diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java')
| -rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java | 887 |
1 files changed, 446 insertions, 441 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 74fa9ab..e18f957 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -28,7 +28,6 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.math.BigDecimal; -import java.util.ArrayList; import java.util.Date; import java.util.Iterator; import java.util.List; @@ -55,12 +54,8 @@ import at.gv.egovernment.moa.spss.util.QCSSCDResult; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; -import iaik.server.ConfigurationException; -import iaik.server.modules.AdESConstants; -import iaik.server.modules.AdESFormVerificationResult; import iaik.server.modules.IAIKException; import iaik.server.modules.IAIKRuntimeException; -import iaik.server.modules.SignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationModule; import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; @@ -75,449 +70,459 @@ import iaik.x509.X509Certificate; /** * A class providing an interface to the * <code>CMSSignatureVerificationModule</code>. - * + * * This class performs the invocation of the * <code>iaik.server.modules.cmsverify.CMSSignatureVerificationModule</code> * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation * is integrated into a <code>VerifyCMSSignatureResponse</code> returned. - * + * * @author Patrick Peck * @version $Id$ */ public class CMSSignatureVerificationInvoker { - /** The single instance of this class. */ - private static CMSSignatureVerificationInvoker instance = null; - - /** - * Return the only instance of this class. - * - * @return The only instance of this class. - */ - public static synchronized CMSSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new CMSSignatureVerificationInvoker(); - } - return instance; - } - - /** - * Create a new <code>CMSSignatureVerificationInvoker</code>. - * - * Protected to disallow multiple instances. - */ - protected CMSSignatureVerificationInvoker() { - } - - /** - * Verify a CMS signature. - * - * @param request - * The <code>VerifyCMSSignatureRequest</code> containing the CMS - * signature, as well as additional data needed for verification. - * @return Element A <code>VerifyCMSSignatureResponse</code> containing the - * answer to the <code>VerifyCMSSignatureRequest</code>. - * @throws MOAException - * An error occurred while processing the request. - */ - public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) throws MOAException { - - CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(request); - VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); - TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); - LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); - InputStream signature; - InputStream signedContent = null; - Date signingTime; - List results; - int[] signatories; - InputStream input; - byte[] buf = new byte[2048]; - - // get the signature - signature = request.getCMSSignature(); - - // get the actual trustprofile - TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - - try { - // get the signing time - signingTime = request.getDateTime(); - - // build the profile - if (request.isPDF()) { - PDFSignatureVerificationProfile profile = profileFactory.createPDFProfile(); - Logger.debug("Sending PDFSignatureVerificationProfile to IAIK-MOA"); - - PDFSignatureVerificationModule module = iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory - .getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - //Logger.info(" Available: " + signature.available()); - module.init(signature, profile, new TransactionId(context.getTransactionID())); - - // input = module.getInputStream(); - - // while (input.read(buf) > 0); - if(request.isExtended()) { - Logger.info("Running extended validation"); - results = module.verifyPAdESSignature(signingTime); - } else { - Logger.info("Running not extended validation"); - results = module.verifySignature(signingTime); - } - - //PAdES module had to be closed manually - module.closeModule(); - - } else { - // get the signed content - signedContent = getSignedContent(request); - CMSSignatureVerificationProfile profile = profileFactory.createProfile(); - Logger.debug("Sending CMSSignatureVerificationProfile to IAIK-MOA"); - - // verify the signature - CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - - module.init(signature, signedContent, profile, new TransactionId(context.getTransactionID())); - input = module.getInputStream(); - - while (input.read(buf) > 0) - ; - - if(request.isExtended()) { - Logger.info("Running extended validation"); - results = module.verifyCAdESSignature(signingTime); - } else { - Logger.info("Running not extended validation"); - results = module.verifySignature(signingTime); - } - // results = module.verifySignature(signingTime); - } - - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IOException e) { - throw new MOAApplicationException("2244", null, e); - } catch (MOAException e) { - throw e; - } finally { - try { - if (signedContent != null) - signedContent.close(); - - if (signature != null) - signature.close(); - - } catch (Throwable t) { - // Intentionally do nothing here - } - } - - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - // build the response: for each signatory add the result to the response - signatories = request.getSignatories(); - if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { - Iterator resultIter; - - for (resultIter = results.iterator(); resultIter.hasNext();) { - Object resultObject = resultIter.next(); - if (!request.isPDF()) { - handleCMSResult(resultObject, responseBuilder, trustProfile); - } else { - handlePDFResult(resultObject, responseBuilder, trustProfile); - } - } - } else { - int i; - - for (i = 0; i < signatories.length; i++) { - int sigIndex = signatories[i] - 1; - - try { - Object resultObject = results.get(signatories[i] - 1); - if (!request.isPDF()) { - handleCMSResult(resultObject, responseBuilder, trustProfile); - } else { - handlePDFResult(resultObject, responseBuilder, trustProfile); - } - } catch (IndexOutOfBoundsException e) { - throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) }); - } - } - } - - return responseBuilder.getResponse(); - } - - private void handleCMSResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, - TrustProfile trustProfile) throws MOAException { - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - if(resultObject == null) { - Logger.warn("Result Object is null!"); - return; - } - - CMSSignatureVerificationResult cmsResult = null; - List adesResults = null; - boolean extendedVerification = false; - - ExtendedCertificateCheckResult extCheckResult = null; - if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { - Logger.info("Got ExtendedCMSSignatureVerificationResult"); - extendedVerification = true; - ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; - cmsResult = result.getCMSSignatureVerificationResult(); - adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); - - - if (Logger.isDebugEnabled() && adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) - Logger.debug("ADES Formresults: " + adesIterator.next().toString()); - - } - - try { - //Logger.info("Extended Validation Report: " + result.getName()); - Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); - Logger.debug("Extended Validation Info: " + result.getInfo()); - - extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); - - } catch (NullPointerException e) { - Logger.info("No extendend validation result available."); - - } - } else { - Logger.debug("Got CMSSignatureVerificationResult"); - cmsResult = (CMSSignatureVerificationResult) resultObject; - - } - - String issuerCountryCode = null; - // QC/SSCD check - - if(cmsResult.getCertificateValidationResult() != null) { - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while (it.hasNext()) { - chain[i] = (X509Certificate) it.next(); - i++; - } - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance()); - - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); - } - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), - qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult, - qcsscdresult.getTslInfos(), extendedVerification); - } - - private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, - TrustProfile trustProfile) throws MOAException { - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - if(resultObject == null) { - Logger.warn("Result Object is null!"); - return; - } - - PDFSignatureVerificationResult cmsResult = null; - List adesResults = null; - boolean extendedVerification = false; - Boolean coversFullDoc = null; - int[] sigByteRange = null; - - ExtendedCertificateCheckResult extCheckResult = null; - if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { - Logger.info("Got ExtendedPDFSignatureVerificationResult"); - extendedVerification = true; - ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; - cmsResult = result.getPDFSignatureVerificationResult(); - adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); - - if (Logger.isDebugEnabled() && adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) - Logger.debug("ADES Formresults: " + adesIterator.next().toString()); - - } - - - try { - Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); - - if (result.getDetailedExtendedReport() != null) - Logger.debug("Extended Validation Info: " + result.getDetailedExtendedReport().getMessage()); - else - Logger.debug("Extended Validation Info: " + result.getInfo()); - - - Logger.debug("Full extended Validation Infos: " + result.getInfo()); - extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); - - } catch (NullPointerException e) { - Logger.info("No extendend validation result available."); - - } - - } else { - Logger.debug("Got PDFSignatureVerificationResult"); - cmsResult = (PDFSignatureVerificationResult) resultObject; - } - - if (MiscUtil.isNotEmpty(cmsResult.getError())) - Logger.info("Signature validation stopped with an error: " + cmsResult.getError()); - - String issuerCountryCode = null; - // QC/SSCD check - - if (cmsResult.getCertificateValidationResult() != null) { - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while (it.hasNext()) { - chain[i] = (X509Certificate) it.next(); - i++; - } - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance()); - - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); - - } - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), - qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, - extCheckResult, qcsscdresult.getTslInfos(), extendedVerification); - } - - /** - * Get the signed content contained either in the request itself or given as - * a reference to external data. - * - * @param request - * The <code>VerifyCMSSignatureRequest</code> containing the - * signed content (or the reference to the signed content). - * @return InputStream A stream providing the signed content data, or - * <code>null</code> if no signed content was provided with the - * request. - * @throws MOAApplicationException - * An error occurred building the stream. - */ - private InputStream getSignedContent(VerifyCMSSignatureRequest request) throws MOAApplicationException { - - InputStream is = null; - CMSDataObject dataObj; - CMSContent content; - - // select the Content element - dataObj = request.getDataObject(); - if (dataObj == null) { - return null; - } - content = dataObj.getContent(); - - // build the content data - switch (content.getContentType()) { - case CMSContent.EXPLICIT_CONTENT: - is = ((CMSContentExcplicit) content).getBinaryContent(); - is = excludeByteRange(is, request); - return is; - case CMSContent.REFERENCE_CONTENT: - String reference = ((CMSContentReference) content).getReference(); - if (!"".equals(reference)) { - ExternalURIResolver resolver = new ExternalURIResolver(); - is = resolver.resolve(reference); - is = excludeByteRange(is, request); - return is; - } else { - return null; - } - default: - return null; - } - - } - - private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) - throws MOAApplicationException { - - int byteRead; - - ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); - - CMSDataObject dataobject = request.getDataObject(); - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ((from == null) || (to == null)) - return contentIs; - - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - try { - while ((byteRead = contentIs.read()) >= 0) { - - if (inRange(counter, dataobject)) { - // if byte is in byte range, set byte to 0x00 - contentOs.write(0); - } else - contentOs.write(byteRead); - - counter = counter.add(one); - } - - InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); - - return is; - - } catch (IOException e) { - throw new MOAApplicationException("2301", null, e); - } - - } - - private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ((from == null) || (to == null)) - return false; - - int compare = counter.compareTo(from); - if (compare == -1) - return false; - else { - compare = counter.compareTo(to); - if (compare == 1) - return false; - else - return true; - } - - } + /** The single instance of this class. */ + private static CMSSignatureVerificationInvoker instance = null; + + /** + * Return the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new <code>CMSSignatureVerificationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureVerificationInvoker() { + } + + /** + * Verify a CMS signature. + * + * @param request The <code>VerifyCMSSignatureRequest</code> containing the CMS + * signature, as well as additional data needed for verification. + * @return Element A <code>VerifyCMSSignatureResponse</code> containing the + * answer to the <code>VerifyCMSSignatureRequest</code>. + * @throws MOAException An error occurred while processing the request. + */ + public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) + throws MOAException { + + final CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory( + request); + final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + final LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + InputStream signature; + InputStream signedContent = null; + Date signingTime; + List results; + int[] signatories; + InputStream input; + final byte[] buf = new byte[2048]; + + // get the signature + signature = request.getCMSSignature(); + + // get the actual trustprofile + final TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + + try { + // get the signing time + signingTime = request.getDateTime(); + + // build the profile + if (request.isPDF()) { + final PDFSignatureVerificationProfile profile = profileFactory.createPDFProfile(); + Logger.debug("Sending PDFSignatureVerificationProfile to IAIK-MOA"); + + final PDFSignatureVerificationModule module = + iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory + .getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + // Logger.info(" Available: " + signature.available()); + module.init(signature, profile, new TransactionId(context.getTransactionID())); + + // input = module.getInputStream(); + + // while (input.read(buf) > 0); + if (request.isExtended()) { + Logger.info("Running extended validation"); + results = module.verifyPAdESSignature(signingTime); + } else { + Logger.info("Running not extended validation"); + results = module.verifySignature(signingTime); + } + + // PAdES module had to be closed manually + module.closeModule(); + + } else { + // get the signed content + signedContent = getSignedContent(request); + final CMSSignatureVerificationProfile profile = profileFactory.createProfile(); + Logger.debug("Sending CMSSignatureVerificationProfile to IAIK-MOA"); + + // verify the signature + final CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, signedContent, profile, new TransactionId(context.getTransactionID())); + input = module.getInputStream(); + + while (input.read(buf) > 0) { + ; + } + + if (request.isExtended()) { + Logger.info("Running extended validation"); + results = module.verifyCAdESSignature(signingTime); + } else { + Logger.info("Running not extended validation"); + results = module.verifySignature(signingTime); + } + // results = module.verifySignature(signingTime); + } + + } catch (final IAIKException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (final IAIKRuntimeException e) { + final MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (final IOException e) { + throw new MOAApplicationException("2244", null, e); + } catch (final MOAException e) { + throw e; + } finally { + try { + if (signedContent != null) { + signedContent.close(); + } + + if (signature != null) { + signature.close(); + } + + } catch (final Throwable t) { + // Intentionally do nothing here + } + } + + final QCSSCDResult qcsscdresult = new QCSSCDResult(); + + // build the response: for each signatory add the result to the response + signatories = request.getSignatories(); + if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { + Iterator resultIter; + + for (resultIter = results.iterator(); resultIter.hasNext();) { + final Object resultObject = resultIter.next(); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } + } else { + int i; + + for (i = 0; i < signatories.length; i++) { + final int sigIndex = signatories[i] - 1; + + try { + final Object resultObject = results.get(signatories[i] - 1); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } catch (final IndexOutOfBoundsException e) { + throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) }); + } + } + } + + return responseBuilder.getResponse(); + } + + private void handleCMSResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + if (resultObject == null) { + Logger.warn("Result Object is null!"); + return; + } + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + boolean extendedVerification = false; + + ExtendedCertificateCheckResult extCheckResult = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + Logger.info("Got ExtendedCMSSignatureVerificationResult"); + extendedVerification = true; + final ExtendedCMSSignatureVerificationResult result = + (ExtendedCMSSignatureVerificationResult) resultObject; + cmsResult = result.getCMSSignatureVerificationResult(); + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + + if (Logger.isDebugEnabled() && adesResults != null) { + final Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.debug("ADES Formresults: " + adesIterator.next().toString()); + } + + } + + try { + // Logger.info("Extended Validation Report: " + result.getName()); + Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); + Logger.debug("Extended Validation Info: " + result.getInfo()); + + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + + } catch (final NullPointerException e) { + Logger.info("No extendend validation result available."); + + } + } else { + Logger.debug("Got CMSSignatureVerificationResult"); + cmsResult = (CMSSignatureVerificationResult) resultObject; + + } + + String issuerCountryCode = null; + // QC/SSCD check + + if (cmsResult.getCertificateValidationResult() != null) { + final List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + final X509Certificate[] chain = new X509Certificate[list.size()]; + + final Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile + .isTSLEnabled(), ConfigurationProvider.getInstance()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + } + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult, + qcsscdresult.getTslInfos(), extendedVerification); + } + + private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + if (resultObject == null) { + Logger.warn("Result Object is null!"); + return; + } + + PDFSignatureVerificationResult cmsResult = null; + List adesResults = null; + boolean extendedVerification = false; + final Boolean coversFullDoc = null; + final int[] sigByteRange = null; + + ExtendedCertificateCheckResult extCheckResult = null; + if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { + Logger.info("Got ExtendedPDFSignatureVerificationResult"); + extendedVerification = true; + final ExtendedPDFSignatureVerificationResult result = + (ExtendedPDFSignatureVerificationResult) resultObject; + cmsResult = result.getPDFSignatureVerificationResult(); + adesResults = AdESResultUtils.getAdESResult(result.getFormVerificationResult()); + + if (Logger.isDebugEnabled() && adesResults != null) { + final Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.debug("ADES Formresults: " + adesIterator.next().toString()); + } + + } + + try { + Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); + + if (result.getDetailedExtendedReport() != null) { + Logger.debug("Extended Validation Info: " + result.getDetailedExtendedReport().getMessage()); + } else { + Logger.debug("Extended Validation Info: " + result.getInfo()); + } + + Logger.debug("Full extended Validation Infos: " + result.getInfo()); + extCheckResult = AdESResultUtils.getExtendedResult(result.getResultCode()); + + } catch (final NullPointerException e) { + Logger.info("No extendend validation result available."); + + } + + } else { + Logger.debug("Got PDFSignatureVerificationResult"); + cmsResult = (PDFSignatureVerificationResult) resultObject; + } + + if (MiscUtil.isNotEmpty(cmsResult.getError())) { + Logger.info("Signature validation stopped with an error: " + cmsResult.getError()); + } + + String issuerCountryCode = null; + // QC/SSCD check + + if (cmsResult.getCertificateValidationResult() != null) { + final List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + final X509Certificate[] chain = new X509Certificate[list.size()]; + + final Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile + .isTSLEnabled(), ConfigurationProvider.getInstance()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, + extCheckResult, qcsscdresult.getTslInfos(), extendedVerification); + } + + /** + * Get the signed content contained either in the request itself or given as a + * reference to external data. + * + * @param request The <code>VerifyCMSSignatureRequest</code> containing the + * signed content (or the reference to the signed content). + * @return InputStream A stream providing the signed content data, or + * <code>null</code> if no signed content was provided with the request. + * @throws MOAApplicationException An error occurred building the stream. + */ + private InputStream getSignedContent(VerifyCMSSignatureRequest request) throws MOAApplicationException { + + InputStream is = null; + CMSDataObject dataObj; + CMSContent content; + + // select the Content element + dataObj = request.getDataObject(); + if (dataObj == null) { + return null; + } + content = dataObj.getContent(); + + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT: + is = ((CMSContentExcplicit) content).getBinaryContent(); + is = excludeByteRange(is, request); + return is; + case CMSContent.REFERENCE_CONTENT: + final String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + final ExternalURIResolver resolver = new ExternalURIResolver(); + is = resolver.resolve(reference); + is = excludeByteRange(is, request); + return is; + } else { + return null; + } + default: + return null; + } + + } + + private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) + throws MOAApplicationException { + + int byteRead; + + final ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); + + final CMSDataObject dataobject = request.getDataObject(); + final BigDecimal from = dataobject.getExcludeByteRangeFrom(); + final BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if (from == null || to == null) { + return contentIs; + } + + BigDecimal counter = new BigDecimal("0"); + final BigDecimal one = new BigDecimal("1"); + + try { + while ((byteRead = contentIs.read()) >= 0) { + + if (inRange(counter, dataobject)) { + // if byte is in byte range, set byte to 0x00 + contentOs.write(0); + } else { + contentOs.write(byteRead); + } + + counter = counter.add(one); + } + + final InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); + + return is; + + } catch (final IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { + final BigDecimal from = dataobject.getExcludeByteRangeFrom(); + final BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if (from == null || to == null) { + return false; + } + + int compare = counter.compareTo(from); + if (compare == -1) { + return false; + } else { + compare = counter.compareTo(to); + if (compare == 1) { + return false; + } else { + return true; + } + } + + } } |