From aadde85ff54a35bd1007fe8a6aa16cf217607c13 Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Thu, 10 Apr 2014 16:12:47 +0200
Subject: Introduce XAdES 1.4 support for Handy Signatur (TODO: configure ID
 pattern correctly)

---
 .../java/at/gv/egiz/pdfas/utils/TempDirHelper.java |  2 +-
 .../sig/connectors/bku/DetachedBKUConnector.java   |  7 ++++++-
 .../moa/MOASoapWithAttachmentConnector.java        |  7 ++++++-
 .../wag/egov/egiz/sig/sigkz/SigKZIDHelper.java     |  9 ++++++++
 .../SignatureLayoutHandlerFactory.java             |  5 +++++
 .../ATrustXades14SignatureLayoutHandler.java       | 24 ++++++++++++++++++++++
 .../src/main/resources/config/pdf-as.properties    |  7 +++++++
 ...tsi-bka-atrust-1.2.verify.template.detached.xml |  1 +
 8 files changed, 59 insertions(+), 3 deletions(-)
 create mode 100644 pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java
 create mode 100644 pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml

diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java
index bccc67b..38ff2d1 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/utils/TempDirHelper.java
@@ -121,7 +121,7 @@ public class TempDirHelper
       boolean delete_success = files[i].delete();
       if (!delete_success)
       {
-         log.error("Couldn't delete the temporary file: " + files[i]);
+         log.debug("Couldn't delete the temporary file: " + files[i]);
       }
     }
   }
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
index 6926d2b..646f2be 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java
@@ -388,7 +388,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector
      MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params);
      moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_VERIFY_TEMPLATE_KEY);
      return moaConn.prepareXMLContent(data, so);
-  }
+  } else if (SigKZIDHelper.isATrustX14Signed(so)) {
+	     log.debug("ATrust Xades 1.4 signature detected");
+	     MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params);
+	     moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY);
+	     return moaConn.prepareXMLContent(data, so);
+	}
     // TD
     else if (SigKZIDHelper.isBKUSigned(so))    {
       log.debug("TD signature signature detected.");
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java
index f6f05fc..03c2dda 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java
@@ -61,6 +61,7 @@ public class MOASoapWithAttachmentConnector implements Connector
 {
  //23.11.2010 changed by exthex - added reconstructXMLDsig method and moved xmldsig creation to chooseAndCreateXMLDsig method
   public static final String ATRUST_VERIFY_TEMPLATE_KEY = "atrust.verify.template.detached";
+  public static final String ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY = "atrust.xades14.verify.template.detached";
 
 /**
    * The SIG_ID prefix.
@@ -260,7 +261,11 @@ public class MOASoapWithAttachmentConnector implements Connector
        log.debug("A-Trust signature detected.");
        this.environment.reInitVerifyTemplate(ATRUST_VERIFY_TEMPLATE_KEY);
        return prepareXMLContent(data, so);
-
+    } else if (SigKZIDHelper.isATrustX14Signed(so)) {
+  	     log.debug("ATrust Xades 1.4 signature detected");
+  	     MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params);
+  	     moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY);
+  	     return moaConn.prepareXMLContent(data, so);
     // TD bku
     } else if (SigKZIDHelper.isBKUSigned(so)) {
        log.debug("TD bku signature detected.");
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java
index 03bf931..5a20a30 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java
@@ -43,6 +43,7 @@ import at.knowcenter.wag.egov.egiz.framework.SignatorFactory;
 import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
 import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedLocRefMOAIdFormatter;
 import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustXades14SignatureLayoutHandler;
 
 /**
  * @author wprinz
@@ -246,6 +247,14 @@ public final class SigKZIDHelper
       }
       return sig_id.startsWith("etsi-bka-atrust-1.0");
    }
+   
+   public static boolean isATrustX14Signed(SignSignatureObject so) {
+	      String sig_id = so.id;
+	      if (sig_id == null && StringUtils.isEmpty(sig_id)) {
+	         return false;
+	      }
+	      return sig_id.startsWith(ATrustXades14SignatureLayoutHandler.ETSI_BKA_ATRUST_1_2);
+	   }
 
    /**
     * Checks if signed with a known BKU method/param
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java
index 07a7792..283eb85 100644
--- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/SignatureLayoutHandlerFactory.java
@@ -79,6 +79,9 @@ public class SignatureLayoutHandlerFactory {
       if (bkuIdentifier == null) {
          throw new SettingsException(ErrorCode.MISSING_HEADER_SERVER_USER_AGENT, "Unable to determine type of citizen card environment. Response header \"Server\" resp. \"user-agent\" is missing. Refer to security layer specification 1.2.2, section 3.3.2.");
       }
+      
+      log.debug("Trying to get SignatureLayoutHandler for \"" + bkuIdentifier + "\".");
+      
       SignatureLayoutHandler signatureLayoutHandler = (SignatureLayoutHandler) instances.get(bkuIdentifier);
       
       if (signatureLayoutHandler == null) {
@@ -127,6 +130,8 @@ public class SignatureLayoutHandlerFactory {
          log.debug("SignatureLayoutHandler successfully instantiated.");
          instances.put(bkuIdentifier, signatureLayoutHandler);
       } else {
+    	 log.debug("SignatureLayoutHandler has already been instantiated. Class: \"" + 
+    			 signatureLayoutHandler.getClass().getName() + "\"");
          log.trace("SignatureLayoutHandler has already been instantiated. Returning old instance.");
       }
       
diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java
new file mode 100644
index 0000000..2184a5c
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustXades14SignatureLayoutHandler.java
@@ -0,0 +1,24 @@
+package at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust;
+
+import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
+import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment;
+import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject;
+import at.knowcenter.wag.egov.egiz.sig.connectors.moa.MOAHelper;
+import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.MOCCAHelper;
+import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedMOCIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.sigid.SimpleIdFormatter;
+import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandler;
+
+public class ATrustXades14SignatureLayoutHandler implements
+		SignatureLayoutHandler {
+
+	public static final String ETSI_BKA_ATRUST_1_2 = "etsi-bka-atrust-1.2";
+
+	public SignSignatureObject parseCreateXMLSignatureResponse(
+			String xmlResponse, ConnectorEnvironment env)
+			throws ConnectorException {
+		return MOCCAHelper.parseCreateXMLResponse(xmlResponse,
+				new DetachedMOCIdFormatter(ETSI_BKA_ATRUST_1_2), env);
+	}
+
+}
diff --git a/pdf-as-lib/src/main/resources/config/pdf-as.properties b/pdf-as-lib/src/main/resources/config/pdf-as.properties
index a293b85..4f6b25e 100644
--- a/pdf-as-lib/src/main/resources/config/pdf-as.properties
+++ b/pdf-as-lib/src/main/resources/config/pdf-as.properties
@@ -58,6 +58,12 @@ signaturelayout.implementation.atrustmobiletest=at.knowcenter.wag.egov.egiz.sig.
 signaturelayout.pattern.atrustmobilebridge=^Microsoft-IIS/6\\.0$
 signaturelayout.implementation.atrustmobilebridge=at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustSignatureLayoutHandler
 
+# A-Trust Mobile with XAdES 1.4 support
+# TODO: Change pattern!
+signaturelayout.pattern.atrustmobilex14=^citizen-card-environment/1\\.2 asignMobileBku-X14/1\\.1\\.0$
+signaturelayout.implementation.atrustmobilex14=at.knowcenter.wag.egov.egiz.sig.signaturelayout.atrust.ATrustXades14SignatureLayoutHandler
+
+
 #############################################
 # Signaturdienste
 
@@ -119,6 +125,7 @@ moa.verify.template.detached=/templates/default.moa.verify.template.detached.xml
 
 # atrust verify template files
 atrust.verify.template.detached=/templates/etsi-bka-atrust-1.0.verify.template.detached.xml
+atrust.xades14.verify.template.detached=/templates/etsi-bka-atrust-1.2.verify.template.detached.xml
 
 #############################################
 # Responsemeldungen der Signaturdienste
diff --git a/pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml b/pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml
new file mode 100644
index 0000000..bf459f4
--- /dev/null
+++ b/pdf-as-lib/src/main/resources/config/templates/etsi-bka-atrust-1.2.verify.template.detached.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1-1"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="CertAlgReplace"/><dsig:Reference Id="reference-1-1" URI="urn:Document"><dsig:DigestMethod Algorithm="DataDigestReplace"/><dsig:DigestValue>DigestValueSignedDataReplace</dsig:DigestValue></dsig:Reference><dsig:Reference Id="etsi-data-reference-1-1" Type="http://uri.etsi.org/01903#SignedProperties" URI="#etsi-signedproperties-1-1"><dsig:DigestMethod Algorithm="PropertiesDigestReplace"/><dsig:DigestValue>DigestValueSignedPropertiesReplace</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue Id="signaturevalue-1-1">SignatureValueReplace</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>X509CertificateReplace</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#" Target="#signature-1-1"><etsi:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#" Id="etsi-signedproperties-1-1"><etsi:SignedSignatureProperties><etsi:SigningTime>SigningTimeReplace</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><dsig:DigestMethod Algorithm="CertDigestReplace"></dsig:DigestMethod><dsig:DigestValue>DigestValueX509CertificateReplace</dsig:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>X509IssuerNameReplace</dsig:X509IssuerName><dsig:X509SerialNumber>X509SerialNumberReplace</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied></etsi:SignaturePolicyImplied></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>MimeTypeReplace</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
\ No newline at end of file
-- 
cgit v1.2.3