diff options
Diffstat (limited to 'pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java')
| -rw-r--r-- | pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java | 122 |
1 files changed, 64 insertions, 58 deletions
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java index a8de41e..6926d2b 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java @@ -55,11 +55,11 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /**
* Connects to the BKU using the detached multipart/formdata requests.
- *
+ *
* <p>
* This feature is available since BKU version 2.7.4.
* </p>
- *
+ *
* @author wprinz
*/
public class DetachedBKUConnector implements Connector, LocalConnector
@@ -85,12 +85,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Constructor that builds the configuration environment for this connector
* according to the given profile.
- *
+ *
* <p>
* If confuguration parameters are not defined on that profile, the default
* parameters defined in the configuration are used.
* </p>
- *
+ *
* @param connectorParameters
* The connectot parameters.
* @throws ConnectorException
@@ -101,10 +101,10 @@ public class DetachedBKUConnector implements Connector, LocalConnector this.params = connectorParameters;
this.environment = new Environment(this.params.getProfileId(), loc_ref_content);
}
-
+
/**
* Prepares the sign request xml to be sent using the sign request template.
- *
+ *
* @param data
* The SignatureData.
* @return Returns the sign request xml to be sent.
@@ -120,7 +120,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector String sign_keybox_identifier = this.environment.getSignKeyboxIdentifier();
String mime_type = data.getMimeType();
String loc_ref_content = this.environment.getLocRefContent();
-
+
if (log.isDebugEnabled())
{
log.debug("sign keybox identifier = " + sign_keybox_identifier); //$NON-NLS-1$
@@ -139,7 +139,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Analyzes the sign response xml and extracts the signature data.
- *
+ *
* @param response_properties
* The response properties containing the response String and
* transport related information.
@@ -155,14 +155,14 @@ public class DetachedBKUConnector implements Connector, LocalConnector String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties);
log.debug("BKU identifier: " + (bkuIdentifier != null ? ("\"" + bkuIdentifier + "\"") : "n/a"));
-
+
SignatureLayoutHandler sigLayout;
try {
sigLayout = SignatureLayoutHandlerFactory.getSignatureLayoutHandlerInstance(bkuIdentifier);
} catch (SettingsException e) {
throw new ConnectorException(e.getErrorCode(), e.getMessage());
}
-
+
BKUHelper.checkResponseForError(response_string);
SignSignatureObject so = sigLayout.parseCreateXMLSignatureResponse(response_string, this.environment);
@@ -225,15 +225,15 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Sends the request and data to the given URL.
- *
+ *
* <p>
* This method mainly handles communication exceptions. The actual send work
* is done by doPostRequestMultipart.
* </p>
- *
+ *
* @see BKUPostConnection#doPostRequestMultipart(String, String,
* SignatureData)
- *
+ *
* @param url
* The URL to send the request to.
* @param request_string
@@ -262,7 +262,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Performs a sign.
- *
+ *
* @param data
* The data to be signed.
* @return Returns the signature object containing the signature data.
@@ -289,7 +289,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Performs a verification.
- *
+ *
* @param data
* The data to be verified.
* @param so
@@ -331,7 +331,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Prepares the verify request xml to be sent using the verify request
* template.
- *
+ *
* @param data
* The SignatureData.
* @param so
@@ -345,7 +345,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector String verify_request_template = this.environment.getVerifyRequestTemplate();
String xml_content = null;
-
+
if (dsigData != null && dsigData.getXmlDsig() != null)
{
xml_content = dsigData.getXmlDsig();
@@ -355,16 +355,18 @@ public class DetachedBKUConnector implements Connector, LocalConnector xml_content = chooseAndCreateXMLDsig(data, so);
}
-
-
- String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getLocRefContent());
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime(), "sl"));
return verify_request_xml;
}
-
- private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException {
+
+ private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException {
// MOA
if (SigKZIDHelper.isMOASigned(so))
{
@@ -379,7 +381,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector log.debug("Algorithm = " + algorithmId);
LocRefDetachedMOCCAConnector mocca_connector = new LocRefDetachedMOCCAConnector(this.params, "not needed here", algorithmId);
return mocca_connector.prepareXMLContent(data, so);
-
+
// ATRUST
} else if (SigKZIDHelper.isATrustSigned(so)) {
log.debug("ATrust signature detected");
@@ -391,20 +393,20 @@ public class DetachedBKUConnector implements Connector, LocalConnector else if (SigKZIDHelper.isBKUSigned(so)) {
log.debug("TD signature signature detected.");
return prepareXMLContent(data, so);
- }
+ }
// unknown
else {
throw new ConnectorException(ErrorCode.UNSUPPORTED_SIGNATURE, "Unsupported signature (" + so.id + ", " +so.kz + "). Please get a new version of PDF-AS. Your version is: " + PdfAS.PDFAS_VERSION);
}
- }
+ }
/**
* Prepares the XML content the holds the actual signature data.
- *
+ *
* <p>
* This strongly rebuilds the XML content as retuned from a sign request.
* </p>
- *
+ *
* @param data
* The data.
* @param so
@@ -421,13 +423,13 @@ public class DetachedBKUConnector implements Connector, LocalConnector String ids_string = so.getSigID();
String[] ids = SignatureObject.parseSigIds(ids_string);
-
+
X509Certificate cert = so.getX509Certificate();
-
+
// dferbas
AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
-
+
// data digest replace
{
// byte[] data_value = data.getData();
@@ -457,7 +459,11 @@ public class DetachedBKUConnector implements Connector, LocalConnector verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
// SigDataRefReplace already done above
verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType());
@@ -495,7 +501,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Analyzes the verify response string.
- *
+ *
* @param response_properties
* The response properties containing the response XML.
* @return Returns the SignatureResponse containing the verification result.
@@ -518,7 +524,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Holds environment configuration information like templates.
- *
+ *
* @author wprinz
*/
public static class Environment extends ConnectorEnvironment
@@ -537,27 +543,27 @@ public class DetachedBKUConnector implements Connector, LocalConnector * The configuration key of the sign URL.
*/
protected static final String SIGN_URL_KEY = "bku.sign.url"; //$NON-NLS-1$
-
+
/**
* BKU template file prefix
*/
protected static final String TEMPLATE_FILE_PREFIX = "/templates/bku.";
-
+
/**
* signing file template sufix
*/
protected static final String SIGN_TEMPLATE_FILE_SUFIX = ".sign.xml";
-
+
/**
* verifing template file sufix
*/
- protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml";
+ protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml";
/**
* verifing file template key sufix
*/
protected static final String VERIFY_TEMPLATE_SUFIX = ".verify.template.xml";
-
+
/**
* The configuration key of the verify request template.
*/
@@ -605,7 +611,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Initializes the environment with a given profile.
- *
+ *
* @param profile
* The configuration profile.
* @throws ConnectorException
@@ -614,7 +620,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector public Environment(String profile, String loc_ref_content) throws ConnectorException
{
this.profile = profile;
-
+
this.loc_ref_content = loc_ref_content;
SettingsReader settings = null;
@@ -626,7 +632,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector {
throw new ConnectorException(300, e);
}
-
+
this.sign_keybox_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEYBOX_IDENTIFIER_KEY);
String sign_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + SIGN_TEMPLATE_FILE_SUFIX;
@@ -634,7 +640,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector // try to load template from file
//this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
-
+
// when first load failed (the template file does'nt exist), load it from default template file
if(this.sign_request_template == null)
{
@@ -642,7 +648,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
}
-
+
if (this.sign_request_template == null)
{
throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$
@@ -651,20 +657,20 @@ public class DetachedBKUConnector implements Connector, LocalConnector this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY);
// verify
-
+
String verify_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX;
-
+
// try to load template file for verifing
//this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
-
+
if(this.verify_request_template == null)
{
verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY);
//this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
}
-
+
if (this.verify_request_template == null)
{
throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$
@@ -674,7 +680,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector String verify_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + VERIFY_TEMPLATE_SUFIX;
//this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
this.verify_template = settings.readInternalResourceAsString(verify_filename);
-
+
if(this.verify_template == null)
{
verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY);
@@ -702,7 +708,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the LocRef content.
- *
+ *
* @return Returns the LocRef content.
*/
public String getLocRefContent()
@@ -712,7 +718,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the sign keybox identifier.
- *
+ *
* @return Returns the sign keybox identifier.
*/
public String getSignKeyboxIdentifier()
@@ -722,7 +728,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the sign request template.
- *
+ *
* @return Returns the sign request template.
*/
public String getSignRequestTemplate()
@@ -732,7 +738,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the sign URL.
- *
+ *
* @return Returns the sign URL.
*/
public String getSignURL()
@@ -742,7 +748,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the verify request template.
- *
+ *
* @return Returns the verify request template.
*/
public String getVerifyRequestTemplate()
@@ -752,7 +758,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the verify template.
- *
+ *
* @return Returns the verify template.
*/
public String getVerifyTemplate()
@@ -762,7 +768,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the verify URL.
- *
+ *
* @return Returns the verify URL.
*/
public String getVerifyURL()
@@ -772,7 +778,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the ecdsa cert alg property.
- *
+ *
* @return Returns the ecdsa cert alg property.
*/
public String getCertAlgEcdsa()
@@ -782,7 +788,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the rsa cert alg property.
- *
+ *
* @return Returns the rsa cert alg property.
*/
public String getCertAlgRsa()
@@ -793,7 +799,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Reads the configuration entry given by the key, first from the given
* profile, if not found from the defaults.
- *
+ *
* @param settings
* The settings.
* @param profile
|