From 4ce2fbc415f2fae57842b2e13a0817bb63594434 Mon Sep 17 00:00:00 2001 From: tknall Date: Mon, 11 Jan 2010 10:58:48 +0000 Subject: - check implemented: responses are validated upon valid SL content (ErrorResponse, Create|VerifyXMLSignatureResponse) (ErrorCode 340) - new errorcode added (340: unable to receive suitable response) - default signature validation links changed (-> http://www.signaturpruefung.gv.at) - recognition of non-textual objects: static switch implemented allowing to configure behaviour (at compile time) in case of signatures (default behaviour: skip detection of all signatures as non-textual objects) - minor bug fixed: invalid evaluation of response charset resulting in invalid warn debug message - configuration updated - Default configuration updated git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@542 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../at/gv/egiz/pdfas/exceptions/ErrorCode.java | 1 + .../pdfas/impl/vfilter/VerificationFilterImpl.java | 2 +- .../wag/egov/egiz/pdf/AdobeSignatureHelper.java | 13 ++++++++++--- .../wag/egov/egiz/pdf/ObjectExtractor.java | 17 ++++++++++++++--- .../egov/egiz/sig/connectors/bku/BKUHelper.java | 19 ++++++++++++++++--- .../egiz/sig/connectors/bku/BKUPostConnection.java | 9 ++++----- src/main/resources/DefaultConfiguration.zip | Bin 635263 -> 635349 bytes src/main/resources/config/help_text.properties | 1 + work/cfg/config.properties | 17 ++++++++++++++--- 9 files changed, 61 insertions(+), 18 deletions(-) diff --git a/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java b/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java index 04cf779..f9616cf 100644 --- a/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java +++ b/src/main/java/at/gv/egiz/pdfas/exceptions/ErrorCode.java @@ -53,6 +53,7 @@ public final class ErrorCode public static final int BKU_NOT_SUPPORTED = 373; public static final int WEB_EXCEPTION = 330; + public static final int UNABLE_TO_RECEIVE_SUITABLE_RESPONSE = 340; public static final int NORMALIZER_EXCEPTION = 400; diff --git a/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java b/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java index 47f217a..34b461e 100644 --- a/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java +++ b/src/main/java/at/gv/egiz/pdfas/impl/vfilter/VerificationFilterImpl.java @@ -511,7 +511,7 @@ public class VerificationFilterImpl implements VerificationFilter protected String extractText(PdfDataSource pdf, int endOfDocument, String encoding) throws PresentableException { - log.debug("EXTRACTING TEXT... end index = " + endOfDocument); + log.debug("EXTRACTING TEXT (" + encoding + ")... end index = " + endOfDocument); DelimitedPdfDataSource dds = new DelimitedPdfDataSource(pdf, endOfDocument); //DelimitedInputStream dis = new DelimitedInputStream(pdf.createInputStream(), endOfDocument); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AdobeSignatureHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AdobeSignatureHelper.java index db5b082..1db1de0 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AdobeSignatureHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/AdobeSignatureHelper.java @@ -110,7 +110,14 @@ public class AdobeSignatureHelper { // Standard filter // sig.setLocation("location is not visible"); // sig.setReason("reason is not visible"); - sig.setContact(getVerifyUrl(profileId)); + + // contact field is used to embed signature verification url for adobe handler + String verifyURL = getVerifyUrl(profileId); + if (!StringUtils.isEmpty(verifyURL)) { + sig.setContact(getVerifyUrl(profileId)); + } else { + logger.debug("No verify URL set -> verify URL is not embedded."); + } // sig.setDate(new PdfDate()); String reason = getAdobeReasonName(profileId); @@ -166,11 +173,11 @@ public class AdobeSignatureHelper { } private static String getAdobeReasonName(String sigProfile) { - return getDefaultableConfigProperty(sigProfile, ADOBE_SIGN_REASONNAME_KEY, null); + return getDefaultableConfigProperty(sigProfile, ADOBE_SIGN_REASONNAME_KEY, "Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at"); } private static String getVerifyUrl(String sigProfile) { - return getDefaultableConfigProperty(sigProfile, ADOBE_VERIFY_URL_KEY, "https://www.buergerkarte.at/signature-verification"); + return getDefaultableConfigProperty(sigProfile, ADOBE_VERIFY_URL_KEY, "http://www.signaturpruefung.gv.at"); } private static String getDefaultableConfigProperty(String sigProfile, String propName, String defaultValue) { diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/ObjectExtractor.java b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/ObjectExtractor.java index cd6d449..4516b6b 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/pdf/ObjectExtractor.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/pdf/ObjectExtractor.java @@ -26,6 +26,12 @@ import at.gv.egiz.pdfas.framework.input.PdfDataSource; */ public class ObjectExtractor { private static Logger log = Logger.getLogger(ObjectExtractor.class); + + /* + * If set true signature annotations are not extracted otherwise + * all signatures except PDF-AS signatures are extracted. + */ + private final static boolean SKIP_SIGNATURES = true; /** * Find annotation objects in pdf documents @@ -50,10 +56,15 @@ public class ObjectExtractor { } String ft = anno.getDictionary().getNameAsString("FT"); if (ft != null && ft.equals("Sig")) { // skip signature widgets - COSDictionary sigDict = (COSDictionary) anno.getDictionary().getDictionaryObject("V"); - if (sigDict != null && AdobeSignatureHelper.ADOBE_SIG_FILTER.equals(sigDict.getNameAsString("Filter"))) { - log.debug("found PDF-AS signature widged, skip further extraction"); + if (SKIP_SIGNATURES) { + log.debug("found signature widged, skip extraction"); continue; + } else { + COSDictionary sigDict = (COSDictionary) anno.getDictionary().getDictionaryObject("V"); + if (sigDict != null && AdobeSignatureHelper.ADOBE_SIG_FILTER.equals(sigDict.getNameAsString("Filter"))) { + log.debug("found PDF-AS signature widged, skip extraction"); + continue; + } } } NonTextObjectInfo objInfo = new NonTextObjectInfo(); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java index 3b262c3..ac6e221 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java @@ -20,11 +20,11 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; - import at.gv.egiz.pdfas.algorithmSuite.AlgorithmMapper; import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteObject; import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteUtil; import at.gv.egiz.pdfas.api.commons.Constants; +import at.gv.egiz.pdfas.exceptions.ErrorCode; import at.gv.egiz.pdfas.exceptions.external.ExternalErrorException; import at.gv.egiz.pdfas.impl.input.helper.DataSourceHelper; import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; @@ -44,6 +44,8 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; public final class BKUHelper { + private static final Pattern ALLOWED_SL_RESPONSE_PATTERN = Pattern.compile("^.*<[\\w]*:?(CreateXMLSignatureResponse|VerifyXMLSignatureResponse)[^>]*>(.*).*$", Pattern.DOTALL); + /** * The log. */ @@ -119,7 +121,10 @@ public final class BKUHelper */ public static void checkResponseForError(String response_string) throws ConnectorException { - log.debug("Checking response for error: " + response_string); + if (StringUtils.isEmpty(response_string)) { + throw new ConnectorException(ErrorCode.UNABLE_TO_RECEIVE_SUITABLE_RESPONSE, "No suitable response received."); + } + log.debug("Checking response for error: " + response_string); Pattern erc_p_s = Pattern.compile("<[\\w]*:?ErrorCode>"); //$NON-NLS-1$ Pattern erc_p_e = Pattern.compile(""); //$NON-NLS-1$ Matcher erc_m_s = erc_p_s.matcher(response_string); @@ -141,6 +146,14 @@ public final class BKUHelper } throw new ExternalErrorException(error_code, error_mess); } + log.debug("No error found. Assuring that CreateXMLSignatureResponse or VerifyXMLSignatureResponse elements are available."); + + // assure that a CreateXMLSignatureResponse or a VerifyXMLSignatureResponse is available + Matcher slMatcher = ALLOWED_SL_RESPONSE_PATTERN.matcher(response_string); + if (!slMatcher.matches()) { + throw new ConnectorException(ErrorCode.UNABLE_TO_RECEIVE_SUITABLE_RESPONSE, "No suitable response received: " + response_string); + } + } /** @@ -629,7 +642,7 @@ public final class BKUHelper } if (bkuSignatureLayout != null && result != null) { - log.info("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\" found."); + log.debug("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\" found."); String signatureLayoutData = " " + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "/" + bkuSignatureLayout; if (!result.endsWith(signatureLayoutData)) { log.debug("Appending signature layout value \"" + bkuSignatureLayout + "\" to bku identifier."); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java index 6ea8ced..5fa1877 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUPostConnection.java @@ -142,11 +142,10 @@ public final class BKUPostConnection if (signatureLayoutHeader != null) { response_properties.setProperty(BKU_SIGNATURE_LAYOUT_HEADER_KEY, signatureLayoutHeader.getValue()); } - - log.debug(post_method.getResponseCharSet()); - if (!post_method.getResponseCharSet().equals("UTF-8")) //$NON-NLS-1$ - { - log.warn("BKU response charset is not UTF-8!"); //$NON-NLS-1$ + + String responseCharSet = post_method.getResponseCharSet(); + if (!"UTF8".equalsIgnoreCase(responseCharSet) && !"UTF-8".equalsIgnoreCase(responseCharSet)) { + log.warn("BKU response charset is not UTF-8!"); //$NON-NLS-1$ } String response_string = post_method.getResponseBodyAsString(); diff --git a/src/main/resources/DefaultConfiguration.zip b/src/main/resources/DefaultConfiguration.zip index 3abe355..b5cc858 100644 Binary files a/src/main/resources/DefaultConfiguration.zip and b/src/main/resources/DefaultConfiguration.zip differ diff --git a/src/main/resources/config/help_text.properties b/src/main/resources/config/help_text.properties index 96823ef..0a0c793 100644 --- a/src/main/resources/config/help_text.properties +++ b/src/main/resources/config/help_text.properties @@ -62,6 +62,7 @@ error.code.318=Die bin error.code.320=Es kann keine Verbindung zur Bürgerkartenumgebung hergestellt werden. error.code.330=Es kann keine Verbindung zu MOA hergestellt werden oder MOA hat den Request zurückgewiesen. +error.code.340=Die Antwort des Signaturgeräts enthielt weder eine Signatur noch ein Verifikationsergebnis. # TODO remove this when MOA detached is ready error.code.370=Eine detached Signature kann zur Zeit mit MOA nicht überprüft werden. diff --git a/work/cfg/config.properties b/work/cfg/config.properties index 677ffb5..e6d5d44 100644 --- a/work/cfg/config.properties +++ b/work/cfg/config.properties @@ -179,10 +179,10 @@ default.adobeSignText.textual=PDF-AS default.adobeSignFieldValue=PDF-AS Signatur # default name of the adobe signature reason (if enabled). -#default.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at +default.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at -# verify URL for manual signature verification (embedded in adobe attribute) -default.verifyURL=https://www.buergerkarte.at/signature-verification +# default verify URL for adobe acrobat plugin +default.verifyURL=http://www.signaturpruefung.gv.at #absolute positioning #sig_obj.PROFIL.pos=p:1;x:40.0;y:800.0;w:400.0;f:80 @@ -212,6 +212,7 @@ sig_obj.AMTSSIGNATURBLOCK_DE.key.SIG_NOTE=Hinweis sig_obj.AMTSSIGNATURBLOCK_DE.pos=f:80 sig_obj.AMTSSIGNATURBLOCK_DE.adobeSignFieldValue=PDF-AS Signatur sig_obj.AMTSSIGNATURBLOCK_DE.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at +sig_obj.AMTSSIGNATURBLOCK_DE.verifyURL=http://www.signaturpruefung.gv.at sig_obj.AMTSSIGNATURBLOCK_DE.value.SIG_SUBJECT=Max Mustermann sig_obj.AMTSSIGNATURBLOCK_DE.value.SIG_META=Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: http://www.signaturpruefung.gv.at @@ -261,6 +262,7 @@ sig_obj.AMTSSIGNATURBLOCK_EN.key.SIG_NOTE=Note sig_obj.AMTSSIGNATURBLOCK_EN.pos=f:80 sig_obj.AMTSSIGNATURBLOCK_EN.adobeSignFieldValue=PDF-AS Signature sig_obj.AMTSSIGNATURBLOCK_EN.adobeSignReasonValue=Information about the verification can be found at http://www.signature-verification.gv.at +sig_obj.AMTSSIGNATURBLOCK_EN.verifyURL=http://www.signature-verification.gv.at sig_obj.AMTSSIGNATURBLOCK_EN.value.SIG_SUBJECT=Max Mustermann sig_obj.AMTSSIGNATURBLOCK_EN.value.SIG_META=Information about the verification of the electronic signature and of the printout can be found at: http://www.signature-verification.gv.at @@ -309,6 +311,7 @@ sig_obj.SIGNATURBLOCK_DE.key.SIG_META=Pr sig_obj.SIGNATURBLOCK_DE.pos=f:80 sig_obj.SIGNATURBLOCK_DE.adobeSignFieldValue=PDF-AS Signatur sig_obj.SIGNATURBLOCK_DE.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at +sig_obj.SIGNATURBLOCK_DE.verifyURL=http://www.signaturpruefung.gv.at sig_obj.SIGNATURBLOCK_DE.value.SIG_META=Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: http://www.signaturpruefung.gv.at sig_obj.SIGNATURBLOCK_DE.value.SIG_LABEL=./images/signatur-logo_de.png @@ -357,6 +360,7 @@ sig_obj.SIGNATURBLOCK_DE_PDFA.key.SIG_META=Pr sig_obj.SIGNATURBLOCK_DE_PDFA.pos=f:80 sig_obj.SIGNATURBLOCK_DE_PDFA.adobeSignFieldValue=PDF-AS Signatur sig_obj.SIGNATURBLOCK_DE_PDFA.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at +sig_obj.SIGNATURBLOCK_DE_PDFA.verifyURL=http://www.signaturpruefung.gv.at sig_obj.SIGNATURBLOCK_DE_PDFA.value.SIG_META=Informationen zur Prüfung der elektronischen Signatur und des Ausdrucks finden Sie unter: http://www.signaturpruefung.gv.at sig_obj.SIGNATURBLOCK_DE_PDFA.value.SIG_LABEL=./images/signatur-logo_de.png @@ -397,6 +401,7 @@ sig_obj.SIGNATURBLOCK_MINIMAL_DE.value.SIG_LABEL=./images/signatur-logo_de.png sig_obj.SIGNATURBLOCK_MINIMAL_DE.pos=w:230.0;f:80 sig_obj.SIGNATURBLOCK_MINIMAL_DE.adobeSignFieldValue=PDF-AS Signatur sig_obj.SIGNATURBLOCK_MINIMAL_DE.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at +sig_obj.SIGNATURBLOCK_MINIMAL_DE.verifyURL=http://www.signaturpruefung.gv.at #---------------------- MAIN TABLE ------------------------- sig_obj.SIGNATURBLOCK_MINIMAL_DE.table.main.1=SIG_LABEL-i @@ -427,6 +432,7 @@ sig_obj.SIGNATURBLOCK_MINIMAL_EN.value.SIG_LABEL=./images/signatur-logo_en.png sig_obj.SIGNATURBLOCK_MINIMAL_EN.pos=w:230.0;f:80 sig_obj.SIGNATURBLOCK_MINIMAL_EN.adobeSignFieldValue=PDF-AS Signature sig_obj.SIGNATURBLOCK_MINIMAL_EN.adobeSignReasonValue=Information about the verification can be found at http://www.signature-verification.gv.at +sig_obj.SIGNATURBLOCK_MINIMAL_EN.verifyURL=http://www.signature-verification.gv.at #---------------------- MAIN TABLE ------------------------- sig_obj.SIGNATURBLOCK_MINIMAL_EN.table.main.1=SIG_LABEL-i @@ -462,6 +468,7 @@ sig_obj.SIGNATURBLOCK_EN.key.SIG_META=Verification sig_obj.SIGNATURBLOCK_EN.pos=f:80 sig_obj.SIGNATURBLOCK_EN.adobeSignFieldValue=PDF-AS Signature sig_obj.SIGNATURBLOCK_EN.adobeSignReasonValue=Information about the verification can be found at http://signature-verification.gv.at +sig_obj.SIGNATURBLOCK_EN.verifyURL=http://www.signature-verification.gv.at sig_obj.SIGNATURBLOCK_EN.value.SIG_META=Information about the verification of the electronic signature and of the printout can be found at: http://www.signature-verification.gv.at sig_obj.SIGNATURBLOCK_EN.value.SIG_LABEL=./images/signatur-logo_en.png @@ -510,6 +517,7 @@ sig_obj.SIGNATURBLOCK_EN_PDFA.key.SIG_META=Verification sig_obj.SIGNATURBLOCK_EN_PDFA.pos=f:80 sig_obj.SIGNATURBLOCK_EN_PDFA.adobeSignFieldValue=PDF-AS Signature sig_obj.SIGNATURBLOCK_EN_PDFA.adobeSignReasonValue=Information about the verification can be found at http://signature-verification.gv.at +sig_obj.SIGNATURBLOCK_EN_PDFA.verifyURL=http://www.signature-verification.gv.at sig_obj.SIGNATURBLOCK_EN_PDFA.value.SIG_META=Information about the verification of the electronic signature and of the printout can be found at: http://www.signature-verification.gv.at sig_obj.SIGNATURBLOCK_EN_PDFA.value.SIG_LABEL=./images/signatur-logo_en.png @@ -557,6 +565,7 @@ sig_obj.INVISIBLE.table.main.Style.imagescaletofit=0.0;0.0 sig_obj.INVISIBLE.adobeSignFieldValue=PDF-AS Signatur sig_obj.INVISIBLE.adobeSignReasonValue=Informationen zur Prüfung finden Sie unter http://www.signaturpruefung.gv.at +sig_obj.INVISIBLE.verifyURL=http://www.signaturpruefung.gv.at ################################################################################################### @@ -590,6 +599,7 @@ sig_obj.BAIK_ARCHIV_SIGNATUR.value.SIG_TITLE=ELEKTRONISCHE ARCHIVSIGNATUR sig_obj.BAIK_ARCHIV_SIGNATUR.adobeSignFieldValue=Archivsignatur sig_obj.BAIK_ARCHIV_SIGNATUR.adobeSignText.binary=Archivsignatur der BAIK +sig_obj.BAIK_ARCHIV_SIGNATUR.verifyURL=http://www.signaturpruefung.gv.at sig_obj.BAIK_ARCHIV_SIGNATUR.phlength.SIG_META=50 @@ -647,6 +657,7 @@ sig_obj.BAIK_URKUNDE_SIGNATUR.key.SIG_TITLE=ELEKTRONISCHE BEURKUNDUNGSSIGNATUR sig_obj.BAIK_URKUNDE_SIGNATUR.pos=f:80 sig_obj.BAIK_URKUNDE_SIGNATUR.adobeSignFieldValue=Urkundensignatur sig_obj.BAIK_URKUNDE_SIGNATUR.adobeSignText.binary=Urkundensignatur der BAIK +sig_obj.BAIK_URKUNDE_SIGNATUR.verifyURL=http://www.signaturpruefung.gv.at sig_obj.BAIK_URKUNDE_SIGNATUR.value.SIG_META=Dokumentenformat: ${iui.pdfVersion} sig_obj.BAIK_URKUNDE_SIGNATUR.value.SIG_LABEL=./images/Baik_Urkunde.gif -- cgit v1.2.3