diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke')
11 files changed, 533 insertions, 389 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index df04434..8e9380e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -52,8 +52,6 @@ import java.util.Set; import org.apache.commons.io.IOUtils; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -75,7 +73,9 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.FilteredOutputStream; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; /** * A class providing an API based interface to the diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 905254e..906abbe 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.invoke; import iaik.server.modules.AdESFormVerificationResult; @@ -34,6 +33,11 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; +import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; +import iaik.util.logging.Log; +import iaik.server.modules.pdfverify.ExtendedPDFSignatureVerificationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationModule; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -50,10 +54,8 @@ import java.util.List; import org.apache.commons.codec.binary.Hex; import org.apache.commons.io.HexDump; import org.apache.commons.io.IOUtils; +import org.slf4j.LoggerFactory; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; @@ -70,14 +72,17 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.QCSSCDResult; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; /** * A class providing an interface to the * <code>CMSSignatureVerificationModule</code>. * - * This class performs the invocation of the + * This class performs the invocation of the * <code>iaik.server.modules.cmsverify.CMSSignatureVerificationModule</code> - * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation + * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation * is integrated into a <code>VerifyCMSSignatureResponse</code> returned. * * @author Patrick Peck @@ -85,338 +90,414 @@ import at.gv.egovernment.moa.spss.util.QCSSCDResult; */ public class CMSSignatureVerificationInvoker { - /** The single instance of this class. */ - private static CMSSignatureVerificationInvoker instance = null; - - /** - * Return the only instance of this class. - * - * @return The only instance of this class. - */ - public static synchronized CMSSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new CMSSignatureVerificationInvoker(); - } - return instance; - } - - /** - * Create a new <code>CMSSignatureVerificationInvoker</code>. - * - * Protected to disallow multiple instances. - */ - protected CMSSignatureVerificationInvoker() { - } - - /** - * Verify a CMS signature. - * - * @param request The <code>VerifyCMSSignatureRequest</code> containing the - * CMS signature, as well as additional data needed for verification. - * @return Element A <code>VerifyCMSSignatureResponse</code> containing the - * answer to the <code>VerifyCMSSignatureRequest</code>. - * @throws MOAException An error occurred while processing the request. - */ - public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) - throws MOAException { - - CMSSignatureVerificationProfileFactory profileFactory = - new CMSSignatureVerificationProfileFactory(request); - VerifyCMSSignatureResponseBuilder responseBuilder = - new VerifyCMSSignatureResponseBuilder(); - TransactionContext context = - TransactionContextManager.getInstance().getTransactionContext(); - LoggingContext loggingCtx = - LoggingContextManager.getInstance().getLoggingContext(); - InputStream signature; - InputStream signedContent = null; - CMSSignatureVerificationProfile profile; - Date signingTime; - List results; - ExtendedCMSSignatureVerificationResult result; - int[] signatories; - InputStream input; - byte[] buf = new byte[2048]; - - // get the signature - signature = request.getCMSSignature(); - - // get the actual trustprofile - TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - - try { - // get the signed content - signedContent = getSignedContent(request); - - // build the profile - if(request.isPDF()) { - profile = profileFactory.createPDFProfile(); - } else { - profile = profileFactory.createProfile(); - } - - // get the signing time - signingTime = request.getDateTime(); - - // verify the signature - CMSSignatureVerificationModule module = - CMSSignatureVerificationModuleFactory.getInstance(); - - module.setLog(new IaikLog(loggingCtx.getNodeID())); - - module.init( - signature, - signedContent, - profile, - new TransactionId(context.getTransactionID())); - input = module.getInputStream(); - - while (input.read(buf) > 0); - //results = module.verifyCAdESSignature(signingTime); - results = module.verifySignature(signingTime); - - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IOException e) { - throw new MOAApplicationException("2244", null, e); - } catch (MOAException e) - { - throw e; - } - finally - { - try - { - if (signedContent != null) signedContent.close(); - } - catch (Throwable t) - { - // Intentionally do nothing here - } - } - - QCSSCDResult qcsscdresult = new QCSSCDResult(); - - // build the response: for each signatory add the result to the response - signatories = request.getSignatories(); - if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { - Iterator resultIter; - - for (resultIter = results.iterator(); resultIter.hasNext();) { - Object resultObject = resultIter.next(); - CMSSignatureVerificationResult cmsResult = null; - List adesResults = null; - if(resultObject instanceof ExtendedCMSSignatureVerificationResult) { - result = (ExtendedCMSSignatureVerificationResult) resultObject; - - adesResults = getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - } else { - cmsResult = (CMSSignatureVerificationResult)resultObject; - } - - - String issuerCountryCode = null; - // QC/SSCD check - - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while(it.hasNext()) { - chain[i] = (X509Certificate)it.next(); - i++; - } - - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); - - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); - - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); - } - } else { - int i; - - for (i = 0; i < signatories.length; i++) { - int sigIndex = signatories[i] - 1; - - try { - result = - (ExtendedCMSSignatureVerificationResult) results.get(signatories[i] - 1); - - String issuerCountryCode = null; - - CMSSignatureVerificationResult cmsResult = result.getCMSSignatureVerificationResult(); - - List adesResults = getAdESResult(result.getFormVerificationResult()); - - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); - } - } - - // QC/SSCD check - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int j = 0; - while(it.hasNext()) { - chain[j] = (X509Certificate)it.next(); - j++; - } - - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); - - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); - } - - responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); - } catch (IndexOutOfBoundsException e) { - throw new MOAApplicationException( - "2249", - new Object[] { new Integer(sigIndex)}); - } - } - } - - return responseBuilder.getResponse(); - } - - - /** - * Get the signed content contained either in the request itself or given as a - * reference to external data. - * - * @param request The <code>VerifyCMSSignatureRequest</code> containing the - * signed content (or the reference to the signed content). - * @return InputStream A stream providing the signed content data, or - * <code>null</code> if no signed content was provided with the request. - * @throws MOAApplicationException An error occurred building the stream. - */ - private InputStream getSignedContent(VerifyCMSSignatureRequest request) - throws MOAApplicationException { - - InputStream is = null; - CMSDataObject dataObj; - CMSContent content; - - // select the Content element - dataObj = request.getDataObject(); - if (dataObj == null) { - return null; - } - content = dataObj.getContent(); - - // build the content data - switch (content.getContentType()) { - case CMSContent.EXPLICIT_CONTENT : - is = ((CMSContentExcplicit) content).getBinaryContent(); - is = excludeByteRange(is, request); - return is; - case CMSContent.REFERENCE_CONTENT : - String reference = ((CMSContentReference) content).getReference(); - if (!"".equals(reference)) { - ExternalURIResolver resolver = new ExternalURIResolver(); - is = resolver.resolve(reference); - is = excludeByteRange(is, request); - return is; - } else { - return null; - } - default : - return null; - } - - - - } - - private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) throws MOAApplicationException { - - int byteRead; - - ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); - - CMSDataObject dataobject = request.getDataObject(); - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ( (from == null) || (to == null)) - return contentIs; - - BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - try { - while ((byteRead=contentIs.read()) >= 0) { - - if (inRange(counter, dataobject)) { - // if byte is in byte range, set byte to 0x00 - contentOs.write(0); - } - else - contentOs.write(byteRead); - - counter = counter.add(one); + /** The single instance of this class. */ + private static CMSSignatureVerificationInvoker instance = null; + + /** + * Return the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new <code>CMSSignatureVerificationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureVerificationInvoker() { + } + + /** + * Verify a CMS signature. + * + * @param request + * The <code>VerifyCMSSignatureRequest</code> containing the CMS + * signature, as well as additional data needed for verification. + * @return Element A <code>VerifyCMSSignatureResponse</code> containing the + * answer to the <code>VerifyCMSSignatureRequest</code>. + * @throws MOAException + * An error occurred while processing the request. + */ + public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) throws MOAException { + + CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(request); + VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + InputStream signature; + InputStream signedContent = null; + Date signingTime; + List results; + int[] signatories; + InputStream input; + byte[] buf = new byte[2048]; + + // get the signature + signature = request.getCMSSignature(); + + // get the actual trustprofile + TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + + try { + // get the signing time + signingTime = request.getDateTime(); + + // build the profile + if (request.isPDF()) { + PDFSignatureVerificationProfile profile = profileFactory.createPDFProfile(); + Logger.info("Sending PDFSignatureVerificationProfile to IAIK-MOA"); + + PDFSignatureVerificationModule module = iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory + .getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, profile, new TransactionId(context.getTransactionID())); + + // input = module.getInputStream(); + + // while (input.read(buf) > 0); + if(request.isExtended()) { + results = module.verifyPAdESSignature(signingTime); + } else { + results = module.verifySignature(signingTime); + } + + } else { + // get the signed content + signedContent = getSignedContent(request); + CMSSignatureVerificationProfile profile = profileFactory.createProfile(); + Logger.info("Sending CMSSignatureVerificationProfile to IAIK-MOA"); + + // verify the signature + CMSSignatureVerificationModule module = CMSSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init(signature, signedContent, profile, new TransactionId(context.getTransactionID())); + input = module.getInputStream(); + + while (input.read(buf) > 0) + ; + + if(request.isExtended()) { + results = module.verifyCAdESSignature(signingTime); + } else { + results = module.verifySignature(signingTime); + } + // results = module.verifySignature(signingTime); + } + + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IOException e) { + throw new MOAApplicationException("2244", null, e); + } catch (MOAException e) { + throw e; + } finally { + try { + if (signedContent != null) + signedContent.close(); + } catch (Throwable t) { + // Intentionally do nothing here + } + } + + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + // build the response: for each signatory add the result to the response + signatories = request.getSignatories(); + if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { + Iterator resultIter; + + for (resultIter = results.iterator(); resultIter.hasNext();) { + Object resultObject = resultIter.next(); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } + } else { + int i; + + for (i = 0; i < signatories.length; i++) { + int sigIndex = signatories[i] - 1; + + try { + Object resultObject = results.get(signatories[i] - 1); + if (!request.isPDF()) { + handleCMSResult(resultObject, responseBuilder, trustProfile); + } else { + handlePDFResult(resultObject, responseBuilder, trustProfile); + } + } catch (IndexOutOfBoundsException e) { + throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) }); + } + } + } + + return responseBuilder.getResponse(); + } + + private void handleCMSResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + } else { + cmsResult = (CMSSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + } - - InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); - - return is; - - - } catch (IOException e) { - throw new MOAApplicationException("2301", null, e); + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); } - - } - - - private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { - BigDecimal from = dataobject.getExcludeByteRangeFrom(); - BigDecimal to = dataobject.getExcludeByteRangeTo(); - - if ( (from == null) || (to == null)) - return false; - - int compare = counter.compareTo(from); - if (compare == -1) - return false; - else { - compare = counter.compareTo(to); - if (compare == 1) - return false; - else - return true; - } - - - - } - - - private List getAdESResult(AdESFormVerificationResult adesFormVerification) { + + private void handleCMSEXTResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + CMSSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { + ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + cmsResult = result.getCMSSignatureVerificationResult(); + } else { + cmsResult = (CMSSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + } + + private void handlePDFResult(Object resultObject, VerifyCMSSignatureResponseBuilder responseBuilder, + TrustProfile trustProfile) throws MOAException { + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + PDFSignatureVerificationResult cmsResult = null; + List adesResults = null; + if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { + ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; + + adesResults = getAdESResult(result.getFormVerificationResult()); + + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } + } + cmsResult = result.getPDFSignatureVerificationResult(); + } else { + cmsResult = (PDFSignatureVerificationResult) resultObject; + } + + String issuerCountryCode = null; + // QC/SSCD check + + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + + } + + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), + qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults); + } + + /** + * Get the signed content contained either in the request itself or given as + * a reference to external data. + * + * @param request + * The <code>VerifyCMSSignatureRequest</code> containing the + * signed content (or the reference to the signed content). + * @return InputStream A stream providing the signed content data, or + * <code>null</code> if no signed content was provided with the + * request. + * @throws MOAApplicationException + * An error occurred building the stream. + */ + private InputStream getSignedContent(VerifyCMSSignatureRequest request) throws MOAApplicationException { + + InputStream is = null; + CMSDataObject dataObj; + CMSContent content; + + // select the Content element + dataObj = request.getDataObject(); + if (dataObj == null) { + return null; + } + content = dataObj.getContent(); + + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT: + is = ((CMSContentExcplicit) content).getBinaryContent(); + is = excludeByteRange(is, request); + return is; + case CMSContent.REFERENCE_CONTENT: + String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + ExternalURIResolver resolver = new ExternalURIResolver(); + is = resolver.resolve(reference); + is = excludeByteRange(is, request); + return is; + } else { + return null; + } + default: + return null; + } + + } + + private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) + throws MOAApplicationException { + + int byteRead; + + ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); + + CMSDataObject dataobject = request.getDataObject(); + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ((from == null) || (to == null)) + return contentIs; + + BigDecimal counter = new BigDecimal("0"); + BigDecimal one = new BigDecimal("1"); + + try { + while ((byteRead = contentIs.read()) >= 0) { + + if (inRange(counter, dataobject)) { + // if byte is in byte range, set byte to 0x00 + contentOs.write(0); + } else + contentOs.write(byteRead); + + counter = counter.add(one); + } + + InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); + + return is; + + } catch (IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ((from == null) || (to == null)) + return false; + + int compare = counter.compareTo(from); + if (compare == -1) + return false; + else { + compare = counter.compareTo(to); + if (compare == 1) + return false; + else + return true; + } + + } + + private List getAdESResult(AdESFormVerificationResult adesFormVerification) { if (adesFormVerification == null) { // no form information return null; @@ -451,5 +532,5 @@ public class CMSSignatureVerificationInvoker { } } } - + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java index 74b2a89..bd5db6d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; +import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile; /** * A factory to create a <code>CMSSignatureVerificationProfile</code> from a @@ -65,7 +66,7 @@ public class CMSSignatureVerificationProfileFactory { * <code>request</code>, based on the current configuration. * @throws MOAException An error occurred creating the profile. */ - public CMSSignatureVerificationProfile createPDFProfile() + public PDFSignatureVerificationProfile createPDFProfile() throws MOAException { TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java index d775fdb..1eca7d2 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java @@ -49,8 +49,6 @@ import org.w3c.dom.NodeList; import org.xml.sax.EntityResolver; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.common.Content; @@ -70,13 +68,15 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.EntityResolverChain; -import at.gv.egovernment.moa.util.MOAErrorHandler; -import at.gv.egovernment.moa.util.StreamEntityResolver; -import at.gv.egovernment.moa.util.StreamUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.EntityResolverChain; +import at.gv.egovernment.moaspss.util.MOAErrorHandler; +import at.gv.egovernment.moaspss.util.StreamEntityResolver; +import at.gv.egovernment.moaspss.util.StreamUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; import iaik.server.modules.xml.DataObject; import iaik.server.modules.xml.NodeListImplementation; import iaik.server.modules.xml.URIReferenceImpl; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java index 0bca8ae..0128e6a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java @@ -28,11 +28,10 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.util.XPathException; -import at.gv.egovernment.moa.util.XPathUtils; - import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.common.ElementSelector; +import at.gv.egovernment.moaspss.util.XPathException; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * Utility methods for invoking the IAIK MOA modules. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java index 8f3c075..330ffdd 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java @@ -24,13 +24,12 @@ package at.gv.egovernment.moa.spss.server.invoke; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; /** * A utility class for setting up and tearing down thread-local context diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index f32093a..3e18c2a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -25,7 +25,8 @@ package at.gv.egovernment.moa.spss.server.invoke; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; -import iaik.server.modules.cmsverify.CertificateValidationResult; +import iaik.server.modules.pdfverify.PDFSignatureVerificationResult; +import iaik.server.cmspdfverify.CertificateValidationResult; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -123,6 +124,61 @@ public class VerifyCMSSignatureResponseBuilder { responseElements.add(responseElement); } - + /** + * Add a verification result to the response. + * + * @param result The result to add. + * @param trustprofile The actual trustprofile + * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the + * certificate as qualified, otherwise <code>false</code>. + * @param checkSSCD <code>true</code>, if the TSL check verifies the + * signature based on a SSDC, otherwise <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, + * otherwise <code>false</code>. + * @throws MOAException + */ + public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults) + throws MOAException { + + CertificateValidationResult certResult = + result.getCertificateValidationResult(); + int signatureCheckCode = + result.getSignatureValueVerificationCode().intValue(); + int certificateCheckCode = certResult.getValidationResultCode().intValue(); + + VerifyCMSSignatureResponseElement responseElement; + SignerInfo signerInfo; + CheckResult signatureCheck; + CheckResult certificateCheck; + + boolean qualifiedCertificate = checkQC; + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode); + + // add SignatureCheck element + signatureCheck = factory.createCheckResult(signatureCheckCode, null); + + // add CertificateCheck element + certificateCheck = factory.createCheckResult(certificateCheckCode, null); + + // build the response element + responseElement = + factory.createVerifyCMSSignatureResponseElement( + signerInfo, + signatureCheck, + certificateCheck, + adesResults); + responseElements.add(responseElement); + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 7bcf723..a6e8971 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -50,9 +50,9 @@ import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.CollectionUtils; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.NodeListAdapter; +import at.gv.egovernment.moaspss.util.CollectionUtils; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.NodeListAdapter; import iaik.server.modules.xml.BinaryDataObject; import iaik.server.modules.xml.DataObject; import iaik.server.modules.xml.XMLDataObject; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java index 7debb7b..ecdd811 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java @@ -46,9 +46,6 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -69,8 +66,11 @@ import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.server.util.IdGenerator; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.XPathUtils; /** * A class providing an API based interface to the diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java index 6a85415..cb77ad1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java @@ -44,8 +44,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; @@ -67,7 +65,9 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.server.util.IdGenerator; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.Constants; /** * A factory to create <code>XMLSignatureCreationProfile</code>s from a diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index c09740c..a8c3ea0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -40,10 +40,6 @@ import java.util.Set; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; @@ -71,8 +67,12 @@ import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.util.CertificateUtils; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moa.spss.util.QCSSCDResult; -import at.gv.egovernment.moa.util.CollectionUtils; -import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.CollectionUtils; +import at.gv.egovernment.moaspss.util.Constants; import iaik.server.modules.AdESFormVerificationResult; import iaik.server.modules.AdESVerificationResult; import iaik.server.modules.IAIKException; @@ -162,7 +162,8 @@ public class XMLSignatureVerificationInvoker { LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); XMLSignatureVerificationProfileFactory profileFactory = new XMLSignatureVerificationProfileFactory(request); VerifyXMLSignatureResponseBuilder responseBuilder = new VerifyXMLSignatureResponseBuilder(); - ExtendedXMLSignatureVerificationResult result; + ExtendedXMLSignatureVerificationResult result = null; + XMLSignatureVerificationResult plainResult; XMLSignatureVerificationProfile profile; ReferencesCheckResult signatureManifestCheck; DataObjectFactory dataObjFactory; @@ -215,8 +216,14 @@ public class XMLSignatureVerificationInvoker { module.setLog(new IaikLog(loggingCtx.getNodeID())); - result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, + if(request.getExtendedValidaiton()) { + result = module.verifyXAdESSignature(xmlSignature, dataObjectList, profile, signingTime, new TransactionId(context.getTransactionID())); + plainResult = result.getXMLSignatureVerificationResult(); + } else { + plainResult = module.verifySignature(xmlSignature, dataObjectList, profile, signingTime, + new TransactionId(context.getTransactionID())); + } } catch (IAIKException e) { MOAException moaException = IaikExceptionMapper.getInstance().map(e); throw moaException; @@ -225,19 +232,20 @@ public class XMLSignatureVerificationInvoker { throw moaException; } - List adesResults = getAdESResult(result.getFormVerificationResult()); + if(result != null) { + List adesResults = getAdESResult(result.getFormVerificationResult()); - if (adesResults != null) { - Iterator adesIterator = adesResults.iterator(); - while (adesIterator.hasNext()) { - Logger.info("ADES Formresults: " + adesIterator.next().toString()); + if (adesResults != null) { + Iterator adesIterator = adesResults.iterator(); + while (adesIterator.hasNext()) { + Logger.info("ADES Formresults: " + adesIterator.next().toString()); + } } - } - - responseBuilder.setAdESFormResults(adesResults); + responseBuilder.setAdESFormResults(adesResults); + } // QC/SSCD check - List list = result.getXMLSignatureVerificationResult().getCertificateValidationResult().getCertificateChain(); + List list = plainResult.getCertificateValidationResult().getCertificateChain(); if (list != null) { X509Certificate[] chain = new X509Certificate[list.size()]; @@ -261,17 +269,17 @@ public class XMLSignatureVerificationInvoker { } // check the result - signatureManifestCheck = validateSignatureManifest(request, result.getXMLSignatureVerificationResult(), + signatureManifestCheck = validateSignatureManifest(request, plainResult, profile); // Check if signer certificate is in trust profile's allowed signer // certificates pool TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); - CheckResult certificateCheck = validateSignerCertificate(result.getXMLSignatureVerificationResult(), + CheckResult certificateCheck = validateSignerCertificate(plainResult, trustProfile); // build the response - responseBuilder.setResult(result.getXMLSignatureVerificationResult(), profile, signatureManifestCheck, + responseBuilder.setResult(plainResult, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode); return responseBuilder.getResponse(); |