdESSignaturesType xAdESSignaturesType = null; + try { + xAdESSignaturesType = JAXB.unmarshal(xadesSignature.getContents(), XAdESSignaturesType.class); + } catch (final Throwable ex) { + logger.warn("Failed to process xml signature: ex"); + throw new MOAApplicationException("asic.0003", null, ex); + } + + if (xAdESSignaturesType == null) { + throw new MOAApplicationException("asic.0003", null); + } + + final int signatureSize = xAdESSignaturesType.getSignature().size(); + + try { + xadesSignature.getContents().reset(); + } catch (final IOException e) { + throw new MOARuntimeException("asic.0003", null, e); + } + final Map namespaces = new HashMap(); + + namespaces.put("asic", "http://uri.etsi.org/02918/v1.2.1#"); + namespaces.put("ds", "http://www.w3.org/2000/09/xmldsig#"); + + for (int i = 0; i < signatureSize; i++) { + + final List<AsicSignedFilesContainer> signedFiles = new ArrayList<>(); + + final Iterator<ReferenceType> it = xAdESSignaturesType.getSignature().get(i).getSignedInfo() + .getReference().iterator(); + while (it.hasNext()) { + final ReferenceType refType = it.next(); + if (!refType.getURI().startsWith("#")) { + signedFiles.add(new AsicSignedFilesContainer(refType.getURI(), refType.getDigestMethod() + .getAlgorithm())); + } } - } - @Override - public boolean handles(ASiC asic) { - return super.handles(asic) && ASiCFormat.ASiCS.equals(asic.getFormat()); + final boolean addAll = signedFiles.isEmpty() && asic.getDataEntries().size() == 1; + + final Iterator<ASiCEntry> dataEntryIterator = asic.getDataEntries().iterator(); + + final Content content = SPSSFactory.getInstance().createContent(xadesSignature.getContents(), null); + final List supplementsList = new ArrayList(); + while (dataEntryIterator.hasNext()) { + final ASiCEntry dataEntry = dataEntryIterator.next(); + final String uriName = URLEncoder.encode(dataEntry.getEntryName(), "UTF-8") + .replaceAll("\\+", "%20") + .replaceAll("\\%21", "!") + .replaceAll("\\%27", "'") + // .replaceAll("\\%28", "(") + // .replaceAll("\\%29", ")") + .replaceAll("\\%7E", "~"); + + final Content dataContent = SPSSFactory.getInstance().createContent(dataEntry.getContents(), + uriName); + final XMLDataObjectAssociation association = SPSSFactory.getInstance() + .createXMLDataObjectAssociation(null, dataContent); + final SupplementProfile profile = SPSSFactory.getInstance().createSupplementProfile(association); + supplementsList.add(profile); + + if (addAll) { + signedFiles.add(new AsicSignedFilesContainer(dataEntry.getEntryName(), null)); + } + } + final String location = "(//ds:Signature)[" + (i + 1) + "]"; + + final VerifySignatureLocation verifySignatureLocation = SPSSFactory.getInstance() + .createVerifySignatureLocation( + location, namespaces); + + final VerifySignatureInfo verifySignatureInfo = SPSSFactory.getInstance().createVerifySignatureInfo( + content, verifySignatureLocation); + + final VerifyXMLSignatureRequest verifyXMLSignatureRequest = SPSSFactory.getInstance() + .createVerifyXMLSignatureRequest( + date, verifySignatureInfo, supplementsList, null, false, trustProfileID, true); + + response.add(new ASiCVerificationResult(signedFiles, + XMLSignatureVerificationInvoker.getInstance().verifyXMLSignature(verifyXMLSignatureRequest))); + } + } catch (final UnsupportedEncodingException e) { + logger.error("UTF8 encoding not supported by system. MOA will not work on this system!", e); + throw new MOARuntimeException("asic.0003", null, e); } + } + + @Override + public boolean handles(ASiC asic) { + return super.handles(asic) && ASiCFormat.ASiCS.equals(asic.getFormat()); + } }
\ No newline at end of file diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/XAdESVerifier.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/XAdESVerifier.java index 904ad4e..2074464 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/XAdESVerifier.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/impl/verifier/XAdESVerifier.java @@ -1,54 +1,54 @@ package at.gv.egiz.asic.impl.verifier; +import java.io.InputStream; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + import at.gv.egiz.asic.api.ASiC; -import at.gv.egiz.asic.api.ASiCEntry; -import at.gv.egiz.asic.api.ASiCVerificationResult; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SPSSFactory; -import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; -import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; -import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; -import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.common.Content; -import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; -import at.gv.egovernment.moa.spss.api.impl.SPSSFactoryImpl; -import at.gv.egovernment.moa.spss.api.xmlverify.*; -import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; -import java.io.InputStream; -import java.util.*; - /** * Created by Andreas Fitzek on 6/17/16. */ public abstract class XAdESVerifier extends BaseVerifier { - @Override - public boolean handles(ASiC asic) { - return asic.isXAdES(); - } + @Override + public boolean handles(ASiC asic) { + return asic.isXAdES(); + } - protected VerifyXMLSignatureResponse runXMLVerification(InputStream signedData, InputStream xmlSignature, - String trustProfileID, Date date, List supplementsList, - String location, Map namespaces) throws MOAException { + protected VerifyXMLSignatureResponse runXMLVerification(InputStream signedData, InputStream xmlSignature, + String trustProfileID, Date date, List supplementsList, + String location, Map namespaces) throws MOAException { - if(namespaces == null) { - namespaces = new HashMap(); + if (namespaces == null) { + namespaces = new HashMap(); - namespaces.put("asic", "http://uri.etsi.org/02918/v1.2.1#"); - namespaces.put("ds", "http://www.w3.org/2000/09/xmldsig#"); - } + namespaces.put("asic", "http://uri.etsi.org/02918/v1.2.1#"); + namespaces.put("ds", "http://www.w3.org/2000/09/xmldsig#"); + } - Content content = SPSSFactory.getInstance().createContent(xmlSignature, null); + final Content content = SPSSFactory.getInstance().createContent(xmlSignature, null); - VerifySignatureLocation verifySignatureLocation = SPSSFactory.getInstance().createVerifySignatureLocation( - location, namespaces); + final VerifySignatureLocation verifySignatureLocation = SPSSFactory.getInstance() + .createVerifySignatureLocation( + location, namespaces); - VerifySignatureInfo verifySignatureInfo = SPSSFactory.getInstance().createVerifySignatureInfo(content, verifySignatureLocation); + final VerifySignatureInfo verifySignatureInfo = SPSSFactory.getInstance().createVerifySignatureInfo( + content, verifySignatureLocation); - VerifyXMLSignatureRequest verifyXMLSignatureRequest = SPSSFactory.getInstance().createVerifyXMLSignatureRequest( - date, verifySignatureInfo, supplementsList, null, false, trustProfileID, true); + final VerifyXMLSignatureRequest verifyXMLSignatureRequest = SPSSFactory.getInstance() + .createVerifyXMLSignatureRequest( + date, verifySignatureInfo, supplementsList, null, false, trustProfileID, true); - return XMLSignatureVerificationInvoker.getInstance().verifyXMLSignature(verifyXMLSignatureRequest); - } + return XMLSignatureVerificationInvoker.getInstance().verifyXMLSignature(verifyXMLSignatureRequest); + } } |