diff options
author | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2010-01-11 10:58:48 +0000 |
---|---|---|
committer | tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> | 2010-01-11 10:58:48 +0000 |
commit | 4ce2fbc415f2fae57842b2e13a0817bb63594434 (patch) | |
tree | 709565a905002f7d02f474d46ce7bf548b3e6fc8 | |
parent | 511fcf7604d754475860a85834af43eecc44d61f (diff) | |
download | pdf-as-3-4ce2fbc415f2fae57842b2e13a0817bb63594434.tar.gz pdf-as-3-4ce2fbc415f2fae57842b2e13a0817bb63594434.tar.bz2 pdf-as-3-4ce2fbc415f2fae57842b2e13a0817bb63594434.zip |
- check implemented: responses are validated upon valid SL content (ErrorResponse, Create|VerifyXMLSignatureResponse) (ErrorCode 340)
- new errorcode added (340: unable to receive suitable response)
- default signature validation links changed (-> http://www.signaturpruefung.gv.at)
- recognition of non-textual objects: static switch implemented allowing to configure behaviour (at compile time) in case of signatures (default behaviour: skip detection of all signatures as non-textual objects)
- minor bug fixed: invalid evaluation of response charset resulting in invalid warn debug message
- configuration updated
- Default configuration updated
git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@542 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
9 files changed, 61 insertions, 18 deletions
diff --git a/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java b/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java index 04cf779..f9616cf 100644 --- a/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java +++ b/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java @@ -53,6 +53,7 @@ public final class ErrorCode public static final int BKU_NOT_SUPPORTED = 373;
public static final int WEB_EXCEPTION = 330;
+ public static final int UNABLE_TO_RECEIVE_SUITABLE_RESPONSE = 340;
public static final int NORMALIZER_EXCEPTION = 400;
diff --git a/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java b/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java index 47f217a..34b461e 100644 --- a/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java +++ b/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java @@ -511,7 +511,7 @@ public class VerificationFilterImpl implements VerificationFilter protected String extractText(PdfDataSource pdf, int endOfDocument, String encoding) throws PresentableException
{
- log.debug("EXTRACTING TEXT... end index = " + endOfDocument);
+ log.debug("EXTRACTING TEXT (" + encoding + ")... end index = " + endOfDocument);
DelimitedPdfDataSource dds = new DelimitedPdfDataSource(pdf, endOfDocument);
//DelimitedInputStream dis = new DelimitedInputStream(pdf.createInputStream(), endOfDocument);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AdobeSignatureHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AdobeSignatureHelper.java index db5b082..1db1de0 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AdobeSignatureHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AdobeSignatureHelper.java @@ -110,7 +110,14 @@ public class AdobeSignatureHelper { // Standard filter
// sig.setLocation("location is not visible");
// sig.setReason("reason is not visible");
- sig.setContact(getVerifyUrl(profileId));
+
+ // contact field is used to embed signature verification url for adobe handler
+ String verifyURL = getVerifyUrl(profileId);
+ if (!StringUtils.isEmpty(verifyURL)) {
+ sig.setContact(getVerifyUrl(profileId));
+ } else {
+ logger.debug("No verify URL set -> verify URL is not embedded.");
+ }
// sig.setDate(new PdfDate());
String reason = getAdobeReasonName(profileId);
@@ -166,11 +173,11 @@ public class AdobeSignatureHelper { }
private static String getAdobeReasonName(String sigProfile) {
- return getDefaultableConfigProperty(sigProfile, ADOBE_SIGN_REASONNAME_KEY, null);
+ return getDefaultableConfigProperty(sigProfile, ADOBE_SIGN_REASONNAME_KEY, "Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at");
}
private static String getVerifyUrl(String sigProfile) {
- return getDefaultableConfigProperty(sigProfile, ADOBE_VERIFY_URL_KEY, "https://www.buergerkarte.at/signature-verification");
+ return getDefaultableConfigProperty(sigProfile, ADOBE_VERIFY_URL_KEY, "http://www.signaturpruefung.gv.at");
}
private static String getDefaultableConfigProperty(String sigProfile, String propName, String defaultValue) {
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/ObjectExtractor.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/ObjectExtractor.java index cd6d449..4516b6b 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/ObjectExtractor.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/ObjectExtractor.java @@ -26,6 +26,12 @@ import at.gv.egiz.pdfas.framework.input.PdfDataSource; */
public class ObjectExtractor {
private static Logger log = Logger.getLogger(ObjectExtractor.class);
+
+ /*
+ * If set <code>true</code> signature annotations are not extracted otherwise
+ * all signatures except PDF-AS signatures are extracted.
+ */
+ private final static boolean SKIP_SIGNATURES = true;
/**
* Find annotation objects in pdf documents
@@ -50,10 +56,15 @@ public class ObjectExtractor { }
String ft = anno.getDictionary().getNameAsString("FT");
if (ft != null && ft.equals("Sig")) { // skip signature widgets
- COSDictionary sigDict = (COSDictionary) anno.getDictionary().getDictionaryObject("V");
- if (sigDict != null && AdobeSignatureHelper.ADOBE_SIG_FILTER.equals(sigDict.getNameAsString("Filter"))) {
- log.debug("found PDF-AS signature widged, skip further extraction");
+ if (SKIP_SIGNATURES) {
+ log.debug("found signature widged, skip extraction");
continue;
+ } else {
+ COSDictionary sigDict = (COSDictionary) anno.getDictionary().getDictionaryObject("V");
+ if (sigDict != null && AdobeSignatureHelper.ADOBE_SIG_FILTER.equals(sigDict.getNameAsString("Filter"))) {
+ log.debug("found PDF-AS signature widged, skip extraction");
+ continue;
+ }
}
}
NonTextObjectInfo objInfo = new NonTextObjectInfo();
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java index 3b262c3..ac6e221 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java @@ -20,11 +20,11 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-
import at.gv.egiz.pdfas.algorithmSuite.AlgorithmMapper;
import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteObject;
import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteUtil;
import at.gv.egiz.pdfas.api.commons.Constants;
+import at.gv.egiz.pdfas.exceptions.ErrorCode;
import at.gv.egiz.pdfas.exceptions.external.ExternalErrorException;
import at.gv.egiz.pdfas.impl.input.helper.DataSourceHelper;
import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
@@ -44,6 +44,8 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; public final class BKUHelper
{
+ private static final Pattern ALLOWED_SL_RESPONSE_PATTERN = Pattern.compile("^.*<[\\w]*:?(CreateXMLSignatureResponse|VerifyXMLSignatureResponse)[^>]*>(.*)</[\\w]*:?(CreateXMLSignatureResponse|VerifyXMLSignatureResponse)>.*$", Pattern.DOTALL);
+
/**
* The log.
*/
@@ -119,7 +121,10 @@ public final class BKUHelper */
public static void checkResponseForError(String response_string) throws ConnectorException
{
- log.debug("Checking response for error: " + response_string);
+ if (StringUtils.isEmpty(response_string)) {
+ throw new ConnectorException(ErrorCode.UNABLE_TO_RECEIVE_SUITABLE_RESPONSE, "No suitable response received.");
+ }
+ log.debug("Checking response for error: " + response_string);
Pattern erc_p_s = Pattern.compile("<[\\w]*:?ErrorCode>"); //$NON-NLS-1$
Pattern erc_p_e = Pattern.compile("</[\\w]*:?ErrorCode>"); //$NON-NLS-1$
Matcher erc_m_s = erc_p_s.matcher(response_string);
@@ -141,6 +146,14 @@ public final class BKUHelper }
throw new ExternalErrorException(error_code, error_mess);
}
+ log.debug("No error found. Assuring that CreateXMLSignatureResponse or VerifyXMLSignatureResponse elements are available.");
+
+ // assure that a CreateXMLSignatureResponse or a VerifyXMLSignatureResponse is available
+ Matcher slMatcher = ALLOWED_SL_RESPONSE_PATTERN.matcher(response_string);
+ if (!slMatcher.matches()) {
+ throw new ConnectorException(ErrorCode.UNABLE_TO_RECEIVE_SUITABLE_RESPONSE, "No suitable response received: " + response_string);
+ }
+
}
/**
@@ -629,7 +642,7 @@ public final class BKUHelper }
if (bkuSignatureLayout != null && result != null) {
- log.info("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\" found.");
+ log.debug("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\" found.");
String signatureLayoutData = " " + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "/" + bkuSignatureLayout;
if (!result.endsWith(signatureLayoutData)) {
log.debug("Appending signature layout value \"" + bkuSignatureLayout + "\" to bku identifier.");
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java index 6ea8ced..5fa1877 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java @@ -142,11 +142,10 @@ public final class BKUPostConnection if (signatureLayoutHeader != null) {
response_properties.setProperty(BKU_SIGNATURE_LAYOUT_HEADER_KEY, signatureLayoutHeader.getValue());
}
-
- log.debug(post_method.getResponseCharSet());
- if (!post_method.getResponseCharSet().equals("UTF-8")) //$NON-NLS-1$
- {
- log.warn("BKU response charset is not UTF-8!"); //$NON-NLS-1$
+
+ String responseCharSet = post_method.getResponseCharSet();
+ if (!"UTF8".equalsIgnoreCase(responseCharSet) && !"UTF-8".equalsIgnoreCase(responseCharSet)) {
+ log.warn("BKU response charset is not UTF-8!"); //$NON-NLS-1$
}
String response_string = post_method.getResponseBodyAsString();
diff --git a/src/main/resources/DefaultConfiguration.zip b/src/main/resources/DefaultConfiguration.zip Binary files differindex 3abe355..b5cc858 100644 --- a/src/main/resources/DefaultConfiguration.zip +++ b/src/main/resources/DefaultConfiguration.zip diff --git a/src/main/resources/config/help_text.properties b/src/main/resources/config/help_text.properties index 96823ef..0a0c793 100644 --- a/src/main/resources/config/help_text.properties +++ b/src/main/resources/config/help_text.properties @@ -62,6 +62,7 @@ error.code.318=Die binäre Signatur kann nicht geprüft werden. Die Signatur enthä error.code.320=Es kann keine Verbindung zur Bürgerkartenumgebung hergestellt werden.
error.code.330=Es kann keine Verbindung zu MOA hergestellt werden oder MOA hat den Request zurückgewiesen.
+error.code.340=Die Antwort des Signaturgeräts enthielt weder eine Signatur noch ein Verifikationsergebnis.
# TODO remove this when MOA detached is ready
error.code.370=Eine detached Signature kann zur Zeit mit MOA nicht überprüft werden.
diff --git a/work/cfg/config.properties b/work/cfg/config.properties index 677ffb5..e6d5d44 100644 --- a/work/cfg/config.properties +++ b/work/cfg/config.properties @@ -179,10 +179,10 @@ default.adobeSignText.textual=PDF-AS default.adobeSignFieldValue=PDF-AS Signatur
# default name of the adobe signature reason (if enabled).
-#default.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at
+default.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at
-# verify URL for manual signature verification (embedded in adobe attribute)
-default.verifyURL=https://www.buergerkarte.at/signature-verification
+# default verify URL for adobe acrobat plugin
+default.verifyURL=http://www.signaturpruefung.gv.at
#absolute positioning
#sig_obj.PROFIL.pos=p:1;x:40.0;y:800.0;w:400.0;f:80
@@ -212,6 +212,7 @@ sig_obj.AMTSSIGNATURBLOCK_DE.key.SIG_NOTE=Hinweis sig_obj.AMTSSIGNATURBLOCK_DE.pos=f:80
sig_obj.AMTSSIGNATURBLOCK_DE.adobeSignFieldValue=PDF-AS Signatur
sig_obj.AMTSSIGNATURBLOCK_DE.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at
+sig_obj.AMTSSIGNATURBLOCK_DE.verifyURL=http://www.signaturpruefung.gv.at
sig_obj.AMTSSIGNATURBLOCK_DE.value.SIG_SUBJECT=Max Mustermann
sig_obj.AMTSSIGNATURBLOCK_DE.value.SIG_META=Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: http://www.signaturpruefung.gv.at
@@ -261,6 +262,7 @@ sig_obj.AMTSSIGNATURBLOCK_EN.key.SIG_NOTE=Note sig_obj.AMTSSIGNATURBLOCK_EN.pos=f:80
sig_obj.AMTSSIGNATURBLOCK_EN.adobeSignFieldValue=PDF-AS Signature
sig_obj.AMTSSIGNATURBLOCK_EN.adobeSignReasonValue=Information about the verification can be found at http://www.signature-verification.gv.at
+sig_obj.AMTSSIGNATURBLOCK_EN.verifyURL=http://www.signature-verification.gv.at
sig_obj.AMTSSIGNATURBLOCK_EN.value.SIG_SUBJECT=Max Mustermann
sig_obj.AMTSSIGNATURBLOCK_EN.value.SIG_META=Information about the verification of the electronic signature and of the printout can be found at: http://www.signature-verification.gv.at
@@ -309,6 +311,7 @@ sig_obj.SIGNATURBLOCK_DE.key.SIG_META=Prüfinformation sig_obj.SIGNATURBLOCK_DE.pos=f:80
sig_obj.SIGNATURBLOCK_DE.adobeSignFieldValue=PDF-AS Signatur
sig_obj.SIGNATURBLOCK_DE.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at
+sig_obj.SIGNATURBLOCK_DE.verifyURL=http://www.signaturpruefung.gv.at
sig_obj.SIGNATURBLOCK_DE.value.SIG_META=Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: http://www.signaturpruefung.gv.at
sig_obj.SIGNATURBLOCK_DE.value.SIG_LABEL=./images/signatur-logo_de.png
@@ -357,6 +360,7 @@ sig_obj.SIGNATURBLOCK_DE_PDFA.key.SIG_META=Prüfinformation sig_obj.SIGNATURBLOCK_DE_PDFA.pos=f:80
sig_obj.SIGNATURBLOCK_DE_PDFA.adobeSignFieldValue=PDF-AS Signatur
sig_obj.SIGNATURBLOCK_DE_PDFA.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at
+sig_obj.SIGNATURBLOCK_DE_PDFA.verifyURL=http://www.signaturpruefung.gv.at
sig_obj.SIGNATURBLOCK_DE_PDFA.value.SIG_META=Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: http://www.signaturpruefung.gv.at
sig_obj.SIGNATURBLOCK_DE_PDFA.value.SIG_LABEL=./images/signatur-logo_de.png
@@ -397,6 +401,7 @@ sig_obj.SIGNATURBLOCK_MINIMAL_DE.value.SIG_LABEL=./images/signatur-logo_de.png sig_obj.SIGNATURBLOCK_MINIMAL_DE.pos=w:230.0;f:80
sig_obj.SIGNATURBLOCK_MINIMAL_DE.adobeSignFieldValue=PDF-AS Signatur
sig_obj.SIGNATURBLOCK_MINIMAL_DE.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at
+sig_obj.SIGNATURBLOCK_MINIMAL_DE.verifyURL=http://www.signaturpruefung.gv.at
#---------------------- MAIN TABLE -------------------------
sig_obj.SIGNATURBLOCK_MINIMAL_DE.table.main.1=SIG_LABEL-i
@@ -427,6 +432,7 @@ sig_obj.SIGNATURBLOCK_MINIMAL_EN.value.SIG_LABEL=./images/signatur-logo_en.png sig_obj.SIGNATURBLOCK_MINIMAL_EN.pos=w:230.0;f:80
sig_obj.SIGNATURBLOCK_MINIMAL_EN.adobeSignFieldValue=PDF-AS Signature
sig_obj.SIGNATURBLOCK_MINIMAL_EN.adobeSignReasonValue=Information about the verification can be found at http://www.signature-verification.gv.at
+sig_obj.SIGNATURBLOCK_MINIMAL_EN.verifyURL=http://www.signature-verification.gv.at
#---------------------- MAIN TABLE -------------------------
sig_obj.SIGNATURBLOCK_MINIMAL_EN.table.main.1=SIG_LABEL-i
@@ -462,6 +468,7 @@ sig_obj.SIGNATURBLOCK_EN.key.SIG_META=Verification sig_obj.SIGNATURBLOCK_EN.pos=f:80
sig_obj.SIGNATURBLOCK_EN.adobeSignFieldValue=PDF-AS Signature
sig_obj.SIGNATURBLOCK_EN.adobeSignReasonValue=Information about the verification can be found at http://signature-verification.gv.at
+sig_obj.SIGNATURBLOCK_EN.verifyURL=http://www.signature-verification.gv.at
sig_obj.SIGNATURBLOCK_EN.value.SIG_META=Information about the verification of the electronic signature and of the printout can be found at: http://www.signature-verification.gv.at
sig_obj.SIGNATURBLOCK_EN.value.SIG_LABEL=./images/signatur-logo_en.png
@@ -510,6 +517,7 @@ sig_obj.SIGNATURBLOCK_EN_PDFA.key.SIG_META=Verification sig_obj.SIGNATURBLOCK_EN_PDFA.pos=f:80
sig_obj.SIGNATURBLOCK_EN_PDFA.adobeSignFieldValue=PDF-AS Signature
sig_obj.SIGNATURBLOCK_EN_PDFA.adobeSignReasonValue=Information about the verification can be found at http://signature-verification.gv.at
+sig_obj.SIGNATURBLOCK_EN_PDFA.verifyURL=http://www.signature-verification.gv.at
sig_obj.SIGNATURBLOCK_EN_PDFA.value.SIG_META=Information about the verification of the electronic signature and of the printout can be found at: http://www.signature-verification.gv.at
sig_obj.SIGNATURBLOCK_EN_PDFA.value.SIG_LABEL=./images/signatur-logo_en.png
@@ -557,6 +565,7 @@ sig_obj.INVISIBLE.table.main.Style.imagescaletofit=0.0;0.0 sig_obj.INVISIBLE.adobeSignFieldValue=PDF-AS Signatur
sig_obj.INVISIBLE.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at
+sig_obj.INVISIBLE.verifyURL=http://www.signaturpruefung.gv.at
###################################################################################################
@@ -590,6 +599,7 @@ sig_obj.BAIK_ARCHIV_SIGNATUR.value.SIG_TITLE=ELEKTRONISCHE ARCHIVSIGNATUR sig_obj.BAIK_ARCHIV_SIGNATUR.adobeSignFieldValue=Archivsignatur
sig_obj.BAIK_ARCHIV_SIGNATUR.adobeSignText.binary=Archivsignatur der BAIK
+sig_obj.BAIK_ARCHIV_SIGNATUR.verifyURL=http://www.signaturpruefung.gv.at
sig_obj.BAIK_ARCHIV_SIGNATUR.phlength.SIG_META=50
@@ -647,6 +657,7 @@ sig_obj.BAIK_URKUNDE_SIGNATUR.key.SIG_TITLE=ELEKTRONISCHE BEURKUNDUNGSSIGNATUR sig_obj.BAIK_URKUNDE_SIGNATUR.pos=f:80
sig_obj.BAIK_URKUNDE_SIGNATUR.adobeSignFieldValue=Urkundensignatur
sig_obj.BAIK_URKUNDE_SIGNATUR.adobeSignText.binary=Urkundensignatur der BAIK
+sig_obj.BAIK_URKUNDE_SIGNATUR.verifyURL=http://www.signaturpruefung.gv.at
sig_obj.BAIK_URKUNDE_SIGNATUR.value.SIG_META=Dokumentenformat: ${iui.pdfVersion}
sig_obj.BAIK_URKUNDE_SIGNATUR.value.SIG_LABEL=./images/Baik_Urkunde.gif
|