New signature layout for new MOCCA bku integrated (etsi-moc-1.1).

New architecture implemented that allows different signature layouts for single types of BKUs. git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@337 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
author: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> 2009-04-27 08:16:42 +0000
committer: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c> 2009-04-27 08:16:42 +0000
commit: c4efec1daeb50b30d363bb9fb83aec5435dbf2ad (patch)
tree: e64dabcd20551714fb5f342d504927995e8c648a /src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku
parent: a8c39b215939a0ddd01f4c110fbc9070fbb8d9ca (diff)
download: pdf-as-3-c4efec1daeb50b30d363bb9fb83aec5435dbf2ad.tar.gz
pdf-as-3-c4efec1daeb50b30d363bb9fb83aec5435dbf2ad.tar.bz2
pdf-as-3-c4efec1daeb50b30d363bb9fb83aec5435dbf2ad.zip
4 files changed, 110 insertions, 25 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java
index af155a1..43c9649 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java
@@ -9,14 +9,18 @@ import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.Properties;
 import java.util.TimeZone;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import at.gv.egiz.pdfas.api.commons.Constants;
 import at.gv.egiz.pdfas.exceptions.external.ExternalErrorException;
 import at.gv.egiz.pdfas.impl.input.helper.DataSourceHelper;
 import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
@@ -582,4 +586,71 @@ public final class BKUHelper
     };
     return dateTimeElement;
   }
+  
+  public static String getBKUIdentifier(Properties parsedResponseProperties) {
+     
+     // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser
+     String bkuServerHeader = parsedResponseProperties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY);
+
+     // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl
+     String bkuUserAgentHeader = parsedResponseProperties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY);
+     
+     String bkuSignatureLayout = parsedResponseProperties.getProperty(BKUPostConnection.BKU_SIGNATURE_LAYOUT_HEADER_KEY);
+
+     log.debug("BKU response header \"user-agent\":  " + bkuUserAgentHeader);
+     log.debug("BKU response header \"server\":  " + bkuServerHeader);
+     log.trace("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\":  " + bkuSignatureLayout);
+
+     String result = null;
+     
+     if (bkuServerHeader != null) {
+        result = bkuServerHeader;
+     } else if (bkuUserAgentHeader != null) {
+        result = bkuUserAgentHeader;
+     } else {
+        log.warn("Unable to find any BKU identifier (neither header value \"user-agent\" nor \"server\".)");
+     }
+     
+     if (bkuSignatureLayout != null && result != null) {
+        log.info("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\" found.");
+        String signatureLayoutData = " " + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "/" + bkuSignatureLayout;
+        if (!result.endsWith(signatureLayoutData)) {
+           log.debug("Appending signature layout value \"" + bkuSignatureLayout + "\" to bku identifier.");
+           result += signatureLayoutData;
+        } else {
+           log.debug("Signature layout already encoded in server/user-agent header.");
+        }
+     }
+     
+     if (result != null) {
+        log.debug("Returning BKU identifier \"" + result + "\"");
+     } else {
+        log.debug("Returning null BKU identifier.");
+     }
+     
+     return result;
+  }
+  
+  public static String getBKUIdentifier(HttpServletRequest request) {
+     return getBKUIdentifier(getBKUProperties(request));
+  }
+  
+  public static Properties getBKUProperties(HttpServletRequest request) {
+     Properties props = new Properties();
+     String server = request.getHeader("server");
+     String userAgent = request.getHeader("user-agent");
+     String signatureLayout = request.getHeader(Constants.BKU_HEADER_SIGNATURE_LAYOUT);
+     if (server != null) {
+        props.setProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY, server);
+     }
+     if (userAgent != null) {
+        props.setProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY, userAgent);
+     }
+     if (signatureLayout != null) {
+        props.setProperty(BKUPostConnection.BKU_SIGNATURE_LAYOUT_HEADER_KEY, signatureLayout);
+     }
+     return props;
+  }
+  
+  
 }
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java
index b582715..d2cffe8 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java
@@ -20,6 +20,7 @@ import org.apache.commons.httpclient.params.HttpMethodParams;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import at.gv.egiz.pdfas.api.commons.Constants;
 import at.knowcenter.wag.egov.egiz.sig.SignatureData;
 
 /**
@@ -39,6 +40,11 @@ public final class BKUPostConnection
    * The response Properties key that identifies the BKU Server header.
    */
   public static final String BKU_SERVER_HEADER_KEY = "BKU-Server-Header"; //$NON-NLS-1$
+  
+  /**
+   * The response property that declares the signature layout being applied.
+   */
+  public static final String BKU_SIGNATURE_LAYOUT_HEADER_KEY = "BKU-Signature-Layout"; //$NON-NLS-1$
 
   /**
    * The response Properties key that identifies the BKU User-Agent header.
@@ -130,6 +136,11 @@ public final class BKUPostConnection
        log.warn("BKU response header \"Server\" is empty.");
     }
 
+    Header signatureLayoutHeader = post_method.getResponseHeader(Constants.BKU_HEADER_SIGNATURE_LAYOUT); //$NON-NLS-1$
+    if (signatureLayoutHeader != null) {
+       response_properties.setProperty(BKU_SIGNATURE_LAYOUT_HEADER_KEY, signatureLayoutHeader.getValue());
+    }
+
     log.debug(post_method.getResponseCharSet());
     if (!post_method.getResponseCharSet().equals("UTF-8")) //$NON-NLS-1$
     {
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
index 5164771..100f054 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
@@ -21,10 +21,10 @@ import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
 import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
 import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces;
 import at.knowcenter.wag.egov.egiz.sig.connectors.moa.DetachedLocRefMOAConnector;
-import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.MOCCAHelper;
-import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedIdFormatter;
-import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedMOCIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.LocRefDetachedMOCCAConnector;
 import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandler;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandlerFactory;
 import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
 import at.knowcenter.wag.egov.egiz.tools.FileHelper;
 
@@ -125,24 +125,20 @@ public class DetachedBKUConnector implements Connector, LocalConnector
     log.debug("analyzeSignResponse:"); //$NON-NLS-1$
 
     String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
-    String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY);
-    String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY);
 
     BKUHelper.checkResponseForError(response_string);
 
-    // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs
-    // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl
-    log.debug("BKU response header \"user-agent\" header:  " + bkuUserAgentHeader);
-    // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser
-    log.debug("BKU response header \"server\"     header:  " + bkuServerHeader);
+    String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties);
+    log.debug("BKU identifier: \"" + bkuIdentifier + "\"");
     
-    SignSignatureObject so;
-    if (MOCCAHelper.isMOCCACCEId(bkuServerHeader == null ? bkuUserAgentHeader : bkuServerHeader)) {
-       log.debug("Evaluating response as MOCCA response.");
-       so = MOCCAHelper.parseCreateXMLResponse(response_string, new DetachedMOCIdFormatter());
-    } else {
-       so = BKUHelper.parseCreateXMLResponse(response_string, new DetachedIdFormatter());
+    SignatureLayoutHandler sigLayout;
+    try {
+       sigLayout = SignatureLayoutHandlerFactory.getSignatureLayoutHandlerInstance(bkuIdentifier);
+    } catch (SettingsException e) {
+       throw new ConnectorException(e.getErrorCode(), e.getMessage());
     }
+    
+    SignSignatureObject so = sigLayout.parseCreateXMLSignatureResponse(response_string);
 
     so.response_properties = response_properties;
 
@@ -322,17 +318,29 @@ public class DetachedBKUConnector implements Connector, LocalConnector
     String verify_request_template = this.environment.getVerifyRequestTemplate();
 
     String xml_content = null;
+
+    // MOA
     if (SigKZIDHelper.isMOASigned(so))
     {
       log.debug("The signature is MOA signed -> getting XML content from DetachedLocRefMOA connector.");
       DetachedLocRefMOAConnector moa_conn = new DetachedLocRefMOAConnector(this.environment.getProfile(), "loc ref not needed here");
       xml_content = moa_conn.prepareXMLContent(data, so);
-    }
+
+      // MOCCA
+  } else if (SigKZIDHelper.isMOCCASigned(so)) {
+     log.debug("MOCCA signature detected.");
+     String algorithmId = SigKZIDHelper.parseAlgorithmId(so.id);
+     log.debug("Algorithm = " + algorithmId);
+     LocRefDetachedMOCCAConnector mocca_connector = new LocRefDetachedMOCCAConnector(this.params, "not needed here", algorithmId);
+     xml_content = mocca_connector.prepareXMLContent(data, so);
+  }
+  // TD
     else
     {
+      log.debug("TD signature signature detected.");
       xml_content = prepareXMLContent(data, so);
     }
-
+    
     String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
     verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getLocRefContent());
     verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime(), "sl"));
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java
index f30b4b7..e415e98 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java
@@ -360,13 +360,8 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector
 
     BKUHelper.checkResponseForError(response_string);
 
-    // TODO[tknall] Parse server type and version in order to prevent unsupported cces from signing pdfs
-    String bkuServerHeader = response_properties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY);
-    String bkuUserAgentHeader = response_properties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY);
-    // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl
-    log.debug("BKU response header \"user-agent\" header:  " + bkuUserAgentHeader);
-    // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser
-    log.debug("BKU response header \"server\"     header:  " + bkuServerHeader);
+    String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties);
+    log.debug("BKU identifier: \"" + bkuIdentifier + "\"");
     
     SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new HotfixIdFormatter());
author	tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>	2009-04-27 08:16:42 +0000
committer	tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>	2009-04-27 08:16:42 +0000
commit	c4efec1daeb50b30d363bb9fb83aec5435dbf2ad (patch)
tree	e64dabcd20551714fb5f342d504927995e8c648a /src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku
parent	a8c39b215939a0ddd01f4c110fbc9070fbb8d9ca (diff)
download	pdf-as-3-c4efec1daeb50b30d363bb9fb83aec5435dbf2ad.tar.gz pdf-as-3-c4efec1daeb50b30d363bb9fb83aec5435dbf2ad.tar.bz2 pdf-as-3-c4efec1daeb50b30d363bb9fb83aec5435dbf2ad.zip