diff options
Diffstat (limited to 'moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java')
-rw-r--r-- | moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java new file mode 100644 index 0000000..f937495 --- /dev/null +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java @@ -0,0 +1,128 @@ +package at.gv.egovernment.moa.spss.server.pdfas; + +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Date; +import java.util.Iterator; +import java.util.List; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.pdfas.common.exceptions.PdfAsException; +import at.gv.egiz.pdfas.lib.api.Configuration; +import at.gv.egiz.pdfas.lib.api.verify.SignatureCheck; +import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel; +import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; +import at.gv.egiz.pdfas.lib.impl.verify.IVerifier; +import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl; +import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; +import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.impl.CMSContentExplicitImpl; +import at.gv.egovernment.moa.spss.api.impl.CMSDataObjectImpl; +import at.gv.egovernment.moa.spss.api.impl.MetaInfoImpl; +import at.gv.egovernment.moa.spss.api.impl.VerifyCMSSignatureRequestImpl; +import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; +import iaik.x509.X509Certificate; + +public class InternalMoaVerifier implements IVerifier { + + public static final String MOA_TRUSTPROFILE = "internal.moa.trustprofile"; + + private String trustProfile; + + private static final Logger logger = LoggerFactory.getLogger(InternalMoaVerifier.class); + + @Override + public List<VerifyResult> verify(byte[] signature, byte[] signatureContent, Date verificationTime) + throws PdfAsException { + + List<VerifyResult> verificationResultList = new ArrayList<VerifyResult>(); + + VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest = new VerifyCMSSignatureRequestImpl(); + verifyCMSSignatureRequest.setDateTime(verificationTime); + verifyCMSSignatureRequest.setTrustProfileId(this.trustProfile); + verifyCMSSignatureRequest.setCMSSignature(new ByteArrayInputStream(signature)); + + CMSContentExplicitImpl cmsContentExplicitImpl = new CMSContentExplicitImpl(); + cmsContentExplicitImpl.setBinaryContent(new ByteArrayInputStream(signatureContent)); + + CMSDataObjectImpl cmsDataObjectImpl = new CMSDataObjectImpl(); + cmsDataObjectImpl.setContent(cmsContentExplicitImpl); + + MetaInfoImpl metaInfo = new MetaInfoImpl(); + metaInfo.setMimeType("application/pdf"); + metaInfo.setDescription("PDF Document"); + cmsDataObjectImpl.setMetaInfo(metaInfo); + + verifyCMSSignatureRequest.setDataObject(cmsDataObjectImpl); + + verifyCMSSignatureRequest.setSignatories(VerifyCMSSignatureRequest.ALL_SIGNATORIES); + + try { + VerifyCMSSignatureResponse verifyCMSSignatureResponse = CMSSignatureVerificationInvoker.getInstance() + .verifyCMSSignature(verifyCMSSignatureRequest); + Iterator iter; + for (iter = verifyCMSSignatureResponse.getResponseElements().iterator(); iter.hasNext();) { + VerifyCMSSignatureResponseElement responseElement = (VerifyCMSSignatureResponseElement) iter.next(); + ExtendedVerifyResult verifyResult = new ExtendedVerifyResult(); + + verifyResult.setCertificateCheck(convertCheck(responseElement.getCertificateCheck())); + verifyResult.setValueCheckCode(convertCheck(responseElement.getSignatureCheck())); + verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, null)); + verifyResult.setQualifiedCertificate(responseElement.getSignerInfo().isQualifiedCertificate()); + verifyResult.setVerificationDone(true); + + if (responseElement.getSignerInfo().getSignerCertificate() instanceof X509Certificate) { + verifyResult.setSignerCertificate( + (X509Certificate) responseElement.getSignerInfo().getSignerCertificate()); + } else { + verifyResult.setSignerCertificate( + new X509Certificate(responseElement.getSignerInfo().getSignerCertificate().getEncoded())); + } + + verifyResult.setQcSource(responseElement.getSignerInfo().getQCSource()); + + verifyResult.setPublicAuthority(responseElement.getSignerInfo().isPublicAuthority()); + verifyResult.setPublicAuthorityID(responseElement.getSignerInfo().getPublicAuhtorityID()); + verifyResult.setSSCD(responseElement.getSignerInfo().isSSCD()); + verifyResult.setSscdSource(responseElement.getSignerInfo().getSSCDSource()); + verifyResult.setIssureCountryCode(responseElement.getSignerInfo().getIssuerCountryCode()); + + verificationResultList.add(verifyResult); + } + } catch (MOAException e) { + logger.error("Failed to verify CMS Signature with MOA", e); + throw new PdfAsException("Failed to verify CMS Signature with MOA", e); + } catch (CertificateEncodingException e) { + logger.error("Failed to verify CMS Signature with MOA", e); + throw new PdfAsException("Failed to verify CMS Signature with MOA", e); + } catch (CertificateException e) { + logger.error("Failed to verify CMS Signature with MOA", e); + throw new PdfAsException("Failed to verify CMS Signature with MOA", e); + } + + return verificationResultList; + } + + private SignatureCheck convertCheck(CheckResult checkResult) { + return new SignatureCheckImpl(checkResult.getCode(), null); + } + + @Override + public void setConfiguration(Configuration config) { + this.trustProfile = config.getValue(MOA_TRUSTPROFILE); + } + + @Override + public SignatureVerificationLevel getLevel() { + return SignatureVerificationLevel.FULL_VERIFICATION; + } + +} |