aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/at/knowcenter
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/at/knowcenter')
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java2
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java6
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java11
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java3
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java1
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java7
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java61
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java2
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java1
-rw-r--r--src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java11
10 files changed, 88 insertions, 17 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java
index 424aad1..59c6b93 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java
@@ -100,7 +100,7 @@ public abstract class PdfAS
* The current version of the pdf-as library. This version string is logged on every invocation
* of the api or the web application.
*/
- public static final String PDFAS_VERSION = "3.1.1-snapshot (20100408)";
+ public static final String PDFAS_VERSION = "3.1.1-snapshot (20100812)";
/**
* The key of the strict mode setting.
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java b/src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java
index 7e4b9c0..79591bd 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/PdfASID.java
@@ -90,17 +90,17 @@ public class PdfASID implements Serializable
if (tokens.length != 5)
{
- throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The doesn't have enough tokens (" + id + ")");
+ throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The method doesn't have enough tokens (" + id + ")");
}
if (!tokens[0].equals(URN))
{
- throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The id must start with " + URN + " (" + id + ")");
+ throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The method must start with " + URN + " (" + id + ")");
}
if (!tokens[1].equals(NAMESPACE))
{
- throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The namespace of the id must be " + NAMESPACE + " (" + id + ")");
+ throw new InvalidIDException(ErrorCode.UNABLE_TO_PARSE_ID, "The namespace of the method must be " + NAMESPACE + " (" + id + ")");
}
set(tokens[2], tokens[3], tokens[4]);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java
index a036772..817eb20 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AbsoluteTextSignature.java
@@ -311,6 +311,17 @@ public class AbsoluteTextSignature
{
potential_block_end = findEndOfValue(text, potential_block_end);
}
+
+ // FIXME: complete HOTFIX
+ /*
+ int extendedValueEnd = potential_block_end;
+ String cv;
+ do {
+ extendedValueEnd = findEndOfValue(text, extendedValueEnd);
+ cv = text.substring(last_caption_index + current_last_caption.length()+1, extendedValueEnd);
+ } while (extendedValueEnd < text.length());
+ */
+
logger.debug("potential_block_end = " + potential_block_end);
List found_keys = PdfAS.findBlockInText(text.substring(0, potential_block_end), block_type, old_style); // findRestKeys(text,
// keys,
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java
index 32871e8..ec6f567 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/BinarySignature.java
@@ -1940,6 +1940,9 @@ public abstract class BinarySignature
if (cur_ri == null || !ByteArrayUtils.compareByteArrays(cur_ri.brev, 0, brevs[cur]))
{
+ if (cur >= encodings.length) {
+ throw new PDFDocumentException(ErrorCode.INVALID_SIGNATURE_DICTIONARY, "Invalid EGIZ signature dictionary.");
+ }
cur_ri = new ReplaceInfo();
cur_ri.replaces = new ArrayList();
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java
index a843369..39b5daf 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/PDFSignatureObjectIText.java
@@ -496,7 +496,6 @@ public class PDFSignatureObjectIText implements PDFSignatureObject
{
pdf_cell.setColspan(cell.getColSpan());
}
- // TODO[tknall]: Check if cell nowrap may be used to prevent wrapping of cells containing keys.
if (cell.isNoWrap())
{
pdf_cell.setNoWrap(true);
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java
index 85bc4fd..4a9814d 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/TextualSignature.java
@@ -167,7 +167,12 @@ public class TextualSignature
// stripper.setStartPage(4);
// stripper.setEndPage(4);
logger_.debug("TextualSignator extractTextTextual: Begin stripping text");
- String text = stripper.getText(doc, encoding);
+ String text;
+ try {
+ text = stripper.getText(doc, encoding);
+ } catch (Exception e) {
+ throw new PDFDocumentException(ErrorCode.TEXT_EXTRACTION_EXCEPTION, "Unable to extract textual content.", e);
+ }
logger_.debug("TextualSignator extractTextTextual: Stripping text ended");
doc.close();
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
index 66daf57..0b39a5b 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
@@ -570,7 +570,7 @@ public class SignatureObject implements Serializable
{
setSigValue(SignatureTypes.SIG_ISSUER, cert.getIssuerName());
setSigValue(SIG_CER, cert.getCertString());
- setSigValue(SIG_CER_DIG, cert.getCertDigest());
+ // setSigValue(SIG_CER_DIG, cert.getCertDigest());
x509Cert_ = cert;
}
issuer = getSigValue(SignatureTypes.SIG_ISSUER);
@@ -670,13 +670,13 @@ public class SignatureObject implements Serializable
{
setSigValue(SignatureTypes.SIG_ISSUER, cert.getIssuerName());
setSigValue(SIG_CER, cert.getCertString());
- setSigValue(SIG_CER_DIG, cert.getCertDigest());
+ // setSigValue(SIG_CER_DIG, cert.getCertDigest());
x509Cert_ = cert;
}
}
/**
- * @return the current X509CertificateDigest value.
+ * @return the current X509CertificateDigest value (as SHA1 digest).
*/
public String getX509CertificateDigest()
{
@@ -684,7 +684,10 @@ public class SignatureObject implements Serializable
if (dig == null)
{
loadCurrentCert();
- dig = getSigValue(SIG_CER_DIG);
+ byte[] cert_b64 = CodingHelper.decodeBase64(x509Cert_.getCertString());
+ byte[] cert_hash = CodingHelper.buildDigest(cert_b64, "SHA");
+ dig = new String(CodingHelper.encodeBase64(cert_hash));
+ setSigValue(SIG_CER_DIG, dig);
}
return dig;
}
@@ -710,7 +713,7 @@ public class SignatureObject implements Serializable
public void setX509Certificate(String x509Certificate)
{
setSigValue(SIG_CER, x509Certificate);
- storeCertificate(getSignationSerialNumber(), getSignationIssuer(), x509Certificate, getX509CertificateDigest());
+ storeCertificate(getSignationSerialNumber(), getSignationIssuer(), x509Certificate);
}
public void setX509Certificate(X509Certificate cert)
@@ -722,7 +725,7 @@ public class SignatureObject implements Serializable
// setX509Certificate(certStr);
X509Cert knowcenterCert = X509Cert.initByX509Certificate(cert);
setSigValue(SIG_CER, knowcenterCert.getCertString());
- storeCertificate(cert.getSerialNumber().toString(), knowcenterCert.getIssuerName(), knowcenterCert.getCertString(), knowcenterCert.getCertDigest());
+ storeCertificate(cert.getSerialNumber().toString(), knowcenterCert.getIssuerName(), knowcenterCert.getCertString());
}
catch (CertificateEncodingException e)
{
@@ -1339,9 +1342,51 @@ public class SignatureObject implements Serializable
* @param x509Digest
* the digest value of the given x509Certificate
* @return true the certificate is stored completely, false otherwise
+ * @deprecated Use {@link #storeCertificate(String, String, String)} instead.
*/
private boolean storeCertificate(String serialNumber, String issuer,
- String x509Certificate, String x509Digest)
+ String x509Certificate, String x509Digest)
+ {
+ return storeCertificate(serialNumber, issuer, x509Certificate);
+ }
+
+ /**
+ * This method stores a X509v3 certificate to the filesystem. The reference to
+ * the stored certificate is build by the serialNumber and the issuer string.
+ * The issuer string is normalized because if getting this value from a pdf
+ * extraction it can be splited into more sections or necessary spaces are
+ * removed. The real issuer value is stored in the certificates meta file. The
+ * certficate is devided into two files: certificate.der (the binary value)
+ * and the meta information used in SignatureObjects as well in
+ * SignatureImages of a signed pdf-document. The storing path of the
+ * certificate is build by:
+ * <ol>
+ * <li>normalize the issuer string</li>
+ * <li>reduce all white spaces in the normalized issuer string</li>
+ * <li>build a hash value of this reduced string</li>
+ * <li>code this hash value as base64 value</li>
+ * <li>add the base64 normalized issuer hash value to the certificate base
+ * store path</li>
+ * <li>add the serialNumber to the cert path</li>
+ * <li>add the <code>.der</code> extension to get the certificate binary</li>
+ * <li>add the <code>.txt</code> extension to get the meta information of
+ * the certificate</li>
+ * </ol>
+ *
+ * The certificate meta file is build by the base64 coded issuer string and
+ * the cert digest value devided by the <code>@</code> char.
+ *
+ * @param serialNumber
+ * the file name of the certificate .der|.txt
+ * @param issuer
+ * the issuer string for the file path value of the certificate and
+ * for metainformation
+ * @param x509Certificate
+ * the x509v3 binary string
+ * @return true the certificate is stored completely, false otherwise
+ */
+ private boolean storeCertificate(String serialNumber, String issuer,
+ String x509Certificate)
{
boolean store_complete = false;
if (issuer != null && serialNumber != null)
@@ -1377,7 +1422,7 @@ public class SignatureObject implements Serializable
}
return store_complete;
}
-
+
/**
* @return Returns the AbstractTable.
* @see at.knowcenter.wag.egov.egiz.table.Table
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java
index fbd89fa..3e230c5 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java
@@ -316,6 +316,7 @@ public class X509Cert implements Serializable
/**
* @return Returns the certificate digest value.
+ * @deprecated Should not be used any more.
*/
public String getCertDigest()
{
@@ -324,7 +325,6 @@ public class X509Cert implements Serializable
if (certString_ != null)
{
byte[] cert_b64 = CodingHelper.decodeBase64(certString_);
- // dferbas: read digest method from certificate
String sigAlgName = this.x509Cert_.getSigAlgName();
String digestAlg = sigAlgName.split("/")[0];
if (sigAlgName.toLowerCase().indexOf("with") != -1 ) {
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java
index 8d05960..bed1cb3 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/tools/CodingHelper.java
@@ -18,7 +18,6 @@
package at.knowcenter.wag.egov.egiz.tools;
import java.io.IOException;
-import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java
index 0eb417b..11f9db4 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyPreviewServlet.java
@@ -341,12 +341,21 @@ public class VerifyPreviewServlet extends HttpServlet
writer.println("<table cellpadding=\"2\" cellspacing=\"0\" class=\"pdfaslisttable\">");
// just render useful information
- String[] rkeys = { SignatureTypes.SIG_NAME, SignatureTypes.SIG_DATE, SignatureTypes.SIG_ISSUER, SignatureTypes.SIG_NUMBER}; // SignatureTypes.REQUIRED_SIG_KEYS;
+ // FIXME: NPE in case SignatureTypes.SIG_NAME is not used (in case of friendly signer name)
+ // Problem: SignatureTypes.SIG_NAME is defined as Signer-RFC2253Name, but there is not certain
+ // key for friendly name (e.g. SIG_SUBJECT or SIG_FOO), therefore we do not know which key contains
+ // the friendly signer name
+
+ // workaround: include "SIG_SUBJECT" since it is usually used
+ String[] rkeys = { SignatureTypes.SIG_NAME, "SIG_SUBJECT", SignatureTypes.SIG_DATE, SignatureTypes.SIG_ISSUER, SignatureTypes.SIG_NUMBER}; // SignatureTypes.REQUIRED_SIG_KEYS;
for (int key_idx = 0; key_idx < rkeys.length; key_idx++)
{
String key = rkeys[key_idx];
SignatureEntry entry = signature_object.getSigEntry(key);
+ if (entry == null) {
+ continue;
+ }
String caption = entry.getCaption();
String value = entry.getValue();
if (caption == null || value == null) {