From 38bba13a16b041693850ddd1847adceba616d93b Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 23 Jun 2023 09:50:18 +0200 Subject: test(core): add some more PDF and PAdES validation checks --- moaSig/moa-sig-lib/src/test/resources/data/ee.crt | 46 +++++++++++++++++++++ .../test/integration/PadesIntegrationTest.java | 43 ++++++++++++++++--- .../a-sign-corporate-light-02.crt | 27 ++++++++++++ .../testdata/pades/TestAmtssignatur_Sign.pdf | Bin 0 -> 67794 bytes 4 files changed, 110 insertions(+), 6 deletions(-) create mode 100644 moaSig/moa-sig-lib/src/test/resources/data/ee.crt create mode 100644 moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-corporate-light-02.crt create mode 100644 moaSig/moa-sig/src/test/resources/testdata/pades/TestAmtssignatur_Sign.pdf diff --git a/moaSig/moa-sig-lib/src/test/resources/data/ee.crt b/moaSig/moa-sig-lib/src/test/resources/data/ee.crt new file mode 100644 index 0000000..aec405b --- /dev/null +++ b/moaSig/moa-sig-lib/src/test/resources/data/ee.crt @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIIMTCCBeWgAwIBAgIQDca62Dh9eRP0D2jYSKfJoTBBBgkqhkiG9w0BAQowNKAP +MA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC +ASAwgZ8xIzAhBgNVBAMMGlN3aXNzY29tIERpYW1hbnQgRVUgQ0EgNC4xMSUwIwYD +VQQLDBxEaWdpdGFsIENlcnRpZmljYXRlIFNlcnZpY2VzMRgwFgYDVQRhDA9WQVRB +VC1VNjQ3NDEyNDgxKjAoBgNVBAoMIVN3aXNzY29tIElUIFNlcnZpY2VzIEZpbmFu +Y2UgUy5FLjELMAkGA1UEBhMCQVQwHhcNMjMwNjE0MTY1OTU1WhcNMjMwNjE0MTcw +OTU0WjBpMSQwIgYDVQQFExtSQVM2M2UzZDg1OWE5ZjIyYjFlOWNhNjZkMjAxFDAS +BgNVBAMMC0FsbWEgU3RlZ2VyMQ0wCwYDVQQqDARBbG1hMQ8wDQYDVQQEDAZTdGVn +ZXIxCzAJBgNVBAYTAkFUMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA +1WmVUoOx2YymRERHE4+SZZxFsYy/uQOXwJjIDNkxZ1Y1bbFB3GZju2QkMHf0ejXP +XveT4ZtFz//kU/VFUvZtW+NEjcNinDQq6Qj1hKcIhj3gITs6qDhdpZQzNfujhXUF +SA69laXIhN7YH7jur9aArP4UjnluDszjYBS9LvmF/CE/FMCSfIK5Yus8gy7L+8TT +cjaK4a9xbnYwl+HnyhTPjCHJj5w6gB44Ivusx7WNmYHt4j4cADYetlr8L0lQ3QNj +7DtSUdh9bq5b2WnajOAiuqGRt3FDluT87AoOVdfHxcsLO6PyF+1+mTdTbOQ6N/xy +HFeXTv1mXEAdLGgzSLYM8tRYtLJF3f7VF2bjN+kpRkNzDmmVMPqdbped3z9OwLb+ +AJsqMgjTsQGnvsCrP/oemqp/Bzgr8Yc7cDhrVssLsJqSBCj0fazFXOkrZxiEOvAv +641R2o2O9czYn1bENbd9QM8wgkuQCXdIuz6PtuopUk3E+TjWnF1G1r/cw9oIP78l +AgMBAAGjggK0MIICsDCBpwYDVR0RBIGfMIGcpIGZMIGWMTEwLwYDVQQFEyhBSVMt +NjBhZTQ5YWUtNTU3ZS00NjM2LWFiMTAtYTQzMmM2OWNhN2I5MSowKAYJYIV0AVOB +SAAADBtSQVM2M2UzZDg1OWE5ZjIyYjFlOWNhNjZkMjAxGTAXBgNVBEEMEE1JRENI +RUJXMFUxQTdVTzkxDDAKBgNVBCkMA04vQTEMMAoGA1UEDQwDTi9BMEQGA1UdEgQ9 +MDukOTA3MSQwIgYDVQQFExtaSW55ZXFndnA3aFpHUVdPMHFTNlB3QUFBR0kxDzAN +BgNVBA0MBnBvcy5hZzAfBgNVHSMEGDAWgBRrSnzjpxw/4Lh+9jf4RgOUiQk6yzCB +iwYIKwYBBQUHAQEEfzB9MD4GCCsGAQUFBzAChjJodHRwOi8vYWlhLnN3aXNzZGln +aWNlcnQuY2gvc2Rjcy1kaWFtYW50NC4xLWV1LmNydDA7BggrBgEFBQcwAYYvaHR0 +cDovL29jc3Auc3dpc3NkaWdpY2VydC5jaC9zZGNzLWRpYW1hbnQ0LjEtZXUwUAYD +VR0gBEkwRzAJBgcEAIvsQAECMDoGCGCFdAFTZAQBMC4wLAYIKwYBBQUHAgEWIGh0 +dHA6Ly93d3cuc3dpc3NkaWdpY2VydC5jaC9jcHMvMBQGA1UdJQQNMAsGCSqGSIb3 +LwEBBTB4BggrBgEFBQcBAwRsMGowCAYGBACORgEBMAgGBgQAjkYBBDATBgYEAI5G +AQYwCQYHBACORgEGATA/BgYEAI5GAQUwNTAzFi1odHRwczovL3d3dy5zd2lzc2Rp +Z2ljZXJ0LmNoL2RpYW1hbnQ0ZXUtbi5wZGYTAmVuMB0GA1UdDgQWBBTW0EoVfQ9Y +285kFc+DksKA1NLcdzAOBgNVHQ8BAf8EBAMCBkAwQQYJKoZIhvcNAQEKMDSgDzAN +BglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEg +A4ICAQAfCi8y+q4K+s+T6tstzDMYq+bLXxGcTfv9IY0OCT2h1pSmgkiEv6DlrrbK +mqjB3zfav1/2JveFa8DZ3jfbHkXaJz9gBcV+FwLFvomvr2zKibIfc5Y5d7X9vcNR +e52NnIpTETYFMpUVPCyRwxsdRcz6rBDmk02AyLeiIhCbQCLZqpG5UCtsZgK1i0YQ +vQuIxvMYEiJ9oiZS+bSgJX8Bqigi6tSmiFYVgOrISHZimQkOAFDVfLqU41W4pSU6 +rM6haKttqjTD512dWBa53i6qp+zJECCVQNo4TqdCG1ppuUxMnlvEepJj78FOHuUj +xwQB+HUijprDFQBuMffBq42n3V+EWR1UaPWIGMsJobHrvpuLwjR6mZKAG/q7Hgba +0vMkabaSJP3XibDpnJmHgwaqtoCDne3pcTFOBgzMd3i7JxFjCdQxFrWvXMdnCaU5 +RqbR8WtP/SjDTR+F/YgKOC8JjZt+pAg2WWMlUs83/HcbgvvNpjIdDxCotUU5dxq1 +FfVzBPg8U3yHPXdE2U9PqwEbJjJPqlHwOMDoGcIf/8CrPq1F25ShUqhL3fSVMP+e +wUtGq98rN36bLURAz4TQB4hPGq/9f4N1R5HxEbrsLCq7pCRaYdOfFe5RPc+TIMqC +pzRet1e8CJogXw8i66OFTqV1lYh5lVIe8oce7+kvTaZ/te3S9g== +-----END CERTIFICATE----- diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java index e210ddf..9cee722 100644 --- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java @@ -11,6 +11,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.security.cert.Certificate; import java.security.cert.CertificateException; +import java.util.Base64; import java.util.Date; import org.apache.commons.io.IOUtils; @@ -88,7 +89,6 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { } - @Ignore @Test public void basicValidationCadesSignature() throws MOAException, IOException { final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( @@ -124,7 +124,6 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { } - @Ignore @Test public void extendedValidationCadesSignature() throws MOAException, IOException { final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( @@ -163,7 +162,9 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertEquals("ext. val major", 1, cmsResult.getExtendedCertificateCheck().getMajorCode()); - assertEquals("ext. val major", 24, cmsResult.getExtendedCertificateCheck().getMinorCode()); + + // because was signed by using SHA1 after xxxx + assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMinorCode()); assertNotNull("byteRange", cmsResult.getByteRangeOfSignature()); assertEquals("used sig alg", "SHA1withRSA", cmsResult.getSignatureAlgorithm()); @@ -202,11 +203,38 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { // perform test final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request); - + // verify result assertNotNull("verification result", result); + final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result + .getResponseElements().get(0); + assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); + assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); + + assertTrue("Amtssignatur", cmsResult.getSignerInfo().isPublicAuthority()); + assertEquals("Amtssignatur", "L4AL", cmsResult.getSignerInfo().getPublicAuhtorityID()); + + assertFalse("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); + assertFalse("SSCD", cmsResult.getSignerInfo().isSSCD()); + + assertEquals("CountryCode", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); + + assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck()); + assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode()); + // it's no valid CAdES signature because it does not include SignatureCertificateInfo extension + assertEquals("ext. val major", 13, cmsResult.getExtendedCertificateCheck().getMinorCode()); + + assertNotNull("form val. result", cmsResult.getAdESFormResults()); + assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size()); + + //it's not valid because it's no CAdES signature, it's a "adbe.pkcs7.detached" + for (final Object el : cmsResult.getAdESFormResults()) { + assertEquals("Find wrong form val status", 2, ((AdESFormResults) el).getCode().longValue()); + + } + } @Ignore @@ -224,8 +252,11 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { // verify result assertNotNull("verification result", result); - - + final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result + .getResponseElements().get(0); + assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); + assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); + assertEquals("Amtssignatur", "", cmsResult.getSignerInfo().getPublicAuhtorityID()); } diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-corporate-light-02.crt b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-corporate-light-02.crt new file mode 100644 index 0000000..717466c --- /dev/null +++ b/moaSig/moa-sig/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-corporate-light-02.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCA3OgAwIBAgIDFTtJMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0xNDA5MDUxMzQwMTVa +Fw0yNDA5MDUxMTQwMTVaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw +IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM +LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS +dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS +p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/ +vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O +sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G +A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9 +KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk +YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz +dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz +cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQAT +LnGyoe38+pkybrpLl/b3htAvX6nePU6rFPFS9P2NK+hG5yV8gfMdHdeEaKICVbhI +Y8LFt5fF74GPFhEFT+6YiBJXFFZG229FbIPcVWReRl2XrFKJlRP/1eZyvqpxD1WE +SqN73MKGwgpUSPzRESHAtAODl/baRn/M4Xpb+MChVI6BoMdo/08FeSZPbT7N63dm +/Da3+Ywx84D40NKdoORu2yPUs8nMzeQVCnx7Lb9U7HRSR7wXgZrhwtULsrENRY0T +tq/+o4sOWzs/NgZyEg6mmOAK4K5Vup3mikIMyF7Z92RwmsaMM6We/vIcc6DlWbKw +WKniHZNw5/6aZAj4GX0R +-----END CERTIFICATE----- diff --git a/moaSig/moa-sig/src/test/resources/testdata/pades/TestAmtssignatur_Sign.pdf b/moaSig/moa-sig/src/test/resources/testdata/pades/TestAmtssignatur_Sign.pdf new file mode 100644 index 0000000..bdc6fe3 Binary files /dev/null and b/moaSig/moa-sig/src/test/resources/testdata/pades/TestAmtssignatur_Sign.pdf differ -- cgit v1.2.3