diff options
author | knowcenter <knowcenter@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2007-05-18 15:42:55 +0000 |
---|---|---|
committer | knowcenter <knowcenter@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2007-05-18 15:42:55 +0000 |
commit | 8f2a983cb8e9be9e71e3df04edd00a4bc0673862 (patch) | |
tree | 141e477bd1086e21f80dba750b6f93036827c280 | |
parent | dce5ed9e0a30ed7f03b21a8142029847a1194a2c (diff) | |
download | pdf-as-3-8f2a983cb8e9be9e71e3df04edd00a4bc0673862.tar.gz pdf-as-3-8f2a983cb8e9be9e71e3df04edd00a4bc0673862.tar.bz2 pdf-as-3-8f2a983cb8e9be9e71e3df04edd00a4bc0673862.zip |
detached connectors
git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@92 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
20 files changed, 842 insertions, 283 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java index 9359c96..98a164d 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java @@ -19,6 +19,7 @@ package at.knowcenter.wag.egov.egiz; import java.io.ByteArrayInputStream;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
@@ -30,7 +31,6 @@ import org.apache.commons.logging.LogFactory; import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
-import at.knowcenter.wag.egov.egiz.exceptions.ConnectorFactoryException;
import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException;
import at.knowcenter.wag.egov.egiz.exceptions.PDFDocumentException;
import at.knowcenter.wag.egov.egiz.exceptions.PresentableException;
@@ -60,11 +60,8 @@ import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; import at.knowcenter.wag.egov.egiz.sig.SignatureTypeDefinition;
import at.knowcenter.wag.egov.egiz.sig.SignatureTypes;
import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
-import at.knowcenter.wag.egov.egiz.sig.connectors.bku.DetachedBKUConnector;
-import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector;
-import at.knowcenter.wag.egov.egiz.sig.connectors.bku.MultipartDetachedBKUConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
-import at.knowcenter.wag.egov.egiz.sig.connectors.moa.EnvelopingBase64MOAConnector;
import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
import at.knowcenter.wag.egov.egiz.tools.Normalizer;
import at.knowcenter.wag.exactparser.ParseDocument;
@@ -773,6 +770,21 @@ public abstract class PdfAS }
return results;
}
+
+ // TODO the choosing algorithm should be extracted into a visitor or factory design pattern.
+ public static List verifySignatureHoldersWeb(List signature_holders,
+ String connector, String loc_ref) throws PDFDocumentException, NormalizeException, SignatureException
+ {
+ List results = new ArrayList();
+ for (int i = 0; i < signature_holders.size(); i++)
+ {
+ SignatureHolder holder = (SignatureHolder) signature_holders.get(i);
+
+ SignatureResponse result = verifyWeb(holder, connector, loc_ref);
+ results.add(result);
+ }
+ return results;
+ }
/**
* Verifies a SignatureHolder using the given connector.
@@ -810,40 +822,95 @@ public abstract class PdfAS throw new SignatureException(312, "Document can not be verified because no signature object are set.");
}
- try
+ // FIXME this has to be made better
+ SignatureData sd = null;
+ if (so_to_be_verified.isBinary())
+ {
+ byte[] data = CodingHelper.decodeBase64(text_to_be_verified);
+ sd = new SignatureDataImpl(data, "application/pdf");
+ }
+ else
{
- // FIXME this has to be made better
- SignatureData sd = null;
- if (so_to_be_verified.isBinary())
+ try
{
- byte[] data = CodingHelper.decodeBase64(text_to_be_verified);
- sd = new SignatureDataImpl(data, "application/pdf");
+ sd = new SignatureDataImpl(text_to_be_verified.getBytes("UTF-8"), "text/plain", "UTF-8");
}
- else
+ catch (UnsupportedEncodingException e)
{
- sd = new SignatureDataImpl(text_to_be_verified.getBytes("UTF-8"), "text/plain", "UTF-8");
+ throw new RuntimeException("Very Strange: UTF-8 character encoding not supported???");
}
+ }
+
+ SignSignatureObject so = new SignSignatureObject();
+ so.date = so_to_be_verified.getSignationDate();
+ so.signatureValue = so_to_be_verified.getSignationValue();
+ so.issuer = so_to_be_verified.getSignationIssuer();
+ so.x509Certificate = so_to_be_verified.getX509Cert().getX509Certificate();
+ so.id = so_to_be_verified.getSignationIds();
+ so.kz = so_to_be_verified.getKZ() == null ? null : so_to_be_verified.getKZ().toString();
+
+ String profile = so_to_be_verified.getSignatureTypeDefinition().getType();
+ Connector c = ConnectorChooser.chooseCommandlineConnectorForVerify(connector, so_to_be_verified.getKZ(), so.id, profile);
- SignSignatureObject so = new SignSignatureObject();
- so.date = so_to_be_verified.getSignationDate();
- so.signatureValue = so_to_be_verified.getSignationValue();
- so.issuer = so_to_be_verified.getSignationIssuer();
- so.x509Certificate = so_to_be_verified.getX509Cert().getX509Certificate();
- so.id = so_to_be_verified.getSignationIds();
- so.kz = so_to_be_verified.getKZ().toString();
+ return c.doVerify(sd, so);
- String profile = so_to_be_verified.getSignatureTypeDefinition().getType();
- Connector connector_impl = chooseConnector(profile, so_to_be_verified.getKZ(), so.getSigID(), connector);
+ }
+
+ // TODO make this better using the visitor DP.
+ public static SignatureResponse verifyWeb(SignatureHolder signature_holder,
+ String connector, String loc_ref) throws NormalizeException, PDFDocumentException, SignatureException
+ {
+ String text_to_be_verified = signature_holder.getSignedText();
+ // logger_.debug("verify text_to_be_verified"+text_to_be_verified);
+ SignatureObject so_to_be_verified = signature_holder.getSignatureObject();
- // Connector connector_impl = ConnectorFactory.createConnector(connector);
- return connector_impl.doVerify(sd, so);
+ if (text_to_be_verified == null)
+ {
+ throw new SignatureException(311, "Document can not be verified because the text to be verified is either null.");
}
- catch (Exception e)
+ if (text_to_be_verified.length() <= 0)
{
- throw new SignatureException(310, e);
+ throw new SignatureException(311, "Document can not be verified because the length of the text to be verified is 0. (length = " + text_to_be_verified.length() + ")");
}
- }
+ if (so_to_be_verified == null)
+ {
+ throw new SignatureException(312, "Document can not be verified because no signature object are set.");
+ }
+
+ // FIXME this has to be made better
+ SignatureData sd = null;
+ if (so_to_be_verified.isBinary())
+ {
+ byte[] data = CodingHelper.decodeBase64(text_to_be_verified);
+ sd = new SignatureDataImpl(data, "application/pdf");
+ }
+ else
+ {
+ try
+ {
+ sd = new SignatureDataImpl(text_to_be_verified.getBytes("UTF-8"), "text/plain", "UTF-8");
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException("Very Strange: UTF-8 character encoding not supported???");
+ }
+ }
+
+ SignSignatureObject so = new SignSignatureObject();
+ so.date = so_to_be_verified.getSignationDate();
+ so.signatureValue = so_to_be_verified.getSignationValue();
+ so.issuer = so_to_be_verified.getSignationIssuer();
+ so.x509Certificate = so_to_be_verified.getX509Cert().getX509Certificate();
+ so.id = so_to_be_verified.getSignationIds();
+ so.kz = so_to_be_verified.getKZ() == null ? null : so_to_be_verified.getKZ().toString();
+
+ String profile = so_to_be_verified.getSignatureTypeDefinition().getType();
+ Connector c = ConnectorChooser.chooseWebConnectorForVerify(connector, so_to_be_verified.getKZ(), so.id, profile, loc_ref);
+
+ return c.doVerify(sd, so);
+
+ }
/**
* Signs the given text with the provided connector using the given signature
* type.
@@ -861,7 +928,7 @@ public abstract class PdfAS * F.e.
*/
public static SignSignatureObject sign(final SignatureData data_to_sign,
- final String signature_type, final String connector) throws SignatureException, PDFDocumentException
+ final Connector connector) throws SignatureException, PDFDocumentException
{
if (data_to_sign == null || data_to_sign.getData() == null)
{
@@ -872,17 +939,8 @@ public abstract class PdfAS throw new SignatureException(301, "Signature can not be produced. Data is empty. (length = " + data_to_sign.getData().length + ")"); //$NON-NLS-1$ //$NON-NLS-2$
}
- try
- {
- Connector connector_impl = chooseDetachedMultipartConnector(signature_type, connector);
-
- SignSignatureObject signed_signature_object = connector_impl.doSign(data_to_sign);
- return signed_signature_object;
- }
- catch (ConnectorFactoryException e)
- {
- throw new SignatureException(300, e);
- }
+ SignSignatureObject signed_signature_object = connector.doSign(data_to_sign);
+ return signed_signature_object;
}
/**
@@ -937,7 +995,9 @@ public abstract class PdfAS IncrementalUpdateInformation iui = signator.prepareSign(pdf, signature_type, pos, ConnectorFactory.needsSIG_ID(connector));
- iui.signed_signature_object = sign(iui.signature_data, signature_type, connector);
+ Connector c = ConnectorChooser.chooseCommandlineConnectorForSign(connector, signature_type);
+
+ iui.signed_signature_object = sign(iui.signature_data, c);
SignResult sign_result = signator.finishSign(iui);
@@ -1333,91 +1393,4 @@ public abstract class PdfAS return pos;
}
- /**
- *
- * @param sig_kz
- * @param sig_id
- * @return Returns the chosen Connector.
- * @throws ConnectorFactoryException
- */
- public static at.knowcenter.wag.egov.egiz.sig.connectors.Connector chooseConnector(
- String profile,
- PdfASID sig_kz, String sig_id, String sig_app) throws ConnectorFactoryException, ConnectorException
- {
- log.debug("chooseConnector:"); //$NON-NLS-1$
-
- log.debug("sig_kz = " + sig_kz); //$NON-NLS-1$
- log.debug("sig_id = " + sig_id); //$NON-NLS-1$
- log.debug("sig_app = " + sig_app); //$NON-NLS-1$
-
- if (sig_kz == null)
- {
- log.debug("sig_kz is null ==> alte Signatur"); //$NON-NLS-1$
-
- return chooseEnvelopedBase64Connector(profile, sig_app);
- }
-
- {
- log.debug("sig_kz is not null ==> one of the newer signatures");
-
- if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0))
- {
- log.debug("Version is 1.0.0 ==> Base64 Signatur eventuell Hotfix.");
-
- return chooseEnvelopedBase64Connector(profile, sig_app);
- }
- if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_1_0))
- {
- log.debug("Version is 1.1.0 ==> Detached Multipart Signatur.");
-
- return chooseDetachedMultipartConnector(profile, sig_app);
- }
- }
-
- log.debug("chooseConnector."); //$NON-NLS-1$
- return null;
- }
-
- protected static final String BKU = "bku"; //$NON-NLS-1$
-
- protected static final String MOA = "moa"; //$NON-NLS-1$
-
- protected static at.knowcenter.wag.egov.egiz.sig.connectors.Connector chooseEnvelopedBase64Connector(
- String profile, String sig_app) throws ConnectorFactoryException, ConnectorException
- {
- if (sig_app.equals(BKU))
- {
- log.debug("sig_app is BKU ==> EnvelopedBase64BKUConnector"); //$NON-NLS-1$
-
- return new EnvelopedBase64BKUConnector(profile);
- }
- if (sig_app.equals(MOA))
- {
- log.debug("sig_app is MOA ==> EnvelopedBase64MOAConnector"); //$NON-NLS-1$
-
- return new EnvelopingBase64MOAConnector(profile);
- }
- throw new ConnectorFactoryException("Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$
-
- }
-
- protected static at.knowcenter.wag.egov.egiz.sig.connectors.Connector chooseDetachedMultipartConnector(
- String profile, String sig_app) throws ConnectorException, ConnectorFactoryException
- {
- if (sig_app.equals(BKU))
- {
- log.debug("sig_app is BKU ==> DetachedMultipartBKUConnector"); //$NON-NLS-1$
-
- return new MultipartDetachedBKUConnector(profile);
- }
- if (sig_app.equals(MOA))
- {
- log.debug("sig_app is MOA ==> EnvelopedBase64MOAConnector"); //$NON-NLS-1$
-
- return null;
- }
- throw new ConnectorFactoryException("Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$
-
- }
-
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/commandline/Main.java b/src/main/java/at/knowcenter/wag/egov/egiz/commandline/Main.java index 614005e..73ee69a 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/commandline/Main.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/commandline/Main.java @@ -45,7 +45,9 @@ import at.knowcenter.wag.egov.egiz.exceptions.SignatureTypesException; import at.knowcenter.wag.egov.egiz.framework.SignResult;
import at.knowcenter.wag.egov.egiz.framework.SignatorFactory;
import at.knowcenter.wag.egov.egiz.framework.VerificationFilter;
+import at.knowcenter.wag.egov.egiz.framework.signators.BinarySignator_1_0_0;
import at.knowcenter.wag.egov.egiz.framework.signators.DetachedSignator_1_0_0;
+import at.knowcenter.wag.egov.egiz.framework.signators.TextualSignator_1_0_0;
import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder;
import at.knowcenter.wag.egov.egiz.pdf.TablePos;
import at.knowcenter.wag.egov.egiz.sig.ConnectorFactory;
@@ -126,7 +128,7 @@ public abstract class Main * The application mode verify
*/
public static final String VALUE_SIGNATURE_MODE_DETACHED = "detached";
-
+
/**
* The application mode verify
*/
@@ -470,6 +472,26 @@ public abstract class Main }
PdfASID algorithm = translateSignatureModeToPdfASID(signature_mode);
+
+ // TODO MOA detached signing is not allowed at the commandline
+ logger_.debug("Suggested sign algorithm = " + algorithm);
+ if (connector.equals("moa"))
+ {
+ String msg = "Hinweis: Der MOA Detached Connector ist für die Kommandozeile nicht geeignet. Die Signatur wird daher im alten Base64 enveloping Format ausgeführt.";
+ System.out.println(msg);
+ logger_.warn(msg);
+
+ if (signature_mode.equals(VALUE_SIGNATURE_MODE_BINARY))
+ {
+ algorithm = BinarySignator_1_0_0.MY_ID;
+ }
+ if (signature_mode.equals(VALUE_SIGNATURE_MODE_TEXTUAL))
+ {
+ algorithm = TextualSignator_1_0_0.MY_ID;
+ }
+ }
+ logger_.debug("Finally used sign algorithm = " + algorithm);
+
SignResult sign_result = PdfAS.sign(algorithm, input_bytes, signature_type, connector, user_name, user_password, pos);
try
@@ -770,12 +792,12 @@ public abstract class Main writer.println(" y_algo:='auto' ... automatic positioning y");
writer.println(" floatvalue ... absolute y must be >= 0");
writer.println(" w_algo:='auto' ... automatic width");
- writer.println(" floatvalue ... absolute width must be > 0");
+ writer.println(" floatvalue ... absolute width must be > 0");
writer.println(" p_algo:='auto' ... automatic last page");
- writer.println(" 'new' ... new page");
+ writer.println(" 'new' ... new page");
writer.println(" intvalue ... pagenumber must be > 0 if p>number of pages in document p-->handled like p:'new'");
writer.println(" f_algo floatvalue ... consider footerline must be >= 0 (only if y_algo is auto and p_algo is not 'new')");
-
+
writer.println(" OPTIONS for verification:");
writer.println(" " + PARAMETER_VERIFY_WHICH + " <number> ... [optional] zero based number of the signature");
writer.println(" to be verified. If omitted, all signatures are verified.");
@@ -870,7 +892,7 @@ public abstract class Main if (signature_mode.equals(VALUE_SIGNATURE_MODE_DETACHED_TEXt))
{
return SignatorFactory.MOST_RECENT_DETACHEDTEXT_SIGNATOR_ID;
- }
+ }
return null;
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java index e510d53..d67bb90 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java @@ -49,6 +49,7 @@ import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIException;
import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIFactory;
import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter;
+import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper;
import at.knowcenter.wag.egov.egiz.table.Entry;
import at.knowcenter.wag.egov.egiz.table.Style;
import at.knowcenter.wag.egov.egiz.table.Table;
@@ -732,7 +733,10 @@ public class SignatureObject implements Serializable */
public void setSignationIDs(String sigIds)
{
- setSigValue(SignatureTypes.SIG_ID, sigIds);
+ if (sigIds != null)
+ {
+ setSigValue(SignatureTypes.SIG_ID, sigIds);
+ }
}
// /**
@@ -838,7 +842,18 @@ public class SignatureObject implements Serializable */
public boolean isMOASigned()
{
- return getSignationIds() == null;
+ try
+ {
+ PdfASID sig_kz = getKZ();
+ String sig_id = getSignationIds();
+ return SigKZIDHelper.isMOASigned(sig_kz, sig_id);
+ //return getSignationIds() == null;
+ }
+ catch (InvalidIDException e)
+ {
+ logger_.error(e);
+ return false;
+ }
}
/**
@@ -857,13 +872,7 @@ public class SignatureObject implements Serializable {
e.printStackTrace();
}
- if (kz == null)
- {
- return true; // must be an old Signature
- }
-
- boolean textual = kz.getType().equals(SignatorFactory.TYPE_TEXTUAL);
- return textual;
+ return SigKZIDHelper.isTextual(kz);
}
/**
@@ -882,13 +891,8 @@ public class SignatureObject implements Serializable {
e.printStackTrace();
}
- if (kz == null)
- {
- return false; // must be an old Signature
- }
-
- boolean binary = kz.getType().equals(SignatorFactory.TYPE_BINARY);
- return binary;
+
+ return SigKZIDHelper.isBinary(kz);
}
/**
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/ConnectorChooser.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/ConnectorChooser.java new file mode 100644 index 0000000..af94f94 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/ConnectorChooser.java @@ -0,0 +1,297 @@ +/**
+ *
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.knowcenter.wag.egov.egiz.PdfASID;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.framework.SignatorFactory;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.LocRefDetachedBKUConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.MultipartDetachedBKUConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.OldEnvelopingBase64BKUConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.moa.DetachedLocRefMOAConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.moa.EnvelopingBase64MOAConnector;
+import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter;
+
+/**
+ * Helper class that provides static methods that help the application to
+ * "choose" the right connector for a given task.
+ *
+ * @author wprinz
+ */
+public final class ConnectorChooser
+{
+ /**
+ * The log.
+ */
+ private static Log log = LogFactory.getLog(ConnectorChooser.class);
+
+ public static LocalConnector chooseLocalConnectorForSign(String connector,
+ String profile, String loc_ref_url) throws ConnectorException
+ {
+ log.debug("Choosing LocalConnector for signation...");
+
+ log.debug("connector type = " + connector);
+
+ if (!connector.equals("bku"))
+ {
+ log.error("Currently only the BKU connector is fully implemented.");
+ }
+
+ log.debug("choosing locref detached BKU connector.");
+ return new LocRefDetachedBKUConnector(profile, loc_ref_url);
+ }
+
+ public static Connector chooseWebConnectorForSign(String connector,
+ String profile, String loc_ref_url) throws ConnectorException
+ {
+ log.debug("Choosing Connector for WEB signation...");
+
+ log.debug("connector type = " + connector);
+
+ if (!connector.equals("moa"))
+ {
+ log.error("Currently only the MOA connector is available for non local WEB signation.");
+ }
+
+ log.debug("choosing locref detached MOA connector.");
+ return new DetachedLocRefMOAConnector(profile, loc_ref_url);
+ }
+
+ public static Connector chooseCommandlineConnectorForSign(String connector,
+ String profile) throws ConnectorException
+ {
+ log.debug("Choosing Connector for commandline signation...");
+
+ log.debug("connector type = " + connector);
+
+ if (connector.equals(BKU))
+ {
+ log.debug("sig_app is BKU ==> MultipartDetachedBKUConnector"); //$NON-NLS-1$
+
+ return new MultipartDetachedBKUConnector(profile);
+ }
+ if (connector.equals(MOA))
+ {
+ // TODO MOA detached signing is not allowed at the commandline
+ log.warn("Detached MOA is not supported on the commandline. -> choosing Base64 temporarily.");
+ return new EnvelopingBase64MOAConnector(profile);
+ }
+
+ throw new ConnectorException(300, "Unknown connector type '" + connector + "' specified.");
+ }
+
+ public static LocalConnector chooseLocalConnectorForVerify(String connector,
+ PdfASID sig_kz, String sig_id, String profile, String loc_ref_url) throws ConnectorException
+ {
+ log.debug("Choosing LocalConnector for verification...");
+
+ log.debug("connector type = " + connector);
+ log.debug("sig_kz = " + sig_kz);
+ log.debug("sig_id = " + sig_id);
+
+ if (!connector.equals("bku"))
+ {
+ log.error("Currently only the BKU connector is fully implemented.");
+ }
+
+ if (sig_kz == null)
+ {
+ log.debug("sig_kz is null -> must be old signature -> choosing old Base64 connector.");
+
+ return new OldEnvelopingBase64BKUConnector(profile);
+ }
+
+ log.debug("sig_kz is not null -> must be one of the newer ... base64, base64 hotfix, or detached");
+
+ if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0))
+ {
+ log.debug("sig_kz version is 1.0.0 -> choosing base64 (old or hotfix)");
+
+ if (sig_id == null)
+ {
+ log.debug("sig_id is null, which means that it is a MOA signature -> choose a hotfix base64 connector (thus it is moa - it doesn't matter).");
+
+ return new EnvelopedBase64BKUConnector(profile);
+ }
+
+ String[] sig_id_parts = sig_id.split("@");
+ if (sig_id_parts.length == 2)
+ {
+ log.debug("sig_id has 2 @-separated parts -> choosing old base64 connector");
+
+ return new OldEnvelopingBase64BKUConnector(profile);
+ }
+ if (sig_id_parts[0].equals(HotfixIdFormatter.SIG_ID_PREFIX))
+ {
+ log.debug("sig_id prefix is hotfix -> choosing hotfix base64 connector");
+
+ return new EnvelopedBase64BKUConnector(profile);
+ }
+
+ throw new ConnectorException(300, "The SIG_KZ version is 1.0.0, but SIG_ID is neither MOA nor Old base64 nor Hotfix base64 ???'");
+ }
+ if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_1_0))
+ {
+ log.debug("sig_kz version is 1.1.0 -> choosing detached (loc ref) connector.");
+
+ return new LocRefDetachedBKUConnector(profile, loc_ref_url);
+ }
+
+ throw new ConnectorException(310, "The SIG_KZ version '" + sig_kz.getVersion() + "' is unknown.");
+ }
+
+ public static Connector chooseWebConnectorForVerify(String connector,
+ PdfASID sig_kz, String sig_id, String profile, String loc_ref_url) throws ConnectorException
+ {
+ log.debug("Choosing Connector for WEB verification...");
+
+ log.debug("connector type = " + connector);
+ log.debug("sig_kz = " + sig_kz);
+ log.debug("sig_id = " + sig_id);
+
+ if (!connector.equals("moa"))
+ {
+ log.error("Currently only the MOA connector is available for non local WEB signation.");
+ }
+
+ if (sig_kz == null || sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0))
+ {
+ log.debug("sig_kz is null or sig_kz version is 1.0.0 -> choosing Base64 connector.");
+
+ return new EnvelopingBase64MOAConnector(profile);
+ }
+
+ if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_1_0))
+ {
+ log.debug("sig_kz version is 1.1.0 -> choosing detached (loc ref) connector.");
+
+ throw new ConnectorException(370, "The MOA detached connector is not suitable for verification.");
+ //return new DetachedLocRefMOAConnector(profile, loc_ref_url);
+ }
+
+ throw new ConnectorException(310, "The SIG_KZ version '" + sig_kz.getVersion() + "' is unknown.");
+ }
+
+ public static Connector chooseCommandlineConnectorForVerify(String connector,
+ PdfASID sig_kz, String sig_id, String profile) throws ConnectorException
+ {
+ log.debug("Choosing Connector for Commandline verification...");
+
+ log.debug("connector type = " + connector);
+ log.debug("sig_kz = " + sig_kz); //$NON-NLS-1$
+ log.debug("sig_id = " + sig_id); //$NON-NLS-1$
+
+ if (sig_kz == null)
+ {
+ log.debug("sig_kz is null -> chose an old enveloped base64 connector"); //$NON-NLS-1$
+
+ return chooseEnvelopedBase64ConnectorOld(profile, connector);
+ }
+
+ log.debug("sig_kz is not null -> one of the newer signatures");
+
+ if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0))
+ {
+ log.debug("Version is 1.0.0 -> Base64 Signatur (old or Hotfix).");
+
+ if (sig_id == null)
+ {
+ log.debug("sig_id is null, which means that it is a MOA signature -> choose a hotfix base64 connector (thus it is moa - it doesn't matter).");
+
+ return chooseEnvelopedBase64ConnectorHotfix(profile, connector);
+ }
+
+ String[] sig_id_parts = sig_id.split("@");
+ if (sig_id_parts.length == 2)
+ {
+ log.debug("sig_id has 2 @-separated parts -> choosing old base64 connector");
+
+ return chooseEnvelopedBase64ConnectorOld(profile, connector);
+ }
+ if (sig_id_parts[0].equals(HotfixIdFormatter.SIG_ID_PREFIX))
+ {
+ log.debug("sig_id prefix is hotfix -> choosing hotfix base64 connector");
+
+ return chooseEnvelopedBase64ConnectorHotfix(profile, connector);
+ }
+
+ throw new ConnectorException(300, "The SIG_KZ version is 1.0.0, but SIG_ID is neither MOA nor Old base64 nor Hotfix base64 ???'");
+ }
+ if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_1_0))
+ {
+ log.debug("Version is 1.1.0 -> chose a detached connector.");
+
+ return chooseDetachedMultipartConnector(profile, connector);
+ }
+
+ throw new ConnectorException(310, "The SIG_KZ version '" + sig_kz.getVersion() + "' is unknown.");
+ }
+
+ protected static final String BKU = "bku"; //$NON-NLS-1$
+
+ protected static final String MOA = "moa"; //$NON-NLS-1$
+
+ protected static Connector chooseEnvelopedBase64ConnectorOld(String profile,
+ String sig_app) throws ConnectorException
+ {
+ if (sig_app.equals(BKU))
+ {
+ log.debug("sig_app is BKU ==> OldEnvelopingBase64BKUConnector"); //$NON-NLS-1$
+
+ return new OldEnvelopingBase64BKUConnector(profile);
+ }
+ if (sig_app.equals(MOA))
+ {
+ log.debug("sig_app is MOA ==> EnvelopingBase64MOAConnector"); //$NON-NLS-1$
+
+ return new EnvelopingBase64MOAConnector(profile);
+ }
+ throw new ConnectorException(310, "Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$
+
+ }
+
+ protected static Connector chooseEnvelopedBase64ConnectorHotfix(
+ String profile, String sig_app) throws ConnectorException
+ {
+ if (sig_app.equals(BKU))
+ {
+ log.debug("sig_app is BKU ==> EnvelopedBase64BKUConnector"); //$NON-NLS-1$
+
+ return new EnvelopedBase64BKUConnector(profile);
+ }
+ if (sig_app.equals(MOA))
+ {
+ log.debug("sig_app is MOA ==> EnvelopedBase64MOAConnector"); //$NON-NLS-1$
+
+ return new EnvelopingBase64MOAConnector(profile);
+ }
+ throw new ConnectorException(310, "Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$
+
+ }
+
+ protected static Connector chooseDetachedMultipartConnector(String profile,
+ String sig_app) throws ConnectorException
+ {
+ if (sig_app.equals(BKU))
+ {
+ log.debug("sig_app is BKU ==> DetachedMultipartBKUConnector"); //$NON-NLS-1$
+
+ return new MultipartDetachedBKUConnector(profile);
+ }
+ if (sig_app.equals(MOA))
+ {
+ log.debug("sig_app is MOA ==> DetachedMOAConnector"); //$NON-NLS-1$
+
+ String msg = "A Detached signature cannot be verified with the MOA connector (yet)."; //$NON-NLS-1$
+ log.error(msg);
+ throw new ConnectorException(370, msg);
+ }
+ throw new ConnectorException(310, "Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java index 44beb40..d018a13 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java @@ -19,6 +19,7 @@ import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces;
import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper;
import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
import at.knowcenter.wag.egov.egiz.tools.FileHelper;
@@ -120,10 +121,6 @@ public class DetachedBKUConnector implements Connector, LocalConnector return so;
}
-
-
-
-
public static String[] parseSigIds(String sig_ids)
{
if (sig_ids == null || sig_ids.length() == 0)
@@ -292,29 +289,29 @@ public class DetachedBKUConnector implements Connector, LocalConnector * @throws ConnectorException
* f.e.
*/
- public String prepareVerifyRequest(SignatureData data,
- SignSignatureObject so) throws ConnectorException
+ public String prepareVerifyRequest(SignatureData data, SignSignatureObject so) throws ConnectorException
{
String verify_request_template = this.environment.getVerifyRequestTemplate();
String xml_content = null;
- // TODO implement MOA
- // if (sigObject.isMOASigned())
- // {
- // MOAConnector moa_conn = new MOAConnector();
- // // get the MOA-template
- // verify_template_str = moa_conn.getVerifyTemplate(normalizedText,
- // sigObject);
- // }
- // else
- // {
- // get the BKU-template
- xml_content = prepareXMLContent(data, so);
- // }
+ if (SigKZIDHelper.isMOASigned(so))
+ {
+ // TODO once the detached moa connector is fully functional - implement this.
+ log.error("Zur Zeit gibt es keinen detached MOA connector fuer die Verifikation.");
+ throw new ConnectorException(300, "Detached MOA is disabled.");
+ // MOAConnector moa_conn = new MOAConnector();
+ // // get the MOA-template
+ // verify_template_str = moa_conn.getVerifyTemplate(normalizedText,
+ // sigObject);
+ }
+ else
+ {
+ xml_content = prepareXMLContent(data, so);
+ }
String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getLocRefContent());
-
+
return verify_request_xml;
}
@@ -441,7 +438,6 @@ public class DetachedBKUConnector implements Connector, LocalConnector return signature_response;
}
-
/**
* Holds environment configuration information like templates.
*
@@ -490,7 +486,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
protected String loc_ref_content = null;
-
+
protected String sign_keybox_identifier = null;
protected String sign_request_template = null;
@@ -518,7 +514,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector public Environment(String profile, String loc_ref_content) throws ConnectorException
{
this.loc_ref_content = loc_ref_content;
-
+
SettingsReader settings = null;
try
{
@@ -566,13 +562,14 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the LocRef content.
+ *
* @return Returns the LocRef content.
*/
public String getLocRefContent()
{
return this.loc_ref_content;
}
-
+
/**
* Returns the sign keybox identifier.
*
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java index 1c628b1..3d5cf36 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java @@ -3,6 +3,7 @@ */
package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+import java.io.UnsupportedEncodingException;
import java.security.cert.X509Certificate;
import java.util.Properties;
@@ -16,8 +17,11 @@ import at.knowcenter.wag.egov.egiz.sig.SignatureData; import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
import at.knowcenter.wag.egov.egiz.sig.SignatureResponse;
import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces;
+import at.knowcenter.wag.egov.egiz.sig.connectors.moa.EnvelopingBase64MOAConnector;
import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper;
import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
import at.knowcenter.wag.egov.egiz.tools.DebugHelper;
import at.knowcenter.wag.egov.egiz.tools.FileHelper;
@@ -26,7 +30,7 @@ import at.knowcenter.wag.egov.egiz.tools.FileHelper; * @author wprinz
*
*/
-public class EnvelopedBase64BKUConnector implements Connector
+public class EnvelopedBase64BKUConnector implements Connector, LocalConnector
{
/**
@@ -49,6 +53,10 @@ public class EnvelopedBase64BKUConnector implements Connector * parameters defined in the configuration are used.
* </p>
*
+ * <p>
+ * This is the new "hotfix" base64 connector.
+ * </p>
+ *
* @param profile
* The profile from which the Environment should be assembled.
* @throws ConnectorException
@@ -131,7 +139,6 @@ public class EnvelopedBase64BKUConnector implements Connector }
return id;
}
-
/**
* Prepares the XML content the holds the actual signature data.
@@ -169,7 +176,7 @@ public class EnvelopedBase64BKUConnector implements Connector String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg);
// data digest replace
- byte [] data_value = BKUHelper.prepareEnvelopingData(data);
+ byte[] data_value = BKUHelper.prepareEnvelopingData(data);
{
byte[] data_value_hash = CodingHelper.buildDigest(data_value);
String object_data_hash = CodingHelper.encodeBase64(data_value_hash);
@@ -206,21 +213,7 @@ public class EnvelopedBase64BKUConnector implements Connector // Signed Properties hash
{
- final String ETSI_SIGNED_PROPERTIES_START_TAG = "<etsi:SignedProperties"; //$NON-NLS-1$
- final String ETSI_SIGNED_PROPERTIES_END_TAG = "</etsi:SignedProperties>"; //$NON-NLS-1$
-
- final int hash_start = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_START_TAG);
- assert hash_start >= 0;
- final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length();
- assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0;
- assert hash_end > hash_start;
-
- final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end);
- log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
-
- final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
- byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed);
- String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
+ String sig_prop_hash = computeSignedPropertiesReplace(verify_xml);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash);
}
@@ -235,6 +228,34 @@ public class EnvelopedBase64BKUConnector implements Connector }
}
+ protected String computeSignedPropertiesReplace(String verify_xml)
+ {
+ try
+ {
+ final String ETSI_SIGNED_PROPERTIES_START_TAG = "<etsi:SignedProperties"; //$NON-NLS-1$
+ final String ETSI_SIGNED_PROPERTIES_END_TAG = "</etsi:SignedProperties>"; //$NON-NLS-1$
+
+ final int hash_start = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_START_TAG);
+ assert hash_start >= 0;
+ final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length();
+ assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0;
+ assert hash_end > hash_start;
+
+ final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end);
+ log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
+
+ final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
+ byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed);
+ String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
+
+ return sig_prop_hash;
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException("Very Strange: UTF-8 character encoding not supported.", e);
+ }
+ }
+
/**
* Prepares the sign request xml to be sent using the sign request template.
*
@@ -272,32 +293,27 @@ public class EnvelopedBase64BKUConnector implements Connector * @throws ConnectorException
* f.e.
*/
- public String prepareVerifyRequest(SignatureData data,
- SignSignatureObject so) throws ConnectorException
+ public String prepareVerifyRequest(SignatureData data, SignSignatureObject so) throws ConnectorException
{
String verify_request_template = this.environment.getVerifyRequestTemplate();
String xml_content = null;
- // TODO implement MOA
- // if (sigObject.isMOASigned())
- // {
- // MOAConnector moa_conn = new MOAConnector();
- // // get the MOA-template
- // verify_template_str = moa_conn.getVerifyTemplate(normalizedText,
- // sigObject);
- // }
- // else
- // {
- // get the BKU-template
- xml_content = prepareXMLContent(data, so);
- // }
+ if (SigKZIDHelper.isMOASigned(so))
+ {
+ log.debug("The signature is MOA signed -> getting XML content from Base64MOA connector.");
+ EnvelopingBase64MOAConnector moa_conn = new EnvelopingBase64MOAConnector(this.environment.getProfile());
+ xml_content = moa_conn.prepareXMLContent(data, so);
+ }
+ else
+ {
+ xml_content = prepareXMLContent(data, so);
+ }
String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
return verify_request_xml;
}
-
/**
* Sends the request to the given URL.
*
@@ -416,6 +432,8 @@ public class EnvelopedBase64BKUConnector implements Connector */
protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
+ protected String profile = null;
+
protected String sign_keybox_identifier = null;
protected String sign_request_template = null;
@@ -442,6 +460,8 @@ public class EnvelopedBase64BKUConnector implements Connector */
public Environment(String profile) throws ConnectorException
{
+ this.profile = profile;
+
SettingsReader settings = null;
try
{
@@ -487,6 +507,11 @@ public class EnvelopedBase64BKUConnector implements Connector }
+ public String getProfile()
+ {
+ return this.profile;
+ }
+
/**
* Returns the sign keybox identifier.
*
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java new file mode 100644 index 0000000..d1fffb1 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java @@ -0,0 +1,112 @@ +/**
+ *
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+
+import java.io.UnsupportedEncodingException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
+import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
+import at.knowcenter.wag.egov.egiz.tools.FileHelper;
+
+/**
+ *
+ * <p>
+ * This is the old base64 connector. The difference is in the way the sign
+ * response is parsed and the verify content_xml.
+ * </p>
+ *
+ * @author wprinz
+ *
+ */
+public class OldEnvelopingBase64BKUConnector extends EnvelopedBase64BKUConnector
+{
+ /**
+ * The log.
+ */
+ private static Log log = LogFactory.getLog(OldEnvelopingBase64BKUConnector.class);
+
+ // TODO implement signing - with old pre 2.7.2 BKUs... not really necessary
+ // though because this connector is only used for verification
+
+ public OldEnvelopingBase64BKUConnector(String profile) throws ConnectorException
+ {
+ super(profile);
+
+ this.environment = new OverriddenEnvironment(profile);
+ }
+
+
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector#computeSignedPropertiesReplace(java.lang.String)
+ */
+ protected String computeSignedPropertiesReplace(String verify_xml)
+ {
+ try
+ {
+ final String ETSI_QUALIFYING_PROPERTIES_START_TAG = "<etsi:QualifyingProperties"; //$NON-NLS-1$
+ final String ETSI_QUALIFYING_PROPERTIES_END_TAG = "</etsi:QualifyingProperties>"; //$NON-NLS-1$
+
+ final int hash_start = verify_xml.indexOf(ETSI_QUALIFYING_PROPERTIES_START_TAG);
+ assert hash_start >= 0;
+ final int hash_end = verify_xml.indexOf(ETSI_QUALIFYING_PROPERTIES_END_TAG, hash_start) + ETSI_QUALIFYING_PROPERTIES_END_TAG.length();
+ assert hash_end - ETSI_QUALIFYING_PROPERTIES_END_TAG.length() >= 0;
+ assert hash_end > hash_start;
+
+ final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end);
+ log.debug("etsi:QualifyingProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
+
+ final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
+ byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed);
+ String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
+
+ return sig_prop_hash;
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException("Very Strange: UTF-8 character encoding not supported.", e);
+ }
+ }
+
+
+
+ public static class OverriddenEnvironment extends EnvelopedBase64BKUConnector.Environment
+ {
+
+ /**
+ * The configuration key of the verify template.
+ */
+ protected static final String VERIFY_TEMPLATE_KEY = "bku.verify.template.base64old"; //$NON-NLS-1$
+
+ public OverriddenEnvironment(String profile) throws ConnectorException
+ {
+ super(profile);
+
+ SettingsReader settings = null;
+ try
+ {
+ settings = SettingsReader.getInstance();
+ }
+ catch (SettingsException e)
+ {
+ throw new ConnectorException(300, e);
+ }
+
+ String verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY);
+ this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
+ if (this.verify_template == null)
+ {
+ // TODO make this a settings exception
+ throw new ConnectorException(300, "Can not read the verify template"); //$NON-NLS-1$
+ }
+
+ }
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java index 220a3d0..7c326f5 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java @@ -62,7 +62,7 @@ public class DetachedLocRefMOAConnector implements Connector * @throws SignatureException
* f.e.
*/
- public DetachedLocRefMOAConnector(String profile, String signature_data_url) throws SignatureException, SettingsException
+ public DetachedLocRefMOAConnector(String profile, String signature_data_url) throws ConnectorException
{
this.environment = new Environment(profile, signature_data_url);
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java index f6580af..a29df2a 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java @@ -15,11 +15,15 @@ import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; import at.knowcenter.wag.egov.egiz.sig.SignatureData;
import at.knowcenter.wag.egov.egiz.sig.SignatureResponse;
import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser;
import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUHelper;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUPostConnection;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.OldEnvelopingBase64BKUConnector;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
import at.knowcenter.wag.egov.egiz.sig.sigid.OldMOAIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper;
import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
import at.knowcenter.wag.egov.egiz.tools.FileHelper;
@@ -140,7 +144,7 @@ public class EnvelopingBase64MOAConnector implements Connector log.debug("prepareSignRequest finished."); //$NON-NLS-1$
return sign_request_xml;
}
-
+
/**
* Prepares the verify request xml to be sent using the verify request
* template.
@@ -153,25 +157,28 @@ public class EnvelopingBase64MOAConnector implements Connector * @throws ConnectorException
* f.e.
*/
- public String prepareVerifyRequest(SignatureData data,
- SignSignatureObject so) throws ConnectorException
+ public String prepareVerifyRequest(SignatureData data, SignSignatureObject so) throws ConnectorException
{
String verify_request_template = this.environment.getVerifyRequestTemplate();
String xml_content = null;
- // TODO implement MOA
- // if (sigObject.isMOASigned())
- // {
- // MOAConnector moa_conn = new MOAConnector();
- // // get the MOA-template
- // verify_template_str = moa_conn.getVerifyTemplate(normalizedText,
- // sigObject);
- // }
- // else
- // {
- // get the BKU-template
- xml_content = prepareXMLContent(data, so);
- // }
+ if (!SigKZIDHelper.isMOASigned(so))
+ {
+ if (SigKZIDHelper.isOldBKU(so))
+ {
+ OldEnvelopingBase64BKUConnector bku_connector = new OldEnvelopingBase64BKUConnector(this.environment.getProfile());
+ xml_content = bku_connector.prepareXMLContent(data, so);
+ }
+ else
+ {
+ EnvelopedBase64BKUConnector bku_connector = new EnvelopedBase64BKUConnector(this.environment.getProfile());
+ xml_content = bku_connector.prepareXMLContent(data, so);
+ }
+ }
+ else
+ {
+ xml_content = prepareXMLContent(data, so);
+ }
String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId());
@@ -226,7 +233,6 @@ public class EnvelopingBase64MOAConnector implements Connector return signature_response;
}
-
/**
* Prepares the XML content the holds the actual signature data.
*
@@ -355,12 +361,11 @@ public class EnvelopingBase64MOAConnector implements Connector * The configuration key of the verify URL.
*/
protected static final String VERIFY_URL_KEY = "moa.verify.url"; //$NON-NLS-1$
-
+
/**
* The configuration key of the trust profile id.
*/
- protected static final String VERIFY_TRUST_PROFILE_ID = "moa.verify.TrustProfileID"; //$NON-NLS-1$
-
+ protected static final String VERIFY_TRUST_PROFILE_ID = "moa.verify.TrustProfileID"; //$NON-NLS-1$
/**
* The configuration key for the ECDSA cert alg property.
@@ -371,6 +376,8 @@ public class EnvelopingBase64MOAConnector implements Connector * The configuration key for the RSA cert alg property.
*/
protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
+
+ protected String profile = null;
protected String sign_key_identifier = null;
@@ -383,7 +390,7 @@ public class EnvelopingBase64MOAConnector implements Connector protected String verify_template = null;
protected String verify_url = null;
-
+
protected String verify_trust_profile_id = null;
protected String cert_alg_ecdsa = null;
@@ -395,11 +402,13 @@ public class EnvelopingBase64MOAConnector implements Connector *
* @param profile
* The configuration profile.
- * @throws ConnectorException
+ * @throws ConnectorException
* f.e.
*/
public Environment(String profile) throws ConnectorException
{
+ this.profile = profile;
+
SettingsReader settings = null;
try
{
@@ -444,6 +453,11 @@ public class EnvelopingBase64MOAConnector implements Connector this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY);
}
+
+ public String getProfile()
+ {
+ return this.profile;
+ }
/**
* Returns the sign key identifier.
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedIdFormatter.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedIdFormatter.java index 273be52..25e4504 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedIdFormatter.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedIdFormatter.java @@ -15,7 +15,7 @@ public class DetachedIdFormatter implements IdFormatter /**
* The SIG_ID prefix.
*/
- public static final String SIG_ID_PREFIX = "etsi-bku-detached@"; //$NON-NLS-1$
+ public static final String SIG_ID_PREFIX = "etsi-bku-detached"; //$NON-NLS-1$
/**
* The log.
@@ -51,7 +51,7 @@ public class DetachedIdFormatter implements IdFormatter join += "-" + cur_id; //$NON-NLS-1$
}
String idstr = base + "@" + join.substring(1); //$NON-NLS-1$
- String final_ids = SIG_ID_PREFIX + idstr;
+ String final_ids = SIG_ID_PREFIX + "@" + idstr;
return final_ids;
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java index d37ead0..f1060fb 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java @@ -12,7 +12,7 @@ public class DetachedLocRefMOAIdFormatter implements IdFormatter /**
* The SIG_ID prefix.
*/
- public static final String SIG_ID_PREFIX = "etsi-moa-detached@"; //$NON-NLS-1$
+ public static final String SIG_ID_PREFIX = "etsi-moa-detached"; //$NON-NLS-1$
/**
* @see at.knowcenter.wag.egov.egiz.sig.sigid.IdFormatter#formatIds(java.lang.String[])
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/HotfixIdFormatter.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/HotfixIdFormatter.java index cb04d03..ac86b4f 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/HotfixIdFormatter.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/HotfixIdFormatter.java @@ -15,7 +15,7 @@ public class HotfixIdFormatter implements IdFormatter /**
* The SIG_ID prefix.
*/
- public static final String SIG_ID_PREFIX = "etsi-bka-1.0@"; //$NON-NLS-1$
+ public static final String SIG_ID_PREFIX = "etsi-bka-1.0"; //$NON-NLS-1$
/**
* The log.
@@ -47,7 +47,7 @@ public class HotfixIdFormatter implements IdFormatter }
String idstr = base + "@" + join.substring(1); //$NON-NLS-1$
- String final_ids = SIG_ID_PREFIX + idstr;
+ String final_ids = SIG_ID_PREFIX + "@" + idstr;
return final_ids;
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java new file mode 100644 index 0000000..d50006a --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java @@ -0,0 +1,131 @@ +/**
+ *
+ */
+package at.knowcenter.wag.egov.egiz.sig.sigkz;
+
+import at.knowcenter.wag.egov.egiz.PdfASID;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.exceptions.InvalidIDException;
+import at.knowcenter.wag.egov.egiz.framework.SignatorFactory;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedLocRefMOAIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter;
+
+/**
+ * @author wprinz
+ *
+ */
+public final class SigKZIDHelper
+{
+
+ public static boolean isTextual(PdfASID sig_kz)
+ {
+ if (sig_kz == null)
+ {
+ // Old signature -> must be textual.
+
+ return true;
+ }
+
+ // new signauture -> sig_kz decides
+ return sig_kz.getType().equals(SignatorFactory.TYPE_TEXTUAL);
+ }
+
+ public static boolean isBinary(PdfASID sig_kz)
+ {
+ return ! isTextual(sig_kz);
+ }
+
+
+ public static boolean isMOASigned(PdfASID sig_kz, String sig_id)
+ {
+ if (sig_kz == null || sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0))
+ {
+ // old signature - if sig_id is null this means MOA
+
+ return sig_id == null;
+ }
+
+ // new signature - sig_id decides
+ String [] ids = sig_id.split("@");
+ String prefix = ids[0];
+
+ if (prefix.equals(DetachedLocRefMOAIdFormatter.SIG_ID_PREFIX))
+ {
+ return true;
+ }
+ return false;
+ }
+
+ public static boolean isMOASigned(SignSignatureObject so)
+ {
+ String sig_kz = so.kz;
+ String sig_id = so.id;
+ PdfASID kz = null;
+ if (sig_kz != null)
+ {
+ try
+ {
+ kz = new PdfASID(sig_kz);
+ }
+ catch (InvalidIDException e)
+ {
+ e.printStackTrace();
+ }
+ }
+
+ return isMOASigned(kz, sig_id);
+ }
+
+ public static boolean isOldBKU(PdfASID sig_kz, String sig_id) throws ConnectorException
+ {
+ if (sig_kz == null)
+ {
+ return true;
+ }
+
+ if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0))
+ {
+ if (sig_id == null)
+ {
+ throw new ConnectorException(310, "The SIG_ID is null - so this isn't a BKU at all.");
+ }
+
+ String[] sig_id_parts = sig_id.split("@");
+ if (sig_id_parts.length == 2)
+ {
+ return true;
+ }
+ if (sig_id_parts[0].equals(HotfixIdFormatter.SIG_ID_PREFIX))
+ {
+
+ return false;
+ }
+
+ throw new ConnectorException(310, "The SIG_KZ version is 1.0.0, but SIG_ID is neither MOA nor Old base64 nor Hotfix base64 ???'");
+ }
+
+ return false;
+ }
+
+ public static boolean isOldBKU(SignSignatureObject so) throws ConnectorException
+ {
+ String sig_kz = so.kz;
+ String sig_id = so.id;
+ PdfASID kz = null;
+ if (sig_kz != null)
+ {
+ try
+ {
+ kz = new PdfASID(sig_kz);
+ }
+ catch (InvalidIDException e)
+ {
+ e.printStackTrace();
+ }
+ }
+
+ return isOldBKU(kz, sig_id);
+ }
+
+}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java index 723bc90..8fac221 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java @@ -32,6 +32,7 @@ import at.knowcenter.wag.egov.egiz.exceptions.PresentableException; import at.knowcenter.wag.egov.egiz.exceptions.SignatureException;
import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder;
import at.knowcenter.wag.egov.egiz.sig.ConnectorFactory;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser;
import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
import at.knowcenter.wag.egov.egiz.sig.SignatureData;
import at.knowcenter.wag.egov.egiz.sig.SignatureDataImpl;
@@ -79,7 +80,7 @@ public abstract class LocalRequestHelper URL loc_ref_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/RetrieveSignatureData");
String loc_ref_url = response.encodeURL(loc_ref_URL.toString());
- LocalConnector c = new LocRefDetachedBKUConnector(si.type, loc_ref_url);
+ LocalConnector c = ConnectorChooser.chooseLocalConnectorForSign(si.connector, si.type, loc_ref_url);
String sign_request = c.prepareSignRequest(si.iui.signature_data);
// TODO local URL
@@ -169,8 +170,6 @@ public abstract class LocalRequestHelper URL loc_ref_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/RetrieveSignatureData");
String loc_ref_url = response.encodeURL(loc_ref_URL.toString());
- LocalConnector local_conn = new LocRefDetachedBKUConnector(si.type, loc_ref_url);
-
for (int i = 0; i < si.requests.length; i++)
{
SignatureHolder holder = (SignatureHolder) holders_to_verify.get(i);
@@ -197,8 +196,9 @@ public abstract class LocalRequestHelper so.issuer = s.getSignationIssuer();
so.x509Certificate = s.getX509Cert().getX509Certificate();
so.id = s.getSignationIds();
- so.kz = s.getKZ().toString();
+ so.kz = s.getKZ() == null ? null : s.getKZ().toString();
+ LocalConnector local_conn = ConnectorChooser.chooseLocalConnectorForVerify(si.connector, s.getKZ(), so.id, si.type, loc_ref_url);
String request_string = local_conn.prepareVerifyRequest(sd, so);
LocalRequest local_request = new LocalRequest("not-needed", request_string);
@@ -206,6 +206,7 @@ public abstract class LocalRequestHelper si.response_properties[i] = null;
}
+ // TODO read from config
String local_request_url = "http://127.0.0.1:3495/http-security-layer-request";
URL data_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/DataURL");
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java index 7d7220c..72f7c2d 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java @@ -25,7 +25,9 @@ import at.knowcenter.wag.egov.egiz.PdfASID; import at.knowcenter.wag.egov.egiz.exceptions.PresentableException;
import at.knowcenter.wag.egov.egiz.framework.Signator;
import at.knowcenter.wag.egov.egiz.framework.SignatorFactory;
+import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder;
import at.knowcenter.wag.egov.egiz.sig.SignatureResponse;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser;
import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUPostConnection;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector;
@@ -152,7 +154,7 @@ public class DataURLServlet extends HttpServlet if (si.sign_result == null)
{
- LocalConnector c = new LocRefDetachedBKUConnector(si.type, "loc ref content not needed here"); //$NON-NLS-1$
+ LocalConnector c = ConnectorChooser.chooseLocalConnectorForSign(si.connector, si.type, "loc ref content not needed here"); //$NON-NLS-1$
si.iui.signed_signature_object = c.analyzeSignResponse(si.response_properties[0]);
@@ -172,7 +174,12 @@ public class DataURLServlet extends HttpServlet for (int i = 0; i < si.response_properties.length; i++)
{
- LocalConnector c = new LocRefDetachedBKUConnector(si.type, "loc ref content not needed here"); //$NON-NLS-1$
+ SignatureHolder sh = (SignatureHolder) si.signature_holders.get(i);
+
+ PdfASID sig_kz = sh.getSignatureObject().getKZ();
+ String sig_id = sh.getSignatureObject().getSignationIds();
+
+ LocalConnector c = ConnectorChooser.chooseLocalConnectorForVerify(si.connector, sig_kz, sig_id, si.type, "loc ref content not needed here"); //$NON-NLS-1$
SignatureResponse sig_resp = c.analyzeVerifyResponse(si.response_properties[i]);
results.add(sig_resp);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java index f2cbde8..a98fb79 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java @@ -58,6 +58,7 @@ import at.knowcenter.wag.egov.egiz.sig.ConnectorFactory; import at.knowcenter.wag.egov.egiz.sig.SignatureData;
import at.knowcenter.wag.egov.egiz.sig.SignatureDataImpl;
import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser;
import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.DetachedBKUConnector;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector;
@@ -430,7 +431,7 @@ public class SignServlet extends HttpServlet URL signature_data_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/RetrieveSignatureData");
String signature_data_url = response.encodeURL(signature_data_URL.toString());
- Connector c = new DetachedLocRefMOAConnector(si.type, signature_data_url);
+ Connector c = ConnectorChooser.chooseWebConnectorForSign(si.connector, si.type, signature_data_url);
si.iui.signed_signature_object = c.doSign(si.iui.signature_data);
si.sign_result = signator.finishSign(si.iui);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java index ee20498..40ec9d9 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java @@ -22,7 +22,6 @@ import java.io.UnsupportedEncodingException; import java.net.URL;
import java.util.Iterator;
import java.util.List;
-import java.util.Properties;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
@@ -36,33 +35,17 @@ import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.log4j.Logger;
import at.knowcenter.wag.egov.egiz.PdfAS;
-import at.knowcenter.wag.egov.egiz.cfg.ConfigLogger;
import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
-import at.knowcenter.wag.egov.egiz.exceptions.ConnectorFactoryException;
-import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException;
import at.knowcenter.wag.egov.egiz.exceptions.PDFDocumentException;
import at.knowcenter.wag.egov.egiz.exceptions.PresentableException;
-import at.knowcenter.wag.egov.egiz.exceptions.SignatureException;
-import at.knowcenter.wag.egov.egiz.exceptions.SignatureTypesException;
import at.knowcenter.wag.egov.egiz.framework.VerificationFilter;
-import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder;
import at.knowcenter.wag.egov.egiz.sig.ConnectorFactory;
-import at.knowcenter.wag.egov.egiz.sig.SignatureData;
-import at.knowcenter.wag.egov.egiz.sig.SignatureDataImpl;
-import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
-import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
-import at.knowcenter.wag.egov.egiz.sig.connectors.bku.LocRefDetachedBKUConnector;
-import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
-import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
import at.knowcenter.wag.egov.egiz.web.FormFields;
-import at.knowcenter.wag.egov.egiz.web.LocalRequest;
import at.knowcenter.wag.egov.egiz.web.LocalRequestHelper;
import at.knowcenter.wag.egov.egiz.web.SessionAttributes;
import at.knowcenter.wag.egov.egiz.web.SessionInformation;
-import at.knowcenter.wag.egov.egiz.web.servlets.SignServlet.UploadedData;
/**
* This method is the verify servlet for the pdf-as web application. It takes
@@ -144,7 +127,11 @@ public class VerifyServlet extends HttpServlet return;
}
- List results = PdfAS.verifySignatureHolders(signature_holders, si.connector);
+ String host = request.getServerName();
+ URL loc_ref_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/RetrieveSignatureData");
+ String loc_ref_url = response.encodeURL(loc_ref_URL.toString());
+
+ List results = PdfAS.verifySignatureHoldersWeb(signature_holders, si.connector, loc_ref_url);
dispatchToResults(results, request, response);
}
diff --git a/work/cfg/config.properties b/work/cfg/config.properties index 7aecb70..d1dd6d0 100644 --- a/work/cfg/config.properties +++ b/work/cfg/config.properties @@ -25,29 +25,16 @@ bku.available_for_commandline=true bku.sign.url=http://127.0.0.1:3495/http-security-layer-request
bku.sign.KeyboxIdentifier=SecureSignatureKeypair
-
bku.sign.request.base64=./templates/BKUSignRequestBase64.xml
bku.sign.request.detached=./templates/BKUSignRequestDetached.xml
-bku.sign.request.binaer=./templates/BKUSignRequestBinaryDetached.xml
-bku.sign.request.text=./templates/BKUSignRequestTextualDetached.xml
-
bku.verify.url=http://127.0.0.1:3495/http-security-layer-request
bku.verify.request.base64=./templates/BKUVerifyRequestBase64.xml
bku.verify.request.detached=./templates/BKUVerifyRequestDetached.xml
-
-# TODO
-#bku.verify.template=./templates/BKUVerifyTemplateB64.xml
-#bku.verify.template.SP=./templates/BKUVerifyTemplateSP.xml
-bku.verify.template=./templates/BKUVerifyTemplateDetached.xml
-bku.verify.template.SP=./templates/BKUVerifyTemplateSP.xml
-
+bku.verify.template.base64old=./templates/BKUVerifyTemplateBase64old.xml
bku.verify.template.base64=./templates/BKUVerifyTemplateBase64.xml
bku.verify.template.detached=./templates/BKUVerifyTemplateDetached.xml
-bku.verify.template2=./templates/BKUVerifyTemplateB64_neueBKU.xml
-bku.verify.template2.SP=./templates/BKUVerifyTemplateSP_neueBKU.xml
-
a1.available_for_web=false
a1.available_for_commandline=false
@@ -66,22 +53,14 @@ moa.available_for_web=true moa.available_for_commandline=true
moa.sign.url=http://127.0.0.1:18080/moa-spss/services/SignatureCreation
-moa.sign.request=./templates/MOASignRequestB64.xml
-
+moa.sign.KeyIdentifier=TestKey2
moa.sign.request.base64=./templates/MOASignRequestBase64.xml
moa.sign.request.detached=./templates/MOASignRequestDetached.xml
-moa.sign.KeyIdentifier=TestKey2
-
moa.verify.url=http://127.0.0.1:18080/moa-spss/services/SignatureVerification
+moa.verify.TrustProfileID=Test-Signaturdienste
moa.verify.request.base64=./templates/old/MOAVerifyRequest.xml
moa.verify.request.detached=./templates/MOAVerifyRequestDetached.xml
-
-
-moa.verify.template=./templates/MOAVerifyTemplateB64.xml
-moa.verify.template.SP=./templates/MOAVerifyTemplateSP.xml
-moa.verify.TrustProfileID=Test-Signaturdienste
-
moa.verify.template.base64=./templates/MOAVerifyTemplateBase64.xml
moa.verify.template.detached=./templates/old/MOAVerifyTemplateB64.xml
diff --git a/work/cfg/help_text.properties b/work/cfg/help_text.properties index 75e7229..910fd3c 100644 --- a/work/cfg/help_text.properties +++ b/work/cfg/help_text.properties @@ -51,6 +51,9 @@ error.code.315=Beim Auffinden der Signaturen ist ein Fehler aufgetreten. Obwohl error.code.320=Es kann keine Verbindung zur Bürgerkartenumgebung hergestellt werden.
error.code.330=Es kann keine Verbindung zu MOA hergestellt werden oder MOA hat den Request zurückgewiesen.
+# TODO remove this when MOA detached is ready
+error.code.370=Eine detached Signature kann zur Zeit mit MOA nicht überprüft werden.
+
#NormalizeException
error.code.400=Das Normalisierungsmodul kann nicht initialisiert werden.
diff --git a/work/templates/BKUVerifyTemplateBase64old.xml b/work/templates/BKUVerifyTemplateBase64old.xml new file mode 100644 index 0000000..f1d04db --- /dev/null +++ b/work/templates/BKUVerifyTemplateBase64old.xml @@ -0,0 +1,6 @@ +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-SigIdReplace"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="CertAlgReplace"/><dsig:Reference Id="signed-data-reference-SigDataRefReplace" URI="#signed-data-object-SigDataObjURIReplace"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xpf:XPath xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect">id('signed-data-object-SigDataObjURIReplace')/node()</xpf:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>DigestValueSignedDataReplace</dsig:DigestValue></dsig:Reference><dsig:Reference Id="etsi-data-reference-EtsiDataRefReplace" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#etsi-data-object-EtsiDataObjURIReplace"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xpf:XPath xmlns:xpf="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect">id('etsi-data-object-EtsiDataObjURIReplace')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>DigestValueSignedPropertiesReplace</dsig:DigestValue></dsig:Reference></dsig:SignedInfo> +<dsig:SignatureValue>SignatureValueReplace</dsig:SignatureValue> +<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>X509CertificateReplace</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo> +<dsig:Object Id="signed-data-object-SigDataObjURIReplace"><sl:Base64Content>Base64ContentReplace</sl:Base64Content></dsig:Object> +<dsig:Object Id="etsi-data-object-EtsiDataObjURIReplace"><etsi:QualifyingProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" Target="#signature-SigIdReplace"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>SigningTimeReplace</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></etsi:DigestMethod><etsi:DigestValue>DigestValueX509CertificateReplace</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>X509IssuerNameReplace</dsig:X509IssuerName><dsig:X509SerialNumber>X509SerialNumberReplace</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied></etsi:SignaturePolicyImplied></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#signed-data-reference-SigDataRefReplace"><etsi:MimeType>text/plain</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object> +</dsig:Signature>
\ No newline at end of file |