aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku
diff options
context:
space:
mode:
Diffstat (limited to 'pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku')
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java695
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java179
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java823
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java666
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/LocRefDetachedBKUConnector.java46
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/MultipartDetachedBKUConnector.java42
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java135
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/SignSignatureObject.java272
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/SignSignatureObjectHelper.java76
9 files changed, 2934 insertions, 0 deletions
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java
new file mode 100644
index 0000000..64306ab
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java
@@ -0,0 +1,695 @@
+/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Properties;
+import java.util.TimeZone;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.pdfas.algorithmSuite.AlgorithmMapper;
+import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteObject;
+import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteUtil;
+import at.gv.egiz.pdfas.api.commons.Constants;
+import at.gv.egiz.pdfas.api.internal.LocalBKUParams;
+import at.gv.egiz.pdfas.exceptions.ErrorCode;
+import at.gv.egiz.pdfas.exceptions.external.ExternalErrorException;
+import at.gv.egiz.pdfas.impl.input.helper.DataSourceHelper;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.sig.SignatureData;
+import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.SignatureResponse;
+import at.knowcenter.wag.egov.egiz.sig.X509Cert;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment;
+import at.knowcenter.wag.egov.egiz.sig.sigid.IdFormatter;
+import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
+
+/**
+ * Contains static helper methods used by the BKU Connectors.
+ *
+ * @author wprinz
+ */
+public final class BKUHelper
+{
+
+ private static final Pattern ALLOWED_SL_RESPONSE_PATTERN = Pattern.compile("^.*<[\\w]*:?(CreateXMLSignatureResponse|VerifyXMLSignatureResponse)[^>]*>(.*)</[\\w]*:?(CreateXMLSignatureResponse|VerifyXMLSignatureResponse)>.*$", Pattern.DOTALL);
+
+ /**
+ * The log.
+ */
+ private static Log log = LogFactory.getLog(BKUHelper.class);
+
+ /**
+ * Encodes the given SignatureData to a valid Base64Content.
+ *
+ * <p>
+ * The data is Base64 encoded. If the mime-type suggests that the data is
+ * binary, it is Base64 encoded for a second time.
+ * </p>
+ *
+ * @param data
+ * The data to be converted to a valid Base64 content.
+ * @return Returns the Base64 content.
+ */
+ public static String prepareBase64Content(SignatureData data)
+ {
+ // PERF: base64 encoding needs byte array
+ byte [] d = DataSourceHelper.convertDataSourceToByteArray(data.getDataSource());
+
+ String base64 = CodingHelper.encodeBase64(d);
+ if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$
+ {
+ log.debug("The data is application/pdf - so the binary data is Base64 encoded."); //$NON-NLS-1$
+ base64 = CodingHelper.encodeUTF8AsBase64(base64);
+ }
+ return base64;
+
+ }
+
+ /**
+ * Prepares the enveloping data.
+ * <p>
+ * This is useful for building the hash.
+ * </p>
+ *
+ * @param data
+ * The data to be prepared.
+ * @return Returns the prepared data.
+ */
+ public static byte[] prepareEnvelopingData(SignatureData data)
+ {
+ // PERF: prepareEnvelopingData needs byte array
+ byte[] enc = DataSourceHelper.convertDataSourceToByteArray(data.getDataSource());
+
+ if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$
+ {
+ log.debug("The data is application/pdf - so the binary data is Base64 encoded."); //$NON-NLS-1$
+ String base64 = CodingHelper.encodeBase64(enc);
+ try
+ {
+ enc = base64.getBytes("US-ASCII"); //$NON-NLS-1$
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ e.printStackTrace();
+ throw new RuntimeException("Very Strange: US-ASCII encoding not supported???", e); //$NON-NLS-1$
+ }
+ }
+ return enc;
+ }
+
+ /**
+ * Checks the response xml for an error description and if found throws an
+ * appropriate exception.
+ *
+ * @param response_string
+ * The response xml.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public static void checkResponseForError(String response_string) throws ConnectorException
+ {
+ if (StringUtils.isEmpty(response_string)) {
+ throw new ConnectorException(ErrorCode.UNABLE_TO_RECEIVE_SUITABLE_RESPONSE, "No suitable response received.");
+ }
+ log.debug("Checking response for error: " + response_string);
+ Pattern erc_p_s = Pattern.compile("<[\\w]*:?ErrorCode>"); //$NON-NLS-1$
+ Pattern erc_p_e = Pattern.compile("</[\\w]*:?ErrorCode>"); //$NON-NLS-1$
+ Matcher erc_m_s = erc_p_s.matcher(response_string);
+ Matcher erc_m_e = erc_p_e.matcher(response_string);
+
+ if (erc_m_s.find() && erc_m_e.find())
+ {
+ log.error("Found error in response: " + response_string); //$NON-NLS-1$
+
+ Pattern erm_p_s = Pattern.compile("<[\\w]*:?Info>"); //$NON-NLS-1$
+ Pattern erm_p_e = Pattern.compile("</[\\w]*:?Info>"); //$NON-NLS-1$
+ Matcher erm_m_s = erm_p_s.matcher(response_string);
+ Matcher erm_m_e = erm_p_e.matcher(response_string);
+ String error_code = response_string.substring(erc_m_s.end(), erc_m_e.start());
+ String error_mess = null;
+ if (erm_m_s.find() && erm_m_e.find())
+ {
+ error_mess = response_string.substring(erm_m_s.end(), erm_m_e.start());
+ }
+ throw new ExternalErrorException(error_code, error_mess);
+ }
+ log.debug("No error found. Assuring that CreateXMLSignatureResponse or VerifyXMLSignatureResponse elements are available.");
+
+ // assure that a CreateXMLSignatureResponse or a VerifyXMLSignatureResponse is available
+ Matcher slMatcher = ALLOWED_SL_RESPONSE_PATTERN.matcher(response_string);
+ if (!slMatcher.matches()) {
+ throw new ConnectorException(ErrorCode.UNABLE_TO_RECEIVE_SUITABLE_RESPONSE, "No suitable response received: " + response_string);
+ }
+
+ }
+
+ /**
+ * This method parses the BKU-Response string.
+ *
+ * <p>
+ * It separates the SignatureValue, X509IssuerName, SigningTime,
+ * X509SerialNumber, X509Certificate, CertDigest, DigestValue and the
+ * signation id-s. If the X509Certificate is extracted it would be stored in
+ * the certificates directory.
+ * </p>
+ *
+ * @param xmlResponse
+ * The response string.
+ * @return Returns the parsed signature object holding the data.
+ *
+ * @throws ConnectorException
+ * ErrorCode (303, 304)
+ * @see SignatureObject
+ * @see CodingHelper
+ * @see X509Cert
+ */
+ public static SignSignatureObject parseCreateXMLResponse(String xmlResponse,
+ IdFormatter id_formatter, ConnectorEnvironment environment) throws ConnectorException
+ {
+ if (log.isDebugEnabled()) {
+ log.debug("xmlResponse = " + xmlResponse);
+ }
+ Pattern sig_val_p_s = Pattern.compile("<[\\w]*:?SignatureValue>"); //$NON-NLS-1$
+ Pattern sig_val_p_e = Pattern.compile("</[\\w]*:?SignatureValue>"); //$NON-NLS-1$
+ Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>"); //$NON-NLS-1$
+ Pattern iss_nam_p_e = Pattern.compile("</[\\w]*:?X509IssuerName>"); //$NON-NLS-1$
+ Pattern sig_tim_p_s = Pattern.compile("<[\\w]*:?SigningTime>"); //$NON-NLS-1$
+ Pattern sig_tim_p_e = Pattern.compile("</[\\w]*:?SigningTime>"); //$NON-NLS-1$
+ Pattern ser_num_p_s = Pattern.compile("<[\\w]*:?X509SerialNumber>"); //$NON-NLS-1$
+ Pattern ser_num_p_e = Pattern.compile("</[\\w]*:?X509SerialNumber>"); //$NON-NLS-1$
+ Pattern sig_cer_p_s = Pattern.compile("<[\\w]*:?X509Certificate>"); //$NON-NLS-1$
+ Pattern sig_cer_p_e = Pattern.compile("</[\\w]*:?X509Certificate>"); //$NON-NLS-1$
+
+ // Pattern sig_cer_d_p_s = Pattern.compile("<[\\w]*:?CertDigest>");
+ // //$NON-NLS-1$
+ // Pattern sig_cer_d_p_e = Pattern.compile("</[\\w]*:?CertDigest>");
+ // //$NON-NLS-1$
+ // Pattern dig_val_p_s = Pattern.compile("<[\\w]*:?DigestValue>");
+ // //$NON-NLS-1$
+ // Pattern dig_val_p_e = Pattern.compile("</[\\w]*:?DigestValue>");
+ // //$NON-NLS-1$
+
+ Matcher sig_val_m_s = sig_val_p_s.matcher(xmlResponse);
+ Matcher sig_val_m_e = sig_val_p_e.matcher(xmlResponse);
+ Matcher iss_nam_m_s = iss_nam_p_s.matcher(xmlResponse);
+ Matcher iss_nam_m_e = iss_nam_p_e.matcher(xmlResponse);
+ Matcher sig_tim_m_s = sig_tim_p_s.matcher(xmlResponse);
+ Matcher sig_tim_m_e = sig_tim_p_e.matcher(xmlResponse);
+ Matcher ser_num_m_s = ser_num_p_s.matcher(xmlResponse);
+ Matcher ser_num_m_e = ser_num_p_e.matcher(xmlResponse);
+ Matcher sig_cer_m_s = sig_cer_p_s.matcher(xmlResponse);
+ Matcher sig_cer_m_e = sig_cer_p_e.matcher(xmlResponse);
+
+ // Matcher sig_cer_d_m_s = sig_cer_d_p_s.matcher(xmlResponse);
+ // Matcher sig_cer_d_m_e = sig_cer_d_p_e.matcher(xmlResponse);
+ // Matcher dig_val_m_s = dig_val_p_s.matcher(xmlResponse);
+ // Matcher dig_val_m_e = dig_val_p_e.matcher(xmlResponse);
+
+ // SignatureValue
+ String sig_val = null;
+ if (sig_val_m_s.find() && sig_val_m_e.find())
+ {
+ sig_val = removeAllWhitespace(xmlResponse.substring(sig_val_m_s.end(), sig_val_m_e.start()));
+ }
+ log.debug("sig_val = " + sig_val); //$NON-NLS-1$
+
+ // X509IssuerName
+ String iss_nam = null;
+ if (iss_nam_m_s.find() && iss_nam_m_e.find())
+ {
+ iss_nam = xmlResponse.substring(iss_nam_m_s.end(), iss_nam_m_e.start());
+ }
+ log.debug("iss_nam = " + iss_nam); //$NON-NLS-1$
+
+ // X509SerialNumber
+ String ser_num = null;
+ if (ser_num_m_s.find() && ser_num_m_e.find())
+ {
+ ser_num = removeAllWhitespace(xmlResponse.substring(ser_num_m_s.end(), ser_num_m_e.start()));
+ }
+ log.debug("ser_num = " + ser_num); //$NON-NLS-1$
+
+ // SigningTime
+ String sig_tim = null;
+ if (sig_tim_m_s.find() && sig_tim_m_e.find())
+ {
+ sig_tim = xmlResponse.substring(sig_tim_m_s.end(), sig_tim_m_e.start());
+ }
+ log.debug("sig_tim = " + sig_tim); //$NON-NLS-1$
+
+ // CertDigest
+ // if (sig_cer_d_m_s.find() && sig_cer_d_m_e.find())
+ // {
+ // String cert_digest = xmlResponse.substring(sig_cer_d_m_s.end(),
+ // sig_cer_d_m_e.start());
+ // if (dig_val_m_s.find() && dig_val_m_e.find())
+ // {
+ // sig_dig = cert_digest.substring(dig_val_m_s.end(), dig_val_m_e.start());
+ // //sigObj.setX509CertificateDigest(sig_dig);
+ // }
+ // }
+
+ // X509Certificate
+ X509Certificate cert = null;
+ if (sig_cer_m_s.find() && sig_cer_m_e.find())
+ {
+ String sig_cer = removeAllWhitespace(xmlResponse.substring(sig_cer_m_s.end(), sig_cer_m_e.start()));
+
+ try
+ {
+ byte[] der = CodingHelper.decodeBase64(sig_cer);
+ ByteArrayInputStream bais = new ByteArrayInputStream(der);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$
+ cert = (X509Certificate) cf.generateCertificate(bais);
+ bais.close();
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ log.error(e);
+ throw new ConnectorException(300, e);
+ }
+ catch (CertificateException e)
+ {
+ log.error(e);
+ throw new ConnectorException(300, e);
+ }
+ catch (IOException e)
+ {
+ log.error(e);
+ throw new ConnectorException(300, e);
+ }
+ }
+ log.debug("X509Certificate = " + cert); //$NON-NLS-1$
+
+ if (log.isDebugEnabled())
+ {
+
+ String cert_iss = cert.getIssuerDN().getName();
+ log.debug("certificate's issuer = " + cert_iss); //$NON-NLS-1$
+ log.debug("response's issuer = " + iss_nam); //$NON-NLS-1$
+ log.debug("issuer matches = " + cert_iss.equals(iss_nam)); //$NON-NLS-1$
+ log.debug("ser number matches = " + cert.getSerialNumber().toString().equals(ser_num)); //$NON-NLS-1$
+ }
+
+ // extract Subject Name from X509Certificate
+ // if (sig_cer_m_s.find() && sig_cer_m_e.find())
+ // {
+ // sig_cer = xmlResponse.substring(sig_cer_m_s.end(), sig_cer_m_e.start());
+ // sig_cer = sig_cer.replaceAll("\\s", "");
+ // //sigObj.setX509Certificate(sig_cer);
+ // X509Cert cert = X509Cert.initByString(sig_cer);
+ // if (cert.isX509Cert())
+ // {
+ // //sigObj.setX509Certificate(cert.getCertString());
+ // String serial_num = cert.getSerialNumber();
+ // String subject_name = cert.getSubjectName();
+ // if (!ser_num.equals(serial_num))
+ // {
+ // ConnectorException se = new ConnectorException(303, "Serialnumber of
+ // certificate and tag X509SerialNumber differs!");
+ // throw se;
+ // }
+ // //sigObj.setSignationName(subject_name);
+ // }
+ // }
+
+ // extract Signature Id's
+ String[] ids = new String[5];
+ ids[0] = extractId(xmlResponse, "signature-"); //$NON-NLS-1$
+ ids[1] = extractId(xmlResponse, "signed-data-reference-"); //$NON-NLS-1$
+ ids[2] = extractId(xmlResponse, "signed-data-object-"); //$NON-NLS-1$
+ ids[3] = extractId(xmlResponse, "etsi-data-reference-"); //$NON-NLS-1$
+ ids[4] = extractId(xmlResponse, "etsi-data-object-"); //$NON-NLS-1$
+
+ String algs = AlgorithmSuiteUtil.extractAlgorithmSuiteString(xmlResponse);
+
+ SignSignatureObject so = new SignSignatureObject();
+ so.date = sig_tim;
+ so.issuer = iss_nam;
+ so.signatureValue = sig_val;
+ so.x509Certificate = cert;
+
+ AlgorithmSuiteObject suite = new AlgorithmSuiteObject(algs, false);
+ so.sigAlgorithm = AlgorithmMapper.getUri(suite.getSignatureMethod());
+
+ String defaultCertAlg = environment.getDefaultAlgForCert(cert);
+
+ if (AlgorithmSuiteUtil.isDefaultCertAlg(algs, defaultCertAlg)) {
+ // do not embed default alg
+ algs = null;
+ }
+
+ String final_ids = id_formatter.formatIds(ids, algs);
+ so.id = final_ids;
+
+ return so;
+ }
+
+ /**
+ * Removes all whitespaces ("\\s") from the String.
+ *
+ * @param str
+ * The String.
+ * @return The String with all whitespaces removed.
+ */
+ public static String removeAllWhitespace(String str)
+ {
+ return str.replaceAll("\\s", ""); //$NON-NLS-1$ //$NON-NLS-2$
+ }
+
+ /**
+ * This emthod extracts id-values from a text. The id is given by the name.
+ *
+ * @param text
+ * the id-value that should extract from
+ * @param name
+ * the id-key
+ * @return the value of the given key in the text
+ */
+ private static String extractId(String text, String name)
+ {
+ String id = null;
+ // fatal bug; fixed by tknall (start)
+ int startOfName = text.indexOf(name);
+ if (startOfName == -1) {
+ log.debug("No id for name \"" + name + "\" extracted. Probably detached signature. Returning empty id: \"\""); //$NON-NLS-1$
+ return "";
+ }
+ // stop
+
+ int start_idx = startOfName + name.length();
+ int end_idx = text.indexOf("\"", start_idx); //$NON-NLS-1$
+
+ final int quot_end_idx = end_idx;
+ final int squot_end_idx = text.indexOf("'", start_idx); //$NON-NLS-1$
+ end_idx = Math.min(quot_end_idx, squot_end_idx);
+ id = text.substring(start_idx, end_idx);
+ if (log.isDebugEnabled())
+ {
+ log.debug("extract id:" + name + id); //$NON-NLS-1$
+ }
+ return id;
+ }
+
+ /**
+ * This method parses the verify response string and return a
+ * SignatureResponse object. The SignatureResponse object is filled out by the
+ * response values from the BKU-response.
+ *
+ * @param xmlResponse
+ * the response values from the BKU-verify request
+ * @return SignatureResponse object
+ * @see SignatureResponse
+ */
+ public static SignatureResponse parseVerifyXMLResponse(String xmlResponse)
+ {
+ log.debug("parseVerifyXMLResponse:"); //$NON-NLS-1$
+
+ Pattern sub_nam_p_s = Pattern.compile("<dsig:X509SubjectName>"); //$NON-NLS-1$
+ Pattern sub_nam_p_e = Pattern.compile("</dsig:X509SubjectName>"); //$NON-NLS-1$
+ Pattern iss_nam_p_s = Pattern.compile("<dsig:X509IssuerName>"); //$NON-NLS-1$
+ Pattern iss_nam_p_e = Pattern.compile("</dsig:X509IssuerName>"); //$NON-NLS-1$
+ Pattern ser_num_p_s = Pattern.compile("<dsig:X509SerialNumber>"); //$NON-NLS-1$
+ Pattern ser_num_p_e = Pattern.compile("</dsig:X509SerialNumber>"); //$NON-NLS-1$
+
+ Pattern sig_chk_p_s = Pattern.compile("<[\\w]*:?SignatureCheck>"); //$NON-NLS-1$
+ Pattern sig_chk_p_e = Pattern.compile("</[\\w]*:?SignatureCheck>"); //$NON-NLS-1$
+ Pattern man_chk_p_s = Pattern.compile("<[\\w]*:?SignatureManifestCheck>"); //$NON-NLS-1$
+ Pattern man_chk_p_e = Pattern.compile("</[\\w]*:?SignatureManifestCheck>"); //$NON-NLS-1$
+ Pattern cer_chk_p_s = Pattern.compile("<[\\w]*:?CertificateCheck>"); //$NON-NLS-1$
+ Pattern cer_chk_p_e = Pattern.compile("</[\\w]*:?CertificateCheck>"); //$NON-NLS-1$
+
+ // [tknall] start qualified certificate
+ Pattern cert_qualified_p = Pattern.compile("<[\\w]*:?QualifiedCertificate/>"); //$NON-NLS-1$
+ Matcher cert_qualified_m = cert_qualified_p.matcher(xmlResponse);
+ // [tknall] stop qualified certificate
+
+ Pattern code_p_s = Pattern.compile("<[\\w]*:?Code>"); //$NON-NLS-1$
+ Pattern code_p_e = Pattern.compile("</[\\w]*:?Code>"); //$NON-NLS-1$
+ Pattern info_p_s = Pattern.compile("<[\\w]*:?Info>"); //$NON-NLS-1$
+ Pattern info_p_e = Pattern.compile("</[\\w]*:?Info>"); //$NON-NLS-1$
+
+ Pattern cert_p_s = Pattern.compile("<dsig:X509Certificate>"); //$NON-NLS-1$
+ Pattern cert_p_e = Pattern.compile("</dsig:X509Certificate>"); //$NON-NLS-1$
+
+ Matcher sub_nam_m_s = sub_nam_p_s.matcher(xmlResponse);
+ Matcher sub_nam_m_e = sub_nam_p_e.matcher(xmlResponse);
+ Matcher iss_nam_m_s = iss_nam_p_s.matcher(xmlResponse);
+ Matcher iss_nam_m_e = iss_nam_p_e.matcher(xmlResponse);
+ Matcher ser_num_m_s = ser_num_p_s.matcher(xmlResponse);
+ Matcher ser_num_m_e = ser_num_p_e.matcher(xmlResponse);
+
+ Matcher sig_chk_m_s = sig_chk_p_s.matcher(xmlResponse);
+ Matcher sig_chk_m_e = sig_chk_p_e.matcher(xmlResponse);
+ Matcher man_chk_m_s = man_chk_p_s.matcher(xmlResponse);
+ Matcher man_chk_m_e = man_chk_p_e.matcher(xmlResponse);
+ Matcher cer_chk_m_s = cer_chk_p_s.matcher(xmlResponse);
+ Matcher cer_chk_m_e = cer_chk_p_e.matcher(xmlResponse);
+
+ Matcher cert_m_s = cert_p_s.matcher(xmlResponse);
+ Matcher cert_m_e = cert_p_e.matcher(xmlResponse);
+
+ Pattern hash_data_p_s = Pattern.compile("<HashInputData PartOf=\"SignedInfo\">"); //$NON-NLS-1$
+ Pattern hash_data_p_e = Pattern.compile("</HashInputData>"); //$NON-NLS-1$
+ Matcher hash_data_m_s = hash_data_p_s.matcher(xmlResponse);
+ Matcher hash_data_m_e = hash_data_p_e.matcher(xmlResponse);
+
+
+ SignatureResponse sig_res = new SignatureResponse();
+
+ // public authority (tknall)
+ Pattern publicAuthority_p = Pattern.compile("<PublicAuthority/>");
+ Matcher publicAuthority_m = publicAuthority_p.matcher(xmlResponse);
+ sig_res.setPublicAuthority(false);
+ sig_res.setPublicAuthorityCode(null);
+ if (publicAuthority_m.find()) {
+ sig_res.setPublicAuthority(true);
+ } else {
+ Matcher publicAuthority_m_s = Pattern.compile("<PublicAuthority>").matcher(xmlResponse);
+ Matcher publicAuthority_m_e = Pattern.compile("</PublicAuthority>").matcher(xmlResponse);
+ if (publicAuthority_m_s.find() && publicAuthority_m_e.find()) {
+ sig_res.setPublicAuthority(true);
+ String codePart = xmlResponse.substring(publicAuthority_m_s.end(), publicAuthority_m_e.start());
+ Matcher code_m_s = code_p_s.matcher(codePart);
+ Matcher code_m_e = code_p_e.matcher(codePart);
+ if (code_m_s.find() && code_m_e.find()) {
+ String code = codePart.substring(code_m_s.end(), code_m_e.start());
+ sig_res.setPublicAuthorityCode(code);
+ }
+ }
+ }
+
+ // [tknall] start qualified certificate
+ sig_res.setQualifiedCertificate(cert_qualified_m.find());
+ // [tknall] stop qualified certificate
+
+ if (hash_data_m_s.find() && hash_data_m_e.find())
+ {
+ String hashInputData = xmlResponse.substring(hash_data_m_s.end(), hash_data_m_e.start());
+
+ Pattern b64_p_s = Pattern.compile("<Base64Content>"); //$NON-NLS-1$
+ Pattern b64_p_e = Pattern.compile("</Base64Content>"); //$NON-NLS-1$
+ Matcher b64_m_s = b64_p_s.matcher(hashInputData);
+ Matcher b64_m_e = b64_p_e.matcher(hashInputData);
+
+ boolean hashInputDataFound = b64_m_s.find() && b64_m_e.find();
+
+ String b64 = hashInputDataFound ? hashInputData.substring(b64_m_s.end(), b64_m_e.start()) : "";
+
+ sig_res.setHashInputData(b64);
+ }
+
+ if (sub_nam_m_s.find() && sub_nam_m_e.find())
+ {
+ String sub_nam = xmlResponse.substring(sub_nam_m_s.end(), sub_nam_m_e.start());
+ sig_res.setX509SubjectName(sub_nam);
+ }
+ if (iss_nam_m_s.find() && iss_nam_m_e.find())
+ {
+ String iss_nam = xmlResponse.substring(iss_nam_m_s.end(), iss_nam_m_e.start());
+ sig_res.setX509IssuerName(iss_nam);
+ }
+ if (ser_num_m_s.find() && ser_num_m_e.find())
+ {
+ String ser_num = xmlResponse.substring(ser_num_m_s.end(), ser_num_m_e.start());
+ sig_res.setX509SerialNumber(ser_num);
+ }
+ if (sig_chk_m_s.find() && sig_chk_m_e.find())
+ {
+ String sig_chk = xmlResponse.substring(sig_chk_m_s.end(), sig_chk_m_e.start());
+ Matcher code_m_s = code_p_s.matcher(sig_chk);
+ Matcher code_m_e = code_p_e.matcher(sig_chk);
+ Matcher info_m_s = info_p_s.matcher(sig_chk);
+ Matcher info_m_e = info_p_e.matcher(sig_chk);
+ if (code_m_s.find() && code_m_e.find())
+ {
+ String code = sig_chk.substring(code_m_s.end(), code_m_e.start());
+ sig_res.setSignatureCheckCode(code);
+ }
+ if (info_m_s.find() && info_m_e.find())
+ {
+ String info = sig_chk.substring(info_m_s.end(), info_m_e.start());
+ sig_res.setSignatureCheckInfo(info);
+ }
+ }
+ if (man_chk_m_s.find() && man_chk_m_e.find())
+ {
+ String man_chk = xmlResponse.substring(man_chk_m_s.end(), man_chk_m_e.start());
+ Matcher code_m_s = code_p_s.matcher(man_chk);
+ Matcher code_m_e = code_p_e.matcher(man_chk);
+ Matcher info_m_s = info_p_s.matcher(man_chk);
+ Matcher info_m_e = info_p_e.matcher(man_chk);
+ if (code_m_s.find() && code_m_e.find())
+ {
+ String code = man_chk.substring(code_m_s.end(), code_m_e.start());
+ sig_res.setSignatureManifestCheckCode(code);
+ }
+ if (info_m_s.find() && info_m_e.find())
+ {
+ String info = man_chk.substring(info_m_s.end(), info_m_e.start());
+ sig_res.setSignatureManifestCheckInfo(info);
+ }
+ }
+ if (cer_chk_m_s.find() && cer_chk_m_e.find())
+ {
+ String cer_chk = xmlResponse.substring(cer_chk_m_s.end(), cer_chk_m_e.start());
+ Matcher code_m_s = code_p_s.matcher(cer_chk);
+ Matcher code_m_e = code_p_e.matcher(cer_chk);
+ Matcher info_m_s = info_p_s.matcher(cer_chk);
+ Matcher info_m_e = info_p_e.matcher(cer_chk);
+ if (code_m_s.find() && code_m_e.find())
+ {
+ String code = cer_chk.substring(code_m_s.end(), code_m_e.start());
+ sig_res.setCertificateCheckCode(code);
+ }
+ if (info_m_s.find() && info_m_e.find())
+ {
+ String info = cer_chk.substring(info_m_s.end(), info_m_e.start());
+ sig_res.setCertificateCheckInfo(info);
+ }
+ }
+ if (cert_m_s.find() && cert_m_e.find())
+ {
+ String cert_string = xmlResponse.substring(cert_m_s.end(), cert_m_e.start());
+
+ X509Cert resp_cert = X509Cert.initByString(cert_string);
+ sig_res.setCertificate(resp_cert);
+ }
+
+ log.debug("parseVerifyXMLResponse finished."); //$NON-NLS-1$
+ return sig_res;
+ }
+
+ public static String formDateTimeElement(Date verificationTime)
+ {
+ return formDateTimeElement(verificationTime, null);
+ }
+
+ public static String formDateTimeElement(Date verificationTime, String namespace)
+ {
+ String nsPrefix = StringUtils.isBlank(namespace) ? "" : (namespace + ":");
+
+ String dateTimeElement = "";
+ if (verificationTime != null)
+ {
+ log.debug("VerificationTime = " + verificationTime);
+
+ DateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
+ df.setTimeZone(TimeZone.getTimeZone("UTC"));
+ String dateTime = df.format(verificationTime) + "Z";
+ log.debug("DateTime (VerificationTime in UTC) = " + dateTime);
+
+ dateTimeElement = "<" + nsPrefix + "DateTime>" + dateTime + "</" + nsPrefix + "DateTime>";
+ };
+ return dateTimeElement;
+ }
+
+ public static String getBKUIdentifier(Properties parsedResponseProperties) {
+
+ // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser
+ String bkuServerHeader = parsedResponseProperties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY);
+
+ // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl
+ String bkuUserAgentHeader = parsedResponseProperties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY);
+
+ String bkuSignatureLayout = parsedResponseProperties.getProperty(BKUPostConnection.BKU_SIGNATURE_LAYOUT_HEADER_KEY);
+
+ return getBKUIdentifier(bkuServerHeader, bkuUserAgentHeader, bkuSignatureLayout);
+ }
+
+ public static String getBKUIdentifier(String bkuServerHeader, String bkuUserAgentHeader, String bkuSignatureLayout) {
+
+ log.debug("BKU response header \"user-agent\": " + bkuUserAgentHeader);
+ log.debug("BKU response header \"server\": " + bkuServerHeader);
+ log.trace("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\": " + bkuSignatureLayout);
+
+ String result = null;
+
+ if (bkuServerHeader != null) {
+ result = bkuServerHeader;
+ } else if (bkuUserAgentHeader != null) {
+ result = bkuUserAgentHeader;
+ } else {
+ log.warn("Unable to find any BKU identifier (neither header value \"user-agent\" nor \"server\".)");
+ }
+
+ if (bkuSignatureLayout != null && result != null) {
+ log.debug("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\" found.");
+ String signatureLayoutData = " " + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "/" + bkuSignatureLayout;
+ if (!result.endsWith(signatureLayoutData)) {
+ log.debug("Appending signature layout value \"" + bkuSignatureLayout + "\" to bku identifier.");
+ result += signatureLayoutData;
+ } else {
+ log.debug("Signature layout already encoded in server/user-agent header.");
+ }
+ }
+
+ if (result != null) {
+ log.debug("Returning BKU identifier \"" + result + "\"");
+ } else {
+ log.debug("Returning null BKU identifier.");
+ }
+
+ return result;
+ }
+
+ public static String getBKUIdentifier(LocalBKUParams bkuParams) {
+ return getBKUIdentifier(bkuParams.getServer(), bkuParams.getUserAgent(), bkuParams.getSignatureLayout());
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java
new file mode 100644
index 0000000..04b817f
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java
@@ -0,0 +1,179 @@
+/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+import org.apache.commons.httpclient.Header;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.methods.multipart.FilePart;
+import org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity;
+import org.apache.commons.httpclient.methods.multipart.Part;
+import org.apache.commons.httpclient.methods.multipart.PartSource;
+import org.apache.commons.httpclient.methods.multipart.StringPart;
+import org.apache.commons.httpclient.params.HttpMethodParams;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.pdfas.api.commons.Constants;
+import at.knowcenter.wag.egov.egiz.sig.SignatureData;
+
+/**
+ * Helper class with methods that use the Apache Https Client to send HTTP
+ * requests.
+ *
+ * @author wprinz
+ */
+public final class BKUPostConnection
+{
+ /**
+ * The response Properties key that identifies the response string.
+ */
+ public static final String RESPONSE_STRING_KEY = "response_string"; //$NON-NLS-1$
+
+ /**
+ * The response Properties key that identifies the BKU Server header.
+ */
+ public static final String BKU_SERVER_HEADER_KEY = "BKU-Server-Header"; //$NON-NLS-1$
+
+ /**
+ * The response property that declares the signature layout being applied.
+ */
+ public static final String BKU_SIGNATURE_LAYOUT_HEADER_KEY = "BKU-Signature-Layout"; //$NON-NLS-1$
+
+ /**
+ * The response Properties key that identifies the BKU User-Agent header.
+ */
+ public static final String BKU_USER_AGENT_HEADER_KEY = "BKU-User-Agent-Header"; //$NON-NLS-1$
+
+ /**
+ * The log.
+ */
+ private static Log log = LogFactory.getLog(BKUPostConnection.class);
+
+ /**
+ * Sends a multipart/form-data HTTP Post request to the given URL.
+ *
+ * @param url The url the request is directed to.
+ * @param request The request XML, which will be the UTF-8 text/xml first part of the message.
+ * @param data The binary second part of the message.
+ * @return Returns the response properties which, among others, contain the response String.
+ * @throws HttpException
+ * @throws IOException
+ */
+ public static Properties doPostRequestMultipart(String url, String request,
+ final SignatureData data) throws HttpException, IOException
+ {
+ log.debug("doPostRequestMultipart:"); //$NON-NLS-1$
+
+ StringPart xmlpart = new StringPart("XMLRequest", request, "UTF-8"); //$NON-NLS-1$//$NON-NLS-2$
+
+ // TODO this is a BUG in BKU that doesn't allow the Content-Type header
+ xmlpart.setContentType(null);
+ xmlpart.setTransferEncoding(null);
+ // BKU 2.7.4 can't handle the Content-Type Header for the XML
+ // xmlpart.setContentType("text/xml");
+ // xmlpart.setTransferEncoding(null);
+
+ final String filename = data.getMimeType().equals("application/pdf") ? "myfile.pdf" : "myfile.txt"; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ PartSource ps = new PartSource() {
+ public InputStream createInputStream() throws IOException
+ {
+ return data.getDataSource().createInputStream();
+ }
+
+ public String getFileName()
+ {
+ return filename;
+ }
+
+ public long getLength()
+ {
+ return data.getDataSource().getLength();
+ }
+ };
+ //ByteArrayPartSource baps = new ByteArrayPartSource(filename, data.getData());
+ FilePart filepart = new FilePart("fileupload", ps); //$NON-NLS-1$
+ filepart.setContentType(data.getMimeType());
+
+ // not really needed since external referenced data has to be taken "as-is" (binary stream) for
+ // digest calculation, so neither content type nor charset is relevant
+ filepart.setCharSet(data.getCharacterEncoding());
+
+ Part[] parts = { xmlpart, filepart };
+
+ HttpMethodParams method_params = new HttpMethodParams();
+ method_params.setContentCharset("UTF-8"); //$NON-NLS-1$
+
+ PostMethod post_method = new PostMethod(url);
+ post_method.setParams(method_params);
+
+ MultipartRequestEntity mprqe = new MultipartRequestEntity(parts, post_method.getParams());
+ post_method.setRequestEntity(mprqe);
+
+ HttpClient http_client = new HttpClient();
+
+ int method_response = http_client.executeMethod(post_method);
+ log.debug("method_response = " + method_response); //$NON-NLS-1$
+
+ Properties response_properties = new Properties();
+
+ if (log.isDebugEnabled())
+ {
+ Header[] response_headers = post_method.getResponseHeaders();
+ for (int i = 0; i < response_headers.length; i++)
+ {
+ log.debug(" response_header[" + i + "]: name = " + response_headers[i].getName() + ", value = " + response_headers[i].getValue()); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ }
+ }
+ Header server_header = post_method.getResponseHeader("Server"); //$NON-NLS-1$
+ if (server_header != null) {
+ response_properties.setProperty(BKU_SERVER_HEADER_KEY, server_header.getValue());
+ } else {
+ log.warn("BKU response header \"Server\" is empty.");
+ }
+
+ Header signatureLayoutHeader = post_method.getResponseHeader(Constants.BKU_HEADER_SIGNATURE_LAYOUT); //$NON-NLS-1$
+ if (signatureLayoutHeader != null) {
+ response_properties.setProperty(BKU_SIGNATURE_LAYOUT_HEADER_KEY, signatureLayoutHeader.getValue());
+ }
+
+ String responseCharSet = post_method.getResponseCharSet();
+ if (!"UTF8".equalsIgnoreCase(responseCharSet) && !"UTF-8".equalsIgnoreCase(responseCharSet)) {
+ log.warn("BKU response charset is not UTF-8!"); //$NON-NLS-1$
+ }
+ String response_string = post_method.getResponseBodyAsString();
+
+ response_properties.setProperty(RESPONSE_STRING_KEY, response_string);
+
+ log.debug("doPostRequestMultipart finished."); //$NON-NLS-1$
+
+ return response_properties;
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
new file mode 100644
index 0000000..a8de41e
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
@@ -0,0 +1,823 @@
+/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteObject;
+import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteUtil;
+import at.gv.egiz.pdfas.api.xmldsig.XMLDsigData;
+import at.gv.egiz.pdfas.exceptions.ErrorCode;
+import at.gv.egiz.pdfas.framework.ConnectorParameters;
+import at.knowcenter.wag.egov.egiz.PdfAS;
+import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
+import at.knowcenter.wag.egov.egiz.sig.SignatureData;
+import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.SignatureResponse;
+import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment;
+import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces;
+import at.knowcenter.wag.egov.egiz.sig.connectors.moa.DetachedLocRefMOAConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.moa.MOASoapWithAttachmentConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.LocRefDetachedMOCCAConnector;
+import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandler;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandlerFactory;
+import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
+
+/**
+ * Connects to the BKU using the detached multipart/formdata requests.
+ *
+ * <p>
+ * This feature is available since BKU version 2.7.4.
+ * </p>
+ *
+ * @author wprinz
+ */
+public class DetachedBKUConnector implements Connector, LocalConnector
+{
+//23.11.2010 changed by exthex - added reconstructXMLDsig method and moved xmldsig creation to chooseAndCreateXMLDsig method
+
+ /**
+ * The log.
+ */
+ private static Log log = LogFactory.getLog(DetachedBKUConnector.class);
+
+ /**
+ * The connector parameters.
+ */
+ protected ConnectorParameters params = null;
+
+ /**
+ * The environemnt configuration of this connector containing templates and
+ * other configurable elements.
+ */
+ protected Environment environment = null;
+
+ /**
+ * Constructor that builds the configuration environment for this connector
+ * according to the given profile.
+ *
+ * <p>
+ * If confuguration parameters are not defined on that profile, the default
+ * parameters defined in the configuration are used.
+ * </p>
+ *
+ * @param connectorParameters
+ * The connectot parameters.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public DetachedBKUConnector(ConnectorParameters connectorParameters, String loc_ref_content) throws ConnectorException
+ {
+ this.params = connectorParameters;
+ this.environment = new Environment(this.params.getProfileId(), loc_ref_content);
+ }
+
+ /**
+ * Prepares the sign request xml to be sent using the sign request template.
+ *
+ * @param data
+ * The SignatureData.
+ * @return Returns the sign request xml to be sent.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public String prepareSignRequest(SignatureData data) throws ConnectorException
+ {
+ log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$
+
+ String sign_request_template = this.environment.getSignRequestTemplate();
+
+ String sign_keybox_identifier = this.environment.getSignKeyboxIdentifier();
+ String mime_type = data.getMimeType();
+ String loc_ref_content = this.environment.getLocRefContent();
+
+ if (log.isDebugEnabled())
+ {
+ log.debug("sign keybox identifier = " + sign_keybox_identifier); //$NON-NLS-1$
+ log.debug("mime type = " + mime_type); //$NON-NLS-1$
+ log.debug("loc_ref_content = " + loc_ref_content); //$NON-NLS-1$
+ }
+
+ String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEYBOX_IDENTIFIER_REPLACE, sign_keybox_identifier);
+ sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, mime_type);
+ sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, loc_ref_content);
+
+ log.debug("sign_request_xml = " + sign_request_xml);
+ log.debug("prepareSignRequestDetached finished."); //$NON-NLS-1$
+ return sign_request_xml;
+ }
+
+ /**
+ * Analyzes the sign response xml and extracts the signature data.
+ *
+ * @param response_properties
+ * The response properties containing the response String and
+ * transport related information.
+ * @return Returns the extracted data encapsulated in a SignatureObject.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException
+ {
+ log.debug("analyzeSignResponse:"); //$NON-NLS-1$
+
+ String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
+
+ String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties);
+ log.debug("BKU identifier: " + (bkuIdentifier != null ? ("\"" + bkuIdentifier + "\"") : "n/a"));
+
+ SignatureLayoutHandler sigLayout;
+ try {
+ sigLayout = SignatureLayoutHandlerFactory.getSignatureLayoutHandlerInstance(bkuIdentifier);
+ } catch (SettingsException e) {
+ throw new ConnectorException(e.getErrorCode(), e.getMessage());
+ }
+
+ BKUHelper.checkResponseForError(response_string);
+
+ SignSignatureObject so = sigLayout.parseCreateXMLSignatureResponse(response_string, this.environment);
+
+ so.response_properties = response_properties;
+
+ log.debug("analyzeSignResponse finished."); //$NON-NLS-1$
+ return so;
+ }
+
+ public static String[] parseSigIds(String sig_ids)
+ {
+ if (sig_ids == null || sig_ids.length() == 0)
+ {
+ return null;
+ }
+
+ // int index = sig_ids.indexOf(PdfAS.IDS);
+ // if (index < 0)
+ // {
+ // return null;
+ // }
+ // sig_ids = sig_ids.substring(index + PdfAS.IDS.length());
+ //
+ // if (sig_ids == null || sig_ids.length() == 0)
+ // {
+ // return null;
+ // }
+
+ String[] ids_str = sig_ids.split("@");
+
+ String etsi_string = null;
+ if (ids_str.length == 3)
+ {
+ etsi_string = ids_str[0];
+ String[] rest_ids = new String[] { ids_str[1], ids_str[2] };
+ ids_str = rest_ids;
+ }
+
+ String base = ids_str[0];
+ String[] ids = ids_str[1].split("-");
+ String[] real_ids = new String[6]; // the last one contains the etsi string
+ real_ids[0] = base + "-" + ids[0];
+ real_ids[1] = "0-" + base + "-" + ids[1];
+ real_ids[2] = "0-" + base + "-" + ids[2];
+ real_ids[3] = "0-" + base + "-" + ids[3];
+ real_ids[4] = "0-" + base + "-" + ids[4];
+ real_ids[5] = etsi_string;
+
+ if (log.isDebugEnabled())
+ {
+ for (int id_idx = 0; id_idx < real_ids.length; id_idx++)
+ {
+ log.debug("real_ids[" + id_idx + "] = " + real_ids[id_idx]);
+ }
+ }
+
+ return real_ids;
+ }
+
+ /**
+ * Sends the request and data to the given URL.
+ *
+ * <p>
+ * This method mainly handles communication exceptions. The actual send work
+ * is done by doPostRequestMultipart.
+ * </p>
+ *
+ * @see BKUPostConnection#doPostRequestMultipart(String, String,
+ * SignatureData)
+ *
+ * @param url
+ * The URL to send the request to.
+ * @param request_string
+ * The request XML.
+ * @param data
+ * The data.
+ * @return Returns the response properties containing among others the
+ * response XML.
+ * @throws ConnectorException
+ * f.e.
+ */
+ protected Properties sendRequest(String url, String request_string,
+ SignatureData data) throws ConnectorException
+ {
+ try
+ {
+ Properties response_properties = BKUPostConnection.doPostRequestMultipart(url, request_string, data);
+ return response_properties;
+ }
+ catch (Exception e)
+ {
+ ConnectorException se = new ConnectorException(320, e);
+ throw se;
+ }
+ }
+
+ /**
+ * Performs a sign.
+ *
+ * @param data
+ * The data to be signed.
+ * @return Returns the signature object containing the signature data.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public SignSignatureObject doSign(SignatureData data) throws ConnectorException
+ {
+ log.debug("doSign:"); //$NON-NLS-1$
+
+ String sign_request_xml = prepareSignRequest(data);
+ log.debug("sign_request_xml = " + sign_request_xml); //$NON-NLS-1$
+
+ String url = this.environment.getSignURL();
+ Properties response_properties = sendRequest(url, sign_request_xml, data);
+
+ SignSignatureObject sso = analyzeSignResponse(response_properties);
+
+ sso.response_properties = response_properties;
+
+ log.debug("doSign finished."); //$NON-NLS-1$
+ return sso;
+ }
+
+ /**
+ * Performs a verification.
+ *
+ * @param data
+ * The data to be verified.
+ * @param so
+ * The signature object with the signature information.
+ * @return Returns the SignatureResponse with the result of the verification.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public SignatureResponse doVerify(SignatureData data, SignSignatureObject so, XMLDsigData dsig) throws ConnectorException
+ {
+ log.debug("doVerify:"); //$NON-NLS-1$
+
+ String verify_request_xml = prepareVerifyRequest(data, so, dsig);
+ log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$
+
+ // TODO debug - remove
+ // try
+ // {
+ // FileOutputStream fos = new
+ // FileOutputStream("C:\\wprinz\\Filer\\egiz2\\verify_request.utf8.xml");
+ // //$NON-NLS-1$
+ // fos.write(verify_request_xml.getBytes("UTF-8")); //$NON-NLS-1$
+ // fos.close();
+ // }
+ // catch (Exception e)
+ // {
+ // log.error(e);
+ // }
+
+ String url = this.environment.getVerifyURL();
+ Properties response_properties = sendRequest(url, verify_request_xml, data);
+
+ SignatureResponse signature_response = analyzeVerifyResponse(response_properties);
+
+ log.debug("doVerify finished."); //$NON-NLS-1$
+ return signature_response;
+ }
+
+ /**
+ * Prepares the verify request xml to be sent using the verify request
+ * template.
+ *
+ * @param data
+ * The SignatureData.
+ * @param so
+ * The signature information object.
+ * @return Returns the verify request xml to be sent.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public String prepareVerifyRequest(SignatureData data, SignSignatureObject so, XMLDsigData dsigData) throws ConnectorException
+ {
+ String verify_request_template = this.environment.getVerifyRequestTemplate();
+
+ String xml_content = null;
+
+ if (dsigData != null && dsigData.getXmlDsig() != null)
+ {
+ xml_content = dsigData.getXmlDsig();
+ }
+ else
+ {
+ xml_content = chooseAndCreateXMLDsig(data, so);
+ }
+
+
+
+ String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getLocRefContent());
+ verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime(), "sl"));
+
+ return verify_request_xml;
+ }
+
+ private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException {
+ // MOA
+ if (SigKZIDHelper.isMOASigned(so))
+ {
+ log.debug("The signature is MOA signed -> getting XML content from DetachedLocRefMOA connector.");
+ DetachedLocRefMOAConnector moa_conn = new DetachedLocRefMOAConnector(this.environment.getProfile(), "loc ref not needed here");
+ return moa_conn.prepareXMLContent(data, so);
+
+ // MOCCA
+ } else if (SigKZIDHelper.isMOCCASigned(so)) {
+ log.debug("MOCCA signature detected.");
+ String algorithmId = SigKZIDHelper.parseAlgorithmId(so.id);
+ log.debug("Algorithm = " + algorithmId);
+ LocRefDetachedMOCCAConnector mocca_connector = new LocRefDetachedMOCCAConnector(this.params, "not needed here", algorithmId);
+ return mocca_connector.prepareXMLContent(data, so);
+
+ // ATRUST
+ } else if (SigKZIDHelper.isATrustSigned(so)) {
+ log.debug("ATrust signature detected");
+ MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params);
+ moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_VERIFY_TEMPLATE_KEY);
+ return moaConn.prepareXMLContent(data, so);
+ }
+ // TD
+ else if (SigKZIDHelper.isBKUSigned(so)) {
+ log.debug("TD signature signature detected.");
+ return prepareXMLContent(data, so);
+ }
+ // unknown
+ else {
+ throw new ConnectorException(ErrorCode.UNSUPPORTED_SIGNATURE, "Unsupported signature (" + so.id + ", " +so.kz + "). Please get a new version of PDF-AS. Your version is: " + PdfAS.PDFAS_VERSION);
+ }
+ }
+
+ /**
+ * Prepares the XML content the holds the actual signature data.
+ *
+ * <p>
+ * This strongly rebuilds the XML content as retuned from a sign request.
+ * </p>
+ *
+ * @param data
+ * The data.
+ * @param so
+ * The signature object containing the signature information.
+ * @return Returns the XML content.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException
+ {
+ log.debug("prepareXMLContent:"); //$NON-NLS-1$
+ try
+ {
+
+ String ids_string = so.getSigID();
+ String[] ids = SignatureObject.parseSigIds(ids_string);
+
+ X509Certificate cert = so.getX509Certificate();
+
+ // dferbas
+ AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
+ String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
+
+ // data digest replace
+ {
+// byte[] data_value = data.getData();
+// byte[] data_value_hash = CodingHelper.buildDigest(data_value);
+ byte[] data_value_hash = CodingHelper.buildDigest(data.getDataSource(), algSuite.getDataDigestMethod());
+ String object_data_hash = CodingHelper.encodeBase64(data_value_hash);
+
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash);
+ }
+
+ // SIG id replaces
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_REF_REPLACE, ids[1]);
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_REF_REPLACE, ids[3]);
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_OBJ_URI_REPLACE, ids[2]);
+
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue());
+
+ // X.509 Certificate replace
+ byte[] der = cert.getEncoded();
+ byte[] cert_hash = CodingHelper.buildDigest(der, algSuite.getCertDigestMethod());
+ String certDigest = CodingHelper.encodeBase64(cert_hash);
+ String x509_cert_string = CodingHelper.encodeBase64(der);
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string);
+
+ // Qualified Properties replaces
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_OBJ_URI_REPLACE, ids[4]);
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]);
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
+ // SigDataRefReplace already done above
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType());
+
+ // Signed Properties hash
+ {
+ final String ETSI_SIGNED_PROPERTIES_START_TAG = "<etsi:SignedProperties"; //$NON-NLS-1$
+ final String ETSI_SIGNED_PROPERTIES_END_TAG = "</etsi:SignedProperties>"; //$NON-NLS-1$
+
+ final int hash_start = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_START_TAG);
+ assert hash_start >= 0;
+ final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length();
+ assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0;
+ assert hash_end > hash_start;
+
+ final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end);
+ log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
+
+ final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
+ byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, algSuite.getPropertiesDigestMethod());
+ String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
+
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash);
+ }
+
+ log.debug("prepareXMLContent finished."); //$NON-NLS-1$
+ return verify_xml;
+ }
+ catch (Exception e)
+ {
+ log.debug(e);
+ throw new ConnectorException(310, e);
+ }
+ }
+
+ /**
+ * Analyzes the verify response string.
+ *
+ * @param response_properties
+ * The response properties containing the response XML.
+ * @return Returns the SignatureResponse containing the verification result.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException
+ {
+ log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$
+
+ String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
+
+ BKUHelper.checkResponseForError(response_string);
+
+ SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string);
+
+ log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$
+ return signature_response;
+ }
+
+ /**
+ * Holds environment configuration information like templates.
+ *
+ * @author wprinz
+ */
+ public static class Environment extends ConnectorEnvironment
+ {
+ /**
+ * The configuration key of the sign keybox identifier.
+ */
+ protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "bku.sign.KeyboxIdentifier"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the sign request template.
+ */
+ protected static final String SIGN_REQUEST_TEMPLATE_KEY = "bku.sign.request.detached"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the sign URL.
+ */
+ protected static final String SIGN_URL_KEY = "bku.sign.url"; //$NON-NLS-1$
+
+ /**
+ * BKU template file prefix
+ */
+ protected static final String TEMPLATE_FILE_PREFIX = "/templates/bku.";
+
+ /**
+ * signing file template sufix
+ */
+ protected static final String SIGN_TEMPLATE_FILE_SUFIX = ".sign.xml";
+
+ /**
+ * verifing template file sufix
+ */
+ protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml";
+
+ /**
+ * verifing file template key sufix
+ */
+ protected static final String VERIFY_TEMPLATE_SUFIX = ".verify.template.xml";
+
+ /**
+ * The configuration key of the verify request template.
+ */
+ protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "bku.verify.request.detached"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the verify template.
+ */
+ protected static final String VERIFY_TEMPLATE_KEY = "bku.verify.template.detached"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the verify URL.
+ */
+ protected static final String VERIFY_URL_KEY = "bku.verify.url"; //$NON-NLS-1$
+
+ /**
+ * The configuration key for the ECDSA cert alg property.
+ */
+ protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$
+
+ /**
+ * The configuration key for the RSA cert alg property.
+ */
+ protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
+
+ protected String profile = null;
+
+ protected String loc_ref_content = null;
+
+ protected String sign_keybox_identifier = null;
+
+ protected String sign_request_template = null;
+
+ protected String sign_url = null;
+
+ protected String verify_request_template = null;
+
+ protected String verify_template = null;
+
+ protected String verify_url = null;
+
+ protected String cert_alg_ecdsa = null;
+
+ protected String cert_alg_rsa = null;
+
+ /**
+ * Initializes the environment with a given profile.
+ *
+ * @param profile
+ * The configuration profile.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public Environment(String profile, String loc_ref_content) throws ConnectorException
+ {
+ this.profile = profile;
+
+ this.loc_ref_content = loc_ref_content;
+
+ SettingsReader settings = null;
+ try
+ {
+ settings = SettingsReader.getInstance();
+ }
+ catch (SettingsException e)
+ {
+ throw new ConnectorException(300, e);
+ }
+
+ this.sign_keybox_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEYBOX_IDENTIFIER_KEY);
+
+ String sign_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + SIGN_TEMPLATE_FILE_SUFIX;
+
+ // try to load template from file
+ //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
+ this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
+
+ // when first load failed (the template file does'nt exist), load it from default template file
+ if(this.sign_request_template == null)
+ {
+ sign_request_filename = getConnectorValueFromProfile(settings, profile, SIGN_REQUEST_TEMPLATE_KEY);
+ //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
+ this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
+ }
+
+ if (this.sign_request_template == null)
+ {
+ throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$
+ }
+
+ this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY);
+
+ // verify
+
+ String verify_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX;
+
+ // try to load template file for verifing
+ //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
+ this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
+
+ if(this.verify_request_template == null)
+ {
+ verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY);
+ //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
+ this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
+ }
+
+ if (this.verify_request_template == null)
+ {
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$
+ }
+
+ // load template key file
+ String verify_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + VERIFY_TEMPLATE_SUFIX;
+ //this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
+ this.verify_template = settings.readInternalResourceAsString(verify_filename);
+
+ if(this.verify_template == null)
+ {
+ verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY);
+ //this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
+ this.verify_template = settings.readInternalResourceAsString(verify_filename);
+ }
+
+ if (this.verify_template == null)
+ {
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template"); //$NON-NLS-1$
+ }
+
+ this.verify_url = getConnectorValueFromProfile(settings, profile, VERIFY_URL_KEY);
+
+ this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY);
+
+ this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY);
+
+ }
+
+ public String getProfile()
+ {
+ return this.profile;
+ }
+
+ /**
+ * Returns the LocRef content.
+ *
+ * @return Returns the LocRef content.
+ */
+ public String getLocRefContent()
+ {
+ return this.loc_ref_content;
+ }
+
+ /**
+ * Returns the sign keybox identifier.
+ *
+ * @return Returns the sign keybox identifier.
+ */
+ public String getSignKeyboxIdentifier()
+ {
+ return this.sign_keybox_identifier;
+ }
+
+ /**
+ * Returns the sign request template.
+ *
+ * @return Returns the sign request template.
+ */
+ public String getSignRequestTemplate()
+ {
+ return this.sign_request_template;
+ }
+
+ /**
+ * Returns the sign URL.
+ *
+ * @return Returns the sign URL.
+ */
+ public String getSignURL()
+ {
+ return this.sign_url;
+ }
+
+ /**
+ * Returns the verify request template.
+ *
+ * @return Returns the verify request template.
+ */
+ public String getVerifyRequestTemplate()
+ {
+ return this.verify_request_template;
+ }
+
+ /**
+ * Returns the verify template.
+ *
+ * @return Returns the verify template.
+ */
+ public String getVerifyTemplate()
+ {
+ return this.verify_template;
+ }
+
+ /**
+ * Returns the verify URL.
+ *
+ * @return Returns the verify URL.
+ */
+ public String getVerifyURL()
+ {
+ return this.verify_url;
+ }
+
+ /**
+ * Returns the ecdsa cert alg property.
+ *
+ * @return Returns the ecdsa cert alg property.
+ */
+ public String getCertAlgEcdsa()
+ {
+ return this.cert_alg_ecdsa;
+ }
+
+ /**
+ * Returns the rsa cert alg property.
+ *
+ * @return Returns the rsa cert alg property.
+ */
+ public String getCertAlgRsa()
+ {
+ return this.cert_alg_rsa;
+ }
+
+ /**
+ * Reads the configuration entry given by the key, first from the given
+ * profile, if not found from the defaults.
+ *
+ * @param settings
+ * The settings.
+ * @param profile
+ * The profile.
+ * @param key
+ * The configuration key.
+ * @return Returns the configuration entry.
+ */
+ public static String getConnectorValueFromProfile(SettingsReader settings,
+ String profile, String key)
+ {
+ String value = settings.getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$
+ if (value == null)
+ {
+ value = settings.getValueFromKey(key);
+ }
+ return value;
+ }
+ }
+
+
+ public XMLDsigData reconstructXMLDsig(SignatureData data, SignSignatureObject so)
+ throws ConnectorException {
+ String xmldsig = chooseAndCreateXMLDsig(data, so);
+ return new XMLDsigData(xmldsig, true);
+ }
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java
new file mode 100644
index 0000000..170cc45
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java
@@ -0,0 +1,666 @@
+/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+
+import java.io.UnsupportedEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteObject;
+import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteUtil;
+import at.gv.egiz.pdfas.api.xmldsig.XMLDsigData;
+import at.gv.egiz.pdfas.exceptions.ErrorCode;
+import at.gv.egiz.pdfas.framework.ConnectorParameters;
+import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
+import at.knowcenter.wag.egov.egiz.sig.SignatureData;
+import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.SignatureResponse;
+import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment;
+import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
+import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces;
+import at.knowcenter.wag.egov.egiz.sig.connectors.moa.EnvelopingBase64MOAConnector;
+import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper;
+import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
+
+/**
+ * @author wprinz
+ *
+ */
+public class EnvelopedBase64BKUConnector implements Connector, LocalConnector
+{
+ //23.11.2010 changed by exthex - added reconstructXMLDsig method and moved xmldsig creation to chooseAndCreateXMLDsig method
+
+ /**
+ * The log.
+ */
+ private static Log log = LogFactory.getLog(EnvelopedBase64BKUConnector.class);
+
+ /**
+ * The environemnt configuration of this connector containing templates and
+ * other configurable elements.
+ */
+ protected Environment environment = null;
+
+ /**
+ * Constructor that builds the configuration environment for this connector
+ * according to the given profile.
+ *
+ * <p>
+ * If confuguration parameters are not defined on that profile, the default
+ * parameters defined in the configuration are used.
+ * </p>
+ *
+ * <p>
+ * This is the new "hotfix" base64 connector.
+ * </p>
+ *
+ * @param profile
+ * The profile from which the Environment should be assembled.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public EnvelopedBase64BKUConnector(String profile) throws ConnectorException
+ {
+ this.environment = new Environment(profile);
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doSign(at.knowcenter.wag.egov.egiz.sig.SignatureData)
+ */
+ public SignSignatureObject doSign(SignatureData data) throws ConnectorException
+ {
+ log.debug("doSign:"); //$NON-NLS-1$
+
+ String sign_request_xml = prepareSignRequest(data);
+// DebugHelper.debugStringToFile(sign_request_xml, "BKU_EnvB64_sign_request.xml"); //$NON-NLS-1$
+
+ String url = this.environment.getSignURL();
+ Properties response_properties = sendRequest(url, sign_request_xml);
+
+// DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "BKU_EnvB64_sign_response.xml"); //$NON-NLS-1$
+ SignSignatureObject sso = analyzeSignResponse(response_properties);
+
+ sso.response_properties = response_properties;
+
+ log.debug("doSign finished."); //$NON-NLS-1$
+ return sso;
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doVerify(at.knowcenter.wag.egov.egiz.sig.SignatureData,
+ * at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject)
+ */
+ public SignatureResponse doVerify(SignatureData data, SignSignatureObject so, XMLDsigData dsig) throws ConnectorException
+ {
+ log.debug("doVerify:"); //$NON-NLS-1$
+
+ String verify_request_xml = prepareVerifyRequest(data, so, dsig);
+// DebugHelper.debugStringToFile(verify_request_xml, "BKU_EnvB64_verify_request.xml"); //$NON-NLS-1$
+
+ String url = this.environment.getVerifyURL();
+ Properties response_properties = sendRequest(url, verify_request_xml);
+
+// DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "BKU_EnvB64_verify_response.xml"); //$NON-NLS-1$
+ SignatureResponse signature_response = analyzeVerifyResponse(response_properties);
+
+ log.debug("doVerify finished."); //$NON-NLS-1$
+ return signature_response;
+ }
+
+// /**
+// * This emthod extracts id-values from a text. The id is given by the name.
+// *
+// * @param text
+// * the id-value that should extract from
+// * @param name
+// * the id-key
+// * @return the value of the given key in the text
+// */
+// private String extractId(String text, String name)
+// {
+// String id = null;
+// int start_idx = text.indexOf(name) + name.length();
+// int end_idx = text.indexOf("\"", start_idx);
+//
+// // TODO hotfix!
+// final int quot_end_idx = end_idx;
+// final int squot_end_idx = text.indexOf("'", start_idx);
+// end_idx = Math.min(quot_end_idx, squot_end_idx);
+// // TODO hotfix end!
+//
+// id = text.substring(start_idx, end_idx);
+// if (log.isDebugEnabled())
+// {
+// log.debug("extract id:" + name + id);
+// }
+// return id;
+// }
+
+ /**
+ * Prepares the XML content the holds the actual signature data.
+ *
+ * <p>
+ * This strongly rebuilds the XML content as retuned from a sign request.
+ * </p>
+ *
+ * @param data
+ * The data.
+ * @param so
+ * The signature object containing the signature information.
+ * @return Returns the XML content.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException
+ {
+ log.debug("prepareXMLContent:"); //$NON-NLS-1$
+ try
+ {
+ String ids_string = so.getSigID();
+ String[] ids = SignatureObject.parseSigIds(ids_string);
+
+ X509Certificate cert = so.getX509Certificate();
+
+ // dferbas
+ AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
+ String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
+
+ // data digest replace
+ byte[] data_value = BKUHelper.prepareEnvelopingData(data);
+ {
+ byte[] data_value_hash = CodingHelper.buildDigest(data_value, algSuite.getDataDigestMethod());
+ String object_data_hash = CodingHelper.encodeBase64(data_value_hash);
+
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash);
+ }
+
+ // SIG id replaces
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_REF_REPLACE, ids[1]);
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_REF_REPLACE, ids[3]);
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_OBJ_URI_REPLACE, ids[2]);
+
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue());
+
+ // X.509 Certificate replace
+ byte[] der = cert.getEncoded();
+ byte[] cert_hash = CodingHelper.buildDigest(der, algSuite.getCertDigestMethod());
+ String certDigest = CodingHelper.encodeBase64(cert_hash);
+ String x509_cert_string = CodingHelper.encodeBase64(der);
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string);
+
+ // Base64 content replace
+ String base64 = CodingHelper.encodeBase64(data_value);
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.BASE64_CONTENT_REPLACE, base64);
+
+ // Qualified Properties replaces
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_OBJ_URI_REPLACE, ids[4]);
+ verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]);
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
+ // SigDataRefReplace already done above
+
+ // Signed Properties hash
+ {
+ String sig_prop_hash = computeSignedPropertiesReplace(verify_xml, algSuite);
+
+ verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash);
+ }
+
+ log.debug("prepareXMLContent finished."); //$NON-NLS-1$
+ return verify_xml;
+ }
+ catch (Exception e)
+ {
+ log.debug(e);
+ throw new ConnectorException(310, e);
+ }
+ }
+
+ protected String computeSignedPropertiesReplace(String verify_xml, AlgorithmSuiteObject algSuite)
+ {
+ try
+ {
+ final String ETSI_SIGNED_PROPERTIES_START_TAG = "<etsi:SignedProperties"; //$NON-NLS-1$
+ final String ETSI_SIGNED_PROPERTIES_END_TAG = "</etsi:SignedProperties>"; //$NON-NLS-1$
+
+ final int hash_start = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_START_TAG);
+ assert hash_start >= 0;
+ final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length();
+ assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0;
+ assert hash_end > hash_start;
+
+ final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end);
+ log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
+
+ final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
+ byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, algSuite.getPropertiesDigestMethod());
+ String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
+
+ return sig_prop_hash;
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException("Very Strange: UTF-8 character encoding not supported.", e);
+ }
+ }
+
+ /**
+ * Prepares the sign request xml to be sent using the sign request template.
+ *
+ * @param data
+ * The SignatureData.
+ * @return Returns the sign request xml to be sent.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public String prepareSignRequest(SignatureData data) throws ConnectorException
+ {
+ log.debug("prepareSignRequest:"); //$NON-NLS-1$
+
+ String sign_request_template = this.environment.getSignRequestTemplate();
+
+ String sign_keybox_identifier = this.environment.getSignKeyboxIdentifier();
+ String base64 = BKUHelper.prepareBase64Content(data);
+
+ String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEYBOX_IDENTIFIER_REPLACE, sign_keybox_identifier);
+ sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.BASE64_CONTENT_REPLACE, base64);
+
+ log.debug("prepareSignRequest finished."); //$NON-NLS-1$
+ return sign_request_xml;
+ }
+
+ /**
+ * Prepares the verify request xml to be sent using the verify request
+ * template.
+ *
+ * @param data
+ * The SignatureData.
+ * @param so
+ * The signature information object.
+ * @return Returns the verify request xml to be sent.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public String prepareVerifyRequest(SignatureData data, SignSignatureObject so, XMLDsigData dsigData) throws ConnectorException
+ {
+ String verify_request_template = this.environment.getVerifyRequestTemplate();
+
+ String xml_content = null;
+ if (dsigData != null && dsigData.getXmlDsig() != null)
+ {
+ xml_content = dsigData.getXmlDsig();
+ }
+ else
+ {
+ xml_content = chooseAndCreateXMLDsig(data, so);
+ }
+
+ String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+
+// log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n");
+
+ return verify_request_xml;
+ }
+
+ private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException {
+ if (SigKZIDHelper.isMOASigned(so))
+ {
+ log.debug("The signature is MOA signed -> getting XML content from Base64MOA connector.");
+ ConnectorParameters cp = new ConnectorParameters();
+ cp.setProfileId(this.environment.getProfile());
+ EnvelopingBase64MOAConnector moa_conn = new EnvelopingBase64MOAConnector(cp);
+ return moa_conn.prepareXMLContent(data, so);
+ }
+ else
+ {
+ return prepareXMLContent(data, so);
+ }
+ }
+
+/**
+ * Sends the request to the given URL.
+ *
+ * @param url
+ * The URL.
+ * @param request_string
+ * The request string.
+ * @return Returns the response string.
+ * @throws ConnectorException
+ * F.e.
+ */
+ protected Properties sendRequest(String url, String request_string) throws ConnectorException
+ {
+ try
+ {
+ Properties response_properties = at.knowcenter.wag.egov.egiz.sig.connectors.BKUPostConnection.doPostRequest(url, request_string);
+ return response_properties;
+ }
+ catch (Exception e)
+ {
+ throw new ConnectorException(320, e);
+ }
+ }
+
+ /**
+ * Analyzes the sign response xml and extracts the signature data.
+ *
+ * @param response_properties
+ * The response properties containing the response String and
+ * transport related information.
+ * @return Returns the extracted data encapsulated in a SignatureObject.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException
+ {
+ log.debug("analyzeSignResponse:"); //$NON-NLS-1$
+
+ String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
+
+ BKUHelper.checkResponseForError(response_string);
+
+ String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties);
+ log.debug("BKU identifier: \"" + bkuIdentifier + "\"");
+
+ SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new HotfixIdFormatter(), this.environment);
+
+ log.debug("analyzeSignResponse finished."); //$NON-NLS-1$
+ return so;
+ }
+
+ /**
+ * Analyzes the verify response string.
+ *
+ * @param response_properties
+ * The response properties containing the response XML.
+ * @return Returns the SignatureResponse containing the verification result.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException
+ {
+ log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$
+
+ String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
+
+ BKUHelper.checkResponseForError(response_string);
+
+ SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string);
+
+ log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$
+ return signature_response;
+ }
+
+ /**
+ * Holds environment configuration information like templates.
+ *
+ * @author wprinz
+ */
+ public static class Environment extends ConnectorEnvironment
+ {
+ /**
+ * The configuration key of the sign keybox identifier.
+ */
+ protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "bku.sign.KeyboxIdentifier"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the sign request template.
+ */
+ protected static final String SIGN_REQUEST_TEMPLATE_KEY = "bku.sign.request.base64"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the sign URL.
+ */
+ protected static final String SIGN_URL_KEY = "bku.sign.url"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the verify request template.
+ */
+ protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "bku.verify.request.base64"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the verify template.
+ */
+ protected static final String VERIFY_TEMPLATE_KEY = "bku.verify.template.base64"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the verify URL.
+ */
+ protected static final String VERIFY_URL_KEY = "bku.verify.url"; //$NON-NLS-1$
+
+ /**
+ * The configuration key for the ECDSA cert alg property.
+ */
+ protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$
+
+ /**
+ * The configuration key for the RSA cert alg property.
+ */
+ protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
+
+ protected String profile = null;
+
+ protected String sign_keybox_identifier = null;
+
+ protected String sign_request_template = null;
+
+ protected String sign_url = null;
+
+ protected String verify_request_template = null;
+
+ protected String verify_template = null;
+
+ protected String verify_url = null;
+
+ protected String cert_alg_ecdsa = null;
+
+ protected String cert_alg_rsa = null;
+
+ /**
+ * Initializes the environment with a given profile.
+ *
+ * @param profile
+ * The configuration profile.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public Environment(String profile) throws ConnectorException
+ {
+ this.profile = profile;
+
+ SettingsReader settings = null;
+ try
+ {
+ settings = SettingsReader.getInstance();
+ }
+ catch (SettingsException e)
+ {
+ throw new ConnectorException(300, e);
+ }
+
+ this.sign_keybox_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEYBOX_IDENTIFIER_KEY);
+
+ String sign_request_filename = getConnectorValueFromProfile(settings, profile, SIGN_REQUEST_TEMPLATE_KEY);
+ //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
+ this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
+ if (this.sign_request_template == null)
+ {
+ throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$
+ }
+
+ this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY);
+
+ String verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY);
+ //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
+ this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
+ log.debug("Verify request template filename = " + verify_request_filename);
+
+ if (this.verify_request_template == null)
+ {
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$
+ }
+
+ log.debug("Verify request template = " + this.verify_request_template);
+
+ String verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY);
+ //this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
+ this.verify_template = settings.readInternalResourceAsString(verify_filename);
+ if (this.verify_template == null)
+ {
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template"); //$NON-NLS-1$
+ }
+
+ this.verify_url = getConnectorValueFromProfile(settings, profile, VERIFY_URL_KEY);
+
+ this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY);
+
+ this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY);
+
+ }
+
+ public String getProfile()
+ {
+ return this.profile;
+ }
+
+ /**
+ * Returns the sign keybox identifier.
+ *
+ * @return Returns the sign keybox identifier.
+ */
+ public String getSignKeyboxIdentifier()
+ {
+ return this.sign_keybox_identifier;
+ }
+
+ /**
+ * Returns the sign request template.
+ *
+ * @return Returns the sign request template.
+ */
+ public String getSignRequestTemplate()
+ {
+ return this.sign_request_template;
+ }
+
+ /**
+ * Returns the sign URL.
+ *
+ * @return Returns the sign URL.
+ */
+ public String getSignURL()
+ {
+ return this.sign_url;
+ }
+
+ /**
+ * Returns the verify request template.
+ *
+ * @return Returns the verify request template.
+ */
+ public String getVerifyRequestTemplate()
+ {
+ return this.verify_request_template;
+ }
+
+ /**
+ * Returns the verify template.
+ *
+ * @return Returns the verify template.
+ */
+ public String getVerifyTemplate()
+ {
+ return this.verify_template;
+ }
+
+ /**
+ * Returns the verify URL.
+ *
+ * @return Returns the verify URL.
+ */
+ public String getVerifyURL()
+ {
+ return this.verify_url;
+ }
+
+ /**
+ * Returns the ecdsa cert alg property.
+ *
+ * @return Returns the ecdsa cert alg property.
+ */
+ public String getCertAlgEcdsa()
+ {
+ return this.cert_alg_ecdsa;
+ }
+
+ /**
+ * Returns the rsa cert alg property.
+ *
+ * @return Returns the rsa cert alg property.
+ */
+ public String getCertAlgRsa()
+ {
+ return this.cert_alg_rsa;
+ }
+
+ /**
+ * Reads the configuration entry given by the key, first from the given
+ * profile, if not found from the defaults.
+ *
+ * @param settings
+ * The settings.
+ * @param profile
+ * The profile.
+ * @param key
+ * The configuration key.
+ * @return Returns the configuration entry.
+ */
+ public static String getConnectorValueFromProfile(SettingsReader settings,
+ String profile, String key)
+ {
+ String value = settings.getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$
+ if (value == null)
+ {
+ value = settings.getValueFromKey(key);
+ }
+ return value;
+ }
+ }
+
+
+ public XMLDsigData reconstructXMLDsig(SignatureData data, SignSignatureObject so)
+ throws ConnectorException {
+ String xmldsig = chooseAndCreateXMLDsig(data, so);
+ return new XMLDsigData(xmldsig, false);
+ }
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/LocRefDetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/LocRefDetachedBKUConnector.java
new file mode 100644
index 0000000..c5e1513
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/LocRefDetachedBKUConnector.java
@@ -0,0 +1,46 @@
+/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+
+import at.gv.egiz.pdfas.framework.ConnectorParameters;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+
+/**
+ * @author wprinz
+ *
+ */
+public class LocRefDetachedBKUConnector extends DetachedBKUConnector
+{
+
+ /**
+ * @param connectorParameters
+ * @param loc_ref_content
+ * @throws ConnectorException
+ */
+ public LocRefDetachedBKUConnector(ConnectorParameters connectorParameters, String loc_ref_content) throws ConnectorException
+ {
+ super(connectorParameters, loc_ref_content);
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/MultipartDetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/MultipartDetachedBKUConnector.java
new file mode 100644
index 0000000..cfaa55d
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/MultipartDetachedBKUConnector.java
@@ -0,0 +1,42 @@
+/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+
+import at.gv.egiz.pdfas.framework.ConnectorParameters;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+
+/**
+ * @author wprinz
+ *
+ */
+public class MultipartDetachedBKUConnector extends DetachedBKUConnector
+{
+ protected static final String MULTIPART_LOC_REF_CONTENT = "formdata:fileupload"; //$NON-NLS-1$
+
+ public MultipartDetachedBKUConnector(ConnectorParameters connectorParameters) throws ConnectorException
+ {
+ super(connectorParameters, MULTIPART_LOC_REF_CONTENT);
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java
new file mode 100644
index 0000000..58bdec6
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java
@@ -0,0 +1,135 @@
+/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+
+import java.io.UnsupportedEncodingException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+
+import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteObject;
+import at.gv.egiz.pdfas.exceptions.ErrorCode;
+import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
+import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
+import at.knowcenter.wag.egov.egiz.tools.FileHelper;
+
+/**
+ *
+ * <p>
+ * This is the old base64 connector. The difference is in the way the sign
+ * response is parsed and the verify content_xml.
+ * </p>
+ *
+ * @author wprinz
+ *
+ */
+public class OldEnvelopingBase64BKUConnector extends EnvelopedBase64BKUConnector
+{
+ /**
+ * The log.
+ */
+ private static Log log = LogFactory.getLog(OldEnvelopingBase64BKUConnector.class);
+
+ // TODO implement signing - with old pre 2.7.2 BKUs... not really necessary
+ // though because this connector is only used for verification
+
+ public OldEnvelopingBase64BKUConnector(String profile) throws ConnectorException
+ {
+ super(profile);
+
+ this.environment = new OverriddenEnvironment(profile);
+ }
+
+
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector#computeSignedPropertiesReplace(java.lang.String)
+ */
+ protected String computeSignedPropertiesReplace(String verify_xml, AlgorithmSuiteObject algSuite)
+ {
+ try
+ {
+ final String ETSI_QUALIFYING_PROPERTIES_START_TAG = "<etsi:QualifyingProperties"; //$NON-NLS-1$
+ final String ETSI_QUALIFYING_PROPERTIES_END_TAG = "</etsi:QualifyingProperties>"; //$NON-NLS-1$
+
+ final int hash_start = verify_xml.indexOf(ETSI_QUALIFYING_PROPERTIES_START_TAG);
+ assert hash_start >= 0;
+ final int hash_end = verify_xml.indexOf(ETSI_QUALIFYING_PROPERTIES_END_TAG, hash_start) + ETSI_QUALIFYING_PROPERTIES_END_TAG.length();
+ assert hash_end - ETSI_QUALIFYING_PROPERTIES_END_TAG.length() >= 0;
+ assert hash_end > hash_start;
+
+ final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end);
+ log.debug("etsi:QualifyingProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
+
+ final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
+ byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, algSuite.getPropertiesDigestMethod());
+ String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
+
+ return sig_prop_hash;
+ }
+ catch (UnsupportedEncodingException e)
+ {
+ throw new RuntimeException("Very Strange: UTF-8 character encoding not supported.", e);
+ }
+ }
+
+
+
+ public static class OverriddenEnvironment extends EnvelopedBase64BKUConnector.Environment
+ {
+
+ /**
+ * The configuration key of the verify template.
+ */
+ protected static final String VERIFY_TEMPLATE_KEY = "bku.verify.template.base64old"; //$NON-NLS-1$
+
+ public OverriddenEnvironment(String profile) throws ConnectorException
+ {
+ super(profile);
+
+ SettingsReader settings = null;
+ try
+ {
+ settings = SettingsReader.getInstance();
+ }
+ catch (SettingsException e)
+ {
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, e);
+ }
+
+ String verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY);
+ //this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
+ this.verify_template = settings.readInternalResourceAsString(verify_filename);
+ if (this.verify_template == null)
+ {
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template"); //$NON-NLS-1$
+ }
+
+ }
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/SignSignatureObject.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/SignSignatureObject.java
new file mode 100644
index 0000000..72f181e
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/SignSignatureObject.java
@@ -0,0 +1,272 @@
+/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+
+import java.io.Serializable;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egiz.pdfas.api.timestamp.TimeStamper;
+import at.knowcenter.wag.egov.egiz.sig.SignatureTypes;
+import at.knowcenter.wag.egov.egiz.sig.signatureobject.AdditionalSignatureInformation;
+import at.knowcenter.wag.egov.egiz.sig.signatureobject.AlgorithmSignatureInformation;
+import at.knowcenter.wag.egov.egiz.sig.signatureobject.ConnectorSignatureInformation;
+import at.knowcenter.wag.egov.egiz.sig.signatureobject.MandatorySignatureInformation;
+
+/**
+ * @author wprinz
+ *
+ */
+public class SignSignatureObject implements Serializable, MandatorySignatureInformation, ConnectorSignatureInformation, AlgorithmSignatureInformation, AdditionalSignatureInformation
+{
+ /**
+ * SVUID.
+ */
+ private static final long serialVersionUID = -2689261480444802213L;
+
+ public String date = null;
+ public String issuer = null;
+ public String signatureValue = null;
+
+ public String id = null;
+ public String kz = null;
+
+ public String sigAlgorithm;
+
+ public String sigTimeStamp;
+
+ /**
+ * This is used to transport the response properties to the Detached signator.
+ */
+ public Properties response_properties = null;
+
+ /**
+ * The X509Certificate.
+ *
+ * <p>
+ * This also provides the serial number and name.
+ * </p>
+ */
+ public X509Certificate x509Certificate = null;
+
+ // dferbas
+ public Map subjectDNMap = new HashMap();
+ public Map issuerDNMap = new HashMap();
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.signatureobject.MandatorySignatureInformation#getDate()
+ */
+ public String getDate()
+ {
+ return this.date;
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.signatureobject.MandatorySignatureInformation#getIssuer()
+ */
+ public String getIssuer()
+ {
+ return this.issuer;
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.signatureobject.MandatorySignatureInformation#getSerialNumber()
+ */
+ public String getSerialNumber()
+ {
+ return this.x509Certificate.getSerialNumber().toString();
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.signatureobject.MandatorySignatureInformation#getSignatureValue()
+ */
+ public String getSignatureValue()
+ {
+ return this.signatureValue;
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.signatureobject.ConnectorSignatureInformation#getSigID()
+ */
+ public String getSigID()
+ {
+ return this.id;
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.signatureobject.AlgorithmSignatureInformation#getSigKZ()
+ */
+ public String getSigKZ()
+ {
+ return this.kz;
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.signatureobject.AdditionalSignatureInformation#getName()
+ */
+ public String getName()
+ {
+ return this.x509Certificate.getSubjectDN().toString();
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.signatureobject.AdditionalSignatureInformation#getX509Certificate()
+ */
+ public X509Certificate getX509Certificate()
+ {
+ return this.x509Certificate;
+ }
+
+ public String getSigAlgorithm() {
+ return this.sigAlgorithm;
+ }
+
+ public String retrieveStringValue(String sigKey)
+ {
+ // mandatory
+ if (sigKey.equals(SignatureTypes.SIG_DATE))
+ {
+ return getDate();
+ }
+ if (sigKey.equals(SignatureTypes.SIG_VALUE))
+ {
+ return getSignatureValue();
+ }
+ if (sigKey.equals(SignatureTypes.SIG_ISSUER))
+ {
+ return getIssuer();
+ }
+ if (sigKey.equals(SignatureTypes.SIG_NUMBER))
+ {
+ return getSerialNumber();
+ }
+
+ // connector
+ if (sigKey.equals(SignatureTypes.SIG_ID))
+ {
+ return getSigID();
+ }
+
+ // algorithm
+ if (sigKey.equals(SignatureTypes.SIG_KZ))
+ {
+ return getSigKZ();
+ }
+
+ // additional
+ if (sigKey.equals(SignatureTypes.SIG_NAME))
+ {
+ return getName();
+ }
+
+ if (sigKey.equals(SignatureTypes.SIG_SUBJECT))
+ {
+ return getName();
+ }
+
+ if (sigKey.equals(SignatureTypes.SIG_ALG)) {
+ return getSigAlgorithm();
+ }
+
+ throw new RuntimeException("The key '" + sigKey + "' is not a recognized SignatorObject member."); //$NON-NLS-1$ //$NON-NLS-2$
+ }
+
+ // dferbas
+
+
+ /**
+ * Get a timestamp if available as b64 string
+ * @see TimeStamper
+ * @return
+ */
+ public String getSigTimeStamp() {
+ return this.sigTimeStamp;
+ }
+
+ public Map getSubjectDNMap() {
+ if (this.subjectDNMap.size() == 0 && this.getX509Certificate() != null) {
+ //rpiazzi workaround
+ //the problem with atrust encoding special characters (Sonderzeichen) wrong
+ //led to this workaround. As special characters are of the form e.g. "&#xxx;"
+ //Example: for "Georg Müller" atrust returns "Georg M&#252;ller"
+ //By calling this.getX509Certificate().getSubjectDN().getName() you get "Georg M&#252\;ller",
+ //After that the down called method fillDNMap replaces the "\" with a "+"
+ //Because of this the workaround in at.gv.egiz.pdfas.impl.signator.binary.BinarySignator_1_0_0.fillReplacesWithValues()
+ //which replaces the wrong codes of atrust with the special chars does not work
+ //------------------------------------------------------------------------------
+ //The workaround here is to call this.getX509Certificate().getSubjectDN.toString()
+ //instead of this.getX509Certificate().getSubjectDN.getName()
+ if (this.getX509Certificate().getSubjectDN().toString().contains(";") ||
+ this.getX509Certificate().getSubjectDN().toString().contains("#") ||
+ this.getX509Certificate().getSubjectDN().toString().contains("&")) {
+ fillDNMap(this.getX509Certificate().getSubjectDN().toString(), this.subjectDNMap);
+ }
+ else {
+ fillDNMap(this.getX509Certificate().getSubjectDN().getName(), this.subjectDNMap);
+ }
+ //end workaround
+ }
+ return this.subjectDNMap;
+ }
+
+ public String certSubjectDNPart(String key) {
+ return (String)this.getSubjectDNMap().get(key);
+ }
+
+ public Map getIssuerDNMap() {
+ if (this.issuerDNMap.size() == 0 && this.getX509Certificate() != null) {
+ fillDNMap(this.getX509Certificate().getIssuerDN().getName(), this.issuerDNMap);
+ }
+ return this.issuerDNMap;
+ }
+
+ public String certIssuerDNPart(String key) {
+ return (String)this.getIssuerDNMap().get(key);
+ }
+
+ private void fillDNMap(String dn, Map dnMap) {
+
+ // split at "," but not at "\,"
+ String[] arr = dn.split("\\s*(?<![\\\\]),\\s*");
+
+ for (int i = 0; i < arr.length; i++) {
+ String[] entry = arr[i].split("\\s*(=)\\s*");
+
+ // resolve escaped values according to RFC2253
+ entry[1] = entry[1].replaceAll("\\\\,", ","); // \, -> ,
+ entry[1] = entry[1].replaceAll("\\\\+", "+"); // \+ -> +
+ entry[1] = entry[1].replaceAll("\\\\\"", "\""); // \" -> "
+ entry[1] = entry[1].replaceAll("\\\\\\\\", "\\"); // \\ -> \
+ entry[1] = entry[1].replaceAll("\\\\<,", "<"); // \< -> <
+ entry[1] = entry[1].replaceAll("\\\\>", ">"); // \> -> >
+ entry[1] = entry[1].replaceAll("\\\\;", ";"); // \; -> ;
+ entry[1] = entry[1].replaceAll("\\\\#", "#"); // \# -> #
+
+ dnMap.put(entry[0], entry[1]);
+ }
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/SignSignatureObjectHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/SignSignatureObjectHelper.java
new file mode 100644
index 0000000..4eb6e39
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/SignSignatureObjectHelper.java
@@ -0,0 +1,76 @@
+/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+//package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
+//
+//import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
+//import at.knowcenter.wag.egov.egiz.sig.SignatureTypes;
+//
+///**
+// * @author wprinz
+// *
+// */
+//public abstract class SignSignatureObjectHelper
+//{
+// public static String retrieveStringValueFromSignatureObject (SignSignatureObject so, String key)
+// {
+// // mandatory
+// if (key.equals(SignatureTypes.SIG_DATE))
+// {
+// return so.getDate();
+// }
+// if (key.equals(SignatureTypes.SIG_VALUE))
+// {
+// return so.getSignatureValue();
+// }
+// if (key.equals(SignatureTypes.SIG_ISSUER))
+// {
+// return so.getIssuer();
+// }
+// if (key.equals(SignatureTypes.SIG_NUMBER))
+// {
+// return so.getSerialNumber();
+// }
+//
+// // connector
+// if (key.equals(SignatureTypes.SIG_ID))
+// {
+// return so.getSigID();
+// }
+//
+// // algorithm
+// if (key.equals(SignatureTypes.SIG_KZ))
+// {
+// return so.getSigKZ();
+// }
+//
+// // additional
+// if (key.equals(SignatureTypes.SIG_NAME))
+// {
+// return so.getName();
+// }
+//
+// throw new RuntimeException("The key '" + key + "' is not a recognized SignatorObject member."); //$NON-NLS-1$ //$NON-NLS-2$
+// }
+//
+//}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-21 08:30:59 +0000