aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-04-10 16:12:47 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-04-10 16:12:47 +0200
commitaadde85ff54a35bd1007fe8a6aa16cf217607c13 (patch)
treed1fada4a0d8d85c19732056cc443ef971dbf82b8
parenta221fc3f781244a6e0dce8f1e652a98412c3ee1d (diff)
downloadpdf-as-3-aadde85ff54a35bd1007fe8a6aa16cf217607c13.tar.gz
pdf-as-3-aadde85ff54a35bd1007fe8a6aa16cf217607c13.tar.bz2
pdf-as-3-aadde85ff54a35bd1007fe8a6aa16cf217607c13.zip
Introduce XAdES 1.4 support for Handy Signatur (TODO: configure ID pattern correctly)
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java2
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java7
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java7
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java9
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java5
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java24
-rw-r--r--pdf-as-lib/src/main/resources/config/pdf-as.properties7
-rw-r--r--pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml1
8 files changed, 59 insertions, 3 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java
index bccc67b..38ff2d1 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java
@@ -121,7 +121,7 @@ public class TempDirHelper
boolean delete_success = files[i].delete();
if (!delete_success)
{
- log.error("Couldn't delete the temporary file: " + files[i]);
+ log.debug("Couldn't delete the temporary file: " + files[i]);
}
}
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
index 6926d2b..646f2be 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
@@ -388,7 +388,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector
MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params);
moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_VERIFY_TEMPLATE_KEY);
return moaConn.prepareXMLContent(data, so);
- }
+ } else if (SigKZIDHelper.isATrustX14Signed(so)) {
+ log.debug("ATrust Xades 1.4 signature detected");
+ MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params);
+ moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY);
+ return moaConn.prepareXMLContent(data, so);
+ }
// TD
else if (SigKZIDHelper.isBKUSigned(so)) {
log.debug("TD signature signature detected.");
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java
index f6f05fc..03c2dda 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java
@@ -61,6 +61,7 @@ public class MOASoapWithAttachmentConnector implements Connector
{
//23.11.2010 changed by exthex - added reconstructXMLDsig method and moved xmldsig creation to chooseAndCreateXMLDsig method
public static final String ATRUST_VERIFY_TEMPLATE_KEY = "atrust.verify.template.detached";
+ public static final String ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY = "atrust.xades14.verify.template.detached";
/**
* The SIG_ID prefix.
@@ -260,7 +261,11 @@ public class MOASoapWithAttachmentConnector implements Connector
log.debug("A-Trust signature detected.");
this.environment.reInitVerifyTemplate(ATRUST_VERIFY_TEMPLATE_KEY);
return prepareXMLContent(data, so);
-
+ } else if (SigKZIDHelper.isATrustX14Signed(so)) {
+ log.debug("ATrust Xades 1.4 signature detected");
+ MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params);
+ moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY);
+ return moaConn.prepareXMLContent(data, so);
// TD bku
} else if (SigKZIDHelper.isBKUSigned(so)) {
log.debug("TD bku signature detected.");
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java
index 03bf931..5a20a30 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java
@@ -43,6 +43,7 @@ import at.knowcenter.wag.egov.egiz.framework.SignatorFactory;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedLocRefMOAIdFormatter;
import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustXades14SignatureLayoutHandler;
/**
* @author wprinz
@@ -246,6 +247,14 @@ public final class SigKZIDHelper
}
return sig_id.startsWith("etsi-bka-atrust-1.0");
}
+
+ public static boolean isATrustX14Signed(SignSignatureObject so) {
+ String sig_id = so.id;
+ if (sig_id == null && StringUtils.isEmpty(sig_id)) {
+ return false;
+ }
+ return sig_id.startsWith(ATrustXades14SignatureLayoutHandler.ETSI_BKA_ATRUST_1_2);
+ }
/**
* Checks if signed with a known BKU method/param
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java
index 07a7792..283eb85 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java
@@ -79,6 +79,9 @@ public class SignatureLayoutHandlerFactory {
if (bkuIdentifier == null) {
throw new SettingsException(ErrorCode.MISSING_HEADER_SERVER_USER_AGENT, "Unable to determine type of citizen card environment. Response header \"Server\" resp. \"user-agent\" is missing. Refer to security layer specification 1.2.2, section 3.3.2.");
}
+
+ log.debug("Trying to get SignatureLayoutHandler for \"" + bkuIdentifier + "\".");
+
SignatureLayoutHandler signatureLayoutHandler = (SignatureLayoutHandler) instances.get(bkuIdentifier);
if (signatureLayoutHandler == null) {
@@ -127,6 +130,8 @@ public class SignatureLayoutHandlerFactory {
log.debug("SignatureLayoutHandler successfully instantiated.");
instances.put(bkuIdentifier, signatureLayoutHandler);
} else {
+ log.debug("SignatureLayoutHandler has already been instantiated. Class: \"" +
+ signatureLayoutHandler.getClass().getName() + "\"");
log.trace("SignatureLayoutHandler has already been instantiated. Returning old instance.");
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java
new file mode 100644
index 0000000..2184a5c
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java
@@ -0,0 +1,24 @@
+package at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust;
+
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.connectors.moa.MOAHelper;
+import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.MOCCAHelper;
+import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedMOCIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.sigid.SimpleIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandler;
+
+public class ATrustXades14SignatureLayoutHandler implements
+ SignatureLayoutHandler {
+
+ public static final String ETSI_BKA_ATRUST_1_2 = "etsi-bka-atrust-1.2";
+
+ public SignSignatureObject parseCreateXMLSignatureResponse(
+ String xmlResponse, ConnectorEnvironment env)
+ throws ConnectorException {
+ return MOCCAHelper.parseCreateXMLResponse(xmlResponse,
+ new DetachedMOCIdFormatter(ETSI_BKA_ATRUST_1_2), env);
+ }
+
+}
diff --git a/pdf-as-lib/src/main/resources/config/pdf-as.properties b/pdf-as-lib/src/main/resources/config/pdf-as.properties
index a293b85..4f6b25e 100644
--- a/pdf-as-lib/src/main/resources/config/pdf-as.properties
+++ b/pdf-as-lib/src/main/resources/config/pdf-as.properties
@@ -58,6 +58,12 @@ signaturelayout.implementation.atrustmobiletest=at.knowcenter.wag.egov.egiz.sig.
signaturelayout.pattern.atrustmobilebridge=^Microsoft-IIS/6\\.0$
signaturelayout.implementation.atrustmobilebridge=at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustSignatureLayoutHandler
+# A-Trust Mobile with XAdES 1.4 support
+# TODO: Change pattern!
+signaturelayout.pattern.atrustmobilex14=^citizen-card-environment/1\\.2 asignMobileBku-X14/1\\.1\\.0$
+signaturelayout.implementation.atrustmobilex14=at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustXades14SignatureLayoutHandler
+
+
#############################################
# Signaturdienste
@@ -119,6 +125,7 @@ moa.verify.template.detached=/templates/default.moa.verify.template.detached.xml
# atrust verify template files
atrust.verify.template.detached=/templates/etsi-bka-atrust-1.0.verify.template.detached.xml
+atrust.xades14.verify.template.detached=/templates/etsi-bka-atrust-1.2.verify.template.detached.xml
#############################################
# Responsemeldungen der Signaturdienste
diff --git a/pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml b/pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml
new file mode 100644
index 0000000..bf459f4
--- /dev/null
+++ b/pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1-1"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="CertAlgReplace"/><dsig:Reference Id="reference-1-1" URI="urn:Document"><dsig:DigestMethod Algorithm="DataDigestReplace"/><dsig:DigestValue>DigestValueSignedDataReplace</dsig:DigestValue></dsig:Reference><dsig:Reference Id="etsi-data-reference-1-1" Type="http://uri.etsi.org/01903#SignedProperties" URI="#etsi-signedproperties-1-1"><dsig:DigestMethod Algorithm="PropertiesDigestReplace"/><dsig:DigestValue>DigestValueSignedPropertiesReplace</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue Id="signaturevalue-1-1">SignatureValueReplace</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>X509CertificateReplace</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#" Target="#signature-1-1"><etsi:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#" Id="etsi-signedproperties-1-1"><etsi:SignedSignatureProperties><etsi:SigningTime>SigningTimeReplace</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><dsig:DigestMethod Algorithm="CertDigestReplace"></dsig:DigestMethod><dsig:DigestValue>DigestValueX509CertificateReplace</dsig:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>X509IssuerNameReplace</dsig:X509IssuerName><dsig:X509SerialNumber>X509SerialNumberReplace</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied></etsi:SignaturePolicyImplied></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>MimeTypeReplace</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> \ No newline at end of file