aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-lib
diff options
context:
space:
mode:
Diffstat (limited to 'pdf-as-lib')
-rw-r--r--pdf-as-lib/pom.xml2
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/PDFASUtils.java132
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java2
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java2
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java33
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFPage.java3
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java14
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java4
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java1441
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java2
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedMOCIdFormatter.java4
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java59
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java5
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustSignatureLayoutHandler.java1
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java24
-rw-r--r--pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java13
-rw-r--r--pdf-as-lib/src/main/resources/config/pdf-as.properties15
-rw-r--r--pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml1
-rw-r--r--pdf-as-lib/src/main/resources/config/templates/moa.etsi-bka-moa-1.1.verify.template.xml1
19 files changed, 1029 insertions, 729 deletions
diff --git a/pdf-as-lib/pom.xml b/pdf-as-lib/pom.xml
index 406ad7e..9fdcd32 100644
--- a/pdf-as-lib/pom.xml
+++ b/pdf-as-lib/pom.xml
@@ -8,7 +8,7 @@
<parent>
<groupId>eu.europa.ec.joinup.egovlabs.pdf-as</groupId>
<artifactId>pdf-as</artifactId>
- <version>3.5.1</version>
+ <version>3.5.4</version>
</parent>
<packaging>jar</packaging>
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/PDFASUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/PDFASUtils.java
index a2332dd..89dfef2 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/PDFASUtils.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/PDFASUtils.java
@@ -69,57 +69,69 @@ public class PDFASUtils {
* @throws PDFDocumentException
* Thrown if document has not been opened with full permissions.
*/
- private static void checkReaderPermissions(PdfReader pdfReader) throws PDFDocumentException {
+ private static void checkReaderPermissions(PdfReader pdfReader)
+ throws PDFDocumentException {
if (pdfReader.isEncrypted()) {
- throw new PDFDocumentException(ErrorCode.DOCUMENT_IS_PROTECTED, "Document is encrypted.");
+ throw new PDFDocumentException(ErrorCode.DOCUMENT_IS_PROTECTED,
+ "Document is encrypted.");
}
if (!pdfReader.isOpenedWithFullPermissions()) {
- throw new PDFDocumentException(ErrorCode.DOCUMENT_IS_PROTECTED, "Document is protected.");
+ throw new PDFDocumentException(ErrorCode.DOCUMENT_IS_PROTECTED,
+ "Document is protected.");
}
}
/**
- * Verifies that the document is not encrypted and/or protected. In case no restrictions have been applied to the
- * document a pdf reader is returned.
+ * Verifies that the document is not encrypted and/or protected. In case no
+ * restrictions have been applied to the document a pdf reader is returned.
*
* @param dataSource
* The document data source.
* @throws PDFDocumentException
- * Thrown if the document could not be opened with full permissions.
+ * Thrown if the document could not be opened with full
+ * permissions.
*/
- public static PdfReader createPdfReaderCheckingPermissions(DataSource dataSource) throws PDFDocumentException {
- return createPdfReaderCheckingPermissions(dataSource.createInputStream());
+ public static PdfReader createPdfReaderCheckingPermissions(
+ DataSource dataSource) throws PDFDocumentException {
+ return createPdfReaderCheckingPermissions(dataSource
+ .createInputStream());
}
/**
- * Verifies that the document is not encrypted and/or protected. In case no restrictions have been applied to the
- * document a pdf reader is returned.
+ * Verifies that the document is not encrypted and/or protected. In case no
+ * restrictions have been applied to the document a pdf reader is returned.
*
* @param dataSource
* The document data source.
* @throws PDFDocumentException
- * Thrown if the document could not be opened with full permissions.
+ * Thrown if the document could not be opened with full
+ * permissions.
*/
- public static PdfReader createPdfReaderCheckingPermissions(at.gv.egiz.pdfas.framework.input.DataSource dataSource)
+ public static PdfReader createPdfReaderCheckingPermissions(
+ at.gv.egiz.pdfas.framework.input.DataSource dataSource)
throws PDFDocumentException {
- return createPdfReaderCheckingPermissions(dataSource.createInputStream());
+ return createPdfReaderCheckingPermissions(dataSource
+ .createInputStream());
}
/**
- * Verifies that the document is not encrypted and/or protected. In case no restrictions have been applied to the
- * document a pdf reader is returned.
+ * Verifies that the document is not encrypted and/or protected. In case no
+ * restrictions have been applied to the document a pdf reader is returned.
*
* @param inputStream
* The document data input stream.
* @throws PDFDocumentException
- * Thrown if the document could not be opened with full permissions.
+ * Thrown if the document could not be opened with full
+ * permissions.
*/
- public static PdfReader createPdfReaderCheckingPermissions(InputStream inputStream) throws PDFDocumentException {
+ public static PdfReader createPdfReaderCheckingPermissions(
+ InputStream inputStream) throws PDFDocumentException {
PdfReader reader = null;
try {
// try to parse document
// If fully encrypted, PdfReader will fail;
- // It should throw a BadPasswordException, but unfortunately does not (throws an IOException instead,
+ // It should throw a BadPasswordException, but unfortunately does
+ // not (throws an IOException instead,
// internally catching BadPAsswordException; see comments below).
reader = new PdfReader(inputStream);
checkReaderPermissions(reader);
@@ -127,21 +139,30 @@ public class PDFASUtils {
} catch (BadPasswordException e) {
// will never be reached with itext-2.1.5-rev3628-pdfas:v1.1
// just added for later versions... (see comments below)
- // itext-2.1.5-rev3628-pdfas:v1.2 correctly throws BadPasswordException
- throw new PDFDocumentException(ErrorCode.DOCUMENT_IS_PROTECTED, "Document is protected.");
+ // itext-2.1.5-rev3628-pdfas:v1.2 correctly throws
+ // BadPasswordException
+ throw new PDFDocumentException(ErrorCode.DOCUMENT_IS_PROTECTED,
+ "Document is protected.");
} catch (PDFDocumentException e) {
throw e;
} catch (Exception e) {
final String EX_MSG_FOR_ENCRYPTED_DOCUMENT = "Bad user Password";
- // Inspecting the exception message seems to be the only way when using itext-2.1.5-rev3628-pdfas:v1.1:
- // itext neither externally throws a BadPasswordException nor passed the cause...,
+ // Inspecting the exception message seems to be the only way when
+ // using itext-2.1.5-rev3628-pdfas:v1.1:
+ // itext neither externally throws a BadPasswordException nor passed
+ // the cause...,
// later versions do!
- // String "Bad user Password" is set in com.lowagie.text.pdf.BadPasswordException so this approach will
- // work as long as the underlying itext library is not beeing updated.
- if (StringUtils.containsIgnoreCase(e.getMessage(), EX_MSG_FOR_ENCRYPTED_DOCUMENT)) {
- throw new PDFDocumentException(ErrorCode.DOCUMENT_IS_PROTECTED, "Document is protected.");
+ // String "Bad user Password" is set in
+ // com.lowagie.text.pdf.BadPasswordException so this approach will
+ // work as long as the underlying itext library is not beeing
+ // updated.
+ if (StringUtils.containsIgnoreCase(e.getMessage(),
+ EX_MSG_FOR_ENCRYPTED_DOCUMENT)) {
+ throw new PDFDocumentException(ErrorCode.DOCUMENT_IS_PROTECTED,
+ "Document is protected.");
}
- throw new PDFDocumentException(ErrorCode.DOCUMENT_CANNOT_BE_READ, "Unable to parse document.");
+ throw new PDFDocumentException(ErrorCode.DOCUMENT_CANNOT_BE_READ,
+ "Unable to parse document.");
} finally {
IOUtils.closeQuietly(inputStream);
closeQuietly(reader);
@@ -216,12 +237,15 @@ public class PDFASUtils {
return PDFASUtils.toFile(new ByteArrayInputStream(data), file);
}
- public static boolean toFile(InputStream inputStream, File file) throws IOException {
+ public static boolean toFile(InputStream inputStream, File file)
+ throws IOException {
boolean result = false;
BufferedOutputStream bufferedOutputStream = null;
try {
- bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
- ConfigUtils.writeInputStreamToOutputStream(inputStream, bufferedOutputStream);
+ bufferedOutputStream = new BufferedOutputStream(
+ new FileOutputStream(file));
+ ConfigUtils.writeInputStreamToOutputStream(inputStream,
+ bufferedOutputStream);
} finally {
if (bufferedOutputStream != null) {
try {
@@ -236,21 +260,26 @@ public class PDFASUtils {
}
/**
- * Returns {@code true} if the given {@code profileId} is PDF/A-1b enabled, {@code false} if not.
+ * Returns {@code true} if the given {@code profileId} is PDF/A-1b enabled,
+ * {@code false} if not.
*
* @param profileId
* The signature profile.
- * @return {@code true} if the given {@code profileId} is PDF/A-1b enabled, {@code false} if not.
+ * @return {@code true} if the given {@code profileId} is PDF/A-1b enabled,
+ * {@code false} if not.
*/
public static boolean isPdfAEnabled(String profileId) {
if (profileId == null) {
- throw new NullPointerException("Profile identifier must not be null.");
+ throw new NullPointerException(
+ "Profile identifier must not be null.");
}
if (StringUtils.isEmpty(profileId)) {
- throw new IllegalArgumentException("Profile identifier must not be empty.");
+ throw new IllegalArgumentException(
+ "Profile identifier must not be empty.");
}
try {
- String pdfa = SettingsReader.getInstance().getSetting("sig_obj." + profileId + ".key." + CFG_KEY_PDFA,
+ String pdfa = SettingsReader.getInstance().getSetting(
+ "sig_obj." + profileId + ".key." + CFG_KEY_PDFA,
"default." + CFG_KEY_PDFA, "false");
return BooleanUtils.toBoolean(pdfa);
} catch (Exception e) {
@@ -259,4 +288,37 @@ public class PDFASUtils {
}
}
+ public static String whiteSpaceTrim(String string) {
+ String str = StringUtils.strip(string);
+ str = startStrip(str);
+ return endStrip(str);
+ }
+
+ private static String startStrip(final String str) {
+ int strLen;
+ if (str == null || (strLen = str.length()) == 0) {
+ return str;
+ }
+ int start = 0;
+ while (start != strLen && isEmptySpace(str.charAt(start))) {
+ start++;
+ }
+ return str.substring(start);
+ }
+
+ private static String endStrip(final String str) {
+ int end;
+ if (str == null || (end = str.length()) == 0) {
+ return str;
+ }
+ while (end != 0 && isEmptySpace(str.charAt(end - 1))) {
+ end++;
+ }
+
+ return str.substring(0, end);
+ }
+
+ private static boolean isEmptySpace(char c) {
+ return Character.isWhitespace(c) || Character.isSpaceChar(c);
+ }
}
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java
index bccc67b..38ff2d1 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java
@@ -121,7 +121,7 @@ public class TempDirHelper
boolean delete_success = files[i].delete();
if (!delete_success)
{
- log.error("Couldn't delete the temporary file: " + files[i]);
+ log.debug("Couldn't delete the temporary file: " + files[i]);
}
}
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java
index e501641..befe5c3 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java
@@ -115,7 +115,7 @@ public abstract class PdfAS
* The current version of the pdf-as library. This version string is logged on every invocation
* of the api or the web application.
*/
- public static final String PDFAS_VERSION = "3.5.1";
+ public static final String PDFAS_VERSION = "3.5.3";
/**
* The key of the strict mode setting.
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java
index 832f952..7473590 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/cfg/SettingsReader.java
@@ -35,6 +35,7 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
+import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Enumeration;
@@ -426,8 +427,8 @@ public class SettingsReader implements Serializable
logger_.info(StringUtils.repeat("*", length + 25));
if (registerProvider) {
- IAIK.addAsProvider();
- ECCProvider.addAsProvider();
+ registerProvider(new IAIK(), 1);
+ registerProvider(new ECCProvider(), 2);
} else {
if (Security.getProvider("IAIK") == null) {
logger_.debug("Default IAIK JCE provider not registered.");
@@ -905,6 +906,34 @@ public class SettingsReader implements Serializable
logger_.info("PDF-AS info\n" + paddingString + "\n" + versionString + "\n" + paddingString);
}
+ protected static void registerProvider(Provider provider, int position) {
+ String name = provider.getName();
+ if (Security.getProvider(name) == null) {
+ // register IAIK provider at first position
+ try {
+ if (position < 0) {
+ // add provider add default position.
+ Security.addProvider(provider);
+ } else {
+ Security.insertProviderAt(provider, position);
+ }
+ } catch (SecurityException e) {
+ logger_.info("Failed to register required security Provider.", e);
+ }
+ } else {
+ logger_.info("Required security Provider " + name + " already registered.");
+ }
+
+ }
+
+ protected static void listRegisteredSecurityProviders() {
+ Provider[] providers = Security.getProviders();
+ logger_.debug("Registered Security Providers:");
+ for (int i = 0; i < providers.length; i++) {
+ logger_.debug(" " + i + ": " + providers[i].getName() + " => " + providers[i].getInfo());
+ }
+ }
+
public Properties getProperties() {
return this.properties_;
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFPage.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFPage.java
index 32a043d..dc13a28 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFPage.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFPage.java
@@ -47,6 +47,7 @@ import org.pdfbox.util.PDFTextStripper;
import org.pdfbox.util.TextPosition;
import org.pdfbox.util.operator.OperatorProcessor;
+import at.gv.egiz.pdfas.utils.PDFASUtils;
import at.knowcenter.wag.egov.egiz.cfg.ConfigLogger;
import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
@@ -306,7 +307,7 @@ public class PDFPage extends PDFTextStripper {
}
// store ypos of the char if it is not empty
- if (!character.equals(" ") && current_y > this.max_character_ypos) {
+ if (!PDFASUtils.whiteSpaceTrim(character).isEmpty() && current_y > this.max_character_ypos) {
this.max_character_ypos = current_y;
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
index 6926d2b..67fc481 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
@@ -375,7 +375,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector
return moa_conn.prepareXMLContent(data, so);
// MOCCA
- } else if (SigKZIDHelper.isMOCCASigned(so)) {
+ } else if (SigKZIDHelper.isMOAXAdES14Signed(so)) {
+ log.debug("The signature is MOA XAdES 1.4 signed -> getting XML content from DetachedLocRefMOA connector.");
+ DetachedLocRefMOAConnector moa_conn = new DetachedLocRefMOAConnector(this.environment.getProfile(), "loc ref not needed here");
+ return moa_conn.prepareXMLContent(data, so);
+ // ATRUST
+ }else if (SigKZIDHelper.isMOCCASigned(so)) {
log.debug("MOCCA signature detected.");
String algorithmId = SigKZIDHelper.parseAlgorithmId(so.id);
log.debug("Algorithm = " + algorithmId);
@@ -388,7 +393,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector
MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params);
moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_VERIFY_TEMPLATE_KEY);
return moaConn.prepareXMLContent(data, so);
- }
+ } else if (SigKZIDHelper.isATrustX14Signed(so)) {
+ log.debug("ATrust Xades 1.4 signature detected");
+ MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params);
+ moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY);
+ return moaConn.prepareXMLContent(data, so);
+ }
// TD
else if (SigKZIDHelper.isBKUSigned(so)) {
log.debug("TD signature signature detected.");
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java
index 07e9ccd..83bf046 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java
@@ -259,7 +259,7 @@ public class DetachedLocRefMOAConnector implements Connector
// byte[] data_value = data.getData();
// byte[] data_value_hash = CodingHelper.buildDigest(data_value);
byte[] data_value_hash = CodingHelper.buildDigest(data.getDataSource(), algSuite.getDataDigestMethod());
- String object_data_hash = CodingHelper.encodeBase64(data_value_hash);
+ String object_data_hash = CodingHelper.encodeBase64PEM(data_value_hash);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash);
}
@@ -301,7 +301,7 @@ public class DetachedLocRefMOAConnector implements Connector
final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, algSuite.getPropertiesDigestMethod());
- String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
+ String sig_prop_hash = CodingHelper.encodeBase64PEM(sig_prop_code);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash);
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java
index f6f05fc..ff27a64 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java
@@ -57,686 +57,765 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
*
* @author wprinz
*/
-public class MOASoapWithAttachmentConnector implements Connector
-{
- //23.11.2010 changed by exthex - added reconstructXMLDsig method and moved xmldsig creation to chooseAndCreateXMLDsig method
- public static final String ATRUST_VERIFY_TEMPLATE_KEY = "atrust.verify.template.detached";
-
-/**
- * The SIG_ID prefix.
- */
- // public static final String SIG_ID_PREFIX = "etsi-bku-detached@"; //$NON-NLS-1$
- /**
- * The log.
- */
- private static Log log = LogFactory.getLog(MOASoapWithAttachmentConnector.class);
-
- private static Log moaLog = LogFactory.getLog("at.knowcenter.wag.egov.egiz.sig.connectors.MOASSRepsonseLogger");
-
- protected static final String MULTIPART_LOC_REF_CONTENT = "formdata:fileupload"; //$NON-NLS-1$
-
- protected static final String RETURN_HASH_INPUT_DATA = "<ReturnHashInputData/>"; //$NON-NLS-1$
-
- /**
- * The connector parameters.
- */
- protected ConnectorParameters params = null;
-
- /**
- * The environemnt configuration of this connector containing templates and
- * other configurable elements.
- */
- protected Environment environment = null;
-
-
- /**
- * Constructor that builds the configuration environment for this connector
- * according to the given profile.
- *
- * <p>
- * If confuguration parameters are not defined on that profile, the default
- * parameters defined in the configuration are used.
- * </p>
- *
- * @param connectorParameters
- * The parameters for this connector.
- * @throws ConnectorException
- * f.e.
- */
- public MOASoapWithAttachmentConnector(ConnectorParameters connectorParameters) throws ConnectorException
- {
- this.params = connectorParameters;
- this.environment = new Environment(this.params.getProfileId(), this.params.getSignatureKeyIdentifier(), MULTIPART_LOC_REF_CONTENT);
- }
-
- protected String prepareSignRequest(SignatureData data) throws ConnectorException
- {
- log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$
-
- String sign_request_template = this.environment.getSignRequestTemplate();
-
- String sign_key_identifier = this.environment.getSignKeyIdentifier();
- String loc_ref_content = this.environment.getSignatureDataUrl();
- String mime_type = data.getMimeType();
- if (log.isDebugEnabled())
- {
- log.debug("sign keybox identifier = " + sign_key_identifier); //$NON-NLS-1$
- log.debug("LocRefContent = " + loc_ref_content); //$NON-NLS-1$
- log.debug("mime type = " + mime_type); //$NON-NLS-1$
- }
-
- String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEY_IDENTIFIER_REPLACE, sign_key_identifier);
- sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, loc_ref_content);
- sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, mime_type);
-
- log.debug("prepareSignRequestDetached finished."); //$NON-NLS-1$
- return sign_request_xml;
- }
-
- /**
- * @see at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector#analyzeSignResponse(java.util.Properties)
- */
- public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException
- {
- log.debug("analyzeSignResponse:"); //$NON-NLS-1$
-
- String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
- moaLog.debug("MOA-SS Response: " + response_string);
- BKUHelper.checkResponseForError(response_string);
-
- SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new DetachedLocRefMOAIdFormatter(), this.environment);
-
- log.debug("analyzeSignResponse finished."); //$NON-NLS-1$
- return so;
- }
-
- /**
- * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doSign(at.knowcenter.wag.egov.egiz.sig.SignatureData)
- */
- public SignSignatureObject doSign(SignatureData data) throws ConnectorException
- {
- log.debug("doSign:"); //$NON-NLS-1$
- String sign_request_xml = prepareSignRequest(data);
-// DebugHelper.debugStringToFile(sign_request_xml, "MOA_DetLocRef_sign_request.xml"); //$NON-NLS-1$
-
- String url = this.environment.getSignURL();
- Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_SIGN, sign_request_xml, data);
-
-// DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "MOA_DetLocRef_sign_response.xml"); //$NON-NLS-1$
- SignSignatureObject sso = analyzeSignResponse(response_properties);
-
- sso.response_properties = response_properties;
-
- log.debug("doSign finished."); //$NON-NLS-1$
- return sso;
- }
-
- /**
- * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doVerify(at.knowcenter.wag.egov.egiz.sig.SignatureData,
- * at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject)
- */
- public SignatureResponse doVerify(SignatureData data, SignSignatureObject so, XMLDsigData dsig) throws ConnectorException
- {
- log.debug("doVerify:"); //$NON-NLS-1$
-
- String verify_request_xml = prepareVerifyRequest(data, so, dsig);
- log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$
-
- String url = this.environment.getVerifyURL();
- Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_VERIFY, verify_request_xml, data);
-
- SignatureResponse signature_response = analyzeVerifyResponse(response_properties);
-
- log.debug("doVerify finished."); //$NON-NLS-1$
- return signature_response;
- }
-
- /**
- * Prepares the verify request xml to be sent using the verify request
- * template.
- *
- * @param data
- * The SignatureData.
- * @param so
- * The signature information object.
- * @return Returns the verify request xml to be sent.
- * @throws ConnectorException
- * f.e.
- */
- public String prepareVerifyRequest(SignatureData data, SignSignatureObject so, XMLDsigData dsigData) throws ConnectorException
- {
- String verify_request_template = this.environment.getVerifyRequestTemplate();
-
- String xml_content = null;
- if (dsigData != null && dsigData.getXmlDsig() != null)
- {
- xml_content = dsigData.getXmlDsig();
- }
- else
- {
- xml_content = chooseAndCreateXMLDsig(data, so);
- }
-
- // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
- // methods are regarded, backslashes in the replacement string may cause the results to be different than
- // if it were being treated as a literal replacement string.
-// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
- String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
- verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId());
- verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getSignatureDataUrl());
-
- String returnHashInputDataElement = "";
- if (this.params.isReturnHashInputData())
- {
- returnHashInputDataElement = RETURN_HASH_INPUT_DATA;
- }
- verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.RETURN_HASH_INPUT_DATA_REPLACE, returnHashInputDataElement);
-
- verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime()));
-
-
- log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n");
-
- return verify_request_xml;
- }
-
- private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException {
-
- // MOA
- if (SigKZIDHelper.isMOASigned(so)) {
- log.debug("MOA signature detected.");
- return prepareXMLContent(data, so);
-
- // MOCCA
- } else if (SigKZIDHelper.isMOCCASigned(so)) {
- log.debug("MOCCA signature detected.");
- String algorithmId = SigKZIDHelper.parseAlgorithmId(so.id);
- log.debug("Algorithm = " + algorithmId);
- LocRefDetachedMOCCAConnector mocca_connector = new LocRefDetachedMOCCAConnector(this.params, "not needed here", algorithmId);
- return mocca_connector.prepareXMLContent(data, so);
-
- // ATrust
- } else if (SigKZIDHelper.isATrustSigned(so)) {
- log.debug("A-Trust signature detected.");
- this.environment.reInitVerifyTemplate(ATRUST_VERIFY_TEMPLATE_KEY);
- return prepareXMLContent(data, so);
-
- // TD bku
- } else if (SigKZIDHelper.isBKUSigned(so)) {
- log.debug("TD bku signature detected.");
- DetachedBKUConnector bku_connector = new DetachedBKUConnector(this.params, "not needed here");
- return bku_connector.prepareXMLContent(data, so);
- } else {
- throw new ConnectorException(ErrorCode.UNSUPPORTED_SIGNATURE, "Unsupported signature (" + so.id + ", " +so.kz + "). Please get a new version of PDF-AS. Your version is: " + PdfAS.PDFAS_VERSION);
-
- }
- }
-
- /**
- * Analyzes the verify response string.
- *
- * @param response_properties
- * The response properties containing the response XML.
- * @return Returns the SignatureResponse containing the verification result.
- * @throws ConnectorException
- * f.e.
- */
- public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException
- {
- log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$
-
- String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
-
- BKUHelper.checkResponseForError(response_string);
-
- SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string);
-
- log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$
- return signature_response;
- }
-
- public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException
- {
- log.debug("prepareXMLContent:"); //$NON-NLS-1$
- try
- {
-
- String verify_xml = null;
- X509Certificate cert = so.getX509Certificate();
-
- // dferbas
- AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
- verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
-
-
- // data digest replace
- {
-// byte[] data_value = data.getData();
-// byte[] data_value_hash = CodingHelper.buildDigest(data_value);
- byte[] data_value_hash = CodingHelper.buildDigest(data.getDataSource(), algSuite.getDataDigestMethod());
- String object_data_hash = CodingHelper.encodeBase64(data_value_hash);
-
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash);
- }
-
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue());
-
- // X.509 Certificate replace
- byte[] der = cert.getEncoded();
- byte[] cert_hash = CodingHelper.buildDigest(der, algSuite.getCertDigestMethod());
- String certDigest = CodingHelper.encodeBase64(cert_hash);
- String x509_cert_string = CodingHelper.encodeBase64(der);
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string);
-
- // Qualified Properties replaces
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
- // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll)
- // methods are regarded, backslashes in the replacement string may cause the results to be different than
- // if it were being treated as a literal replacement string.
-// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
- verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
- // SigDataRefReplace already done above
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType());
-
- // Signed Properties hash
- {
- final String ETSI_SIGNED_PROPERTIES_START_TAG = "<etsi:SignedProperties"; //$NON-NLS-1$
- final String ETSI_SIGNED_PROPERTIES_END_TAG = "</etsi:SignedProperties>"; //$NON-NLS-1$
-
- final int hash_start = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_START_TAG);
- assert hash_start >= 0;
- final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length();
- assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0;
- assert hash_end > hash_start;
-
- final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end);
- log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
-
- final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
- byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, algSuite.getPropertiesDigestMethod());
- String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
-
- verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash);
- }
-
- log.debug("prepareXMLContent finished."); //$NON-NLS-1$
- return verify_xml;
- }
- catch (Exception e)
- {
- log.debug(e);
- throw new ConnectorException(310, e);
- }
- }
-
-
- protected Properties sendRequest(String url, String mode, String request_string, SignatureData data) throws ConnectorException
- {
- try
- {
-
-// Properties response_properties = MOASoapConnection.connectMOA(request_string, MOASoapConnection.SERVICE_SIGN, url);
- log.debug("Connecting to " + url);
- Properties response_properties = MOASoapConnection.doPostRequestMultipart(url,mode, request_string, data );
-
- return response_properties;
- }
- catch (Exception e)
- {
- throw new ConnectorException(330, e);
- }
- }
-
- public void reInitVerifyTemplate(String templatePropKey) throws ConnectorException {
- this.environment.reInitVerifyTemplate(templatePropKey);
- }
-
- /**
- * Holds environment configuration information like templates.
- *
- * @author wprinz
- */
- public static class Environment extends ConnectorEnvironment
- {
- /**
- * The configuration key of the sign keybox identifier.
- */
- protected static final String SIGN_KEY_IDENTIFIER_KEY = "moa.sign.KeyIdentifier"; //$NON-NLS-1$
-
- /**
- * The configuration key of the sign request template.
- */
- protected static final String SIGN_REQUEST_TEMPLATE_KEY = "moa.sign.request.detached"; //$NON-NLS-1$
-
- /**
- * The configuration key of the sign URL.
- */
- protected static final String SIGN_URL_KEY = "moa.sign.url"; //$NON-NLS-1$
-
- /**
- * MOA template file prefix
- */
- protected static final String TEMPLATE_FILE_PREFIX = "/templates/moa.";
-
- /**
- * signing file template sufix
- */
- protected static final String SIGN_TEMPLATE_FILE_SUFIX = ".sign.xml";
-
- /**
- * verifing template file sufix
- */
- protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml";
-
- /**
- * verifing file template key sufix
- */
- protected static final String VERIFY_TEMPLATE_SUFIX = ".verify.template.xml";
-
- /**
- * The configuration key of the verify request template.
- */
- protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "moa.verify.request.detached"; //$NON-NLS-1$
-
- /**
- * The configuration key of the verify template.
- */
- protected static final String VERIFY_TEMPLATE_KEY = "moa.verify.template.detached"; //$NON-NLS-1$
-
- /**
- * The configuration key of the verify URL.
- */
- protected static final String VERIFY_URL_KEY = "moa.verify.url"; //$NON-NLS-1$
-
- /**
- * The configuration key of the trust profile id.
- */
- protected static final String VERIFY_TRUST_PROFILE_ID = "moa.verify.TrustProfileID"; //$NON-NLS-1$
-
- /**
- * The configuration key for the ECDSA cert alg property.
- */
- protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$
-
- /**
- * The configuration key for the RSA cert alg property.
- */
- protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
-
- protected String profile = null;
-
- protected String signature_data_url = null;
-
- protected String sign_key_identifier = null;
-
- protected String sign_request_template = null;
-
- protected String sign_url = null;
-
- protected String verify_request_template = null;
-
- protected String verify_template = null;
-
- protected String verify_url = null;
-
- protected String verify_trust_profile_id = null;
-
- protected String cert_alg_ecdsa = null;
-
- protected String cert_alg_rsa = null;
-
-
- public void reInitVerifyTemplate(String templatePropKey) throws ConnectorException {
- SettingsReader settings = null;
- try
- {
- settings = SettingsReader.getInstance();
- }
- catch (SettingsException e)
- {
- throw new ConnectorException(300, e);
- }
-
- String verify_request_filename = getConnectorValueFromProfile(settings, this.profile, templatePropKey);
- this.verify_template = settings.readInternalResourceAsString(verify_request_filename);
-
- }
- /**
- * Initializes the environment with a given profile.
- *
- * @param profile
- * The configuration profile.
- * @throws SettingsException
- * f.e.
- * @throws ConnectorException
- * f.e.
- */
- public Environment(String profile, String signKeyIdentifier, String signature_data_url) throws ConnectorException
- {
- this.profile = profile;
-
- this.signature_data_url = signature_data_url;
-
- SettingsReader settings = null;
- try
- {
- settings = SettingsReader.getInstance();
- }
- catch (SettingsException e)
- {
- throw new ConnectorException(300, e);
- }
-
- if (signKeyIdentifier != null)
- {
- this.sign_key_identifier = signKeyIdentifier;
- }
- else
- {
- this.sign_key_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEY_IDENTIFIER_KEY);
- }
-
- String sign_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.moa.algorithm.id") + SIGN_TEMPLATE_FILE_SUFIX;
-
- // try to load template from file
- //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
- this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
-
- if (this.sign_request_template == null)
- {
- sign_request_filename = getConnectorValueFromProfile(settings, profile, SIGN_REQUEST_TEMPLATE_KEY);
- this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
- //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
- }
-
- //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
- if (this.sign_request_template == null)
- {
- throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the create xml request template"); //$NON-NLS-1$
- }
-
- this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY);
-
- String verify_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.moa.algorithm.id") + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX;
-
- // try to load template file for verifing
- //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
- this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
-
- if (this.verify_request_template == null)
- {
- verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY);
- //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
- this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
- }
-
- if (this.verify_request_template == null)
- {
- throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$
- }
-
- // load template key file
- String verify_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.moa.algorithm.id") + VERIFY_TEMPLATE_SUFIX;
- //this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
- this.verify_template = settings.readInternalResourceAsString(verify_filename);
-
- if (this.verify_template == null)
- {
- verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY);
- //this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
- this.verify_template = settings.readInternalResourceAsString(verify_filename);
- }
-
- if (this.verify_template == null)
- {
- throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template"); //$NON-NLS-1$
- }
-
- this.verify_url = getConnectorValueFromProfile(settings, profile, VERIFY_URL_KEY);
-
- this.verify_trust_profile_id = settings.getValueFromKey(VERIFY_TRUST_PROFILE_ID);
-
- this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY);
-
- this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY);
-
- }
-
- public String getProfile()
- {
- return this.profile;
- }
-
- /**
- * Returns the URL where to load the detached data from.
- *
- * @return Returns the URL where to load the detached data from.
- */
- public String getSignatureDataUrl()
- {
- return this.signature_data_url;
- }
-
- /**
- * Returns the sign key identifier.
- *
- * @return Returns the sign key identifier.
- */
- public String getSignKeyIdentifier()
- {
- return this.sign_key_identifier;
- }
-
- /**
- * Returns the sign request template.
- *
- * @return Returns the sign request template.
- */
- public String getSignRequestTemplate()
- {
- return this.sign_request_template;
- }
-
- /**
- * Returns the sign URL.
- *
- * @return Returns the sign URL.
- */
- public String getSignURL()
- {
- return this.sign_url;
- }
-
- /**
- * Returns the verify request template.
- *
- * @return Returns the verify request template.
- */
- public String getVerifyRequestTemplate()
- {
- return this.verify_request_template;
- }
-
- /**
- * Returns the verify template.
- *
- * @return Returns the verify template.
- */
- public String getVerifyTemplate()
- {
- return this.verify_template;
- }
-
- /**
- * Returns the verify URL.
- *
- * @return Returns the verify URL.
- */
- public String getVerifyURL()
- {
- return this.verify_url;
- }
-
- /**
- * Returns the verify trust profile id.
- *
- * @return Returns the verify trust profile id.
- */
- public String getVerifyTrustProfileId()
- {
- return this.verify_trust_profile_id;
- }
-
- /**
- * Returns the ecdsa cert alg property.
- *
- * @return Returns the ecdsa cert alg property.
- */
- public String getCertAlgEcdsa()
- {
- return this.cert_alg_ecdsa;
- }
-
- /**
- * Returns the rsa cert alg property.
- *
- * @return Returns the rsa cert alg property.
- */
- public String getCertAlgRsa()
- {
- return this.cert_alg_rsa;
- }
-
- /**
- * Reads the configuration entry given by the key, first from the given
- * profile, if not found from the defaults.
- *
- * @param settings
- * The settings.
- * @param profile
- * The profile.
- * @param key
- * The configuration key.
- * @return Returns the configuration entry.
- */
- public static String getConnectorValueFromProfile(SettingsReader settings, String profile, String key)
- {
- String value = settings.getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$
- if (value == null)
- {
- value = settings.getValueFromKey(key);
- }
- return value;
- }
-
- }
-
- public XMLDsigData reconstructXMLDsig(SignatureData data, SignSignatureObject so)
- throws ConnectorException {
- String xmldsig = chooseAndCreateXMLDsig(data, so);
- return new XMLDsigData(xmldsig, true);
- }
+public class MOASoapWithAttachmentConnector implements Connector {
+ // 23.11.2010 changed by exthex - added reconstructXMLDsig method and moved
+ // xmldsig creation to chooseAndCreateXMLDsig method
+ public static final String ATRUST_VERIFY_TEMPLATE_KEY = "atrust.verify.template.detached";
+ public static final String ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY = "atrust.xades14.verify.template.detached";
+
+ /**
+ * The SIG_ID prefix.
+ */
+ // public static final String SIG_ID_PREFIX = "etsi-bku-detached@"; //$NON-NLS-1$
+ /**
+ * The log.
+ */
+ private static Log log = LogFactory
+ .getLog(MOASoapWithAttachmentConnector.class);
+
+ private static Log moaLog = LogFactory
+ .getLog("at.knowcenter.wag.egov.egiz.sig.connectors.MOASSRepsonseLogger");
+
+ protected static final String MULTIPART_LOC_REF_CONTENT = "formdata:fileupload"; //$NON-NLS-1$
+
+ protected static final String RETURN_HASH_INPUT_DATA = "<ReturnHashInputData/>"; //$NON-NLS-1$
+
+ /**
+ * The connector parameters.
+ */
+ protected ConnectorParameters params = null;
+
+ /**
+ * The environemnt configuration of this connector containing templates and
+ * other configurable elements.
+ */
+ protected Environment environment = null;
+
+ /**
+ * Constructor that builds the configuration environment for this connector
+ * according to the given profile.
+ *
+ * <p>
+ * If confuguration parameters are not defined on that profile, the default
+ * parameters defined in the configuration are used.
+ * </p>
+ *
+ * @param connectorParameters
+ * The parameters for this connector.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public MOASoapWithAttachmentConnector(
+ ConnectorParameters connectorParameters) throws ConnectorException {
+ this.params = connectorParameters;
+ this.environment = new Environment(this.params.getProfileId(),
+ this.params.getSignatureKeyIdentifier(),
+ MULTIPART_LOC_REF_CONTENT);
+ }
+
+ protected String prepareSignRequest(SignatureData data)
+ throws ConnectorException {
+ log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$
+
+ String sign_request_template = this.environment
+ .getSignRequestTemplate();
+
+ String sign_key_identifier = this.environment.getSignKeyIdentifier();
+ String loc_ref_content = this.environment.getSignatureDataUrl();
+ String mime_type = data.getMimeType();
+ if (log.isDebugEnabled()) {
+ log.debug("sign keybox identifier = " + sign_key_identifier); //$NON-NLS-1$
+ log.debug("LocRefContent = " + loc_ref_content); //$NON-NLS-1$
+ log.debug("mime type = " + mime_type); //$NON-NLS-1$
+ }
+
+ String sign_request_xml = sign_request_template.replaceFirst(
+ TemplateReplaces.KEY_IDENTIFIER_REPLACE, sign_key_identifier);
+ sign_request_xml = sign_request_xml.replaceFirst(
+ TemplateReplaces.LOC_REF_CONTENT_REPLACE, loc_ref_content);
+ sign_request_xml = sign_request_xml.replaceFirst(
+ TemplateReplaces.MIME_TYPE_REPLACE, mime_type);
+
+ log.debug("prepareSignRequestDetached finished."); //$NON-NLS-1$
+ return sign_request_xml;
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector#analyzeSignResponse(java.util.Properties)
+ */
+ public SignSignatureObject analyzeSignResponse(
+ Properties response_properties) throws ConnectorException {
+ log.debug("analyzeSignResponse:"); //$NON-NLS-1$
+
+ String response_string = response_properties
+ .getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
+ moaLog.debug("MOA-SS Response: " + response_string);
+ BKUHelper.checkResponseForError(response_string);
+
+ SignSignatureObject so = MOAHelper.parseCreateXMLResponse(
+ response_string, new DetachedLocRefMOAIdFormatter(),
+ this.environment);
+
+ log.debug("analyzeSignResponse finished."); //$NON-NLS-1$
+ return so;
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doSign(at.knowcenter.wag.egov.egiz.sig.SignatureData)
+ */
+ public SignSignatureObject doSign(SignatureData data)
+ throws ConnectorException {
+ log.debug("doSign:"); //$NON-NLS-1$
+ String sign_request_xml = prepareSignRequest(data);
+ // DebugHelper.debugStringToFile(sign_request_xml, "MOA_DetLocRef_sign_request.xml"); //$NON-NLS-1$
+
+ String url = this.environment.getSignURL();
+ Properties response_properties = sendRequest(url,
+ MOASoapConnection.SERVICE_SIGN, sign_request_xml, data);
+
+ // DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "MOA_DetLocRef_sign_response.xml"); //$NON-NLS-1$
+ SignSignatureObject sso = analyzeSignResponse(response_properties);
+
+ sso.response_properties = response_properties;
+
+ log.debug("doSign finished."); //$NON-NLS-1$
+ return sso;
+ }
+
+ /**
+ * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doVerify(at.knowcenter.wag.egov.egiz.sig.SignatureData,
+ * at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject)
+ */
+ public SignatureResponse doVerify(SignatureData data,
+ SignSignatureObject so, XMLDsigData dsig) throws ConnectorException {
+ log.debug("doVerify:"); //$NON-NLS-1$
+
+ String verify_request_xml = prepareVerifyRequest(data, so, dsig);
+ log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$
+
+ String url = this.environment.getVerifyURL();
+ Properties response_properties = sendRequest(url,
+ MOASoapConnection.SERVICE_VERIFY, verify_request_xml, data);
+
+ SignatureResponse signature_response = analyzeVerifyResponse(response_properties);
+
+ log.debug("doVerify finished."); //$NON-NLS-1$
+ return signature_response;
+ }
+
+ /**
+ * Prepares the verify request xml to be sent using the verify request
+ * template.
+ *
+ * @param data
+ * The SignatureData.
+ * @param so
+ * The signature information object.
+ * @return Returns the verify request xml to be sent.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public String prepareVerifyRequest(SignatureData data,
+ SignSignatureObject so, XMLDsigData dsigData)
+ throws ConnectorException {
+ String verify_request_template = this.environment
+ .getVerifyRequestTemplate();
+
+ String xml_content = null;
+ if (dsigData != null && dsigData.getXmlDsig() != null) {
+ xml_content = dsigData.getXmlDsig();
+ } else {
+ xml_content = chooseAndCreateXMLDsig(data, so);
+ }
+
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As far
+ // as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may cause
+ // the results to be different than
+ // if it were being treated as a literal replacement string.
+ // String verify_request_xml =
+ // verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE,
+ // xml_content);
+ String verify_request_xml = verify_request_template.replace(
+ TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
+ verify_request_xml = verify_request_xml.replaceFirst(
+ TemplateReplaces.TRUST_PROFILE_ID_REPLACE,
+ this.environment.getVerifyTrustProfileId());
+ verify_request_xml = verify_request_xml.replaceFirst(
+ TemplateReplaces.LOC_REF_CONTENT_REPLACE,
+ this.environment.getSignatureDataUrl());
+
+ String returnHashInputDataElement = "";
+ if (this.params.isReturnHashInputData()) {
+ returnHashInputDataElement = RETURN_HASH_INPUT_DATA;
+ }
+ verify_request_xml = verify_request_xml.replaceFirst(
+ TemplateReplaces.RETURN_HASH_INPUT_DATA_REPLACE,
+ returnHashInputDataElement);
+
+ verify_request_xml = verify_request_xml
+ .replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper
+ .formDateTimeElement(this.params.getVerificationTime()));
+
+ log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n");
+
+ return verify_request_xml;
+ }
+
+ private String chooseAndCreateXMLDsig(SignatureData data,
+ SignSignatureObject so) throws ConnectorException {
+
+ // MOA
+ if (SigKZIDHelper.isMOASigned(so)) {
+ log.debug("MOA signature detected.");
+ return prepareXMLContent(data, so);
+ } else if (SigKZIDHelper.isMOAXAdES14Signed(so)) {
+ log.debug("The signature is MOA XAdES 1.4 signed -> getting XML content from DetachedLocRefMOA connector.");
+ DetachedLocRefMOAConnector moa_conn = new DetachedLocRefMOAConnector(
+ this.environment.getProfile(), "loc ref not needed here");
+ return moa_conn.prepareXMLContent(data, so);
+ // ATRUST
+ // MOCCA
+ } else if (SigKZIDHelper.isMOCCASigned(so)) {
+ log.debug("MOCCA signature detected.");
+ String algorithmId = SigKZIDHelper.parseAlgorithmId(so.id);
+ log.debug("Algorithm = " + algorithmId);
+ LocRefDetachedMOCCAConnector mocca_connector = new LocRefDetachedMOCCAConnector(
+ this.params, "not needed here", algorithmId);
+ return mocca_connector.prepareXMLContent(data, so);
+
+ // ATrust
+ } else if (SigKZIDHelper.isATrustSigned(so)) {
+ log.debug("A-Trust signature detected.");
+ this.environment.reInitVerifyTemplate(ATRUST_VERIFY_TEMPLATE_KEY);
+ return prepareXMLContent(data, so);
+ } else if (SigKZIDHelper.isATrustX14Signed(so)) {
+ log.debug("ATrust Xades 1.4 signature detected");
+ MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(
+ this.params);
+ moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY);
+ return moaConn.prepareXMLContent(data, so);
+ // TD bku
+ } else if (SigKZIDHelper.isBKUSigned(so)) {
+ log.debug("TD bku signature detected.");
+ DetachedBKUConnector bku_connector = new DetachedBKUConnector(
+ this.params, "not needed here");
+ return bku_connector.prepareXMLContent(data, so);
+ } else {
+ throw new ConnectorException(
+ ErrorCode.UNSUPPORTED_SIGNATURE,
+ "Unsupported signature ("
+ + so.id
+ + ", "
+ + so.kz
+ + "). Please get a new version of PDF-AS. Your version is: "
+ + PdfAS.PDFAS_VERSION);
+
+ }
+ }
+
+ /**
+ * Analyzes the verify response string.
+ *
+ * @param response_properties
+ * The response properties containing the response XML.
+ * @return Returns the SignatureResponse containing the verification result.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public SignatureResponse analyzeVerifyResponse(
+ Properties response_properties) throws ConnectorException {
+ log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$
+
+ String response_string = response_properties
+ .getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
+ moaLog.debug("MOA-SS Response: " + response_string);
+ BKUHelper.checkResponseForError(response_string);
+
+ SignatureResponse signature_response = BKUHelper
+ .parseVerifyXMLResponse(response_string);
+
+ log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$
+ return signature_response;
+ }
+
+ public String prepareXMLContent(SignatureData data, SignSignatureObject so)
+ throws ConnectorException {
+ log.debug("prepareXMLContent:"); //$NON-NLS-1$
+ try {
+
+ String verify_xml = null;
+ X509Certificate cert = so.getX509Certificate();
+
+ // dferbas
+ AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
+ verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite,
+ this.environment, so);
+
+ // data digest replace
+ {
+ // byte[] data_value = data.getData();
+ // byte[] data_value_hash =
+ // CodingHelper.buildDigest(data_value);
+ byte[] data_value_hash = CodingHelper.buildDigest(
+ data.getDataSource(), algSuite.getDataDigestMethod());
+ String object_data_hash = CodingHelper
+ .encodeBase64(data_value_hash);
+
+ verify_xml = verify_xml.replaceFirst(
+ TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE,
+ object_data_hash);
+ }
+
+ verify_xml = verify_xml.replaceFirst(
+ TemplateReplaces.SIGNATURE_VALUE_REPLACE,
+ so.getSignatureValue());
+
+ // X.509 Certificate replace
+ byte[] der = cert.getEncoded();
+ byte[] cert_hash = CodingHelper.buildDigest(der,
+ algSuite.getCertDigestMethod());
+ String certDigest = CodingHelper.encodeBase64(cert_hash);
+ String x509_cert_string = CodingHelper.encodeBase64(der);
+ verify_xml = verify_xml
+ .replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE,
+ x509_cert_string);
+
+ // Qualified Properties replaces
+ verify_xml = verify_xml.replaceFirst(
+ TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
+ verify_xml = verify_xml.replaceFirst(
+ TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE,
+ certDigest);
+ // fixed by dti: Issuer names may contain escapted commas ("\,"). As
+ // far as replaceFirst (and replaceAll)
+ // methods are regarded, backslashes in the replacement string may
+ // cause the results to be different than
+ // if it were being treated as a literal replacement string.
+ // verify_xml =
+ // verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE,
+ // so.getIssuer());
+ verify_xml = verify_xml.replace(
+ TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
+ verify_xml = verify_xml.replaceFirst(
+ TemplateReplaces.X509_SERIAL_NUMBER_REPLACE,
+ so.getSerialNumber());
+ // SigDataRefReplace already done above
+ verify_xml = verify_xml.replaceFirst(
+ TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType());
+
+ // Signed Properties hash
+ {
+ final String ETSI_SIGNED_PROPERTIES_START_TAG = "<etsi:SignedProperties"; //$NON-NLS-1$
+ final String ETSI_SIGNED_PROPERTIES_END_TAG = "</etsi:SignedProperties>"; //$NON-NLS-1$
+
+ final int hash_start = verify_xml
+ .indexOf(ETSI_SIGNED_PROPERTIES_START_TAG);
+ assert hash_start >= 0;
+ final int hash_end = verify_xml.indexOf(
+ ETSI_SIGNED_PROPERTIES_END_TAG, hash_start)
+ + ETSI_SIGNED_PROPERTIES_END_TAG.length();
+ assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0;
+ assert hash_end > hash_start;
+
+ final String string_to_be_hashed = verify_xml.substring(
+ hash_start, hash_end);
+ log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
+
+ final byte[] bytes_to_be_hashed = string_to_be_hashed
+ .getBytes("UTF-8"); //$NON-NLS-1$
+ byte[] sig_prop_code = CodingHelper.buildDigest(
+ bytes_to_be_hashed,
+ algSuite.getPropertiesDigestMethod());
+ String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
+
+ verify_xml = verify_xml
+ .replaceFirst(
+ TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE,
+ sig_prop_hash);
+ }
+
+ log.debug("prepareXMLContent finished."); //$NON-NLS-1$
+ return verify_xml;
+ } catch (Exception e) {
+ log.debug(e);
+ throw new ConnectorException(310, e);
+ }
+ }
+
+ protected Properties sendRequest(String url, String mode,
+ String request_string, SignatureData data)
+ throws ConnectorException {
+ try {
+
+ // Properties response_properties =
+ // MOASoapConnection.connectMOA(request_string,
+ // MOASoapConnection.SERVICE_SIGN, url);
+ log.debug("Connecting to " + url);
+ moaLog.debug("MOA-SS Request: " + request_string);
+ Properties response_properties = MOASoapConnection
+ .doPostRequestMultipart(url, mode, request_string, data);
+
+ return response_properties;
+ } catch (Exception e) {
+ throw new ConnectorException(330, e);
+ }
+ }
+
+ public void reInitVerifyTemplate(String templatePropKey)
+ throws ConnectorException {
+ this.environment.reInitVerifyTemplate(templatePropKey);
+ }
+
+ /**
+ * Holds environment configuration information like templates.
+ *
+ * @author wprinz
+ */
+ public static class Environment extends ConnectorEnvironment {
+ /**
+ * The configuration key of the sign keybox identifier.
+ */
+ protected static final String SIGN_KEY_IDENTIFIER_KEY = "moa.sign.KeyIdentifier"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the sign request template.
+ */
+ protected static final String SIGN_REQUEST_TEMPLATE_KEY = "moa.sign.request.detached"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the sign URL.
+ */
+ protected static final String SIGN_URL_KEY = "moa.sign.url"; //$NON-NLS-1$
+
+ /**
+ * MOA template file prefix
+ */
+ protected static final String TEMPLATE_FILE_PREFIX = "/templates/moa.";
+
+ /**
+ * signing file template sufix
+ */
+ protected static final String SIGN_TEMPLATE_FILE_SUFIX = ".sign.xml";
+
+ /**
+ * verifing template file sufix
+ */
+ protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml";
+
+ /**
+ * verifing file template key sufix
+ */
+ protected static final String VERIFY_TEMPLATE_SUFIX = ".verify.template.xml";
+
+ /**
+ * The configuration key of the verify request template.
+ */
+ protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "moa.verify.request.detached"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the verify template.
+ */
+ protected static final String VERIFY_TEMPLATE_KEY = "moa.verify.template.detached"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the verify URL.
+ */
+ protected static final String VERIFY_URL_KEY = "moa.verify.url"; //$NON-NLS-1$
+
+ /**
+ * The configuration key of the trust profile id.
+ */
+ protected static final String VERIFY_TRUST_PROFILE_ID = "moa.verify.TrustProfileID"; //$NON-NLS-1$
+
+ /**
+ * The configuration key for the ECDSA cert alg property.
+ */
+ protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$
+
+ /**
+ * The configuration key for the RSA cert alg property.
+ */
+ protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
+
+ protected String profile = null;
+
+ protected String signature_data_url = null;
+
+ protected String sign_key_identifier = null;
+
+ protected String sign_request_template = null;
+
+ protected String sign_url = null;
+
+ protected String verify_request_template = null;
+
+ protected String verify_template = null;
+
+ protected String verify_url = null;
+
+ protected String verify_trust_profile_id = null;
+
+ protected String cert_alg_ecdsa = null;
+
+ protected String cert_alg_rsa = null;
+
+ public void reInitVerifyTemplate(String templatePropKey)
+ throws ConnectorException {
+ SettingsReader settings = null;
+ try {
+ settings = SettingsReader.getInstance();
+ } catch (SettingsException e) {
+ throw new ConnectorException(300, e);
+ }
+
+ String verify_request_filename = getConnectorValueFromProfile(
+ settings, this.profile, templatePropKey);
+ this.verify_template = settings
+ .readInternalResourceAsString(verify_request_filename);
+
+ }
+
+ /**
+ * Initializes the environment with a given profile.
+ *
+ * @param profile
+ * The configuration profile.
+ * @throws SettingsException
+ * f.e.
+ * @throws ConnectorException
+ * f.e.
+ */
+ public Environment(String profile, String signKeyIdentifier,
+ String signature_data_url) throws ConnectorException {
+ this.profile = profile;
+
+ this.signature_data_url = signature_data_url;
+
+ SettingsReader settings = null;
+ try {
+ settings = SettingsReader.getInstance();
+ } catch (SettingsException e) {
+ throw new ConnectorException(300, e);
+ }
+
+ if (signKeyIdentifier != null) {
+ this.sign_key_identifier = signKeyIdentifier;
+ } else {
+ this.sign_key_identifier = getConnectorValueFromProfile(
+ settings, profile, SIGN_KEY_IDENTIFIER_KEY);
+ }
+
+ String sign_request_filename = TEMPLATE_FILE_PREFIX
+ + settings.getValueFromKey("default.moa.algorithm.id")
+ + SIGN_TEMPLATE_FILE_SUFIX;
+
+ // try to load template from file
+ // this.sign_request_template =
+ // FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
+ this.sign_request_template = settings
+ .readInternalResourceAsString(sign_request_filename);
+
+ if (this.sign_request_template == null) {
+ sign_request_filename = getConnectorValueFromProfile(settings,
+ profile, SIGN_REQUEST_TEMPLATE_KEY);
+ this.sign_request_template = settings
+ .readInternalResourceAsString(sign_request_filename);
+ // this.sign_request_template =
+ // FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
+ }
+
+ // this.sign_request_template =
+ // FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
+ if (this.sign_request_template == null) {
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND,
+ "Can not read the create xml request template"); //$NON-NLS-1$
+ }
+
+ this.sign_url = getConnectorValueFromProfile(settings, profile,
+ SIGN_URL_KEY);
+
+ String verify_request_filename = TEMPLATE_FILE_PREFIX
+ + settings.getValueFromKey("default.moa.algorithm.id")
+ + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX;
+
+ // try to load template file for verifing
+ // this.verify_request_template =
+ // FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
+ this.verify_request_template = settings
+ .readInternalResourceAsString(verify_request_filename);
+
+ if (this.verify_request_template == null) {
+ verify_request_filename = getConnectorValueFromProfile(
+ settings, profile, VERIFY_REQUEST_TEMPLATE_KEY);
+ // this.verify_request_template =
+ // FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
+ this.verify_request_template = settings
+ .readInternalResourceAsString(verify_request_filename);
+ }
+
+ if (this.verify_request_template == null) {
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND,
+ "Can not read the verify xml request template"); //$NON-NLS-1$
+ }
+
+ // load template key file
+ String verify_filename = TEMPLATE_FILE_PREFIX
+ + settings.getValueFromKey("default.moa.algorithm.id")
+ + VERIFY_TEMPLATE_SUFIX;
+ // this.verify_template =
+ // FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
+ this.verify_template = settings
+ .readInternalResourceAsString(verify_filename);
+
+ if (this.verify_template == null) {
+ verify_filename = getConnectorValueFromProfile(settings,
+ profile, VERIFY_TEMPLATE_KEY);
+ // this.verify_template =
+ // FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
+ this.verify_template = settings
+ .readInternalResourceAsString(verify_filename);
+ }
+
+ if (this.verify_template == null) {
+ throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND,
+ "Can not read the verify template"); //$NON-NLS-1$
+ }
+
+ this.verify_url = getConnectorValueFromProfile(settings, profile,
+ VERIFY_URL_KEY);
+
+ this.verify_trust_profile_id = settings
+ .getValueFromKey(VERIFY_TRUST_PROFILE_ID);
+
+ this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY);
+
+ this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY);
+
+ }
+
+ public String getProfile() {
+ return this.profile;
+ }
+
+ /**
+ * Returns the URL where to load the detached data from.
+ *
+ * @return Returns the URL where to load the detached data from.
+ */
+ public String getSignatureDataUrl() {
+ return this.signature_data_url;
+ }
+
+ /**
+ * Returns the sign key identifier.
+ *
+ * @return Returns the sign key identifier.
+ */
+ public String getSignKeyIdentifier() {
+ return this.sign_key_identifier;
+ }
+
+ /**
+ * Returns the sign request template.
+ *
+ * @return Returns the sign request template.
+ */
+ public String getSignRequestTemplate() {
+ return this.sign_request_template;
+ }
+
+ /**
+ * Returns the sign URL.
+ *
+ * @return Returns the sign URL.
+ */
+ public String getSignURL() {
+ return this.sign_url;
+ }
+
+ /**
+ * Returns the verify request template.
+ *
+ * @return Returns the verify request template.
+ */
+ public String getVerifyRequestTemplate() {
+ return this.verify_request_template;
+ }
+
+ /**
+ * Returns the verify template.
+ *
+ * @return Returns the verify template.
+ */
+ public String getVerifyTemplate() {
+ return this.verify_template;
+ }
+
+ /**
+ * Returns the verify URL.
+ *
+ * @return Returns the verify URL.
+ */
+ public String getVerifyURL() {
+ return this.verify_url;
+ }
+
+ /**
+ * Returns the verify trust profile id.
+ *
+ * @return Returns the verify trust profile id.
+ */
+ public String getVerifyTrustProfileId() {
+ return this.verify_trust_profile_id;
+ }
+
+ /**
+ * Returns the ecdsa cert alg property.
+ *
+ * @return Returns the ecdsa cert alg property.
+ */
+ public String getCertAlgEcdsa() {
+ return this.cert_alg_ecdsa;
+ }
+
+ /**
+ * Returns the rsa cert alg property.
+ *
+ * @return Returns the rsa cert alg property.
+ */
+ public String getCertAlgRsa() {
+ return this.cert_alg_rsa;
+ }
+
+ /**
+ * Reads the configuration entry given by the key, first from the given
+ * profile, if not found from the defaults.
+ *
+ * @param settings
+ * The settings.
+ * @param profile
+ * The profile.
+ * @param key
+ * The configuration key.
+ * @return Returns the configuration entry.
+ */
+ public static String getConnectorValueFromProfile(
+ SettingsReader settings, String profile, String key) {
+ String value = settings
+ .getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$
+ if (value == null) {
+ value = settings.getValueFromKey(key);
+ }
+ return value;
+ }
+
+ }
+
+ public XMLDsigData reconstructXMLDsig(SignatureData data,
+ SignSignatureObject so) throws ConnectorException {
+ String xmldsig = chooseAndCreateXMLDsig(data, so);
+ return new XMLDsigData(xmldsig, true);
+ }
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java
index a83540b..3c67d54 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java
@@ -42,6 +42,8 @@ public class DetachedLocRefMOAIdFormatter implements IdFormatter
*/
public static String SIG_ID_PREFIX = "etsi-bka-moa-1.0"; //$NON-NLS-1$
+ public static String SIG_ID_X14_PREFIX = "etsi-bka-moa-1.1"; //$NON-NLS-1$
+
private static final Logger logger_ = ConfigLogger.getLogger(DetachedLocRefMOAIdFormatter.class);
/**
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedMOCIdFormatter.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedMOCIdFormatter.java
index 1ba7916..c6c8a9c 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedMOCIdFormatter.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedMOCIdFormatter.java
@@ -70,7 +70,9 @@ public class DetachedMOCIdFormatter implements IdFormatter {
if (algorithmParams != null && algorithmParams.length() > 0) {
formattedIds.append(":").append(algorithmParams);
}
- formattedIds.append("@").append(ids[0]);
+ if(ids[0] != null) {
+ formattedIds.append("@").append(ids[0]);
+ }
return formattedIds.toString();
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java
index 03bf931..87d3aae 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java
@@ -43,6 +43,7 @@ import at.knowcenter.wag.egov.egiz.framework.SignatorFactory;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedLocRefMOAIdFormatter;
import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustXades14SignatureLayoutHandler;
/**
* @author wprinz
@@ -100,9 +101,39 @@ public final class SigKZIDHelper
{
return true;
}
+
return false;
}
+ public static boolean isMOAXAdES14Signed(PdfASID sig_kz, String sig_id)
+ {
+ if (sig_kz == null || sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0))
+ {
+ // old signature - if sig_id is null this means MOA
+
+ return sig_id == null;
+ }
+
+ // According to the specification no signature parameter means MOA signature.
+ // Fixed: empty ("") or blank (" "), non-null signature parameter should also be regarded as "no signature parameter"
+// if (sig_id != null)
+ if (StringUtils.isBlank(sig_id))
+ return true;
+
+ // new signature - sig_id decides
+ String [] ids = sig_id.split("@");
+ // dferbas
+ String prefix = (ids[0].split(":"))[0];
+
+
+ if (prefix.equals(DetachedLocRefMOAIdFormatter.SIG_ID_X14_PREFIX))
+ {
+ return true;
+ }
+
+ return false;
+ }
+
public static boolean isMOASigned(SignSignatureObject so)
{
String sig_kz = so.kz;
@@ -122,6 +153,26 @@ public final class SigKZIDHelper
return isMOASigned(kz, sig_id);
}
+
+ public static boolean isMOAXAdES14Signed(SignSignatureObject so)
+ {
+ String sig_kz = so.kz;
+ String sig_id = so.id;
+ PdfASID kz = null;
+ if (sig_kz != null)
+ {
+ try
+ {
+ kz = new PdfASID(sig_kz);
+ }
+ catch (InvalidIDException e)
+ {
+ logger.error(e.getMessage(), e);
+ }
+ }
+
+ return isMOAXAdES14Signed(kz, sig_id);
+ }
/**
* @author tknall
@@ -246,6 +297,14 @@ public final class SigKZIDHelper
}
return sig_id.startsWith("etsi-bka-atrust-1.0");
}
+
+ public static boolean isATrustX14Signed(SignSignatureObject so) {
+ String sig_id = so.id;
+ if (sig_id == null && StringUtils.isEmpty(sig_id)) {
+ return false;
+ }
+ return sig_id.startsWith(ATrustXades14SignatureLayoutHandler.ETSI_BKA_ATRUST_1_2);
+ }
/**
* Checks if signed with a known BKU method/param
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java
index 07a7792..283eb85 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java
@@ -79,6 +79,9 @@ public class SignatureLayoutHandlerFactory {
if (bkuIdentifier == null) {
throw new SettingsException(ErrorCode.MISSING_HEADER_SERVER_USER_AGENT, "Unable to determine type of citizen card environment. Response header \"Server\" resp. \"user-agent\" is missing. Refer to security layer specification 1.2.2, section 3.3.2.");
}
+
+ log.debug("Trying to get SignatureLayoutHandler for \"" + bkuIdentifier + "\".");
+
SignatureLayoutHandler signatureLayoutHandler = (SignatureLayoutHandler) instances.get(bkuIdentifier);
if (signatureLayoutHandler == null) {
@@ -127,6 +130,8 @@ public class SignatureLayoutHandlerFactory {
log.debug("SignatureLayoutHandler successfully instantiated.");
instances.put(bkuIdentifier, signatureLayoutHandler);
} else {
+ log.debug("SignatureLayoutHandler has already been instantiated. Class: \"" +
+ signatureLayoutHandler.getClass().getName() + "\"");
log.trace("SignatureLayoutHandler has already been instantiated. Returning old instance.");
}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustSignatureLayoutHandler.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustSignatureLayoutHandler.java
index b7cf72b..d0eb964 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustSignatureLayoutHandler.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustSignatureLayoutHandler.java
@@ -27,6 +27,7 @@ import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment;
import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
import at.knowcenter.wag.egov.egiz.sig.connectors.moa.MOAHelper;
+import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.MOCCAHelper;
import at.knowcenter.wag.egov.egiz.sig.sigid.SimpleIdFormatter;
import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandler;
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java
new file mode 100644
index 0000000..2184a5c
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java
@@ -0,0 +1,24 @@
+package at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust;
+
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.connectors.moa.MOAHelper;
+import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.MOCCAHelper;
+import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedMOCIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.sigid.SimpleIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandler;
+
+public class ATrustXades14SignatureLayoutHandler implements
+ SignatureLayoutHandler {
+
+ public static final String ETSI_BKA_ATRUST_1_2 = "etsi-bka-atrust-1.2";
+
+ public SignSignatureObject parseCreateXMLSignatureResponse(
+ String xmlResponse, ConnectorEnvironment env)
+ throws ConnectorException {
+ return MOCCAHelper.parseCreateXMLResponse(xmlResponse,
+ new DetachedMOCIdFormatter(ETSI_BKA_ATRUST_1_2), env);
+ }
+
+}
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java
index eebe127..1e22838 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java
@@ -203,6 +203,19 @@ public class CodingHelper
}
}
+ public static String encodeBase64PEM(byte[] plainString) {
+ String base64String = encodeBase64(plainString);
+ StringBuilder sb = new StringBuilder();
+ while(base64String.length() > 64) {
+ String part = base64String.substring(0, 64);
+ sb.append(part);
+ sb.append("\n");
+ base64String = base64String.substring(64);
+ }
+ sb.append(base64String);
+ return sb.toString();
+ }
+
// dferbas
/**
* This method builds an hash value of a given byte array.
diff --git a/pdf-as-lib/src/main/resources/config/pdf-as.properties b/pdf-as-lib/src/main/resources/config/pdf-as.properties
index a293b85..fce8664 100644
--- a/pdf-as-lib/src/main/resources/config/pdf-as.properties
+++ b/pdf-as-lib/src/main/resources/config/pdf-as.properties
@@ -14,7 +14,8 @@ cert.alg.ecdsa=http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
default.bku.algorithm.id=etsi-bka-1.0
# MOA Algorithm - Kennzeichnung
-default.moa.algorithm.id=etsi-bka-moa-1.0
+default.moa.algorithm.id=etsi-bka-moa-1.1
+#default.moa.algorithm.id=etsi-moc-1.2
# MOCCA Algorithm - Kennzeichnung
default.moc.algorithm.id=etsi-moc-1.0
@@ -43,7 +44,7 @@ signaturelayout.implementation.tdb=at.knowcenter.wag.egov.egiz.sig.signaturelayo
# signature layouts for supported A-Trust CCS
-signaturelayout.pattern.atrustlocal=^citizen-card-environment/1\\.2 asignSecurityLayer/((1\\.3\\.3)|(1\\.4\\.[1-3]))$
+signaturelayout.pattern.atrustlocal=^citizen-card-environment/1\\.2 asignSecurityLayer/((1\\.3\\.3)|(1\\.4\\.[1-5]))$
signaturelayout.implementation.atrustlocal=at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustSignatureLayoutHandler
# A-Trust Mobile BKU 1.1.0
@@ -58,6 +59,15 @@ signaturelayout.implementation.atrustmobiletest=at.knowcenter.wag.egov.egiz.sig.
signaturelayout.pattern.atrustmobilebridge=^Microsoft-IIS/6\\.0$
signaturelayout.implementation.atrustmobilebridge=at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustSignatureLayoutHandler
+# A-Trust Mobile with XAdES 1.4 support
+# TODO: Change pattern!
+signaturelayout.pattern.atrusthandyx14=^citizen-card-environment/1\\.2 atrustHandyBku/1\\.1\\.0-X14$
+signaturelayout.implementation.atrusthandyx14=at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustXades14SignatureLayoutHandler
+signaturelayout.pattern.atrustmobilex14=^citizen-card-environment/1\\.2 asignMobileBku/1\\.1\\.0-X14$
+signaturelayout.implementation.atrustmobilex14=at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustXades14SignatureLayoutHandler
+signaturelayout.pattern.atrustlocalx14=^citizen-card-environment/1\\.2 asignSecurityLayer/((1\\.3\\.3)|(1\\.4\\.[1-9]))-X14$
+signaturelayout.implementation.atrustlocalx14=at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustXades14SignatureLayoutHandler
+
#############################################
# Signaturdienste
@@ -119,6 +129,7 @@ moa.verify.template.detached=/templates/default.moa.verify.template.detached.xml
# atrust verify template files
atrust.verify.template.detached=/templates/etsi-bka-atrust-1.0.verify.template.detached.xml
+atrust.xades14.verify.template.detached=/templates/etsi-bka-atrust-1.2.verify.template.detached.xml
#############################################
# Responsemeldungen der Signaturdienste
diff --git a/pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml b/pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml
new file mode 100644
index 0000000..eba8ebb
--- /dev/null
+++ b/pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1-1"><dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="CertAlgReplace"/><dsig:Reference Id="reference-1-1" URI="urn:Document"><dsig:DigestMethod Algorithm="DataDigestReplace"/><dsig:DigestValue>DigestValueSignedDataReplace</dsig:DigestValue></dsig:Reference><dsig:Reference Id="etsi-data-reference-1-1" Type="http://uri.etsi.org/01903#SignedProperties" URI="#etsi-signedproperties-1-1"><dsig:DigestMethod Algorithm="PropertiesDigestReplace"/><dsig:DigestValue>DigestValueSignedPropertiesReplace</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue Id="signaturevalue-1-1">SignatureValueReplace</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>X509CertificateReplace</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#" Target="#signature-1-1"><etsi:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#" Id="etsi-signedproperties-1-1"><etsi:SignedSignatureProperties><etsi:SigningTime>SigningTimeReplace</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><dsig:DigestMethod Algorithm="CertDigestReplace"></dsig:DigestMethod><dsig:DigestValue>DigestValueX509CertificateReplace</dsig:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>X509IssuerNameReplace</dsig:X509IssuerName><dsig:X509SerialNumber>X509SerialNumberReplace</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied></etsi:SignaturePolicyImplied></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>MimeTypeReplace</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/pdf-as-lib/src/main/resources/config/templates/moa.etsi-bka-moa-1.1.verify.template.xml b/pdf-as-lib/src/main/resources/config/templates/moa.etsi-bka-moa-1.1.verify.template.xml
new file mode 100644
index 0000000..9377bdf
--- /dev/null
+++ b/pdf-as-lib/src/main/resources/config/templates/moa.etsi-bka-moa-1.1.verify.template.xml
@@ -0,0 +1 @@
+<dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="CertAlgReplace"/><dsig:Reference Id="reference-1-1" URI="urn:Document"><dsig:DigestMethod Algorithm="DataDigestReplace"/><dsig:DigestValue>DigestValueSignedDataReplace</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#etsi-signed-1-1"><dsig:DigestMethod Algorithm="PropertiesDigestReplace"/><dsig:DigestValue>DigestValueSignedPropertiesReplace</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>SignatureValueReplace</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>X509CertificateReplace</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><etsi:QualifyingProperties xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#" Target="#signature-1-1"><etsi:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#" Id="etsi-signed-1-1"><etsi:SignedSignatureProperties><etsi:SigningTime>SigningTimeReplace</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><dsig:DigestMethod Algorithm="CertDigestReplace"></dsig:DigestMethod><dsig:DigestValue>DigestValueX509CertificateReplace</dsig:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>X509IssuerNameReplace</dsig:X509IssuerName><dsig:X509SerialNumber>X509SerialNumberReplace</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied></etsi:SignaturePolicyImplied></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>MimeTypeReplace</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> \ No newline at end of file