diff options
Diffstat (limited to 'pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig')
14 files changed, 730 insertions, 471 deletions
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java index 9e28213..b5a05ed 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java @@ -77,7 +77,7 @@ import at.knowcenter.wag.egov.egiz.tools.Normalizer; * All values that build or used by the signation creation process, call the
* external services, can read or set separately. All other values are defined
* in the settings file.
- *
+ *
* @author wlackner
* @author modified by <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
*/
@@ -138,7 +138,7 @@ public class SignatureObject implements Serializable public static final String SIG_CER_DIG = "SIG_CER_DIG";
private X509Cert x509Cert_ = null;
-
+
private String timeStamp = null;
// public static final String SIG_RES = "SIG_RES";
@@ -194,7 +194,7 @@ public class SignatureObject implements Serializable /**
* The raw xml response from the connector that was used to set the values in
* this SignatureObject.
- *
+ *
* <p>
* This is set by the Connector so that signing Applications can use the
* returned XML values.
@@ -222,7 +222,7 @@ public class SignatureObject implements Serializable /**
* The empty constructor. It initilize the normlizer, load the settings and
* set the default styles.
- *
+ *
* @throws SignatureException
* ErrorCode:101, 400
*/
@@ -235,7 +235,7 @@ public class SignatureObject implements Serializable /**
* This method initialize the normalizer
- *
+ *
* @throws SignatureException
* ErrorCode:400
*/
@@ -254,7 +254,7 @@ public class SignatureObject implements Serializable /**
* This method load the signature definitions
- *
+ *
* @throws SignatureException
* ErrorCode:101
*/
@@ -296,7 +296,7 @@ public class SignatureObject implements Serializable /**
* Dummy getter Method for debugging only
- *
+ *
* @return response string
*/
public String getSigResponse()
@@ -306,7 +306,7 @@ public class SignatureObject implements Serializable /**
* Dummy setter Method for debugging only
- *
+ *
* @param sigRespone
* store the response string
*/
@@ -317,7 +317,7 @@ public class SignatureObject implements Serializable /**
* This method set the signature type.
- *
+ *
* @param sigType
* the signature type to be set
* @throws SignatureTypesException
@@ -331,7 +331,7 @@ public class SignatureObject implements Serializable /**
* Returns the default signation type
- *
+ *
* @return the key for the default signature definition, if the key is not
* found it returns null
*/
@@ -343,7 +343,7 @@ public class SignatureObject implements Serializable /**
* This method checks if a given signature key is realy a defined signature
* key.
- *
+ *
* @param sigKey
* the key to check
* @return true if the key is correct, false if the given key is not defined
@@ -360,7 +360,7 @@ public class SignatureObject implements Serializable * The value that has to be set would be normalized! <br>
* <b>If the key equals to <code>SIG_VALUE</code> all whitespaces are
* removed! </b> <br>
- *
+ *
* @param key
* the key to be set
* @param value
@@ -371,7 +371,7 @@ public class SignatureObject implements Serializable public boolean setSigValue(String key, String value) {
return setSigValue(key, value, false);
}
-
+
public boolean setSigValue(String key, String value, boolean placeholder)
{
SignatureEntry sig_entry = null;
@@ -416,7 +416,7 @@ public class SignatureObject implements Serializable /**
* Set the value and the caption to given key.
- *
+ *
* @param key
* the key of the signature object
* @param value
@@ -435,14 +435,14 @@ public class SignatureObject implements Serializable * This method returns a value for a given signature key. If the key equals to
* <code>SIG_NORM</code> and the value is <code>null</code> the version
* string of the current normalizer is returned!
- *
+ *
* @param key
* the key to get the value for
* @return a value for the given key
*/
public String getSigValue(String key)
{
-
+
String value = null;
SignatureEntry sigEntry = null;
if (sigEntries_.containsKey(key))
@@ -462,13 +462,13 @@ public class SignatureObject implements Serializable logger_.debug("Using override property for key '" + key + "' = " + value);
}
}
-
+
return value;
}
/**
* Sets the "Kennzeichnung".
- *
+ *
* @param kz
* The "Kennzeichnung" to be set.
*/
@@ -479,7 +479,7 @@ public class SignatureObject implements Serializable /**
* Returns the "Kennzeichnung" of this signature.
- *
+ *
* @return Returns the "Kennzeichnung" of this signature. Returns null if
* there is no "Kennzeichnung" or it is not recognized by this
* application.
@@ -508,14 +508,14 @@ public class SignatureObject implements Serializable * and the coresponding value is <code>null</code> the key itself is
* returned as caption! If the key does not exist the method returns
* <code>null</code>.
- *
+ *
* @param key
* the key to get the caption for
* @return a caption for the given key
*/
private String getSigCaption(String key)
{
-
+
String caption = null;
if (sigEntries_.containsKey(key))
{
@@ -667,15 +667,15 @@ public class SignatureObject implements Serializable if (StringUtils.equals(nameFromText, nameFromCertificate)) {
return nameFromText;
}
-
+
logger_.debug("Checking RFC2253 name.");
-
+
// if we do not have a name from certificate just return the name from text
if (nameFromCertificate == null) {
logger_.debug("No certificate RFC2253 name provided. Applying less sophisticated workaround (does not cover all cases) without certificate usage.");
return prepareRFC2253Name(nameFromText);
}
-
+
// no name from text extraction available, just return name from certificate
if (nameFromText == null) {
logger_.debug("No extracted/reconstructed name available. Just returning the name from certificate: \"" + nameFromCertificate + "\".");
@@ -762,13 +762,13 @@ public class SignatureObject implements Serializable result.append(rdnVP.getValue());
} else {
// no BER encoding -> take value from certificate
- // also take RDN from certificate if possible
+ // also take RDN from certificate if possible
String certValue = values[values.length - 1 - i].getAVA()
.getValueAsString();
String rdn = resolveRDN(nameFromCertificate, certValue, rdnVP.getRdn());
result.append(rdn + "=").append(certValue);
}
-
+
}
String merged = result.toString();
if (logger_.isDebugEnabled()) {
@@ -785,15 +785,15 @@ public class SignatureObject implements Serializable }
return merged;
}
-
+
/**
* This method tries to resolve the RDN corresponding to a given value from the certificate String.
- * As values might occur multiple times for different RDNs, an unambiguous resolving cannot be assured.
+ * As values might occur multiple times for different RDNs, an unambiguous resolving cannot be assured.
* In case of ambiguity, the RDN extracted from text is returned by default.
- *
+ *
* This method is a bug fix for a problem that caused the verification of ZID documents to fail as the RDN
* from the extracted text ("EMAILADDRESS") was different to the RDN in the certificate ("EMAIL")
- *
+ *
* @param certString
* The String obtained from the certificate
* @param value
@@ -804,42 +804,42 @@ public class SignatureObject implements Serializable * The resolved RDN from the certificate, or the RDN from text extraction
*/
private static String resolveRDN(String certString, String value, String extractedRDN) {
-
+
if (!certString.contains(value)) {
-
+
// given value cannot be found in certificate string
return extractedRDN;
}
-
+
if (certString.indexOf(value) != certString.lastIndexOf(value)) {
-
+
// given value is ambiguous - cannot resolve RDN from certificate string
return extractedRDN;
}
-
+
String[] parts = certString.split(",|;");
String val = value.trim();
-
+
for (int i = 0; i < parts.length; i++) {
-
+
String part = parts[i].trim();
-
+
if (part.endsWith(val)) {
-
+
// found entry - extract RDN
- String[] components = part.split("=");
+ String[] components = part.split("=");
if (components.length != 2) {
// unexpected format - return default
- return extractedRDN;
- }
+ return extractedRDN;
+ }
String rdn = components[0].trim();
- return rdn;
- }
- }
+ return rdn;
+ }
+ }
// default
return extractedRDN;
}
-
+
/**
* @return Returns the SignationIssuer.
*/
@@ -920,10 +920,10 @@ public class SignatureObject implements Serializable }
// dferbas baik
-
+
/**
* signature algorithm if embedded
- * @param sigAlg
+ * @param sigAlg
*/
public void setSigAlg(String sigAlg)
{
@@ -937,7 +937,7 @@ public class SignatureObject implements Serializable public String getSigAlg()
{
return getSigValue(SignatureTypes.SIG_ALG);
- }
+ }
/**
* @param certDigest
@@ -1016,7 +1016,7 @@ public class SignatureObject implements Serializable setSigValue(SIG_CER, x509Certificate);
storeCertificate(getSignationSerialNumber(), getSignationIssuer(), x509Certificate);
}
-
+
public void setX509Certificate(X509Certificate cert)
{
try
@@ -1037,7 +1037,7 @@ public class SignatureObject implements Serializable /**
* return the 509v3 certificate of the given serialNumber and the given issuer
* string
- *
+ *
* @param serialNumber
* the serialNumber which the certificates should load
* @param issuer
@@ -1070,7 +1070,7 @@ public class SignatureObject implements Serializable /**
* Set the signation id's build by a BKU signated SignatureObject.
- *
+ *
* @param sigIds
* the string to store.
*/
@@ -1152,7 +1152,7 @@ public class SignatureObject implements Serializable String productVersion = response_properties.getProperty("productVersion");
logger_.debug("productVersion = " + productVersion);
- boolean new_etsi = decideNewEtsiByBKUVersion(productVersion);
+ boolean new_etsi = decideNewEtsiByBKUVersion(productVersion);
logger_.debug("verwende neue etsi properties = " + new_etsi);
String etsi_prefix = "";
@@ -1183,7 +1183,7 @@ public class SignatureObject implements Serializable /**
* Checks if the current SignatureObject is siganted by MOA. It checks if the
* current SignatureObject has a signation id value.
- *
+ *
* @return true if no signation id value is found, false otherwise
*/
public boolean isMOASigned()
@@ -1204,7 +1204,7 @@ public class SignatureObject implements Serializable /**
* Tells if this SignatureObject is textual.
- *
+ *
* @return Returns true, if it is textual.
*/
public boolean isTextual()
@@ -1223,7 +1223,7 @@ public class SignatureObject implements Serializable /**
* Tells, if this SignatureObject is binary.
- *
+ *
* @return Returns true, if it is binary.
*/
public boolean isBinary()
@@ -1237,14 +1237,14 @@ public class SignatureObject implements Serializable {
logger_.error(e.getMessage(), e);
}
-
+
return SigKZIDHelper.isBinary(kz);
}
/**
* Takes the signation id value of the current SignatureObject and split them
* into the corresponding id array added with the id-base.
- *
+ *
* @return the id array
*/
// TODO hotifx
@@ -1328,7 +1328,7 @@ public class SignatureObject implements Serializable real_ids[3] = "0-" + base + "-" + ids[3];
real_ids[4] = "0-" + base + "-" + ids[4];
real_ids[5] = etsi_string;
-
+
if (logger_.isDebugEnabled())
{
for (int id_idx = 0; id_idx < real_ids.length; id_idx++)
@@ -1345,7 +1345,7 @@ public class SignatureObject implements Serializable * for equition. Used to store and find corresponting certificates.
* Normalzing: normalizing the string using the normalizer, remove all white
* spaces, encode as base64 and replace all "/" chars with "_".
- *
+ *
* @param issuer
* the issuer string to normalize
* @return the normalized issuer string
@@ -1357,7 +1357,7 @@ public class SignatureObject implements Serializable {
if (issuer != null)
{
- // use explicit method for normalization
+ // use explicit method for normalization
issuer = normalizeIssuer(issuer);
/* this block may be used to enhance normalization (tknall)
try {
@@ -1375,7 +1375,6 @@ public class SignatureObject implements Serializable }
catch (UnsupportedEncodingException e)
{
- e.printStackTrace();
throw new RuntimeException(e);
}
}
@@ -1443,7 +1442,7 @@ public class SignatureObject implements Serializable }
}
}
-
+
private X509Cert loadCertificateFromCertstore(String serialNumber, String issuer) {
String iss_hash = getIssuerFileHash(issuer);
String cert_store_path = certPath_ + iss_hash;
@@ -1476,10 +1475,10 @@ public class SignatureObject implements Serializable * <li>add the <code>.txt</code> extension to get the meta information of
* the certificate</li>
* </ol>
- *
+ *
* The certificate meta file is build by the base64 coded issuer string and
* the cert digest value devided by the <code>@</code> char.
- *
+ *
* @param serialNumber
* the file name of the certificate .der|.txt
* @param issuer
@@ -1541,7 +1540,7 @@ public class SignatureObject implements Serializable /**
* Writes the certificate data to a file and stores the file in the local
* certificate store.
- *
+ *
* @param cert_data
* The binary certificate data.
*/
@@ -1580,17 +1579,17 @@ public class SignatureObject implements Serializable /**
* Connects to the LDAP server to look for the certificate.
- *
+ *
* @param serialNumber
* The serial number String of the certificate being sought. E.g.
* "123455676744123432".
* @param issuer
* The issuer String of the certificate being sought.
- *
+ *
* @return Returns the DER certificate file as can be stored in the local
* repository. Returns null, if the document wasn't found on the
* server.
- * @throws ClassNotFoundException
+ * @throws ClassNotFoundException
*/
protected byte[] loadCertificateFromLDAP(String serialNumber, String issuer) {
// START modification by TK
@@ -1629,10 +1628,10 @@ public class SignatureObject implements Serializable * <li>add the <code>.txt</code> extension to get the meta information of
* the certificate</li>
* </ol>
- *
+ *
* The certificate meta file is build by the base64 coded issuer string and
* the cert digest value devided by the <code>@</code> char.
- *
+ *
* @param serialNumber
* the file name of the certificate .der|.txt
* @param issuer
@@ -1650,7 +1649,7 @@ public class SignatureObject implements Serializable {
return storeCertificate(serialNumber, issuer, x509Certificate);
}
-
+
/**
* This method stores a X509v3 certificate to the filesystem. The reference to
* the stored certificate is build by the serialNumber and the issuer string.
@@ -1673,10 +1672,10 @@ public class SignatureObject implements Serializable * <li>add the <code>.txt</code> extension to get the meta information of
* the certificate</li>
* </ol>
- *
+ *
* The certificate meta file is build by the base64 coded issuer string and
* the cert digest value devided by the <code>@</code> char.
- *
+ *
* @param serialNumber
* the file name of the certificate .der|.txt
* @param issuer
@@ -1723,7 +1722,7 @@ public class SignatureObject implements Serializable }
return store_complete;
}
-
+
/**
* @return Returns the AbstractTable.
* @see at.knowcenter.wag.egov.egiz.table.Table
@@ -1739,7 +1738,7 @@ public class SignatureObject implements Serializable /**
* This method read the style definitions from the settings file.
- *
+ *
* @param styleKey
* the key to read the style definitions
* @return the defined style informations
@@ -1762,7 +1761,7 @@ public class SignatureObject implements Serializable * This method creates an abstract signature table object. It takes all keys
* and values set by the signature object to create the corresponding abstract
* table object. The table definition is read from the settings file.
- *
+ *
* @param tableKey
* is the name of the table definition in the settings file
* @return a new abstract signature table
@@ -1964,7 +1963,7 @@ public class SignatureObject implements Serializable /**
* This method returns a signature entry object.
- *
+ *
* @param key
* the corresponding key
* @return the signature entry object of the given key, null if the key does
@@ -1977,7 +1976,7 @@ public class SignatureObject implements Serializable /**
* This method is a helper function to remove all white spaces from a text.
- *
+ *
* @param text
* the white spaces should remove from
* @return a text without white spaces
@@ -1993,7 +1992,7 @@ public class SignatureObject implements Serializable }
/**
- *
+ *
* @param placeholder
* @return Returns the list of SignatureFieldDefinitions that's values in the
* SignatureObject have been filled out with placeholders.
@@ -2015,7 +2014,7 @@ public class SignatureObject implements Serializable setValueBruteForce(SignatureTypes.SIG_ID, null);
continue;
}
-
+
if (sfd.field_name.equals(SignatureTypes.SIG_ALG) && !baikEnabled) {
setValueBruteForce(SignatureTypes.SIG_ID, null);
continue;
@@ -2040,7 +2039,7 @@ public class SignatureObject implements Serializable /**
* Returns the raw signature response XML string as set by the signing
* Connector.
- *
+ *
* @return Returns the XML response String.
*/
public String getRawSignatureResponse()
@@ -2050,12 +2049,12 @@ public class SignatureObject implements Serializable /**
* Sets the raw signature response XML string.
- *
+ *
* <p>
* This should be used by the Connector to pass the response String to the
* signer.
* </p>
- *
+ *
* @param raw_response_string
* The new raw signature response string.
*/
@@ -2063,8 +2062,8 @@ public class SignatureObject implements Serializable {
this.raw_signature_response = raw_response_string;
}
-
-
+
+
/**
* get timestamp if available
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureTypes.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureTypes.java index 783512c..a4d71fd 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureTypes.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureTypes.java @@ -26,7 +26,9 @@ package at.knowcenter.wag.egov.egiz.sig;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -45,6 +47,118 @@ import at.knowcenter.wag.exactparser.ByteArrayUtils; public class SignatureTypes
{
+ /**
+ * Defines all supported states for {@link SignatureTypes} (signature profiles). Signature types can be enabled
+ * ("on"), can be set to support signature only ("sign_only"), to verification only ("verify_only") or can be
+ * disabled ("off" or any other value not covered by other enum values).
+ *
+ * @author Datentechnik Innovation GmbH
+ */
+ public enum State {
+
+ /**
+ * Enables a signature profile.
+ */
+ ON ("on", "yes", "true", "enabled"),
+
+ /**
+ * Disables a signature profile.
+ */
+ OFF (),
+
+ /**
+ * Restricts the signature profile so that is can only be used for verification purposes and not for signature.
+ */
+ VERIFY_ONLY ("verify_only", "verify-only", "verifyonly", "verify only", "verify"),
+
+ /**
+ * Allows the signature profile to be used for signature but not for verification.
+ */
+ SIGN_ONLY ("sign_only", "sign-only", "signonly", "sign only", "sign");
+
+ /**
+ * Sets the default state when no valid value was provided.
+ */
+ private static final State DEFAULT = OFF;
+
+ /**
+ * States that allow signatures.
+ */
+ private static final State[] CAN_SIGN = { ON, SIGN_ONLY };
+
+ /**
+ * States that allow verification.
+ */
+ private static final State[] CAN_VERIFY = { ON, VERIFY_ONLY };
+
+ private String[] keyWords;
+
+ private State(String... keyWords) {
+ this.keyWords = keyWords;
+ }
+
+ /**
+ * Returns a valid State from a given {@code keyWord}. If the {@code keyWord} cannot be matched to a certain
+ * state, the default State {@link #OFF} is returned.
+ *
+ * @param keyWord
+ * A valid keyword like "on", "sign_only"...
+ * @return The enum State.
+ */
+ public static State fromString(String keyWord) {
+ if (keyWord == null) {
+ return DEFAULT;
+ }
+ try {
+ return valueOf(keyWord.toUpperCase());
+ } catch (IllegalArgumentException e) {
+ for (State candidate : values()) {
+ for (String candidateKeyWord : candidate.keyWords) {
+ if (keyWord.equalsIgnoreCase(candidateKeyWord)) {
+ return candidate;
+ }
+ }
+ }
+ return DEFAULT;
+ }
+ }
+
+ /**
+ * Returns {@code true} when the current state is one of the given candidate {@code states}.
+ *
+ * @param states
+ * The candidate states.
+ * @return {@code true} when the current state is one of the given candidate states, {@code false} if not.
+ */
+ public boolean in(State... states) {
+ if (states != null) {
+ for (State state : states) {
+ if (this == state) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Returns if the respective state allows signatures.
+ * @return {@code true} if signatures are allowed, {@code false} if not.
+ */
+ public boolean canSign() {
+ return in(CAN_SIGN);
+ }
+
+ /**
+ * Returns if the respective state allows verification.
+ * @return {@code true} if verification is allowed, {@code false} if not.
+ */
+ public boolean canVerify() {
+ return in(CAN_VERIFY);
+ }
+
+ }
+
// 03.11.2010 changed by exthex - commented unneeded setDefaultStyles method to reduce confusion
/**
@@ -70,8 +184,8 @@ public class SignatureTypes /**
* The state value activating an signature definition
*/
- private static final String STATE_ON = "on";
-
+// public static final String STATE_ON = "on";
+
// /**
// * The state value de activating an signature definition
// */
@@ -403,10 +517,12 @@ public class SignatureTypes if (settings_ != null)
{
ArrayList types = settings_.getKeys(TYPES);
- for (int type_idx = 0; type_idx < types.size(); type_idx++)
- {
- String type = (String) types.get(type_idx);
- addSignatureType(type);
+ if (types != null) {
+ for (int type_idx = 0; type_idx < types.size(); type_idx++)
+ {
+ String type = (String) types.get(type_idx);
+ addSignatureType(type);
+ }
}
}
}
@@ -420,8 +536,9 @@ public class SignatureTypes * @param typeName
*/
public void addSignatureType(String typeName) {
-
- if (STATE_ON.equals(settings_.getSetting(TYPES + "." + typeName, null)))
+
+// if (STATE_ON.equals(settings_.getSetting(TYPES + "." + typeName, null)))
+ if (State.fromString(settings_.getSetting(TYPES + "." + typeName, null)) != State.OFF)
{
SignatureTypeDefinition sig_type_def;
try
@@ -446,6 +563,23 @@ public class SignatureTypes return this.typeDefMap_.keySet();
}
+ /**
+ * Returns a set of identifiers for profiles than can be used for signature, i.e. profiles that are either enabled
+ * ("on") or set to "sign_only").
+ *
+ * @return A set of signature profile/type identifiers.
+ */
+ @SuppressWarnings("unchecked")
+ public Set<String> getSignatureTypesForSignature() {
+ Set<String> filteredResult = new HashSet<String>();
+ for (String signatureProfileId : (Set<String>) typeDefMap_.keySet()) {
+ if (State.fromString(settings_.getSetting(TYPES + "." + signatureProfileId, null)).canSign()) {
+ filteredResult.add(signatureProfileId);
+ }
+ }
+ return filteredResult;
+ }
+
/**
* @return a list of signature type definitions
*/
@@ -453,6 +587,23 @@ public class SignatureTypes {
return new ArrayList(this.typeDefMap_.values());
}
+
+ /**
+ * Returns a (filtered) list of signature type definitions useable for verification. Those definitions for profiles
+ * that are not allowed to be used for verification are filtered.
+ *
+ * @return A filtered list of signature type definitions.
+ */
+ @SuppressWarnings("unchecked")
+ public List<SignatureTypeDefinition> getSignatureTypeDefinitionsForVerification() {
+ List<SignatureTypeDefinition> filteredResult = new ArrayList<SignatureTypeDefinition>(typeDefMap_.size());
+ for (String signatureProfileId : (Set<String>) typeDefMap_.keySet()) {
+ if (State.fromString(settings_.getSetting(TYPES + "." + signatureProfileId, null)).canVerify()) {
+ filteredResult.add((SignatureTypeDefinition) typeDefMap_.get(signatureProfileId));
+ }
+ }
+ return filteredResult;
+ }
/**
* This method returns the corresponding signature type definition to a given
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java index 7b4e463..e11a38c 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java @@ -99,7 +99,7 @@ public class X509Cert implements Serializable * statement and remove all whitespaces in the string. The result string
* (base64) is used by reconstructing the certiface sign by the verification
* process.
- *
+ *
* @param certString
* the string to normalize
* @return the normalized cert string
@@ -115,7 +115,7 @@ public class X509Cert implements Serializable /**
* This method initialzes a X509Certificate by a string value. It must be
* coded Base64 or as plain binary stream.
- *
+ *
* @param certString
* the certificate string to analyse
* @return the X509Cert object
@@ -150,7 +150,9 @@ public class X509Cert implements Serializable String serial_num = cert.getSerialNumber().toString();
String issuer = cert.getIssuerDN().getName();
- issuer = issuer.replaceAll(", ", ",");
+ // fixed by dti: commas within issuer rdns are escapted by "\,". These escapted commas must not be replaced.
+// issuer = issuer.replaceAll(", ", ",");
+ issuer = issuer.replaceAll("[^\\\\], ", ",");
String subject_name = cert.getSubjectDN().toString();
x509_cert.setSerialNumber(serial_num);
x509_cert.setIssuerName(issuer);
@@ -174,7 +176,7 @@ public class X509Cert implements Serializable }
return x509_cert;
}
-
+
public static X509Cert initByX509Certificate(X509Certificate cert) throws CertificateEncodingException {
X509Cert x509_cert = new X509Cert();
x509_cert.setX509Cert(cert);
@@ -182,7 +184,9 @@ public class X509Cert implements Serializable String serial_num = cert.getSerialNumber().toString();
String issuer = cert.getIssuerDN().getName();
- issuer = issuer.replaceAll(", ", ",");
+ // fixed by dti: commas within issuer rdns are escapted by "\,". These escapted commas must not be replaced.
+// issuer = issuer.replaceAll(", ", ",");
+ issuer = issuer.replaceAll("[^\\\\], ", ",");
String subject_name = cert.getSubjectDN().toString();
x509_cert.setSerialNumber(serial_num);
x509_cert.setIssuerName(issuer);
@@ -210,7 +214,9 @@ public class X509Cert implements Serializable String serial_num = cert.getSerialNumber().toString();
String issuer = cert.getIssuerDN().getName();
- issuer = issuer.replaceAll(", ", ",");
+ // fixed by dti: commas within issuer rdns are escapted by "\,". These escapted commas must not be replaced.
+// issuer = issuer.replaceAll(", ", ",");
+ issuer = issuer.replaceAll("[^\\\\], ", ",");
String subject_name = cert.getSubjectDN().toString();
x509_cert.setSerialNumber(serial_num);
x509_cert.setIssuerName(issuer);
@@ -226,7 +232,7 @@ public class X509Cert implements Serializable {
// nothing to do, cause certString is not X509 conformc
logger_.error(ce.getMessage(), ce);
-
+
}
catch (IOException ioe)
{
@@ -240,7 +246,7 @@ public class X509Cert implements Serializable /**
* This method initialzes a X509Certificate by a file path value. The file
* must be a plain binary file like .cer format.
- *
+ *
* @param filePath
* the certificate file to analyse
* @return the X509Cert object
@@ -276,7 +282,9 @@ public class X509Cert implements Serializable String serial_num = cert.getSerialNumber().toString();
String issuer = cert.getIssuerDN().getName();
- issuer = issuer.replaceAll(", ", ",");
+ // fixed by dti: commas within issuer rdns are escapted by "\,". These escapted commas must not be replaced.
+// issuer = issuer.replaceAll(", ", ",");
+ issuer = issuer.replaceAll("[^\\\\], ", ",");
String subject_name = cert.getSubjectDN().toString();
x509_cert.setSerialNumber(serial_num);
x509_cert.setIssuerName(issuer);
@@ -300,7 +308,7 @@ public class X509Cert implements Serializable /**
* This method initialzes a X509Certificate by a file value. The file must be
* a plain binary file like .cer format.
- *
+ *
* @param certFile
* the certificate file to analyse
* @return the X509Cert object
@@ -314,7 +322,7 @@ public class X509Cert implements Serializable /**
* This method checks if a certificate file is X509 conform.
- *
+ *
* @return true if a certificate file is X509 conform, false otherwise
*/
public boolean isX509Cert()
@@ -480,7 +488,7 @@ public class X509Cert implements Serializable /**
* This method checks, if a X509Certificate has a public key with the rsa
* algorithm.
- *
+ *
* @return true if the public key is produced with rsa, false otherwise
*/
public boolean isRSA()
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java index c3b6421..e4d78c3 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java @@ -49,9 +49,9 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /**
* Connector for communicating with BKU.
- *
+ *
* @deprecated use the new connectors.
- *
+ *
* @author wlackner
* @author wprinz
*/
@@ -59,7 +59,7 @@ public class BKUConnector implements LocalConnector {
/**
* ConnectorInformation that identifies this Connector to the system.
- *
+ *
* @see at.knowcenter.wag.egov.egiz.sig.ConnectorFactory
* @see ConnectorInformation
*/
@@ -85,7 +85,7 @@ public class BKUConnector implements LocalConnector /**
* load the inital signature settings
- *
+ *
* @see SettingsReader
*/
public void loadSettings() throws SignatureException
@@ -111,7 +111,7 @@ public class BKUConnector implements LocalConnector * SignatureObject is filled out by the parsed BKU-Response. <br>
* If an error request is send back from BKU, an error message is generated an
* an exception is thrown.
- *
+ *
* @param sigType
* the type of the SignatureObject that should be returned
* @param userName
@@ -137,7 +137,7 @@ public class BKUConnector implements LocalConnector * This method generates the BKU verify prozess. It checks if the given
* SignatureObject is signed by MOA or BKU. The verify template string is
* filled out by the corresponding method.
- *
+ *
* @param normalizedText
* the normalized text to verify
* @param sigObject
@@ -163,7 +163,7 @@ public class BKUConnector implements LocalConnector * X509Certificate, CertDigest, DigestValue and the signation id-s. If the
* X509Certificate is extracted it would be stored in the certificates
* directory.
- *
+ *
* @param xmlResponse
* the response string from the BKU sign-request
* @param sigObj
@@ -177,7 +177,7 @@ public class BKUConnector implements LocalConnector private void parseCreateXMLResponse(Properties response_properties, SignatureObject sigObj) throws SignatureException
{
String xmlResponse = response_properties.getProperty("response_string");
-
+
Pattern sig_val_p_s = Pattern.compile("<[\\w]*:?SignatureValue>");
Pattern sig_val_p_e = Pattern.compile("</[\\w]*:?SignatureValue>");
Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>");
@@ -280,7 +280,7 @@ public class BKUConnector implements LocalConnector ids[2] = extractId(xmlResponse, "signed-data-object-");
ids[3] = extractId(xmlResponse, "etsi-data-reference-");
ids[4] = extractId(xmlResponse, "etsi-data-object-");
-
+
//TODO hotfix - already deprecated
String final_ids =SignatureObject.formatSigIds(response_properties, ids);
//sigObj.setSignationIDs(ids);
@@ -289,7 +289,7 @@ public class BKUConnector implements LocalConnector /**
* This emthod extracts id-values from a text. The id is given by the name.
- *
+ *
* @param text
* the id-value that should extract from
* @param name
@@ -301,13 +301,13 @@ public class BKUConnector implements LocalConnector String id = null;
int start_idx = text.indexOf(name) + name.length();
int end_idx = text.indexOf("\"", start_idx);
-
+
// TODO hotfix! - already deprecated
- final int quot_end_idx = end_idx;
+ final int quot_end_idx = end_idx;
final int squot_end_idx = text.indexOf("'", start_idx);
end_idx = Math.min(quot_end_idx, squot_end_idx);
// TODO hotfix end! - already deprecated
-
+
id = text.substring(start_idx, end_idx);
if (logger_.isDebugEnabled())
{
@@ -319,7 +319,7 @@ public class BKUConnector implements LocalConnector /**
* This method reads the verify template from the file system and fills out
* the template with the SignatureObject values.
- *
+ *
* @param normalizedText
* the normalized text to veryfied
* @param sigObject
@@ -362,7 +362,7 @@ public class BKUConnector implements LocalConnector verify_template = getConnectorValueFromProfile(sigObject.getSignationType(), "bku.verify.template2"); //"./templates/BKUVerifyTemplateB64_neueBKU.xml";
sig_prop_filename = getConnectorValueFromProfile(sigObject.getSignationType(), "bku.verify.template2.SP"); //"./templates/BKUVerifyTemplateSP_neueBKU.xml";
}
-
+
//String ver_temp_str = FileHelper.readFromFile(SettingsReader.relocateFile(verify_template));
String ver_temp_str = this.settings_.readInternalResourceAsString(verify_template);
@@ -388,13 +388,18 @@ public class BKUConnector implements LocalConnector }
sig_prop_str = sig_prop_str.replaceFirst("SigningTimeReplace", sigObject.getSignationDate());
-
+
String issuer_name = sigObject.getSignationIssuer();
// The issuer is already unicode, so it mustn't be encoded again.
//byte[] issuer_name = CodingHelper.encodeUTF8(sigObject.getSignationIssuer());
// new String(issuer_name); // this would double encode the String, not to mention the missing encoding
- sig_prop_str = sig_prop_str.replaceFirst("X509IssuerNameReplace", issuer_name);
-
+
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// sig_prop_str = sig_prop_str.replaceFirst("X509IssuerNameReplace", issuer_name);
+ sig_prop_str = sig_prop_str.replace("X509IssuerNameReplace", issuer_name);
+
sig_prop_str = sig_prop_str.replaceFirst("X509SerialNumberReplace", sigObject.getSignationSerialNumber());
sig_prop_str = sig_prop_str.replaceFirst("DigestValueX509CertificateReplace", sigObject.getX509CertificateDigest());
sig_prop_str = sig_prop_str.replaceFirst("SigIdReplace", ids[0]);
@@ -403,30 +408,30 @@ public class BKUConnector implements LocalConnector ver_temp_str = ver_temp_str.replaceFirst("CertAlgReplace", cert_alg);
ver_temp_str = ver_temp_str.replaceFirst("TemplateQualifyingPropertiesReplace", sig_prop_str);
byte[] sig_prop_code = CodingHelper.buildDigest(sig_prop_str.getBytes("UTF-8"), "sha1");
-
+
// TODO hotfix - already deprecated
if (neue_bku)
{
final String ETSI_SIGNED_PROPERTIES_START_TAG = "<etsi:SignedProperties"; // xml name spaces follow, so this is not a complete tag...
final String ETSI_SIGNED_PROPERTIES_END_TAG = "</etsi:SignedProperties>";
-
+
final int hash_start = sig_prop_str.indexOf(ETSI_SIGNED_PROPERTIES_START_TAG);
assert hash_start >= 0;
final int hash_end = sig_prop_str.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length();
assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0;
assert hash_end > hash_start;
-
+
final String string_to_be_hashed = sig_prop_str.substring(hash_start, hash_end);
logger_.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed);
-
+
logger_.debug("\n--------------------- ETSI properties string to be hashed: start ---------------------");
logger_.debug(string_to_be_hashed);
logger_.debug("\n--------------------- ETSI properties string to be hashed: stop ---------------------");
-
+
final byte [] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8");
sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, "sha1");
}
-
+
String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
ver_temp_str = ver_temp_str.replaceFirst("DigestValueSignedPropertiesReplace", sig_prop_hash);
if (logger_.isDebugEnabled())
@@ -453,7 +458,7 @@ public class BKUConnector implements LocalConnector //String raw_b64 = CodingHelper.encodeUTF8AsBase64(normalizedText);
String raw_b64 = CodingHelper.encodeBase64(data_value);
-
+
ver_temp_str = ver_temp_str.replaceFirst("Base64ContentReplace", raw_b64);
ver_temp_str = ver_temp_str.replaceFirst("DigestValueSignedDataReplace", object_data_hash);
@@ -479,7 +484,7 @@ public class BKUConnector implements LocalConnector * This method parses the verify response string and return a
* SignatureResponse object. The SignatureResponse object is filled out by the
* response values from the BKU-response.
- *
+ *
* @param xmlResponse
* the response values from the BKU-verify request
* @return SignatureResponse object
@@ -621,8 +626,8 @@ public class BKUConnector implements LocalConnector return sig_res;
}
-
-
+
+
public String prepareSignRequest(String userName, String signText,
String signType) throws SignatureException
@@ -636,7 +641,7 @@ public class BKUConnector implements LocalConnector //String sign_req_str = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
String sign_req_str = this.settings_.readInternalResourceAsString(sign_request_filename);
- //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
+ //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
if (logger_.isDebugEnabled())
{
//logger_.debug(sign_request_filename + "_signText.xml :" + signText);
@@ -660,7 +665,7 @@ public class BKUConnector implements LocalConnector SignatureObject sigObject) throws SignatureException
{
String verify_request = getVerifyRequestTemplateFileName(sigObject.getSignationType());
-
+
//String verify_req_str = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request));
String verify_req_str = this.settings_.readInternalResourceAsString(verify_request);
@@ -681,7 +686,11 @@ public class BKUConnector implements LocalConnector // get the BKU-template
verify_template_str = getVerifyTemplate(normalizedText, sigObject);
}
- verify_req_str = verify_req_str.replaceFirst("XMLContentReplace", verify_template_str);
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// verify_req_str = verify_req_str.replaceFirst("XMLContentReplace", verify_template_str);
+ verify_req_str = verify_req_str.replace("XMLContentReplace", verify_template_str);
if (logger_.isDebugEnabled())
{
logger_.debug("verify_req_str.xml : " + verify_req_str);
@@ -692,7 +701,7 @@ public class BKUConnector implements LocalConnector /**
* Sends the request to the given URL.
- *
+ *
* @param url
* The URL.
* @param request_string
@@ -722,7 +731,7 @@ public class BKUConnector implements LocalConnector // TODO hotfix - already deprecated
String response_string = response_properties.getProperty("response_string");
-
+
SignatureObject sig_obj = new SignatureObject();
sig_obj.setRawSignatureResponse(response_string);
try
@@ -783,7 +792,7 @@ public class BKUConnector implements LocalConnector public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws SignatureException
{
String response_string = response_properties.getProperty("response_string");
-
+
if (!response_string.equals(""))
{
Pattern erc_p_s = Pattern.compile("<[\\w]*:?ErrorCode>");
@@ -880,13 +889,13 @@ public class BKUConnector implements LocalConnector /**
* Returns the type of this BKU-like connector.
- *
+ *
* <p>
* All settings keys will be prefixed by this type. So to reuse the BKU
* connector, a deriving class has to implement this method specifying an own
* type.
* </p>
- *
+ *
* @return Returns the type of this BKU-like connector.
*/
protected String getType()
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java index ef355a0..d413a29 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java @@ -63,7 +63,7 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /**
* Connector to access the MOA service.
- *
+ *
* @deprecated
* @author wlackner
* @author wprinz
@@ -72,7 +72,7 @@ public class MOAConnector implements Connector {
/**
* ConnectorInformation that identifies this Connector to the system.
- *
+ *
* @see at.knowcenter.wag.egov.egiz.sig.ConnectorFactory
* @see ConnectorInformation
*/
@@ -80,7 +80,7 @@ public class MOAConnector implements Connector /**
* The class type value.
- *
+ *
* <p>
* Just for convenience.
* </p>
@@ -122,7 +122,7 @@ public class MOAConnector implements Connector /**
* load the inital signature settings
- *
+ *
* @see SettingsReader
*/
private void loadSettings() throws SignatureException
@@ -148,7 +148,7 @@ public class MOAConnector implements Connector * SignatureObject is filled out by the parsed MOA-Response. <br>
* If an error request is send back from MOA, an error message is generated an
* an exception is thrown.
- *
+ *
* @param sigType
* the type of the SignatureObject that should be returned
* @param userName
@@ -282,7 +282,7 @@ public class MOAConnector implements Connector * SignatureValue, X509IssuerName, SigningTime, X509SerialNumber,
* X509Certificate, CertDigest and DigestValues. If the X509Certificate is
* extracted it would be stored in the certificates directory.
- *
+ *
* @param xmlResponse
* the response string from the MOA sign-request
* @param sigObj
@@ -393,7 +393,7 @@ public class MOAConnector implements Connector /**
* This method reads the verify template from the file system and fills out
* the template with the SignatureObject values.
- *
+ *
* @param normalizedText
* the normalized text to veryfied
* @param sigObject
@@ -453,12 +453,18 @@ public class MOAConnector implements Connector // byte[] issuer_name =
// CodingHelper.encodeUTF8(sigObject.getSignationIssuer());
// new String(issuer_name)
- sig_prop_str = sig_prop_str.replaceFirst("X509IssuerNameReplace", sigObject.getSignationIssuer());
+
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// sig_prop_str = sig_prop_str.replaceFirst("X509IssuerNameReplace", sigObject.getSignationIssuer());
+ sig_prop_str = sig_prop_str.replace("X509IssuerNameReplace", sigObject.getSignationIssuer());
sig_prop_str = sig_prop_str.replaceFirst("X509SerialNumberReplace", sigObject.getSignationSerialNumber());
sig_prop_str = sig_prop_str.replaceFirst("DigestValueX509CertificateReplace", sigObject.getX509CertificateDigest());
verify_req_str = verify_req_str.replaceFirst("CertAlgReplace", cert_alg);
- verify_req_str = verify_req_str.replaceFirst("TemplateSignedPropertiesReplace", sig_prop_str);
+// verify_req_str = verify_req_str.replaceFirst("TemplateSignedPropertiesReplace", sig_prop_str);
+ verify_req_str = verify_req_str.replace("TemplateSignedPropertiesReplace", sig_prop_str);
byte[] sig_prop_code = CodingHelper.buildDigest(sig_prop_str.getBytes("UTF-8"), "sha1"); // added
// the
// ("UTF-8")
@@ -509,7 +515,7 @@ public class MOAConnector implements Connector * This method generates the MOA verify prozess. It checks if the given
* SignatureObject is signed by MOA or BKU. The verify template string is
* filled out by the corresponding method.
- *
+ *
* @param normalizedText
* the normalized text to verify
* @param sigObject
@@ -548,7 +554,12 @@ public class MOAConnector implements Connector BKUConnector bku_conn = new BKUConnector();
verify_template_str = bku_conn.getVerifyTemplate(normalizedText, sigObject);
}
- verify_req_str = verify_req_str.replaceFirst("XMLContentReplace", verify_template_str);
+
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// verify_req_str = verify_req_str.replaceFirst("XMLContentReplace", verify_template_str);
+ verify_req_str = verify_req_str.replace("XMLContentReplace", verify_template_str);
verify_req_str = verify_req_str.replaceFirst("TrustProfileIDReplace", trust_profile);
if (logger_.isDebugEnabled())
@@ -564,10 +575,6 @@ public class MOAConnector implements Connector }
catch (WebException we)
{
- if (logger_.isDebugEnabled())
- {
- we.printStackTrace();
- }
SignatureException se = new SignatureException(we.getErrorCode(), we);
throw se;
}
@@ -616,7 +623,7 @@ public class MOAConnector implements Connector * This method parses the verify response string and return a
* SignatureResponse object. The SignatureResponse object is filled out by the
* response values from the BKU-response.
- *
+ *
* @param xmlResponse
* the response values from the MOA-verify request
* @return SignatureResponse object
@@ -639,7 +646,7 @@ public class MOAConnector implements Connector Pattern cert_qualified_p = Pattern.compile("<QualifiedCertificate/>");
Matcher cert_qualified_m = cert_qualified_p.matcher(xmlResponse);
// [tknall] stop qualified certificate
-
+
Pattern sig_chk_p_s = Pattern.compile("<SignatureCheck>");
Pattern sig_chk_p_e = Pattern.compile("</SignatureCheck>");
Pattern man_chk_p_s = Pattern.compile("<SignatureManifestCheck>");
@@ -671,11 +678,11 @@ public class MOAConnector implements Connector Matcher cert_m_e = cert_p_e.matcher(xmlResponse);
SignatureResponse sig_res = new SignatureResponse();
-
+
// [tknall] start qualified certificate
sig_res.setQualifiedCertificate(cert_qualified_m.find());
// [tknall] stop qualified certificate
-
+
// public authority
Pattern publicAuthority_p = Pattern.compile("<PublicAuthority/>");
Matcher publicAuthority_m = publicAuthority_p.matcher(xmlResponse);
@@ -821,7 +828,7 @@ public class MOAConnector implements Connector * SOAP Message send and recieve by the AXIS module. The Response SOAP message
* of the MOA server is parsed by AXIS and the message envelope is send back
* to the calling method.
- *
+ *
* @param requestString
* the request string (XML) to send.
* @param serviceMode
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java index ee250ff..908ed57 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java @@ -60,14 +60,14 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /**
* Contains static helper methods used by the BKU Connectors.
- *
+ *
* @author wprinz
*/
public final class BKUHelper
{
private static final Pattern ALLOWED_SL_RESPONSE_PATTERN = Pattern.compile("^.*<[\\w]*:?(CreateXMLSignatureResponse|VerifyXMLSignatureResponse)[^>]*>(.*)</[\\w]*:?(CreateXMLSignatureResponse|VerifyXMLSignatureResponse)>.*$", Pattern.DOTALL);
-
+
/**
* The log.
*/
@@ -75,21 +75,21 @@ public final class BKUHelper /**
* Encodes the given SignatureData to a valid Base64Content.
- *
+ *
* <p>
* The data is Base64 encoded. If the mime-type suggests that the data is
* binary, it is Base64 encoded for a second time.
* </p>
- *
+ *
* @param data
* The data to be converted to a valid Base64 content.
* @return Returns the Base64 content.
*/
public static String prepareBase64Content(SignatureData data)
{
- // PERF: base64 encoding needs byte array
+ // PERF: base64 encoding needs byte array
byte [] d = DataSourceHelper.convertDataSourceToByteArray(data.getDataSource());
-
+
String base64 = CodingHelper.encodeBase64(d);
if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$
{
@@ -105,7 +105,7 @@ public final class BKUHelper * <p>
* This is useful for building the hash.
* </p>
- *
+ *
* @param data
* The data to be prepared.
* @return Returns the prepared data.
@@ -114,7 +114,7 @@ public final class BKUHelper {
// PERF: prepareEnvelopingData needs byte array
byte[] enc = DataSourceHelper.convertDataSourceToByteArray(data.getDataSource());
-
+
if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$
{
log.debug("The data is application/pdf - so the binary data is Base64 encoded."); //$NON-NLS-1$
@@ -125,7 +125,6 @@ public final class BKUHelper }
catch (UnsupportedEncodingException e)
{
- e.printStackTrace();
throw new RuntimeException("Very Strange: US-ASCII encoding not supported???", e); //$NON-NLS-1$
}
}
@@ -135,7 +134,7 @@ public final class BKUHelper /**
* Checks the response xml for an error description and if found throws an
* appropriate exception.
- *
+ *
* @param response_string
* The response xml.
* @throws ConnectorException
@@ -169,29 +168,29 @@ public final class BKUHelper throw new ExternalErrorException(error_code, error_mess);
}
log.debug("No error found. Assuring that CreateXMLSignatureResponse or VerifyXMLSignatureResponse elements are available.");
-
+
// assure that a CreateXMLSignatureResponse or a VerifyXMLSignatureResponse is available
Matcher slMatcher = ALLOWED_SL_RESPONSE_PATTERN.matcher(response_string);
if (!slMatcher.matches()) {
throw new ConnectorException(ErrorCode.UNABLE_TO_RECEIVE_SUITABLE_RESPONSE, "No suitable response received: " + response_string);
}
-
+
}
/**
* This method parses the BKU-Response string.
- *
+ *
* <p>
* It separates the SignatureValue, X509IssuerName, SigningTime,
* X509SerialNumber, X509Certificate, CertDigest, DigestValue and the
* signation id-s. If the X509Certificate is extracted it would be stored in
* the certificates directory.
* </p>
- *
+ *
* @param xmlResponse
* The response string.
* @return Returns the parsed signature object holding the data.
- *
+ *
* @throws ConnectorException
* ErrorCode (303, 304)
* @see SignatureObject
@@ -355,7 +354,7 @@ public final class BKUHelper ids[2] = extractId(xmlResponse, "signed-data-object-"); //$NON-NLS-1$
ids[3] = extractId(xmlResponse, "etsi-data-reference-"); //$NON-NLS-1$
ids[4] = extractId(xmlResponse, "etsi-data-object-"); //$NON-NLS-1$
-
+
String algs = AlgorithmSuiteUtil.extractAlgorithmSuiteString(xmlResponse);
SignSignatureObject so = new SignSignatureObject();
@@ -363,26 +362,26 @@ public final class BKUHelper so.issuer = iss_nam;
so.signatureValue = sig_val;
so.x509Certificate = cert;
-
+
AlgorithmSuiteObject suite = new AlgorithmSuiteObject(algs, false);
so.sigAlgorithm = AlgorithmMapper.getUri(suite.getSignatureMethod());
-
+
String defaultCertAlg = environment.getDefaultAlgForCert(cert);
if (AlgorithmSuiteUtil.isDefaultCertAlg(algs, defaultCertAlg)) {
// do not embed default alg
algs = null;
- }
+ }
String final_ids = id_formatter.formatIds(ids, algs);
so.id = final_ids;
-
+
return so;
}
/**
* Removes all whitespaces ("\\s") from the String.
- *
+ *
* @param str
* The String.
* @return The String with all whitespaces removed.
@@ -394,7 +393,7 @@ public final class BKUHelper /**
* This emthod extracts id-values from a text. The id is given by the name.
- *
+ *
* @param text
* the id-value that should extract from
* @param name
@@ -411,7 +410,7 @@ public final class BKUHelper return "";
}
// stop
-
+
int start_idx = startOfName + name.length();
int end_idx = text.indexOf("\"", start_idx); //$NON-NLS-1$
@@ -430,7 +429,7 @@ public final class BKUHelper * This method parses the verify response string and return a
* SignatureResponse object. The SignatureResponse object is filled out by the
* response values from the BKU-response.
- *
+ *
* @param xmlResponse
* the response values from the BKU-verify request
* @return SignatureResponse object
@@ -521,14 +520,14 @@ public final class BKUHelper if (hash_data_m_s.find() && hash_data_m_e.find())
{
String hashInputData = xmlResponse.substring(hash_data_m_s.end(), hash_data_m_e.start());
-
+
Pattern b64_p_s = Pattern.compile("<Base64Content>"); //$NON-NLS-1$
Pattern b64_p_e = Pattern.compile("</Base64Content>"); //$NON-NLS-1$
Matcher b64_m_s = b64_p_s.matcher(hashInputData);
Matcher b64_m_e = b64_p_e.matcher(hashInputData);
boolean hashInputDataFound = b64_m_s.find() && b64_m_e.find();
-
+
String b64 = hashInputDataFound ? hashInputData.substring(b64_m_s.end(), b64_m_e.start()) : "";
sig_res.setHashInputData(b64);
@@ -623,7 +622,7 @@ public final class BKUHelper public static String formDateTimeElement(Date verificationTime, String namespace)
{
String nsPrefix = StringUtils.isBlank(namespace) ? "" : (namespace + ":");
-
+
String dateTimeElement = "";
if (verificationTime != null)
{
@@ -633,25 +632,25 @@ public final class BKUHelper df.setTimeZone(TimeZone.getTimeZone("UTC"));
String dateTime = df.format(verificationTime) + "Z";
log.debug("DateTime (VerificationTime in UTC) = " + dateTime);
-
+
dateTimeElement = "<" + nsPrefix + "DateTime>" + dateTime + "</" + nsPrefix + "DateTime>";
};
return dateTimeElement;
}
-
+
public static String getBKUIdentifier(Properties parsedResponseProperties) {
-
+
// http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser
String bkuServerHeader = parsedResponseProperties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY);
// http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl
String bkuUserAgentHeader = parsedResponseProperties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY);
-
+
String bkuSignatureLayout = parsedResponseProperties.getProperty(BKUPostConnection.BKU_SIGNATURE_LAYOUT_HEADER_KEY);
-
+
return getBKUIdentifier(bkuServerHeader, bkuUserAgentHeader, bkuSignatureLayout);
}
-
+
public static String getBKUIdentifier(String bkuServerHeader, String bkuUserAgentHeader, String bkuSignatureLayout) {
log.debug("BKU response header \"user-agent\": " + bkuUserAgentHeader);
@@ -659,7 +658,7 @@ public final class BKUHelper log.trace("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\": " + bkuSignatureLayout);
String result = null;
-
+
if (bkuServerHeader != null) {
result = bkuServerHeader;
} else if (bkuUserAgentHeader != null) {
@@ -667,7 +666,7 @@ public final class BKUHelper } else {
log.warn("Unable to find any BKU identifier (neither header value \"user-agent\" nor \"server\".)");
}
-
+
if (bkuSignatureLayout != null && result != null) {
log.debug("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\" found.");
String signatureLayoutData = " " + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "/" + bkuSignatureLayout;
@@ -678,18 +677,18 @@ public final class BKUHelper log.debug("Signature layout already encoded in server/user-agent header.");
}
}
-
+
if (result != null) {
log.debug("Returning BKU identifier \"" + result + "\"");
} else {
log.debug("Returning null BKU identifier.");
}
-
+
return result;
}
public static String getBKUIdentifier(LocalBKUParams bkuParams) {
return getBKUIdentifier(bkuParams.getServer(), bkuParams.getUserAgent(), bkuParams.getSignatureLayout());
}
-
+
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java index a8de41e..6926d2b 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java @@ -55,11 +55,11 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /**
* Connects to the BKU using the detached multipart/formdata requests.
- *
+ *
* <p>
* This feature is available since BKU version 2.7.4.
* </p>
- *
+ *
* @author wprinz
*/
public class DetachedBKUConnector implements Connector, LocalConnector
@@ -85,12 +85,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Constructor that builds the configuration environment for this connector
* according to the given profile.
- *
+ *
* <p>
* If confuguration parameters are not defined on that profile, the default
* parameters defined in the configuration are used.
* </p>
- *
+ *
* @param connectorParameters
* The connectot parameters.
* @throws ConnectorException
@@ -101,10 +101,10 @@ public class DetachedBKUConnector implements Connector, LocalConnector this.params = connectorParameters;
this.environment = new Environment(this.params.getProfileId(), loc_ref_content);
}
-
+
/**
* Prepares the sign request xml to be sent using the sign request template.
- *
+ *
* @param data
* The SignatureData.
* @return Returns the sign request xml to be sent.
@@ -120,7 +120,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector String sign_keybox_identifier = this.environment.getSignKeyboxIdentifier();
String mime_type = data.getMimeType();
String loc_ref_content = this.environment.getLocRefContent();
-
+
if (log.isDebugEnabled())
{
log.debug("sign keybox identifier = " + sign_keybox_identifier); //$NON-NLS-1$
@@ -139,7 +139,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Analyzes the sign response xml and extracts the signature data.
- *
+ *
* @param response_properties
* The response properties containing the response String and
* transport related information.
@@ -155,14 +155,14 @@ public class DetachedBKUConnector implements Connector, LocalConnector String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties);
log.debug("BKU identifier: " + (bkuIdentifier != null ? ("\"" + bkuIdentifier + "\"") : "n/a"));
-
+
SignatureLayoutHandler sigLayout;
try {
sigLayout = SignatureLayoutHandlerFactory.getSignatureLayoutHandlerInstance(bkuIdentifier);
} catch (SettingsException e) {
throw new ConnectorException(e.getErrorCode(), e.getMessage());
}
-
+
BKUHelper.checkResponseForError(response_string);
SignSignatureObject so = sigLayout.parseCreateXMLSignatureResponse(response_string, this.environment);
@@ -225,15 +225,15 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Sends the request and data to the given URL.
- *
+ *
* <p>
* This method mainly handles communication exceptions. The actual send work
* is done by doPostRequestMultipart.
* </p>
- *
+ *
* @see BKUPostConnection#doPostRequestMultipart(String, String,
* SignatureData)
- *
+ *
* @param url
* The URL to send the request to.
* @param request_string
@@ -262,7 +262,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Performs a sign.
- *
+ *
* @param data
* The data to be signed.
* @return Returns the signature object containing the signature data.
@@ -289,7 +289,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Performs a verification.
- *
+ *
* @param data
* The data to be verified.
* @param so
@@ -331,7 +331,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Prepares the verify request xml to be sent using the verify request
* template.
- *
+ *
* @param data
* The SignatureData.
* @param so
@@ -345,7 +345,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector String verify_request_template = this.environment.getVerifyRequestTemplate();
String xml_content = null;
-
+
if (dsigData != null && dsigData.getXmlDsig() != null)
{
xml_content = dsigData.getXmlDsig();
@@ -355,16 +355,18 @@ public class DetachedBKUConnector implements Connector, LocalConnector xml_content = chooseAndCreateXMLDsig(data, so);
}
-
-
- String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getLocRefContent());
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime(), "sl"));
return verify_request_xml;
}
-
- private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException {
+
+ private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException {
// MOA
if (SigKZIDHelper.isMOASigned(so))
{
@@ -379,7 +381,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector log.debug("Algorithm = " + algorithmId);
LocRefDetachedMOCCAConnector mocca_connector = new LocRefDetachedMOCCAConnector(this.params, "not needed here", algorithmId);
return mocca_connector.prepareXMLContent(data, so);
-
+
// ATRUST
} else if (SigKZIDHelper.isATrustSigned(so)) {
log.debug("ATrust signature detected");
@@ -391,20 +393,20 @@ public class DetachedBKUConnector implements Connector, LocalConnector else if (SigKZIDHelper.isBKUSigned(so)) {
log.debug("TD signature signature detected.");
return prepareXMLContent(data, so);
- }
+ }
// unknown
else {
throw new ConnectorException(ErrorCode.UNSUPPORTED_SIGNATURE, "Unsupported signature (" + so.id + ", " +so.kz + "). Please get a new version of PDF-AS. Your version is: " + PdfAS.PDFAS_VERSION);
}
- }
+ }
/**
* Prepares the XML content the holds the actual signature data.
- *
+ *
* <p>
* This strongly rebuilds the XML content as retuned from a sign request.
* </p>
- *
+ *
* @param data
* The data.
* @param so
@@ -421,13 +423,13 @@ public class DetachedBKUConnector implements Connector, LocalConnector String ids_string = so.getSigID();
String[] ids = SignatureObject.parseSigIds(ids_string);
-
+
X509Certificate cert = so.getX509Certificate();
-
+
// dferbas
AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
-
+
// data digest replace
{
// byte[] data_value = data.getData();
@@ -457,7 +459,11 @@ public class DetachedBKUConnector implements Connector, LocalConnector verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
// SigDataRefReplace already done above
verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType());
@@ -495,7 +501,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Analyzes the verify response string.
- *
+ *
* @param response_properties
* The response properties containing the response XML.
* @return Returns the SignatureResponse containing the verification result.
@@ -518,7 +524,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Holds environment configuration information like templates.
- *
+ *
* @author wprinz
*/
public static class Environment extends ConnectorEnvironment
@@ -537,27 +543,27 @@ public class DetachedBKUConnector implements Connector, LocalConnector * The configuration key of the sign URL.
*/
protected static final String SIGN_URL_KEY = "bku.sign.url"; //$NON-NLS-1$
-
+
/**
* BKU template file prefix
*/
protected static final String TEMPLATE_FILE_PREFIX = "/templates/bku.";
-
+
/**
* signing file template sufix
*/
protected static final String SIGN_TEMPLATE_FILE_SUFIX = ".sign.xml";
-
+
/**
* verifing template file sufix
*/
- protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml";
+ protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml";
/**
* verifing file template key sufix
*/
protected static final String VERIFY_TEMPLATE_SUFIX = ".verify.template.xml";
-
+
/**
* The configuration key of the verify request template.
*/
@@ -605,7 +611,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Initializes the environment with a given profile.
- *
+ *
* @param profile
* The configuration profile.
* @throws ConnectorException
@@ -614,7 +620,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector public Environment(String profile, String loc_ref_content) throws ConnectorException
{
this.profile = profile;
-
+
this.loc_ref_content = loc_ref_content;
SettingsReader settings = null;
@@ -626,7 +632,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector {
throw new ConnectorException(300, e);
}
-
+
this.sign_keybox_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEYBOX_IDENTIFIER_KEY);
String sign_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + SIGN_TEMPLATE_FILE_SUFIX;
@@ -634,7 +640,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector // try to load template from file
//this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
-
+
// when first load failed (the template file does'nt exist), load it from default template file
if(this.sign_request_template == null)
{
@@ -642,7 +648,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
}
-
+
if (this.sign_request_template == null)
{
throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$
@@ -651,20 +657,20 @@ public class DetachedBKUConnector implements Connector, LocalConnector this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY);
// verify
-
+
String verify_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX;
-
+
// try to load template file for verifing
//this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
-
+
if(this.verify_request_template == null)
{
verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY);
//this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
}
-
+
if (this.verify_request_template == null)
{
throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$
@@ -674,7 +680,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector String verify_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + VERIFY_TEMPLATE_SUFIX;
//this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
this.verify_template = settings.readInternalResourceAsString(verify_filename);
-
+
if(this.verify_template == null)
{
verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY);
@@ -702,7 +708,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the LocRef content.
- *
+ *
* @return Returns the LocRef content.
*/
public String getLocRefContent()
@@ -712,7 +718,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the sign keybox identifier.
- *
+ *
* @return Returns the sign keybox identifier.
*/
public String getSignKeyboxIdentifier()
@@ -722,7 +728,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the sign request template.
- *
+ *
* @return Returns the sign request template.
*/
public String getSignRequestTemplate()
@@ -732,7 +738,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the sign URL.
- *
+ *
* @return Returns the sign URL.
*/
public String getSignURL()
@@ -742,7 +748,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the verify request template.
- *
+ *
* @return Returns the verify request template.
*/
public String getVerifyRequestTemplate()
@@ -752,7 +758,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the verify template.
- *
+ *
* @return Returns the verify template.
*/
public String getVerifyTemplate()
@@ -762,7 +768,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the verify URL.
- *
+ *
* @return Returns the verify URL.
*/
public String getVerifyURL()
@@ -772,7 +778,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the ecdsa cert alg property.
- *
+ *
* @return Returns the ecdsa cert alg property.
*/
public String getCertAlgEcdsa()
@@ -782,7 +788,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Returns the rsa cert alg property.
- *
+ *
* @return Returns the rsa cert alg property.
*/
public String getCertAlgRsa()
@@ -793,7 +799,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /**
* Reads the configuration entry given by the key, first from the given
* profile, if not found from the defaults.
- *
+ *
* @param settings
* The settings.
* @param profile
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java index 170cc45..22318a2 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java @@ -52,7 +52,7 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /**
* @author wprinz
- *
+ *
*/
public class EnvelopedBase64BKUConnector implements Connector, LocalConnector
{
@@ -72,16 +72,16 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Constructor that builds the configuration environment for this connector
* according to the given profile.
- *
+ *
* <p>
* If confuguration parameters are not defined on that profile, the default
* parameters defined in the configuration are used.
* </p>
- *
+ *
* <p>
* This is the new "hotfix" base64 connector.
* </p>
- *
+ *
* @param profile
* The profile from which the Environment should be assembled.
* @throws ConnectorException
@@ -137,7 +137,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector // /**
// * This emthod extracts id-values from a text. The id is given by the name.
-// *
+// *
// * @param text
// * the id-value that should extract from
// * @param name
@@ -166,11 +166,11 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Prepares the XML content the holds the actual signature data.
- *
+ *
* <p>
* This strongly rebuilds the XML content as retuned from a sign request.
* </p>
- *
+ *
* @param data
* The data.
* @param so
@@ -186,13 +186,13 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector {
String ids_string = so.getSigID();
String[] ids = SignatureObject.parseSigIds(ids_string);
-
+
X509Certificate cert = so.getX509Certificate();
-
+
// dferbas
AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
-
+
// data digest replace
byte[] data_value = BKUHelper.prepareEnvelopingData(data);
{
@@ -225,7 +225,11 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
// SigDataRefReplace already done above
@@ -276,7 +280,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Prepares the sign request xml to be sent using the sign request template.
- *
+ *
* @param data
* The SignatureData.
* @return Returns the sign request xml to be sent.
@@ -302,7 +306,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Prepares the verify request xml to be sent using the verify request
* template.
- *
+ *
* @param data
* The SignatureData.
* @param so
@@ -325,7 +329,11 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector xml_content = chooseAndCreateXMLDsig(data, so);
}
- String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
// log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n");
@@ -349,7 +357,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Sends the request to the given URL.
- *
+ *
* @param url
* The URL.
* @param request_string
@@ -373,7 +381,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Analyzes the sign response xml and extracts the signature data.
- *
+ *
* @param response_properties
* The response properties containing the response String and
* transport related information.
@@ -391,7 +399,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties);
log.debug("BKU identifier: \"" + bkuIdentifier + "\"");
-
+
SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new HotfixIdFormatter(), this.environment);
log.debug("analyzeSignResponse finished."); //$NON-NLS-1$
@@ -400,7 +408,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Analyzes the verify response string.
- *
+ *
* @param response_properties
* The response properties containing the response XML.
* @return Returns the SignatureResponse containing the verification result.
@@ -423,7 +431,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Holds environment configuration information like templates.
- *
+ *
* @author wprinz
*/
public static class Environment extends ConnectorEnvironment
@@ -488,7 +496,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Initializes the environment with a given profile.
- *
+ *
* @param profile
* The configuration profile.
* @throws ConnectorException
@@ -524,7 +532,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
log.debug("Verify request template filename = " + verify_request_filename);
-
+
if (this.verify_request_template == null)
{
throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$
@@ -555,7 +563,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Returns the sign keybox identifier.
- *
+ *
* @return Returns the sign keybox identifier.
*/
public String getSignKeyboxIdentifier()
@@ -565,7 +573,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Returns the sign request template.
- *
+ *
* @return Returns the sign request template.
*/
public String getSignRequestTemplate()
@@ -575,7 +583,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Returns the sign URL.
- *
+ *
* @return Returns the sign URL.
*/
public String getSignURL()
@@ -585,7 +593,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Returns the verify request template.
- *
+ *
* @return Returns the verify request template.
*/
public String getVerifyRequestTemplate()
@@ -595,7 +603,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Returns the verify template.
- *
+ *
* @return Returns the verify template.
*/
public String getVerifyTemplate()
@@ -605,7 +613,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Returns the verify URL.
- *
+ *
* @return Returns the verify URL.
*/
public String getVerifyURL()
@@ -615,7 +623,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Returns the ecdsa cert alg property.
- *
+ *
* @return Returns the ecdsa cert alg property.
*/
public String getCertAlgEcdsa()
@@ -625,7 +633,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Returns the rsa cert alg property.
- *
+ *
* @return Returns the rsa cert alg property.
*/
public String getCertAlgRsa()
@@ -636,7 +644,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /**
* Reads the configuration entry given by the key, first from the given
* profile, if not found from the defaults.
- *
+ *
* @param settings
* The settings.
* @param profile
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java index ea90841..07e9ccd 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java @@ -55,7 +55,7 @@ import at.knowcenter.wag.egov.egiz.tools.FileHelper; /**
* Connects to MOA providing the Data detached as LocRef on a local resource.
- *
+ *
* @author wprinz
*/
public class DetachedLocRefMOAConnector implements Connector
@@ -79,12 +79,12 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Constructor that builds the configuration environment for this connector
* according to the given profile.
- *
+ *
* <p>
* If confuguration parameters are not defined on that profile, the default
* parameters defined in the configuration are used.
* </p>
- *
+ *
* @param profile
* The profile from which the Environment should be assembled.
* @throws SettingsException
@@ -183,7 +183,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Prepares the verify request xml to be sent using the verify request
* template.
- *
+ *
* @param data
* The SignatureData.
* @param so
@@ -206,7 +206,11 @@ public class DetachedLocRefMOAConnector implements Connector xml_content = chooseAndCreateXMLDsig(data, so);
}
- String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId());
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getSignatureDataUrl());
@@ -217,7 +221,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Analyzes the verify response string.
- *
+ *
* @param response_properties
* The response properties containing the response XML.
* @return Returns the SignatureResponse containing the verification result.
@@ -272,7 +276,11 @@ public class DetachedLocRefMOAConnector implements Connector // Qualified Properties replaces
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
// SigDataRefReplace already done above
verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType());
@@ -323,7 +331,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Holds environment configuration information like templates.
- *
+ *
* @author wprinz
*/
public static class Environment extends ConnectorEnvironment
@@ -417,7 +425,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Initializes the environment with a given profile.
- *
+ *
* @param profile
* The configuration profile.
* @throws SettingsException
@@ -516,7 +524,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the URL where to load the detached data from.
- *
+ *
* @return Returns the URL where to load the detached data from.
*/
public String getSignatureDataUrl()
@@ -526,7 +534,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the sign key identifier.
- *
+ *
* @return Returns the sign key identifier.
*/
public String getSignKeyIdentifier()
@@ -536,7 +544,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the sign request template.
- *
+ *
* @return Returns the sign request template.
*/
public String getSignRequestTemplate()
@@ -546,7 +554,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the sign URL.
- *
+ *
* @return Returns the sign URL.
*/
public String getSignURL()
@@ -556,7 +564,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the verify request template.
- *
+ *
* @return Returns the verify request template.
*/
public String getVerifyRequestTemplate()
@@ -566,7 +574,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the verify template.
- *
+ *
* @return Returns the verify template.
*/
public String getVerifyTemplate()
@@ -576,7 +584,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the verify URL.
- *
+ *
* @return Returns the verify URL.
*/
public String getVerifyURL()
@@ -586,7 +594,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the verify trust profile id.
- *
+ *
* @return Returns the verify trust profile id.
*/
public String getVerifyTrustProfileId()
@@ -596,7 +604,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the ecdsa cert alg property.
- *
+ *
* @return Returns the ecdsa cert alg property.
*/
public String getCertAlgEcdsa()
@@ -606,7 +614,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Returns the rsa cert alg property.
- *
+ *
* @return Returns the rsa cert alg property.
*/
public String getCertAlgRsa()
@@ -617,7 +625,7 @@ public class DetachedLocRefMOAConnector implements Connector /**
* Reads the configuration entry given by the key, first from the given
* profile, if not found from the defaults.
- *
+ *
* @param settings
* The settings.
* @param profile
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java index 6f2d171..4a33fc8 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java @@ -54,7 +54,7 @@ import at.knowcenter.wag.egov.egiz.tools.FileHelper; /**
* @author wprinz
- *
+ *
*/
public class EnvelopingBase64MOAConnector implements Connector
{
@@ -69,18 +69,18 @@ public class EnvelopingBase64MOAConnector implements Connector * other configurable elements.
*/
protected Environment environment = null;
-
+
protected ConnectorParameters params = null;
/**
* Constructor that builds the configuration environment for this connector
* according to the given profile.
- *
+ *
* <p>
* If confuguration parameters are not defined on that profile, the default
* parameters defined in the configuration are used.
* </p>
- *
+ *
* @param profile
* The profile from which the Environment should be assembled.
* @throws ConnectorException
@@ -150,7 +150,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Prepares the sign request xml to be sent using the sign request template.
- *
+ *
* @param data
* The SignatureData.
* @return Returns the sign request xml to be sent.
@@ -176,7 +176,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Prepares the verify request xml to be sent using the verify request
* template.
- *
+ *
* @param data
* The SignatureData.
* @param so
@@ -199,7 +199,11 @@ public class EnvelopingBase64MOAConnector implements Connector xml_content = chooseAndCreateXMLDsig(data, so);
}
- String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId());
String returnHashInputDataElement = "";
@@ -208,10 +212,10 @@ public class EnvelopingBase64MOAConnector implements Connector returnHashInputDataElement = MOASoapWithAttachmentConnector.RETURN_HASH_INPUT_DATA;
}
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.RETURN_HASH_INPUT_DATA_REPLACE, returnHashInputDataElement);
-
+
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime()));
-
+
log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n");
return verify_request_xml;
@@ -219,7 +223,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Analyzes the sign response xml and extracts the signature data.
- *
+ *
* @param response_properties
* The response properties containing the response String and
* transport related information.
@@ -243,7 +247,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Analyzes the verify response string.
- *
+ *
* @param response_properties
* The response properties containing the response XML.
* @return Returns the SignatureResponse containing the verification result.
@@ -266,11 +270,11 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Prepares the XML content the holds the actual signature data.
- *
+ *
* <p>
* This strongly rebuilds the XML content as retuned from a sign request.
* </p>
- *
+ *
* @param data
* The data.
* @param so
@@ -285,7 +289,7 @@ public class EnvelopingBase64MOAConnector implements Connector try
{
X509Certificate cert = so.getX509Certificate();
-
+
// dferbas
AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
@@ -311,7 +315,11 @@ public class EnvelopingBase64MOAConnector implements Connector // Qualified Properties replaces
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
// SigDataRefReplace already done above
@@ -339,7 +347,7 @@ public class EnvelopingBase64MOAConnector implements Connector // Base64 content replace -> do this at last for performance
String base64 = CodingHelper.encodeBase64(data_value);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.BASE64_CONTENT_REPLACE, base64);
-
+
log.debug("prepareXMLContent finished."); //$NON-NLS-1$
return verify_xml;
}
@@ -352,7 +360,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Holds environment configuration information like templates.
- *
+ *
* @author wprinz
*/
public static class Environment extends ConnectorEnvironment
@@ -401,7 +409,7 @@ public class EnvelopingBase64MOAConnector implements Connector * The configuration key for the RSA cert alg property.
*/
protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
-
+
protected String profile = null;
protected String sign_key_identifier = null;
@@ -424,7 +432,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Initializes the environment with a given profile.
- *
+ *
* @param profile
* The configuration profile.
* @throws ConnectorException
@@ -433,7 +441,7 @@ public class EnvelopingBase64MOAConnector implements Connector public Environment(String profile, String signKeyIdentifier) throws ConnectorException
{
this.profile = profile;
-
+
SettingsReader settings = null;
try
{
@@ -449,7 +457,7 @@ public class EnvelopingBase64MOAConnector implements Connector this.sign_key_identifier = signKeyIdentifier;
}
else
- {
+ {
this.sign_key_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEY_IDENTIFIER_KEY);
}
@@ -488,7 +496,7 @@ public class EnvelopingBase64MOAConnector implements Connector this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY);
}
-
+
public String getProfile()
{
return this.profile;
@@ -496,7 +504,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Returns the sign key identifier.
- *
+ *
* @return Returns the sign key identifier.
*/
public String getSignKeyIdentifier()
@@ -506,7 +514,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Returns the sign request template.
- *
+ *
* @return Returns the sign request template.
*/
public String getSignRequestTemplate()
@@ -516,7 +524,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Returns the sign URL.
- *
+ *
* @return Returns the sign URL.
*/
public String getSignURL()
@@ -526,7 +534,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Returns the verify request template.
- *
+ *
* @return Returns the verify request template.
*/
public String getVerifyRequestTemplate()
@@ -536,7 +544,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Returns the verify template.
- *
+ *
* @return Returns the verify template.
*/
public String getVerifyTemplate()
@@ -546,7 +554,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Returns the verify URL.
- *
+ *
* @return Returns the verify URL.
*/
public String getVerifyURL()
@@ -556,7 +564,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Returns the verify trust profile id.
- *
+ *
* @return Returns the verify trust profile id.
*/
public String getVerifyTrustProfileId()
@@ -566,7 +574,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Returns the ecdsa cert alg property.
- *
+ *
* @return Returns the ecdsa cert alg property.
*/
public String getCertAlgEcdsa()
@@ -576,7 +584,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Returns the rsa cert alg property.
- *
+ *
* @return Returns the rsa cert alg property.
*/
public String getCertAlgRsa()
@@ -587,7 +595,7 @@ public class EnvelopingBase64MOAConnector implements Connector /**
* Reads the configuration entry given by the key, first from the given
* profile, if not found from the defaults.
- *
+ *
* @param settings
* The settings.
* @param profile
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java index db0a04f..401921b 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java @@ -54,7 +54,7 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /**
* Connects to MOA providing the Data detached as LocRef on a local resource.
- *
+ *
* @author wprinz
*/
public class MOASoapWithAttachmentConnector implements Connector
@@ -72,9 +72,9 @@ public class MOASoapWithAttachmentConnector implements Connector private static Log log = LogFactory.getLog(MOASoapWithAttachmentConnector.class);
protected static final String MULTIPART_LOC_REF_CONTENT = "formdata:fileupload"; //$NON-NLS-1$
-
+
protected static final String RETURN_HASH_INPUT_DATA = "<ReturnHashInputData/>"; //$NON-NLS-1$
-
+
/**
* The connector parameters.
*/
@@ -85,17 +85,17 @@ public class MOASoapWithAttachmentConnector implements Connector * other configurable elements.
*/
protected Environment environment = null;
-
-
+
+
/**
* Constructor that builds the configuration environment for this connector
* according to the given profile.
- *
+ *
* <p>
* If confuguration parameters are not defined on that profile, the default
* parameters defined in the configuration are used.
* </p>
- *
+ *
* @param connectorParameters
* The parameters for this connector.
* @throws ConnectorException
@@ -193,7 +193,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Prepares the verify request xml to be sent using the verify request
* template.
- *
+ *
* @param data
* The SignatureData.
* @param so
@@ -216,32 +216,36 @@ public class MOASoapWithAttachmentConnector implements Connector xml_content = chooseAndCreateXMLDsig(data, so);
}
- String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId());
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getSignatureDataUrl());
-
+
String returnHashInputDataElement = "";
if (this.params.isReturnHashInputData())
{
returnHashInputDataElement = RETURN_HASH_INPUT_DATA;
}
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.RETURN_HASH_INPUT_DATA_REPLACE, returnHashInputDataElement);
-
+
verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime()));
-
+
log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n");
return verify_request_xml;
}
-
+
private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException {
-
+
// MOA
if (SigKZIDHelper.isMOASigned(so)) {
log.debug("MOA signature detected.");
return prepareXMLContent(data, so);
-
+
// MOCCA
} else if (SigKZIDHelper.isMOCCASigned(so)) {
log.debug("MOCCA signature detected.");
@@ -255,7 +259,7 @@ public class MOASoapWithAttachmentConnector implements Connector log.debug("A-Trust signature detected.");
this.environment.reInitVerifyTemplate(ATRUST_VERIFY_TEMPLATE_KEY);
return prepareXMLContent(data, so);
-
+
// TD bku
} else if (SigKZIDHelper.isBKUSigned(so)) {
log.debug("TD bku signature detected.");
@@ -263,13 +267,13 @@ public class MOASoapWithAttachmentConnector implements Connector return bku_connector.prepareXMLContent(data, so);
} else {
throw new ConnectorException(ErrorCode.UNSUPPORTED_SIGNATURE, "Unsupported signature (" + so.id + ", " +so.kz + "). Please get a new version of PDF-AS. Your version is: " + PdfAS.PDFAS_VERSION);
-
+
}
}
-
+
/**
* Analyzes the verify response string.
- *
+ *
* @param response_properties
* The response properties containing the response XML.
* @return Returns the SignatureResponse containing the verification result.
@@ -298,7 +302,7 @@ public class MOASoapWithAttachmentConnector implements Connector String verify_xml = null;
X509Certificate cert = so.getX509Certificate();
-
+
// dferbas
AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
@@ -326,7 +330,11 @@ public class MOASoapWithAttachmentConnector implements Connector // Qualified Properties replaces
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
// SigDataRefReplace already done above
verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType());
@@ -367,23 +375,11 @@ public class MOASoapWithAttachmentConnector implements Connector {
try
{
- // for performance measurement
-// long startTime = 0;
-// if (log.isInfoEnabled()) {
-// startTime = System.currentTimeMillis();
-// }
-
+
// Properties response_properties = MOASoapConnection.connectMOA(request_string, MOASoapConnection.SERVICE_SIGN, url);
log.debug("Connecting to " + url);
Properties response_properties = MOASoapConnection.doPostRequestMultipart(url,mode, request_string, data );
-
- // for performance measurement
-// if (log.isInfoEnabled()) {
-// long endTime = System.currentTimeMillis();
-// String toReport = "MOA-PROCESSING;-;-;" + (endTime - startTime) + ";";
-// log.info(toReport);
-// }
-
+
return response_properties;
}
catch (Exception e)
@@ -391,14 +387,14 @@ public class MOASoapWithAttachmentConnector implements Connector throw new ConnectorException(330, e);
}
}
-
+
public void reInitVerifyTemplate(String templatePropKey) throws ConnectorException {
this.environment.reInitVerifyTemplate(templatePropKey);
}
/**
* Holds environment configuration information like templates.
- *
+ *
* @author wprinz
*/
public static class Environment extends ConnectorEnvironment
@@ -490,7 +486,7 @@ public class MOASoapWithAttachmentConnector implements Connector protected String cert_alg_rsa = null;
-
+
public void reInitVerifyTemplate(String templatePropKey) throws ConnectorException {
SettingsReader settings = null;
try
@@ -501,14 +497,14 @@ public class MOASoapWithAttachmentConnector implements Connector {
throw new ConnectorException(300, e);
}
-
+
String verify_request_filename = getConnectorValueFromProfile(settings, this.profile, templatePropKey);
this.verify_template = settings.readInternalResourceAsString(verify_request_filename);
-
+
}
/**
* Initializes the environment with a given profile.
- *
+ *
* @param profile
* The configuration profile.
* @throws SettingsException
@@ -537,7 +533,7 @@ public class MOASoapWithAttachmentConnector implements Connector this.sign_key_identifier = signKeyIdentifier;
}
else
- {
+ {
this.sign_key_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEY_IDENTIFIER_KEY);
}
@@ -570,7 +566,7 @@ public class MOASoapWithAttachmentConnector implements Connector if (this.verify_request_template == null)
{
- verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY);
+ verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY);
//this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
}
@@ -614,7 +610,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the URL where to load the detached data from.
- *
+ *
* @return Returns the URL where to load the detached data from.
*/
public String getSignatureDataUrl()
@@ -624,7 +620,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the sign key identifier.
- *
+ *
* @return Returns the sign key identifier.
*/
public String getSignKeyIdentifier()
@@ -634,7 +630,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the sign request template.
- *
+ *
* @return Returns the sign request template.
*/
public String getSignRequestTemplate()
@@ -644,7 +640,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the sign URL.
- *
+ *
* @return Returns the sign URL.
*/
public String getSignURL()
@@ -654,7 +650,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the verify request template.
- *
+ *
* @return Returns the verify request template.
*/
public String getVerifyRequestTemplate()
@@ -664,7 +660,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the verify template.
- *
+ *
* @return Returns the verify template.
*/
public String getVerifyTemplate()
@@ -674,7 +670,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the verify URL.
- *
+ *
* @return Returns the verify URL.
*/
public String getVerifyURL()
@@ -684,7 +680,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the verify trust profile id.
- *
+ *
* @return Returns the verify trust profile id.
*/
public String getVerifyTrustProfileId()
@@ -694,7 +690,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the ecdsa cert alg property.
- *
+ *
* @return Returns the ecdsa cert alg property.
*/
public String getCertAlgEcdsa()
@@ -704,7 +700,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Returns the rsa cert alg property.
- *
+ *
* @return Returns the rsa cert alg property.
*/
public String getCertAlgRsa()
@@ -715,7 +711,7 @@ public class MOASoapWithAttachmentConnector implements Connector /**
* Reads the configuration entry given by the key, first from the given
* profile, if not found from the defaults.
- *
+ *
* @param settings
* The settings.
* @param profile
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java index 12fc709..f9fe70b 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java @@ -120,10 +120,10 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * @throws ConnectorException Thrown in case of an error.
*/
public SignSignatureObject doSign(SignatureData data) throws ConnectorException {
- log.debug("doSign:");
+ log.debug("doSign:");
String sign_request_xml = prepareSignRequest(data);
- log.debug("sign_request_xml = " + sign_request_xml);
+ log.debug("sign_request_xml = " + sign_request_xml);
String url = this.environment.getSignURL();
Properties response_properties = sendRequest(url, sign_request_xml, data);
@@ -132,7 +132,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { sso.response_properties = response_properties;
- log.debug("doSign finished.");
+ log.debug("doSign finished.");
return sso;
}
@@ -148,12 +148,12 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * This method analyzes a signature response of the signature device.
* @param response_properties The response elements of the signature device.
* @return The parsed signed signature object.
- * @throws ConnectorException Thrown in case of an error.
+ * @throws ConnectorException Thrown in case of an error.
*/
public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException {
- log.debug("analyzeSignResponse:");
+ log.debug("analyzeSignResponse:");
String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
-
+
String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties);
log.debug("BKU identifier: \"" + bkuIdentifier + "\"");
SignatureLayoutHandler sigLayout;
@@ -162,13 +162,13 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { } catch (SettingsException e) {
throw new ConnectorException(e.getErrorCode(), e.getMessage());
}
-
+
BKUHelper.checkResponseForError(response_string);
-
+
// SignSignatureObject so = MOCCAHelper.parseCreateXMLResponse(response_string, new DetachedMOCIdFormatter());
SignSignatureObject so = sigLayout.parseCreateXMLSignatureResponse(response_string, this.environment);
so.response_properties = response_properties;
- log.debug("analyzeSignResponse finished.");
+ log.debug("analyzeSignResponse finished.");
return so;
}
@@ -187,7 +187,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * @throws ConnectorException Thrown in case of an error.
*/
public String prepareSignRequest(SignatureData data) throws ConnectorException {
- log.debug("prepareSignRequestDetached:");
+ log.debug("prepareSignRequestDetached:");
String sign_request_template = this.environment.getSignRequestTemplate();
@@ -196,9 +196,9 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { String loc_ref_content = this.environment.getLocRefContent();
if (log.isDebugEnabled()) {
- log.debug("sign keybox identifier = " + sign_keybox_identifier);
- log.debug("mime type = " + mime_type);
- log.debug("loc_ref_content = " + loc_ref_content);
+ log.debug("sign keybox identifier = " + sign_keybox_identifier);
+ log.debug("mime type = " + mime_type);
+ log.debug("loc_ref_content = " + loc_ref_content);
}
String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEYBOX_IDENTIFIER_REPLACE, sign_keybox_identifier);
@@ -206,7 +206,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, loc_ref_content);
log.debug("sign_request_xml = " + sign_request_xml);
- log.debug("prepareSignRequestDetached finished.");
+ log.debug("prepareSignRequestDetached finished.");
return sign_request_xml;
}
@@ -226,15 +226,15 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * @throws ConnectorException Thrown in case of an error.
*/
public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException {
- log.debug("prepareXMLContent:");
+ log.debug("prepareXMLContent:");
try {
-
+
String ids_string = so.getSigID();
String sigId = this.parseSigId(ids_string);
X509Certificate cert = so.getX509Certificate();
-
-
+
+
// dferbas
AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
@@ -244,7 +244,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { String object_data_hash = CodingHelper.encodeBase64(data_value_hash);
// template replacements
-
+
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue());
@@ -259,7 +259,11 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, sigId);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause the results to be different than
+ // if it were being treated as a literal replacement string.
+// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
// SigDataRefReplace already done above
verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType());
@@ -270,15 +274,15 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { if (matcher.find()) {
log.debug("SignedProperties found.");
String string_to_be_hashed = matcher.group(1);
- log.debug("SignedProperties string to be hashed: " + string_to_be_hashed);
- final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8");
+ log.debug("SignedProperties string to be hashed: " + string_to_be_hashed);
+ final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8");
byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, algSuite.getPropertiesDigestMethod());
String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash);
}
- log.debug("prepareXMLContent finished.");
+ log.debug("prepareXMLContent finished.");
return verify_xml;
} catch (Exception e) {
log.debug(e);
@@ -291,21 +295,21 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * @author wprinz
*/
public static class Environment extends ConnectorEnvironment {
-
+
/**
* The configuration key of the sign keybox identifier.
*/
- protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "moc.sign.KeyboxIdentifier";
+ protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "moc.sign.KeyboxIdentifier";
/**
* The configuration key of the sign request template.
*/
- protected static final String SIGN_REQUEST_TEMPLATE_KEY = "moc.sign.request.detached";
+ protected static final String SIGN_REQUEST_TEMPLATE_KEY = "moc.sign.request.detached";
/**
* The configuration key of the sign URL.
*/
- protected static final String SIGN_URL_KEY = "moc.sign.url";
+ protected static final String SIGN_URL_KEY = "moc.sign.url";
/**
* BKU template file prefix
@@ -334,29 +338,29 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { */
/* signature verification is not supported by mocca
protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "moc.verify.request.detached";
- */
+ */
/**
* The configuration key of the verify template.
*/
- protected static final String VERIFY_TEMPLATE_KEY = "moc.verify.template.detached";
+ protected static final String VERIFY_TEMPLATE_KEY = "moc.verify.template.detached";
/**
* The configuration key of the verify URL.
*/
/* signature verification is not supported by mocca
protected static final String xxxVERIFY_URL_KEY = "moc.verify.url";
- */
+ */
/**
* The configuration key for the ECDSA cert alg property.
*/
- protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa";
+ protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa";
/**
* The configuration key for the RSA cert alg property.
*/
- protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa";
+ protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa";
protected String profile = null;
@@ -381,7 +385,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { protected String cert_alg_ecdsa = null;
protected String cert_alg_rsa = null;
-
+
protected String algorithmId = null;
/**
@@ -411,7 +415,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { }
// SIGN REQUEST
-
+
// try specific file
String sign_request_filename = TEMPLATE_FILE_PREFIX + this.algorithmId + SIGN_TEMPLATE_FILE_SUFFIX;
log.debug("Trying to load specific sign request file " + sign_request_filename);
@@ -428,15 +432,15 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { // request file is needed !!!
if (this.sign_request_template == null) {
- throw new ConnectorException(300, "Can not read the create xml request template");
+ throw new ConnectorException(300, "Can not read the create xml request template");
}
this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY);
-
+
// VERIFY REQUEST
/* signature verification is not supported by mocca
-
+
// try specific file
String verify_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.moc.algorithm.id") + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX;
log.debug("Trying to load specific verify request file " + verify_request_filename);
@@ -451,11 +455,11 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { // request file is needed !!!
if (this.verify_request_template == null) {
- throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template");
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template");
}
-
+
*/
-
+
// load template file
// try specific file
String verify_filename = TEMPLATE_FILE_PREFIX + this.algorithmId + VERIFY_TEMPLATE_SUFFIX;
@@ -473,7 +477,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { // signature template is needed !!!
if (this.verify_template == null) {
- throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template");
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template");
}
/* signature verification is not supported by mocca
@@ -496,7 +500,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Returns the LocRef content.
- *
+ *
* @return Returns the LocRef content.
*/
public String getLocRefContent() {
@@ -505,7 +509,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Returns the sign keybox identifier.
- *
+ *
* @return Returns the sign keybox identifier.
*/
public String getSignKeyboxIdentifier() {
@@ -514,7 +518,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Returns the sign request template.
- *
+ *
* @return Returns the sign request template.
*/
public String getSignRequestTemplate() {
@@ -523,7 +527,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Returns the sign URL.
- *
+ *
* @return Returns the sign URL.
*/
public String getSignURL() {
@@ -532,7 +536,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Returns the verify request template.
- *
+ *
* @return Returns the verify request template.
*/
/* signature verification is not supported by mocca
@@ -543,7 +547,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Returns the verify template.
- *
+ *
* @return Returns the verify template.
*/
public String getVerifyTemplate() {
@@ -552,7 +556,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Returns the verify URL.
- *
+ *
* @return Returns the verify URL.
*/
/* signature verification is not supported by mocca
@@ -563,7 +567,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Returns the ecdsa cert alg property.
- *
+ *
* @return Returns the ecdsa cert alg property.
*/
public String getCertAlgEcdsa() {
@@ -572,7 +576,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Returns the rsa cert alg property.
- *
+ *
* @return Returns the rsa cert alg property.
*/
public String getCertAlgRsa() {
@@ -582,7 +586,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /**
* Reads the configuration entry given by the key, first from the given
* profile, if not found from the defaults.
- *
+ *
* @param settings
* The settings.
* @param profile
@@ -599,7 +603,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { return value;
}
}
-
+
/**
* Parses the common part for all id attributes from a given signature parameter string.
* @param sigIdString The given signature parameter string.
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java index 094880d..03bf931 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java @@ -50,49 +50,52 @@ import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter; */
public final class SigKZIDHelper
{
-
+
/**
* The Logger.
*/
protected static Log logger = LogFactory.getLog(SigKZIDHelper.class);
-
+
public static boolean isTextual(PdfASID sig_kz)
{
if (sig_kz == null)
{
// Old signature -> must be textual.
-
+
return true;
}
-
+
// new signauture -> sig_kz decides
return sig_kz.getType().equals(SignatorFactory.TYPE_TEXTUAL);
}
-
+
public static boolean isBinary(PdfASID sig_kz)
{
return ! isTextual(sig_kz);
}
-
-
+
+
public static boolean isMOASigned(PdfASID sig_kz, String sig_id)
{
if (sig_kz == null || sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0))
{
// old signature - if sig_id is null this means MOA
-
+
return sig_id == null;
}
-
- if(sig_id == null)
+
+ // According to the specification no signature parameter means MOA signature.
+ // Fixed: empty ("") or blank (" "), non-null signature parameter should also be regarded as "no signature parameter"
+// if (sig_id != null)
+ if (StringUtils.isBlank(sig_id))
return true;
-
+
// new signature - sig_id decides
String [] ids = sig_id.split("@");
// dferbas
String prefix = (ids[0].split(":"))[0];
-
-
+
+
if (prefix.equals(DetachedLocRefMOAIdFormatter.SIG_ID_PREFIX))
{
return true;
@@ -116,10 +119,10 @@ public final class SigKZIDHelper logger.error(e.getMessage(), e);
}
}
-
+
return isMOASigned(kz, sig_id);
}
-
+
/**
* @author tknall
*/
@@ -128,7 +131,7 @@ public final class SigKZIDHelper if (StringUtils.isEmpty(sig_id)) {
return false;
}
- String[] ids = sig_id.split("@");
+ String[] ids = sig_id.split("@");
if (ArrayUtils.isEmpty(ids)) {
return false;
}
@@ -136,7 +139,7 @@ public final class SigKZIDHelper if (algorithmId == null) {
return false;
} else {
- return algorithmId.startsWith("etsi-moc-1.0") || algorithmId.startsWith("etsi-moc-1.1");
+ return algorithmId.startsWith("etsi-moc-1.0") || algorithmId.startsWith("etsi-moc-1.1") || algorithmId.startsWith("etsi-moc-1.2");
}
}
@@ -203,16 +206,16 @@ public final class SigKZIDHelper logger.error(e.getMessage(), e);
}
}
-
+
return isOldBKU(kz, sig_id);
}
-
+
public static String getAlgorithmId(String bkuIdentifier) throws SettingsException, SettingNotFoundException, ConnectorException {
SettingsReader sr = SettingsReader.getInstance();
String base = "signaturelayout.pattern";
Vector v = sr.getSettingKeys(base);
-
+
Iterator it = v.iterator();
while (it.hasNext()) {
String subKey = (String) it.next();
@@ -225,7 +228,7 @@ public final class SigKZIDHelper return algValue;
}
}
-
+
if ("true".equalsIgnoreCase(sr.getSetting("signaturelayout.strict", "false"))) {
logger.debug("Enforcing bku support check.");
throw new ConnectorException(ErrorCode.BKU_NOT_SUPPORTED, "Unsupported BKU: " + bkuIdentifier);
@@ -233,7 +236,7 @@ public final class SigKZIDHelper logger.debug("bku support check disabled.");
return null;
}
-
+
}
public static boolean isATrustSigned(SignSignatureObject so) {
@@ -241,7 +244,7 @@ public final class SigKZIDHelper if (sig_id == null && StringUtils.isEmpty(sig_id)) {
return false;
}
- return sig_id.startsWith("etsi-bka-atrust-1.0");
+ return sig_id.startsWith("etsi-bka-atrust-1.0");
}
/**
@@ -251,11 +254,11 @@ public final class SigKZIDHelper */
public static boolean isBKUSigned(SignSignatureObject so) throws ConnectorException {
if (isOldBKU(so)) return true;
-
+
if (so.id.startsWith("etsi-bka-1.0")) {
return true;
}
-
+
return false;
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/mocca/MoccaXades14SignatureLayoutHandler.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/mocca/MoccaXades14SignatureLayoutHandler.java new file mode 100644 index 0000000..ed14315 --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/mocca/MoccaXades14SignatureLayoutHandler.java @@ -0,0 +1,53 @@ +/**
+ * <copyright> Copyright 2006 by Know-Center, Graz, Austria </copyright>
+ * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
+ * joint initiative of the Federal Chancellery Austria and Graz University of
+ * Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.knowcenter.wag.egov.egiz.sig.signaturelayout.mocca;
+
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.MOCCAHelper;
+import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedMOCIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandler;
+
+/**
+ * Layout handler for XAdES 1.4 based signature layouts.
+ *
+ * @author Datentechnik Innovation GmbH
+ */
+public class MoccaXades14SignatureLayoutHandler implements SignatureLayoutHandler {
+
+ /**
+ * The signature parameter identifier for XAdES 1.4 signatures.
+ */
+ private final static String ALGORITHM_ID = "etsi-moc-1.2";
+
+ /**
+ * Parses the given xmlResponse with respect to the specific signature layout of mocca.
+ */
+ public SignSignatureObject parseCreateXMLSignatureResponse(String xmlResponse, ConnectorEnvironment env)
+ throws ConnectorException {
+ return MOCCAHelper.parseCreateXMLResponse(xmlResponse, new DetachedMOCIdFormatter(ALGORITHM_ID), env);
+ }
+
+}
|