From 191ba3411f2db0a48ae8d4243926b33a063bf769 Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Wed, 2 Dec 2015 15:48:52 +0100
Subject: IAIK Moa CAdES added, cms verification not working

---
 .../invoke/CMSSignatureVerificationInvoker.java    | 106 ++++++++++++++++++---
 1 file changed, 95 insertions(+), 11 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index aca6f58..905254e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -24,12 +24,16 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
+import iaik.server.modules.AdESFormVerificationResult;
+import iaik.server.modules.AdESVerificationResult;
 import iaik.server.modules.IAIKException;
 import iaik.server.modules.IAIKRuntimeException;
+import iaik.server.modules.SignatureVerificationProfile;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationModule;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
 import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult;
 import iaik.x509.X509Certificate;
 
 import java.io.ByteArrayInputStream;
@@ -37,10 +41,17 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigDecimal;
+import java.security.MessageDigest;
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.io.HexDump;
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.logging.LoggingContext;
 import at.gv.egovernment.moa.logging.LoggingContextManager;
 import at.gv.egovernment.moa.spss.MOAApplicationException;
@@ -51,6 +62,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.impl.AdESFormResultsImpl;
 import at.gv.egovernment.moa.spss.server.config.TrustProfile;
 import at.gv.egovernment.moa.spss.server.logging.IaikLog;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
@@ -121,14 +133,14 @@ public class CMSSignatureVerificationInvoker {
     CMSSignatureVerificationProfile profile;
     Date signingTime;
     List results;
-    CMSSignatureVerificationResult result;
+    ExtendedCMSSignatureVerificationResult result;
     int[] signatories;
     InputStream input;
-    byte[] buf = new byte[256];
+    byte[] buf = new byte[2048];
 
     // get the signature
     signature = request.getCMSSignature();
-
+    
  // get the actual trustprofile
     TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
     
@@ -137,7 +149,11 @@ public class CMSSignatureVerificationInvoker {
       signedContent = getSignedContent(request);
       
       // build the profile
-      profile = profileFactory.createProfile();
+      if(request.isPDF()) {
+    	  profile = profileFactory.createPDFProfile();
+      } else {
+    	  profile = profileFactory.createProfile();
+      }
 
       // get the signing time
       signingTime = request.getDateTime();
@@ -156,9 +172,9 @@ public class CMSSignatureVerificationInvoker {
       input = module.getInputStream();
 
       while (input.read(buf) > 0);
+      //results = module.verifyCAdESSignature(signingTime);
       results = module.verifySignature(signingTime);
       
-      
     } catch (IAIKException e) {
       MOAException moaException = IaikExceptionMapper.getInstance().map(e);
       throw moaException;
@@ -191,10 +207,29 @@ public class CMSSignatureVerificationInvoker {
       Iterator resultIter;
 
       for (resultIter = results.iterator(); resultIter.hasNext();) {
-        result = (CMSSignatureVerificationResult) resultIter.next();
+    	  Object resultObject = resultIter.next();
+    	  CMSSignatureVerificationResult cmsResult = null;
+    	  List adesResults = null;
+    	  if(resultObject instanceof ExtendedCMSSignatureVerificationResult) {
+    		  result = (ExtendedCMSSignatureVerificationResult) resultObject;
+
+    		  adesResults = getAdESResult(result.getFormVerificationResult());
+
+    			if (adesResults != null) {
+    				Iterator adesIterator = adesResults.iterator();
+    				while (adesIterator.hasNext()) {
+    					Logger.info("ADES Formresults: " + adesIterator.next().toString());
+    				}
+    			}
+    	  } else {
+    		  cmsResult = (CMSSignatureVerificationResult)resultObject;
+    	  }
+    	  
+        
         String issuerCountryCode = null;
         // QC/SSCD check
-        List list = result.getCertificateValidationResult().getCertificateChain();
+        
+        List list = cmsResult.getCertificateValidationResult().getCertificateChain();
         if (list != null) {
             X509Certificate[] chain = new X509Certificate[list.size()];
             
@@ -213,7 +248,7 @@ public class CMSSignatureVerificationInvoker {
 
         }
         
-        responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+        responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
       }
     } else {
       int i;
@@ -223,11 +258,23 @@ public class CMSSignatureVerificationInvoker {
 
         try {
           result =
-            (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
+            (ExtendedCMSSignatureVerificationResult) results.get(signatories[i] - 1);
           
           String issuerCountryCode = null;
+          
+          CMSSignatureVerificationResult cmsResult = result.getCMSSignatureVerificationResult();
+          
+          List adesResults = getAdESResult(result.getFormVerificationResult());
+
+  		if (adesResults != null) {
+  			Iterator adesIterator = adesResults.iterator();
+  			while (adesIterator.hasNext()) {
+  				Logger.info("ADES Formresults: " + adesIterator.next().toString());
+  			}
+  		}
+          
           // QC/SSCD check
-          List list = result.getCertificateValidationResult().getCertificateChain();
+          List list = cmsResult.getCertificateValidationResult().getCertificateChain();
           if (list != null) {
               X509Certificate[] chain = new X509Certificate[list.size()];
               
@@ -244,7 +291,7 @@ public class CMSSignatureVerificationInvoker {
               issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); 
           }
             
-          responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode);
+          responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults);
         } catch (IndexOutOfBoundsException e) {
           throw new MOAApplicationException(
             "2249",
@@ -368,4 +415,41 @@ public class CMSSignatureVerificationInvoker {
 	  
   }
 
+  
+  private List getAdESResult(AdESFormVerificationResult adesFormVerification) {
+		if (adesFormVerification == null) {
+			// no form information
+			return null;
+		}
+
+		List adesList = new ArrayList();
+
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA),
+				SignatureVerificationProfile.LEVEL_LTA, adesList);
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT),
+				SignatureVerificationProfile.LEVEL_LT, adesList);
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T),
+				SignatureVerificationProfile.LEVEL_T, adesList);
+		checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B),
+				SignatureVerificationProfile.LEVEL_B, adesList);
+
+		return adesList;
+	}
+
+	private void checkSubResult(AdESVerificationResult subResult, String level, List adesList) {
+		if (subResult != null) {
+			Logger.info("Checking Level: " + level);
+			try {
+				AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl();
+				adESFormResultsImpl.setCode(subResult.getResultCode());
+				adESFormResultsImpl.setInfo(subResult.getInfo());
+				adESFormResultsImpl.setName(subResult.getName());
+
+				adesList.add(adESFormResultsImpl);
+			} catch (NullPointerException e) {
+				Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e);
+			}
+		}
+	}
+  
 }
-- 
cgit v1.2.3