From 9868b02903f950566206ee736bf5e9edbeeac5f3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 7 Feb 2019 12:47:00 +0100 Subject: add additional PAdES verification information and some more small updates --- .../gv/egovernment/moa/spss/api/SPSSFactory.java | 6 ++- .../VerifyCMSSignatureResponseElement.java | 4 ++ .../moa/spss/api/impl/SPSSFactoryImpl.java | 5 ++- .../VerifyCMSSignatureResponseElementImpl.java | 23 ++++++++++ .../moa/spss/api/xmlbind/ResponseBuilderUtils.java | 32 ++++++++++++++ .../xmlbind/VerifyPDFSignatureResponseBuilder.java | 19 +++++++-- .../invoke/CMSSignatureVerificationInvoker.java | 5 ++- .../invoke/VerifyCMSSignatureResponseBuilder.java | 49 ++++++++++++++-------- .../egovernment/moa/spss/util/AdESResultUtils.java | 2 + 9 files changed, 118 insertions(+), 27 deletions(-) (limited to 'moaSig/moa-sig-lib') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index 36d5461..d7cd10c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -566,7 +566,7 @@ public abstract class SPSSFactory { * Create a new VerifyCMSSignatureResponseElement object. * * @param signerInfo Information about the signer certificate. - * @param signatureCheck Result of the singature value check. + * @param signatureCheck Result of the signature value check. * @param certificateCheck Result of the certificate status check. * @return The new VerifyCMSSignatureResponseElement containing * the above data. @@ -581,7 +581,9 @@ public abstract class SPSSFactory { CheckResult certificateCheck, List adesResult, ExtendedCertificateCheckResult extendedCertificateCheckResult, - String usedAlgorithm); + String usedAlgorithm, + Boolean coversFullDocument, + int[] byteRangeOfSignature); // // Factory methods for verifying XML signatures diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java index 38106e7..ec540bf 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java @@ -69,4 +69,8 @@ public interface VerifyCMSSignatureResponseElement { public ExtendedCertificateCheckResult getExtendedCertificateCheck(); public String getSignatureAlgorithm(); + + public Boolean getCoversFullDocument(); + + public int[] getByteRangeOfSignature(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index d743f16..2525a2f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -283,7 +283,8 @@ public class SPSSFactoryImpl extends SPSSFactory { public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(SignerInfo signerInfo, CheckResult signatureCheck, CheckResult certificateCheck, List adesResult, - ExtendedCertificateCheckResult extendedCertificateCheckResult, String usedAlgorithm) { + ExtendedCertificateCheckResult extendedCertificateCheckResult, String usedAlgorithm, Boolean coversFullDocument, + int[] byteRangeOfSignature) { VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl(); verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); @@ -291,6 +292,8 @@ public class SPSSFactoryImpl extends SPSSFactory { verifyCMSSignatureResponseElement.setAdESFormResults(adesResult); verifyCMSSignatureResponseElement.setExtendedCertificateCheck(extendedCertificateCheckResult); verifyCMSSignatureResponseElement.setSignatureAlgorithm(usedAlgorithm); + verifyCMSSignatureResponseElement.setCoversFullDocument(coversFullDocument); + verifyCMSSignatureResponseElement.setByteRangeOfSignature(byteRangeOfSignature); return verifyCMSSignatureResponseElement; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java index 1d40627..3ea504b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java @@ -53,6 +53,10 @@ public class VerifyCMSSignatureResponseElementImpl private String usedAlgorithm = null; + private Boolean coversFullDocument = null; + + private int[] byteRangeOfSignature = null; + /** * Sets a SignerInfo element according to CMS. * @@ -117,6 +121,25 @@ public class VerifyCMSSignatureResponseElementImpl public void setSignatureAlgorithm(String usedAlgorithm) { this.usedAlgorithm = usedAlgorithm; } + + @Override + public Boolean getCoversFullDocument() { + return coversFullDocument; + } + + public void setCoversFullDocument(Boolean coversFullDocument) { + this.coversFullDocument = coversFullDocument; + } + + @Override + public int[] getByteRangeOfSignature() { + return byteRangeOfSignature; + } + + public void setByteRangeOfSignature(int[] byteRangeOfSignature) { + this.byteRangeOfSignature = byteRangeOfSignature; + } + diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index a21e693..a7113fd 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -38,6 +38,7 @@ import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; +import org.apache.commons.lang3.StringUtils; import org.w3c.dom.DOMImplementation; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -399,6 +400,37 @@ public class ResponseBuilderUtils { } } + public static void addSignatureCoversFullPDF(Document response, + Element root, + Boolean coversFull) { + if( coversFull != null) { + Element extElem = response.createElementNS(MOA_NS_URI, "SignatureCoversFullPDF"); + extElem.appendChild(response.createTextNode(String.valueOf(coversFull))); + root.appendChild(extElem); + } + } + + public static void addSignatureByteRange(Document response, + Element root, + int[] byteRange) { + if(byteRange != null) { + String byteRangeTextual = StringUtils.EMPTY; + for (int el : byteRange) + byteRangeTextual += "," + String.valueOf(el); + + Element extElem = response.createElementNS(MOA_NS_URI, "SignatureByteRange"); + extElem.appendChild(response.createTextNode(byteRangeTextual.substring(1))); + root.appendChild(extElem); + } + } + + public static Element createAndAddChildElement(Document response, Element root, String name) { + Element element = response.createElementNS(MOA_NS_URI, name); + root.appendChild(element); + return element; + + } + public static void addHashAlgorithm(Document response, Element root, String algorithm) { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java index 8b10191..499f514 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java @@ -129,11 +129,9 @@ public class VerifyPDFSignatureResponseBuilder { } - ResponseBuilderUtils.addSignatureAlgorithm(responseDoc, - responseElem, - responseElement.getSignatureAlgorithm()); - + responseElem, + responseElement.getSignatureAlgorithm()); ResponseBuilderUtils.addCodeInfoElement( responseDoc, @@ -167,6 +165,19 @@ public class VerifyPDFSignatureResponseBuilder { ResponseBuilderUtils.addExtendendResult(responseDoc, responseElem, responseElement.getExtendedCertificateCheck()); } + + //add additional PDF signature properteis + if (responseElement.getCoversFullDocument() != null || + responseElement.getByteRangeOfSignature() != null) { + Element pdfSigProps = ResponseBuilderUtils.createAndAddChildElement(responseDoc, responseElem, "SignatureProperties"); + ResponseBuilderUtils.addSignatureCoversFullPDF(responseDoc, + pdfSigProps, + responseElement.getCoversFullDocument()); + ResponseBuilderUtils.addSignatureByteRange(responseDoc, + pdfSigProps, + responseElement.getByteRangeOfSignature()); + } + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index b2c6717..74fa9ab 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -342,6 +342,8 @@ public class CMSSignatureVerificationInvoker { PDFSignatureVerificationResult cmsResult = null; List adesResults = null; boolean extendedVerification = false; + Boolean coversFullDoc = null; + int[] sigByteRange = null; ExtendedCertificateCheckResult extCheckResult = null; if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { @@ -357,8 +359,7 @@ public class CMSSignatureVerificationInvoker { Logger.debug("ADES Formresults: " + adesIterator.next().toString()); } - - cmsResult = result.getPDFSignatureVerificationResult(); + try { Logger.debug("Extended Validation Code: " + result.getResultCode().toString()); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 22bae71..2b2e2cf 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -132,23 +132,27 @@ public class VerifyCMSSignatureResponseBuilder { certificateCheck, adesResults, extendedCertificateCheckResult, - sigAlgName); + sigAlgName, + null, + null); responseElements.add(responseElement); } - /** - * Add a verification result to the response. - * - * @param result The result to add. - * @param trustprofile The actual trustprofile - * @param checkQCFromTSL true, if the TSL check verifies the - * certificate as qualified, otherwise false. - * @param checkSSCD true, if the TSL check verifies the - * signature based on a SSDC, otherwise false. - * @param sscdSourceTSL true, if the SSCD information comes from the TSL, - * otherwise false. - * @throws MOAException - */ +/** + * + * @param result + * @param trustProfile + * @param checkQC + * @param qcSourceTSL + * @param checkSSCD + * @param sscdSourceTSL + * @param issuerCountryCode + * @param adesResults + * @param extendedCertificateCheckResult + * @param tslInfos + * @param extendedVerification + * @throws MOAException + */ public void addResult(PDFSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification) throws MOAException { @@ -167,10 +171,17 @@ public class VerifyCMSSignatureResponseBuilder { //add signature algorithm name in case of extended validation String sigAlgName = null; - if (extendedVerification) - sigAlgName = result.getSignatureAlgorithmName(); - + Boolean coversFullDoc = null; + int[] sigByteRange = null; + if (extendedVerification) { + sigAlgName = result.getSignatureAlgorithmName(); + coversFullDoc = result.byteRangeCoversWholeDocument(); + sigByteRange = result.getByteRange(); + + } + + //set code 99 if not certcheckresult exists int certificateCheckCode = 99; if (certResult != null) { @@ -205,7 +216,9 @@ public class VerifyCMSSignatureResponseBuilder { certificateCheck, adesResults, extendedCertificateCheckResult, - sigAlgName); + sigAlgName, + coversFullDoc, + sigByteRange); responseElements.add(responseElement); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java index 5060672..738801c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java @@ -108,6 +108,8 @@ public class AdESResultUtils { minorInfo = "UNKNOWN_COMMITMENT_TYPE"; } else if (resultCode.getCode().equals(ResultCode.SUCCESS)) { minorInfo = "SUCCESS"; + } else if (resultCode.getCode().equals(ResultCode.ERROR)) { + minorInfo = "ERROR"; } else if (resultCode.getCode().equals(ResultCode.UNKNOWN_SUBFILTER)) { minorInfo = "UNKNOWN_SUBFILTER"; -- cgit v1.2.3