From 50e12dc6d6683f60971a17851135a82eb5813084 Mon Sep 17 00:00:00 2001 From: knowcenter Date: Fri, 1 Jun 2007 08:33:24 +0000 Subject: detached moa git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@114 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../connectors/moa/DetachedLocRefMOAConnector.java | 141 ++++++++++++++++++--- 1 file changed, 125 insertions(+), 16 deletions(-) diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java index 7731b9f..98d381a 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java @@ -3,6 +3,7 @@ */ package at.knowcenter.wag.egov.egiz.sig.connectors.moa; +import java.security.cert.X509Certificate; import java.util.Properties; import org.apache.commons.logging.Log; @@ -18,8 +19,11 @@ import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUHelper; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUPostConnection; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.DetachedBKUConnector; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedLocRefMOAIdFormatter; +import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper; +import at.knowcenter.wag.egov.egiz.tools.CodingHelper; import at.knowcenter.wag.egov.egiz.tools.DebugHelper; import at.knowcenter.wag.egov.egiz.tools.FileHelper; @@ -145,11 +149,10 @@ public class DetachedLocRefMOAConnector implements Connector String url = this.environment.getVerifyURL(); Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_VERIFY, verify_request_xml); - // SignatureResponse signature_response = - // analyzeVerifyResponse(response_properties); + SignatureResponse signature_response = analyzeVerifyResponse(response_properties); log.debug("doVerify finished."); //$NON-NLS-1$ - return null; // signature_response; + return signature_response; } /** @@ -169,26 +172,121 @@ public class DetachedLocRefMOAConnector implements Connector String verify_request_template = this.environment.getVerifyRequestTemplate(); String xml_content = null; - // TODO implement BKU - // if (sigObject.isMOASigned()) - // { - // MOAConnector moa_conn = new MOAConnector(); - // // get the MOA-template - // verify_template_str = moa_conn.getVerifyTemplate(normalizedText, - // sigObject); - // } - // else - // { - // get the BKU-template -// xml_content = prepareXMLContent(data, so); - // } + if (!SigKZIDHelper.isMOASigned(so)) + { + DetachedBKUConnector bku_connector = new DetachedBKUConnector(this.environment.getProfile(), "not needed here"); + xml_content = bku_connector.prepareXMLContent(data, so); + } + else + { + xml_content = prepareXMLContent(data, so); + } String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId()); + verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getSignatureDataUrl()); return verify_request_xml; } + /** + * Analyzes the verify response string. + * + * @param response_properties + * The response properties containing the response XML. + * @return Returns the SignatureResponse containing the verification result. + * @throws ConnectorException + * f.e. + */ + public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException + { + log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$ + + String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); + + BKUHelper.checkResponseForError(response_string); + + SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string); + + log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$ + return signature_response; + } + + public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException + { + log.debug("prepareXMLContent:"); //$NON-NLS-1$ + try + { + + String verify_template = this.environment.getVerifyTemplate(); + + X509Certificate cert = so.getX509Certificate(); + String cert_alg = this.environment.getCertAlgEcdsa(); + if (cert.getPublicKey().getAlgorithm().indexOf("RSA") >= 0) //$NON-NLS-1$ + { + cert_alg = this.environment.getCertAlgRsa(); + } + + // cert alg replace + String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg); + + // data digest replace + { + byte[] data_value = data.getData(); + byte[] data_value_hash = CodingHelper.buildDigest(data_value); + String object_data_hash = CodingHelper.encodeBase64(data_value_hash); + + verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash); + } + + verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue()); + + // X.509 Certificate replace + byte[] der = cert.getEncoded(); + byte[] cert_hash = CodingHelper.buildDigest(der); + String certDigest = CodingHelper.encodeBase64(cert_hash); + String x509_cert_string = CodingHelper.encodeBase64(der); + verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string); + + // Qualified Properties replaces + verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); + verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); + verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); + // SigDataRefReplace already done above + verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); + + // Signed Properties hash + { + final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; + final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length(); + assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; + assert hash_end > hash_start; + + final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end); + log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$ + + final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$ + byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed); + String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); + + verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash); + } + + log.debug("prepareXMLContent finished."); //$NON-NLS-1$ + return verify_xml; + } + catch (Exception e) + { + log.debug(e); + throw new ConnectorException(310, e); + } + } + protected Properties sendRequest(String url, String mode, String request_string) throws ConnectorException { @@ -254,6 +352,8 @@ public class DetachedLocRefMOAConnector implements Connector * The configuration key for the RSA cert alg property. */ protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ + + protected String profile = null; protected String signature_data_url = null; @@ -287,6 +387,8 @@ public class DetachedLocRefMOAConnector implements Connector */ public Environment(String profile, String signature_data_url) throws ConnectorException { + this.profile = profile; + this.signature_data_url = signature_data_url; SettingsReader settings = null; @@ -337,6 +439,13 @@ public class DetachedLocRefMOAConnector implements Connector } + + + public String getProfile() + { + return this.profile; + } + /** * Returns the URL where to load the detached data from. * -- cgit v1.2.3