diff options
8 files changed, 81 insertions, 61 deletions
@@ -4,12 +4,13 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
- <packaging>war</packaging>
+ <packaging>jar</packaging>
<groupId>knowcenter</groupId>
<artifactId>pdf-as</artifactId>
<name>PDF-AS</name>
- <version>3.0.4-20080403</version>
+ <version>3.0.4-20080424</version>
+ <!-- don't forget to set the version string at.knowcenter.wag.egov.egiz.PDFAS_VERSION accordingly -->
<description>Amtssignatur fuer elektronische Aktenfuehrung</description>
<url>http://egovlabs.gv.at/projects/pdf-as</url>
@@ -76,7 +77,7 @@ </resource>
</resources>
- <finalName>${artifactId}</finalName>
+ <finalName>${artifactId}-${version}</finalName>
<plugins>
@@ -104,7 +105,7 @@ <descriptor>src/main/assembly/assemble_distribution_ws.xml</descriptor>
<descriptor>src/main/assembly/assemble_repository.xml</descriptor>
-->
- <descriptor>src/main/assembly/assemble_repository.xml</descriptor>
+ <descriptor>src/main/assembly/assemble_libraries.xml</descriptor>
</descriptors>
</configuration>
</plugin>
@@ -123,6 +124,7 @@ <Class-Path>.</Class-Path>
<mode>development</mode>
<url>${pom.url}</url>
+ <Implementation-Build>${pom.version}</Implementation-Build>
</manifestEntries>
</archive>
</configuration>
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java index 5a7d32b..4c0ae44 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java @@ -90,6 +90,8 @@ import com.lowagie.text.pdf.PdfReader; */
public abstract class PdfAS
{
+
+ public static final String PDFAS_VERSION = "3.0.4-20080424";
/**
* The key of the strict mode setting.
*/
@@ -865,7 +867,7 @@ public abstract class PdfAS // fixed by tknall
if (so_to_be_verified.getX509Cert() == null)
{
- throw new SignatureException(313, "Document certificate is not defined.");
+ throw new SignatureException(ErrorCode.CERTIFICATE_NOT_FOUND, "Document certificate is not defined.");
}
SignSignatureObject so = SignatureObjectHelper.convertSignatureObjectToSignSignatureObject(so_to_be_verified);
@@ -910,7 +912,7 @@ public abstract class PdfAS // added by tknall
if (so_to_be_verified.getX509Cert() == null)
{
- throw new SignatureException(313, "Document certificate is not defined.");
+ throw new SignatureException(ErrorCode.CERTIFICATE_NOT_FOUND, "Document certificate is not defined.");
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java b/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java index c58da3f..6481401 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java @@ -32,9 +32,11 @@ import java.util.Enumeration; import java.util.Properties;
import java.util.Vector;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import at.knowcenter.wag.egov.egiz.PdfAS;
import at.knowcenter.wag.egov.egiz.exceptions.SettingNotFoundException;
import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
@@ -724,6 +726,10 @@ public class SettingsReader implements Serializable // Does not conform with PKIX, but is used by belgium citizen card
// log.info("Registering RDN \"SERIALNUMBER\" as " + ObjectID.serialNumber + ".");
RFC2253NameParser.register("SERIALNUMBER", ObjectID.serialNumber);
+
+ String versionString = "* PDF-AS library version " + PdfAS.PDFAS_VERSION + " *";
+ String paddingString = StringUtils.repeat("*", versionString.length());
+ logger_.info("PDF-AS info\n" + paddingString + "\n" + versionString + "\n" + paddingString);
}
}
\ No newline at end of file diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java index 3437a6e..b4818cd 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java @@ -1099,6 +1099,7 @@ public class SignatureObject implements Serializable if (cert_store_dir.isDirectory())
{
String cert_file_name = cert_store_path + FILE_SEP + serial_number + CERT_FILE_EXTENSION;
+ logger_.debug("Adding cert (issuer=\"" + cert.getIssuerName() + "\", sn=\"" + cert.getSerialNumber() + "\") to certstore: \"" + cert_file_name + "\".");
// boolean store =
FileHelper.writeToFile(cert_file_name, cert.getCertString());
// System.err.println("store:" + store + ":" +
@@ -1114,6 +1115,16 @@ public class SignatureObject implements Serializable }
}
}
+
+ private X509Cert loadCertificateFromCertstore(String serialNumber, String issuer) {
+ String iss_hash = getIssuerFileHash(issuer);
+ String cert_store_path = certPath_ + iss_hash;
+ String cert_file_name = cert_store_path + FILE_SEP + serialNumber + CERT_FILE_EXTENSION;
+ if (logger_.isDebugEnabled()) {
+ logger_.debug("Trying to load cert (issuer=\"" + (issuer != null ? normalizeIssuer(issuer) : issuer) + "\", sn=\"" + serialNumber + "\") from certstore: \"" + cert_file_name + "\".");
+ }
+ return X509Cert.initByFilePath(cert_file_name);
+ }
/**
* This method load a X509v3 certificate from the filesystem. The reference to
@@ -1154,14 +1165,16 @@ public class SignatureObject implements Serializable X509Cert cert = null;
if (issuer != null && serialNumber != null)
{
- String iss_hash = getIssuerFileHash(issuer);
- String cert_store_path = certPath_ + iss_hash;
- String cert_file_name = cert_store_path + FILE_SEP + serialNumber + CERT_FILE_EXTENSION;
- if (logger_.isDebugEnabled())
- {
- logger_.debug("load certificate:" + cert_file_name);
+ cert = loadCertificateFromCertstore(serialNumber, issuer);
+ if (cert == null) {
+ logger_.debug("Certificate not found. Trying alternative normalization method.");
+ try {
+ Name issuerName = new RFC2253NameParser(issuer).parse();
+ cert = loadCertificateFromCertstore(serialNumber, issuerName.getRFC2253String(false));
+ } catch (RFC2253NameParserException e) {
+ logger_.error(e);
+ }
}
- cert = X509Cert.initByFilePath(cert_file_name);
if (cert == null)
{
@@ -1180,14 +1193,14 @@ public class SignatureObject implements Serializable storeNewCertificateInLocalStore(cert_data);
- // load the local cert
- cert = X509Cert.initByFilePath(cert_file_name);
-
+ cert = X509Cert.initByByteArray(cert_data);
if (cert == null)
{
logger_.debug("The certificate should be loaded here, but is null - something's wrong.");
}
}
+ } else {
+ logger_.warn("loadCertificate(\"" + serialNumber + "\", \"" + issuer + "\")");
}
return cert;
}
@@ -1220,9 +1233,15 @@ public class SignatureObject implements Serializable FileOutputStream fos = new FileOutputStream(save_file);
fos.write(cert_data);
fos.close();
- }
- catch (IOException e)
- {
+ // fixed by tknall: if serialnumber or issuername is omitted (binary signature) the
+ // certificate could not be found in the certstore. The fix sets the issuername and
+ // serialnumber as long the are known.
+ X509Cert cert = X509Cert.initByByteArray(cert_data);
+ if (cert.isX509Cert()) {
+ this.setSignationSerialNumber(cert.getSerialNumber());
+ this.setSignationIssuer(cert.getIssuerName());
+ }
+ } catch (IOException e) {
e.printStackTrace();
return;
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java index 64631cb..71ca754 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java @@ -219,10 +219,6 @@ public class X509Cert implements Serializable */
public static X509Cert initByFilePath(String filePath)
{
- if (logger_.isDebugEnabled())
- {
- logger_.debug("Add cert file:" + filePath);
- }
if (filePath == null)
{
return null;
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java index 75e4c31..c9e3fce 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java @@ -22,6 +22,7 @@ import java.util.Properties; import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import at.gv.egiz.pdfas.exceptions.ErrorCode;
import at.gv.egiz.pdfas.exceptions.external.ExternalErrorException;
import org.apache.log4j.Level;
@@ -368,7 +369,7 @@ public class BKUConnector implements LocalConnector String x509_cert_string = sigObject.getX509CertificateString();
if (x509_cert_string == null)
{
- SignatureException se = new SignatureException(313, "Document certificate is not defined.");
+ SignatureException se = new SignatureException(ErrorCode.CERTIFICATE_NOT_FOUND, "Document certificate is not defined.");
throw se;
}
String cert_alg = settings_.getValueFromKey("cert.alg.ecdsa");
@@ -410,6 +411,10 @@ public class BKUConnector implements LocalConnector final String string_to_be_hashed = sig_prop_str.substring(hash_start, hash_end);
logger_.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed);
+ logger_.debug("\n--------------------- ETSI properties string to be hashed: start ---------------------");
+ logger_.debug(string_to_be_hashed);
+ logger_.debug("\n--------------------- ETSI properties string to be hashed: stop ---------------------");
+
final byte [] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8");
sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed);
}
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java index 4dd3d5e..5e1aeed 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java @@ -31,6 +31,7 @@ import javax.xml.rpc.Call; import javax.xml.rpc.Service;
import javax.xml.rpc.ServiceFactory;
+import at.gv.egiz.pdfas.exceptions.ErrorCode;
import at.gv.egiz.pdfas.exceptions.external.ExternalErrorException;
import org.apache.axis.message.SOAPBodyElement;
@@ -428,7 +429,7 @@ public class MOAConnector implements Connector String x509Certificate = sigObject.getX509CertificateString();
if (x509Certificate == null)
{
- SignatureException se = new SignatureException(313, "Document certificate is not defined.");
+ SignatureException se = new SignatureException(ErrorCode.CERTIFICATE_NOT_FOUND, "Document certificate is not defined.");
throw se;
}
String cert_alg = settings_.getValueFromKey("cert.alg.ecdsa");
diff --git a/src/site/changes.xml b/src/site/changes.xml index 488d468..9410600 100644 --- a/src/site/changes.xml +++ b/src/site/changes.xml @@ -6,50 +6,39 @@ </properties>
<body>
-
+
<!--
<release version="major.minor" date="yyyy-MM-dd" description="foo">
- <action dev="foo" type="add|update|fix|remove">foo</action>
+ <action dev="foo" type="add|update|fix|remove">foo</action>
</release>
-->
- <release version="2.34" date="2007-01-10" description="subsequent release">
- <action dev="tknall" type="add">
- QualifiedCertificate property (moa/bku) is now being evaluated
- </action>
- </release>
-
- <release version="2.33" date="2006-12-14" description="subsequent release">
- <action dev="tknall" type="update">
- basic authentication for logging disabled
- </action>
- </release>
-
- <release version="2.32" date="2006-12-13" description="subsequent release">
- <action dev="tknall" type="add">
- LDAP support added
+ <release version="3.0.4" date="2008-04-24"
+ description="first release">
+ <action dev="tknall" type="fix">
+ Bug fixed: If we have a binary signature, the
+ certificate is embedded. So there should be no serial
+ number needed within the signature block. PDF-AS stores
+ the certificate in the certstore but tries to load the
+ certificate via serialnumber and issuername from
+ certstore, which fails because of the missing serial
+ number.
</action>
- </release>
-
- <release version="2.31" date="2006-12-07" description="subsequent release">
- <action dev="wlackner" type="fix">
- some bugs fixed, algorithms adjusted
+ <action dev="tknall" type="fix">
+ Bug fixed: For storage of the certificate in the
+ certstore the issuername is taken from the certificate,
+ normalized and hashed. The base64 value of the hash is
+ used as the directory name. Loading the certificate from
+ the certstore, the issuername is taken from the
+ signature block, normalized and hashed. Some issuernames
+ (with rdns that are not registered) lead to two
+ different hash values (one at storage, another at
+ retrieval), which leads to a certificate not found
+ exception.
</action>
- </release>
-
- <release version="2.3" date="2006-12-01" description="subsequent release">
<action dev="tknall" type="add">
- interface for LDAP-API added;
- implementing class is declared by system property
- at.knowcenter.wag.egov.egiz.sig.LDAPAPI.SYS_PROP_IMPLEMENTATION ("pdfas.ldapapi.impl");
- previous implementation DummyLDAPAPI serves as failback implementation if system
- property is not set, so version 2.3 provides backward compatibility to version 2.2
- </action>
- </release>
-
- <release version="2.2" date="2006-09-29" description="first release">
- <action dev="wlackner" type="add">
- first release of PDF-AS
+ PDF-AS library version is logged in order to lighten
+ bugfixing.
</action>
</release>
|