detached moa

git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@114 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
author: knowcenter <knowcenter@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> 2007-06-01 08:33:24 +0000
committer: knowcenter <knowcenter@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> 2007-06-01 08:33:24 +0000
commit: 50e12dc6d6683f60971a17851135a82eb5813084 (patch)
tree: 673ff9b549ed1d689575c3f1df47b6b5520276d6
parent: 3899d278a6b91d70568841eeed079534a19db6dc (diff)
download: pdf-as-3-50e12dc6d6683f60971a17851135a82eb5813084.tar.gz
pdf-as-3-50e12dc6d6683f60971a17851135a82eb5813084.tar.bz2
pdf-as-3-50e12dc6d6683f60971a17851135a82eb5813084.zip
1 files changed, 125 insertions, 16 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java
index 7731b9f..98d381a 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java
@@ -3,6 +3,7 @@
  */
 package at.knowcenter.wag.egov.egiz.sig.connectors.moa;
 
+import java.security.cert.X509Certificate;
 import java.util.Properties;
 
 import org.apache.commons.logging.Log;
@@ -18,8 +19,11 @@ import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
 import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces;
 import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUHelper;
 import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUPostConnection;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.DetachedBKUConnector;
 import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
 import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedLocRefMOAIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper;
+import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
 import at.knowcenter.wag.egov.egiz.tools.DebugHelper;
 import at.knowcenter.wag.egov.egiz.tools.FileHelper;
 
@@ -145,11 +149,10 @@ public class DetachedLocRefMOAConnector implements Connector
     String url = this.environment.getVerifyURL();
     Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_VERIFY, verify_request_xml);
 
-    // SignatureResponse signature_response =
-    // analyzeVerifyResponse(response_properties);
+    SignatureResponse signature_response = analyzeVerifyResponse(response_properties);
 
     log.debug("doVerify finished."); //$NON-NLS-1$
-    return null; // signature_response;
+    return signature_response;
   }
 
   /**
@@ -169,26 +172,121 @@ public class DetachedLocRefMOAConnector implements Connector
     String verify_request_template = this.environment.getVerifyRequestTemplate();
 
     String xml_content = null;
-    // TODO implement BKU
-    // if (sigObject.isMOASigned())
-    // {
-    // MOAConnector moa_conn = new MOAConnector();
-    // // get the MOA-template
-    // verify_template_str = moa_conn.getVerifyTemplate(normalizedText,
-    // sigObject);
-    // }
-    // else
-    // {
-    // get the BKU-template
-//    xml_content = prepareXMLContent(data, so);
-    // }
+    if (!SigKZIDHelper.isMOASigned(so))
+    {
+      DetachedBKUConnector bku_connector = new DetachedBKUConnector(this.environment.getProfile(), "not needed here");
+      xml_content = bku_connector.prepareXMLContent(data, so);
+    }
+    else
+    {
+      xml_content = prepareXMLContent(data, so);
+    }
 
     String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
     verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId());
+    verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getSignatureDataUrl());
 
     return verify_request_xml;
   }
 
+  /**
+   * Analyzes the verify response string.
+   * 
+   * @param response_properties
+   *          The response properties containing the response XML.
+   * @return Returns the SignatureResponse containing the verification result.
+   * @throws ConnectorException
+   *           f.e.
+   */
+  public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException
+  {
+    log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$
+
+    String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
+
+    BKUHelper.checkResponseForError(response_string);
+
+    SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string);
+
+    log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$
+    return signature_response;
+  }
+
+  public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException
+  {
+    log.debug("prepareXMLContent:"); //$NON-NLS-1$
+    try
+    {
+
+      String verify_template = this.environment.getVerifyTemplate();
+
+      X509Certificate cert = so.getX509Certificate();
+      String cert_alg = this.environment.getCertAlgEcdsa();
+      if (cert.getPublicKey().getAlgorithm().indexOf("RSA") >= 0) //$NON-NLS-1$
+      {
+        cert_alg = this.environment.getCertAlgRsa();
+      }
+
+      // cert alg replace
+      String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg);
+
+      // data digest replace
+      {
+        byte[] data_value = data.getData();
+        byte[] data_value_hash = CodingHelper.buildDigest(data_value);
+        String object_data_hash = CodingHelper.encodeBase64(data_value_hash);
+
+        verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash);
+      }
+
+      verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue());
+
+      // X.509 Certificate replace
+      byte[] der = cert.getEncoded();
+      byte[] cert_hash = CodingHelper.buildDigest(der);
+      String certDigest = CodingHelper.encodeBase64(cert_hash);
+      String x509_cert_string = CodingHelper.encodeBase64(der);
+      verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string);
+
+      // Qualified Properties replaces
+      verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
+      verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
+      verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+      verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
+      // SigDataRefReplace already done above
+      verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType());
+
+      // Signed Properties hash
+      {
+        final String ETSI_SIGNED_PROPERTIES_START_TAG = "<etsi:SignedProperties"; //$NON-NLS-1$
+        final String ETSI_SIGNED_PROPERTIES_END_TAG = "</etsi:SignedProperties>"; //$NON-NLS-1$
+
+        final int hash_start = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_START_TAG);
+        assert hash_start >= 0;
+        final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length();
+        assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0;
+        assert hash_end > hash_start;
+
+        final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end);
+        log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
+
+        final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
+        byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed);
+        String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
+
+        verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash);
+      }
+
+      log.debug("prepareXMLContent finished."); //$NON-NLS-1$
+      return verify_xml;
+    }
+    catch (Exception e)
+    {
+      log.debug(e);
+      throw new ConnectorException(310, e);
+    }
+  }
+
   protected Properties sendRequest(String url, String mode,
       String request_string) throws ConnectorException
   {
@@ -254,6 +352,8 @@ public class DetachedLocRefMOAConnector implements Connector
      * The configuration key for the RSA cert alg property.
      */
     protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
+    
+    protected String profile = null;
 
     protected String signature_data_url = null;
 
@@ -287,6 +387,8 @@ public class DetachedLocRefMOAConnector implements Connector
      */
     public Environment(String profile, String signature_data_url) throws ConnectorException
     {
+      this.profile = profile;
+      
       this.signature_data_url = signature_data_url;
 
       SettingsReader settings = null;
@@ -337,6 +439,13 @@ public class DetachedLocRefMOAConnector implements Connector
 
     }
 
+    
+    
+    public String getProfile()
+    {
+      return this.profile;
+    }
+
     /**
      * Returns the URL where to load the detached data from.
      *
author	knowcenter <knowcenter@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>	2007-06-01 08:33:24 +0000
committer	knowcenter <knowcenter@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>	2007-06-01 08:33:24 +0000
commit	50e12dc6d6683f60971a17851135a82eb5813084 (patch)
tree	673ff9b549ed1d689575c3f1df47b6b5520276d6
parent	3899d278a6b91d70568841eeed079534a19db6dc (diff)
download	pdf-as-3-50e12dc6d6683f60971a17851135a82eb5813084.tar.gz pdf-as-3-50e12dc6d6683f60971a17851135a82eb5813084.tar.bz2 pdf-as-3-50e12dc6d6683f60971a17851135a82eb5813084.zip