From 6c09d652d6317d1514924518c3186470498247a9 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Thu, 5 Nov 2015 14:01:45 +0100 Subject: PDF-AS integration, AdES Form validation results from IAIK-MOA, for XAdES --- .../spss/server/initializer/PDFASInitializer.java | 8 ++++++++ .../moa/spss/server/invoke/PDFASInvoker.java | 20 ++++++++----------- .../spss/server/pdfas/InternalMoaConnector.java | 9 ++++++++- .../moa/spss/server/pdfas/InternalMoaVerifier.java | 2 +- .../server/service/CertificateProviderServlet.java | 2 ++ .../spss/server/service/ConfigurationServlet.java | 1 + .../service/SignatureVerificationService.java | 23 +++++++++++++--------- 7 files changed, 42 insertions(+), 23 deletions(-) (limited to 'moaSig/moa-sig/src/main/java/at/gv/egovernment') diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java index bacd7cb..aaa41c1 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/initializer/PDFASInitializer.java @@ -1,14 +1,22 @@ package at.gv.egovernment.moa.spss.server.initializer; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.init.ExternalInitializer; import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker; public class PDFASInitializer implements ExternalInitializer { + private static final Logger logger = LoggerFactory.getLogger(PDFASInitializer.class); + @Override public void initialize(ConfigurationProvider configurationProvider) { String pdfAsConfiguration = configurationProvider.getPDFASConfiguration(); + + logger.info("Running PDFASInitializer with pdf as cfg: {}", pdfAsConfiguration); + if(pdfAsConfiguration != null) { PDFASInvoker .init(pdfAsConfiguration); diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java index 97bf58b..7f638fa 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/invoke/PDFASInvoker.java @@ -18,8 +18,11 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter; import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.sigs.pades.PAdESSigner; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.pdfas.InternalMoaConnector; +import at.gv.egovernment.moa.spss.server.pdfas.InternalMoaVerifier; import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRequest; import at.gv.egovernment.moa.spss.server.xmlbind.CreatePDFRespone; import at.gv.egovernment.moa.spss.server.xmlbind.PDFSignatureInfo; @@ -48,7 +51,7 @@ public class PDFASInvoker { return instance; } - public VerifyPDFResponse verifyPDFSignature(VerifyPDFRequest verifyPDFRequest, String transactionId) { + public VerifyPDFResponse verifyPDFSignature(VerifyPDFRequest verifyPDFRequest) throws MOAException { Configuration pdfConfiguration = this.pdfAS.getConfiguration(); VerifyPDFResponse verifyPDFResponse = new VerifyPDFResponse(); @@ -56,21 +59,14 @@ public class PDFASInvoker { VerifyParameter verifyParameter = PdfAsFactory.createVerifyParameter(pdfConfiguration, new ByteArrayDataSource( verifyPDFRequest.getSignedPDF())); + pdfConfiguration.setValue(InternalMoaVerifier.MOA_TRUSTPROFILE, verifyPDFRequest.getTrustProfileID()); + try { List verifyResults = this.pdfAS.verify(verifyParameter); - verifyPDFResponse.setResponseType(VerifyPDFResponse.SUCCESS_SIGNATURE); verifyPDFResponse.setVerificationResults(verifyResults); } catch (Throwable e) { - if (e instanceof PDFASError) { - PDFASError pdfAsError = (PDFASError) e; - Logger.warn("Failed to generate signed PDF document", e); - verifyPDFResponse.setErrorCode((int) pdfAsError.getCode()); - verifyPDFResponse.setErrorInfo(pdfAsError.getInfo()); - } else { - Logger.error("Unknown exception!: ", e); - verifyPDFResponse.setErrorCode(9999); - verifyPDFResponse.setErrorInfo("Nicht klassifizierter Fehler"); - } + Logger.warn("Failed to generate signed PDF document", e); + throw new MOAApplicationException("Failed to generate signed PDF document", null, e); } return verifyPDFResponse; diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java index 6edee0d..f12a2d1 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaConnector.java @@ -13,6 +13,8 @@ import java.util.Iterator; import java.util.List; import java.util.Set; +import at.gv.egiz.pdfas.common.exceptions.PDFASError; +import at.gv.egiz.pdfas.common.exceptions.PdfAsErrorCarrier; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.lib.api.sign.SignParameter; import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature; @@ -52,9 +54,10 @@ public class InternalMoaConnector implements ISignatureConnector { this.transactionId = transactionId; this.clientCert = clientCert; } - + @SuppressWarnings({ "rawtypes", "unchecked" }) private Set buildKeySet(String keyGroupID, KeyModule module) throws ConfigurationException { ConfigurationProvider config = ConfigurationProvider.getInstance(); + Set keyGroupEntries; // get the KeyGroup entries from the configuration @@ -95,6 +98,7 @@ public class InternalMoaConnector implements ISignatureConnector { } @Override + @SuppressWarnings("rawtypes") public X509Certificate getCertificate(SignParameter parameter) throws PdfAsException { KeyModule module = KeyModuleFactory.getInstance(this.transactionId); @@ -161,6 +165,7 @@ public class InternalMoaConnector implements ISignatureConnector { throw new PdfAsException("Failed to find keys available for Key Identifier: " + this.keyIdentifier); } + @SuppressWarnings("unchecked") @Override public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter, RequestedSignature requestedSignature) throws PdfAsException { @@ -207,6 +212,8 @@ public class InternalMoaConnector implements ISignatureConnector { if(createCMSSignatureResponseElement.getResponseType() == CreateCMSSignatureResponseElement.ERROR_RESPONSE) { ErrorResponse errorResponse = (ErrorResponse) createCMSSignatureResponseElement; + Logger.error("Failed to create signature " + errorResponse.getErrorCode() + " " + errorResponse.getInfo()); + throw new PdfAsErrorCarrier(new PDFASError(errorResponse.getErrorCode(), errorResponse.getInfo())); } else if(createCMSSignatureResponseElement.getResponseType() == CreateCMSSignatureResponseElement.CMS_SIGNATURE ) { CMSSignatureResponse cmsSignatureResponse = (CMSSignatureResponse) createCMSSignatureResponseElement; diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java index f937495..e59fe50 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/pdfas/InternalMoaVerifier.java @@ -18,7 +18,6 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLeve import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.lib.impl.verify.IVerifier; import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl; -import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; @@ -68,6 +67,7 @@ public class InternalMoaVerifier implements IVerifier { try { VerifyCMSSignatureResponse verifyCMSSignatureResponse = CMSSignatureVerificationInvoker.getInstance() .verifyCMSSignature(verifyCMSSignatureRequest); + @SuppressWarnings("rawtypes") Iterator iter; for (iter = verifyCMSSignatureResponse.getResponseElements().iterator(); iter.hasNext();) { VerifyCMSSignatureResponseElement responseElement = (VerifyCMSSignatureResponseElement) iter.next(); diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java index c8a0f68..5fe96ef 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java @@ -55,6 +55,7 @@ public class CertificateProviderServlet extends HttpServlet { * available keys. * @throws ConfigurationException */ + @SuppressWarnings({ "rawtypes", "unchecked" }) private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module) throws ConfigurationException { ConfigurationProvider config = ConfigurationProvider.getInstance(); @@ -108,6 +109,7 @@ public class CertificateProviderServlet extends HttpServlet { return null; } + @SuppressWarnings("rawtypes") public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java index 8bdfb65..bfefaec 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java @@ -67,6 +67,7 @@ public class ConfigurationServlet extends HttpServlet { * * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) */ + @SuppressWarnings({ "rawtypes", "unchecked" }) public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java index 40b287d..8f579cb 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureVerificationService.java @@ -39,9 +39,14 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; +import at.gv.egovernment.moa.spss.server.invoke.PDFASInvoker; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFRequest; +import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFRequestParser; +import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFResponse; +import at.gv.egovernment.moa.spss.server.xmlbind.VerifyPDFResponseBuilder; import at.gv.egovernment.moa.util.StreamUtils; /** @@ -63,20 +68,20 @@ public class SignatureVerificationService { */ public Element[] VerifyPDFSignatureRequest(Element[] request) throws AxisFault { - CMSSignatureVerificationInvoker invoker = - CMSSignatureVerificationInvoker.getInstance(); + PDFASInvoker invoker = + PDFASInvoker.getInstance(); Element[] response = new Element[1]; try { // create a parser and builder for binding API objects to/from XML - VerifyCMSSignatureRequestParser requestParser = - new VerifyCMSSignatureRequestParser(); - VerifyCMSSignatureResponseBuilder responseBuilder = - new VerifyCMSSignatureResponseBuilder(); + VerifyPDFRequestParser requestParser = + new VerifyPDFRequestParser(); + VerifyPDFResponseBuilder responseBuilder = + new VerifyPDFResponseBuilder(); Element reparsedReq; - VerifyCMSSignatureRequest requestObj; - VerifyCMSSignatureResponse responseObj; + VerifyPDFRequest requestObj; + VerifyPDFResponse responseObj; //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler. TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); @@ -87,7 +92,7 @@ public class SignatureVerificationService { requestObj = requestParser.parse(reparsedReq); // invoke the core logic - responseObj = invoker.verifyCMSSignature(requestObj); + responseObj = invoker.verifyPDFSignature(requestObj); // map back to XML response[0] = responseBuilder.build(responseObj).getDocumentElement(); -- cgit v1.2.3