package at.gv.egovernment.moa.spss.test.integration; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import java.io.ByteArrayInputStream; import java.io.IOException; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.BlockJUnit4ClassRunner; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.impl.VerifyCMSSignatureRequestImpl; import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.init.StartupConfigurationHolder; import at.gv.egovernment.moa.spss.server.init.SystemInitializer; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; @RunWith(BlockJUnit4ClassRunner.class) public class CadesIntegrationTest { private static StartupConfigurationHolder moaSpssCore; CMSSignatureVerificationInvoker cadesInvoker; @BeforeClass public static void classInitializer() throws IOException { final String current = new java.io.File(".").getCanonicalPath(); System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); moaSpssCore = SystemInitializer.init(); } @Before public void initializer() throws ConfigurationException { cadesInvoker = CMSSignatureVerificationInvoker.getInstance(); setUpContexts(RandomStringUtils.randomAlphabetic(10)); } @Test public void missingTrustProfile() throws IOException { VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray("/testdata/cades/simpleCadesSig.b64")), RandomStringUtils.randomAlphabetic(5), false, false); // perform test MOAException error = assertThrows(MOAException.class,() -> cadesInvoker.verifyCMSSignature(request)); assertEquals("wrong errorCode", "2203", error.getMessageId()); } @Test public void basicValidationAtrustEidCadesSignature() throws MOAException, IOException { VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray("/testdata/cades/ATrust_SigTest1.b64")), "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten", false, false); // perform test VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result.getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); assertNotNull("signerInfo", cmsResult.getSignerInfo()); assertEquals("issuerCC", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); assertTrue("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); assertTrue("SSCD", cmsResult.getSignerInfo().isSSCD()); assertNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); assertNull("form val. result", cmsResult.getAdESFormResults()); assertNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertNull("byteRange", cmsResult.getByteRangeOfSignature()); assertNull("used sig alg", cmsResult.getSignatureAlgorithm()); } @Test public void extendedValidationAtrustEidCadesSignature() throws MOAException, IOException { VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray("/testdata/cades/ATrust_SigTest1.b64")), "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten", false, true); // perform test VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result.getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); assertNotNull("signerInfo", cmsResult.getSignerInfo()); assertEquals("issuerCC", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); assertTrue("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); assertTrue("SSCD", cmsResult.getSignerInfo().isSSCD()); assertNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); assertNotNull("form val. result", cmsResult.getAdESFormResults()); assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size()); for (Object el : cmsResult.getAdESFormResults()) { AdESFormResults test = ((AdESFormResults)el); if (test.getCode().longValue() == 0) { assertEquals("wrong from name", "B-B", test.getName()); } else { assertEquals("Find wrong form val status", 2, test.getCode().longValue()); } } assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode()); assertEquals("ext. val major", 24, cmsResult.getExtendedCertificateCheck().getMinorCode()); assertNull("byteRange", cmsResult.getByteRangeOfSignature()); assertEquals("used sig alg", "SHA256withECDSA", cmsResult.getSignatureAlgorithm()); } @Test public void basicValidationCadesSignature() throws MOAException, IOException { VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray("/testdata/cades/simpleCadesSig.b64")), "MOAIDBuergerkarteAuthentisierungsDaten", false, false); // perform test VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result.getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 1, cmsResult.getCertificateCheck().getCode()); assertNotNull("signerInfo", cmsResult.getSignerInfo()); assertEquals("issuerCC", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); assertFalse("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); assertFalse("SSCD", cmsResult.getSignerInfo().isSSCD()); assertNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); assertNull("form val. result", cmsResult.getAdESFormResults()); assertNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertNull("byteRange", cmsResult.getByteRangeOfSignature()); assertNull("used sig alg", cmsResult.getSignatureAlgorithm()); } @Test public void extendedValidationCadesSignature() throws MOAException, IOException { VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray("/testdata/cades/simpleCadesSig.b64")), "MOAIDBuergerkarteAuthentisierungsDaten", false, true); // perform test VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result.getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 1, cmsResult.getCertificateCheck().getCode()); assertNotNull("signerInfo", cmsResult.getSignerInfo()); assertEquals("issuerCC", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); assertFalse("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); assertFalse("SSCD", cmsResult.getSignerInfo().isSSCD()); assertNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); assertNotNull("form val. result", cmsResult.getAdESFormResults()); assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size()); for (Object el : cmsResult.getAdESFormResults()) { AdESFormResults test = ((AdESFormResults)el); assertEquals("Find wrong form val status", 1, test.getCode().longValue()); } assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode()); assertEquals("ext. val major", 24, cmsResult.getExtendedCertificateCheck().getMinorCode()); assertNull("byteRange", cmsResult.getByteRangeOfSignature()); assertEquals("used sig alg", "SHA256withRSA", cmsResult.getSignatureAlgorithm()); } private VerifyCMSSignatureRequest buildVerfifyCmsRequest(final byte[] signature, final String trustProfileID, final boolean isPdfSignature, final boolean performExtendedValidation) { final VerifyCMSSignatureRequestImpl verifyCmsSignatureRequest = new VerifyCMSSignatureRequestImpl(); verifyCmsSignatureRequest.setDateTime(null); verifyCmsSignatureRequest.setCMSSignature(new ByteArrayInputStream(signature)); verifyCmsSignatureRequest.setDataObject(null); verifyCmsSignatureRequest.setTrustProfileId(trustProfileID); verifyCmsSignatureRequest.setSignatories(VerifyCMSSignatureRequest.ALL_SIGNATORIES); verifyCmsSignatureRequest.setPDF(isPdfSignature); verifyCmsSignatureRequest.setExtended(performExtendedValidation); return verifyCmsSignatureRequest; } protected final void setUpContexts(final String transactionID) throws ConfigurationException { final TransactionContextManager txMgr = TransactionContextManager.getInstance(); final LoggingContextManager logMgr = LoggingContextManager.getInstance(); if (txMgr.getTransactionContext() == null) { final TransactionContext ctx = new TransactionContext(transactionID, null, moaSpssCore.getMoaSpssConfig()); txMgr.setTransactionContext(ctx); } //set Logging context into MOA-Sig if (logMgr.getLoggingContext() == null) { final LoggingContext ctx = new LoggingContext(transactionID); logMgr.setLoggingContext(ctx); } //new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig()); } }