From db52e4d66d60184d53a27ba4d6772461daacc03d Mon Sep 17 00:00:00 2001 From: tknall Date: Fri, 22 Mar 2013 08:57:51 +0000 Subject: Maintenance update (bugfixes, new features, cleanup...) Refer to /dok/RELEASE_NOTES-3.3.txt for further information. git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/pdf-as/trunk@931 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../wag/egov/egiz/sig/SignatureObject.java | 171 ++++++++++----------- .../wag/egov/egiz/sig/SignatureTypes.java | 167 +++++++++++++++++++- .../at/knowcenter/wag/egov/egiz/sig/X509Cert.java | 32 ++-- .../wag/egov/egiz/sig/connectors/BKUConnector.java | 81 +++++----- .../wag/egov/egiz/sig/connectors/MOAConnector.java | 47 +++--- .../egov/egiz/sig/connectors/bku/BKUHelper.java | 75 +++++---- .../sig/connectors/bku/DetachedBKUConnector.java | 122 ++++++++------- .../bku/EnvelopedBase64BKUConnector.java | 68 ++++---- .../connectors/moa/DetachedLocRefMOAConnector.java | 48 +++--- .../moa/EnvelopingBase64MOAConnector.java | 72 +++++---- .../moa/MOASoapWithAttachmentConnector.java | 104 ++++++------- .../mocca/LocRefDetachedMOCCAConnector.java | 108 ++++++------- .../wag/egov/egiz/sig/sigkz/SigKZIDHelper.java | 53 ++++--- .../mocca/MoccaXades14SignatureLayoutHandler.java | 53 +++++++ 14 files changed, 730 insertions(+), 471 deletions(-) create mode 100644 pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/mocca/MoccaXades14SignatureLayoutHandler.java (limited to 'pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig') diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java index 9e28213..b5a05ed 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java @@ -77,7 +77,7 @@ import at.knowcenter.wag.egov.egiz.tools.Normalizer; * All values that build or used by the signation creation process, call the * external services, can read or set separately. All other values are defined * in the settings file. - * + * * @author wlackner * @author modified by Thomas Knall */ @@ -138,7 +138,7 @@ public class SignatureObject implements Serializable public static final String SIG_CER_DIG = "SIG_CER_DIG"; private X509Cert x509Cert_ = null; - + private String timeStamp = null; // public static final String SIG_RES = "SIG_RES"; @@ -194,7 +194,7 @@ public class SignatureObject implements Serializable /** * The raw xml response from the connector that was used to set the values in * this SignatureObject. - * + * *

* This is set by the Connector so that signing Applications can use the * returned XML values. @@ -222,7 +222,7 @@ public class SignatureObject implements Serializable /** * The empty constructor. It initilize the normlizer, load the settings and * set the default styles. - * + * * @throws SignatureException * ErrorCode:101, 400 */ @@ -235,7 +235,7 @@ public class SignatureObject implements Serializable /** * This method initialize the normalizer - * + * * @throws SignatureException * ErrorCode:400 */ @@ -254,7 +254,7 @@ public class SignatureObject implements Serializable /** * This method load the signature definitions - * + * * @throws SignatureException * ErrorCode:101 */ @@ -296,7 +296,7 @@ public class SignatureObject implements Serializable /** * Dummy getter Method for debugging only - * + * * @return response string */ public String getSigResponse() @@ -306,7 +306,7 @@ public class SignatureObject implements Serializable /** * Dummy setter Method for debugging only - * + * * @param sigRespone * store the response string */ @@ -317,7 +317,7 @@ public class SignatureObject implements Serializable /** * This method set the signature type. - * + * * @param sigType * the signature type to be set * @throws SignatureTypesException @@ -331,7 +331,7 @@ public class SignatureObject implements Serializable /** * Returns the default signation type - * + * * @return the key for the default signature definition, if the key is not * found it returns null */ @@ -343,7 +343,7 @@ public class SignatureObject implements Serializable /** * This method checks if a given signature key is realy a defined signature * key. - * + * * @param sigKey * the key to check * @return true if the key is correct, false if the given key is not defined @@ -360,7 +360,7 @@ public class SignatureObject implements Serializable * The value that has to be set would be normalized!
* If the key equals to SIG_VALUE all whitespaces are * removed!
- * + * * @param key * the key to be set * @param value @@ -371,7 +371,7 @@ public class SignatureObject implements Serializable public boolean setSigValue(String key, String value) { return setSigValue(key, value, false); } - + public boolean setSigValue(String key, String value, boolean placeholder) { SignatureEntry sig_entry = null; @@ -416,7 +416,7 @@ public class SignatureObject implements Serializable /** * Set the value and the caption to given key. - * + * * @param key * the key of the signature object * @param value @@ -435,14 +435,14 @@ public class SignatureObject implements Serializable * This method returns a value for a given signature key. If the key equals to * SIG_NORM and the value is null the version * string of the current normalizer is returned! - * + * * @param key * the key to get the value for * @return a value for the given key */ public String getSigValue(String key) { - + String value = null; SignatureEntry sigEntry = null; if (sigEntries_.containsKey(key)) @@ -462,13 +462,13 @@ public class SignatureObject implements Serializable logger_.debug("Using override property for key '" + key + "' = " + value); } } - + return value; } /** * Sets the "Kennzeichnung". - * + * * @param kz * The "Kennzeichnung" to be set. */ @@ -479,7 +479,7 @@ public class SignatureObject implements Serializable /** * Returns the "Kennzeichnung" of this signature. - * + * * @return Returns the "Kennzeichnung" of this signature. Returns null if * there is no "Kennzeichnung" or it is not recognized by this * application. @@ -508,14 +508,14 @@ public class SignatureObject implements Serializable * and the coresponding value is null the key itself is * returned as caption! If the key does not exist the method returns * null. - * + * * @param key * the key to get the caption for * @return a caption for the given key */ private String getSigCaption(String key) { - + String caption = null; if (sigEntries_.containsKey(key)) { @@ -667,15 +667,15 @@ public class SignatureObject implements Serializable if (StringUtils.equals(nameFromText, nameFromCertificate)) { return nameFromText; } - + logger_.debug("Checking RFC2253 name."); - + // if we do not have a name from certificate just return the name from text if (nameFromCertificate == null) { logger_.debug("No certificate RFC2253 name provided. Applying less sophisticated workaround (does not cover all cases) without certificate usage."); return prepareRFC2253Name(nameFromText); } - + // no name from text extraction available, just return name from certificate if (nameFromText == null) { logger_.debug("No extracted/reconstructed name available. Just returning the name from certificate: \"" + nameFromCertificate + "\"."); @@ -762,13 +762,13 @@ public class SignatureObject implements Serializable result.append(rdnVP.getValue()); } else { // no BER encoding -> take value from certificate - // also take RDN from certificate if possible + // also take RDN from certificate if possible String certValue = values[values.length - 1 - i].getAVA() .getValueAsString(); String rdn = resolveRDN(nameFromCertificate, certValue, rdnVP.getRdn()); result.append(rdn + "=").append(certValue); } - + } String merged = result.toString(); if (logger_.isDebugEnabled()) { @@ -785,15 +785,15 @@ public class SignatureObject implements Serializable } return merged; } - + /** * This method tries to resolve the RDN corresponding to a given value from the certificate String. - * As values might occur multiple times for different RDNs, an unambiguous resolving cannot be assured. + * As values might occur multiple times for different RDNs, an unambiguous resolving cannot be assured. * In case of ambiguity, the RDN extracted from text is returned by default. - * + * * This method is a bug fix for a problem that caused the verification of ZID documents to fail as the RDN * from the extracted text ("EMAILADDRESS") was different to the RDN in the certificate ("EMAIL") - * + * * @param certString * The String obtained from the certificate * @param value @@ -804,42 +804,42 @@ public class SignatureObject implements Serializable * The resolved RDN from the certificate, or the RDN from text extraction */ private static String resolveRDN(String certString, String value, String extractedRDN) { - + if (!certString.contains(value)) { - + // given value cannot be found in certificate string return extractedRDN; } - + if (certString.indexOf(value) != certString.lastIndexOf(value)) { - + // given value is ambiguous - cannot resolve RDN from certificate string return extractedRDN; } - + String[] parts = certString.split(",|;"); String val = value.trim(); - + for (int i = 0; i < parts.length; i++) { - + String part = parts[i].trim(); - + if (part.endsWith(val)) { - + // found entry - extract RDN - String[] components = part.split("="); + String[] components = part.split("="); if (components.length != 2) { // unexpected format - return default - return extractedRDN; - } + return extractedRDN; + } String rdn = components[0].trim(); - return rdn; - } - } + return rdn; + } + } // default return extractedRDN; } - + /** * @return Returns the SignationIssuer. */ @@ -920,10 +920,10 @@ public class SignatureObject implements Serializable } // dferbas baik - + /** * signature algorithm if embedded - * @param sigAlg + * @param sigAlg */ public void setSigAlg(String sigAlg) { @@ -937,7 +937,7 @@ public class SignatureObject implements Serializable public String getSigAlg() { return getSigValue(SignatureTypes.SIG_ALG); - } + } /** * @param certDigest @@ -1016,7 +1016,7 @@ public class SignatureObject implements Serializable setSigValue(SIG_CER, x509Certificate); storeCertificate(getSignationSerialNumber(), getSignationIssuer(), x509Certificate); } - + public void setX509Certificate(X509Certificate cert) { try @@ -1037,7 +1037,7 @@ public class SignatureObject implements Serializable /** * return the 509v3 certificate of the given serialNumber and the given issuer * string - * + * * @param serialNumber * the serialNumber which the certificates should load * @param issuer @@ -1070,7 +1070,7 @@ public class SignatureObject implements Serializable /** * Set the signation id's build by a BKU signated SignatureObject. - * + * * @param sigIds * the string to store. */ @@ -1152,7 +1152,7 @@ public class SignatureObject implements Serializable String productVersion = response_properties.getProperty("productVersion"); logger_.debug("productVersion = " + productVersion); - boolean new_etsi = decideNewEtsiByBKUVersion(productVersion); + boolean new_etsi = decideNewEtsiByBKUVersion(productVersion); logger_.debug("verwende neue etsi properties = " + new_etsi); String etsi_prefix = ""; @@ -1183,7 +1183,7 @@ public class SignatureObject implements Serializable /** * Checks if the current SignatureObject is siganted by MOA. It checks if the * current SignatureObject has a signation id value. - * + * * @return true if no signation id value is found, false otherwise */ public boolean isMOASigned() @@ -1204,7 +1204,7 @@ public class SignatureObject implements Serializable /** * Tells if this SignatureObject is textual. - * + * * @return Returns true, if it is textual. */ public boolean isTextual() @@ -1223,7 +1223,7 @@ public class SignatureObject implements Serializable /** * Tells, if this SignatureObject is binary. - * + * * @return Returns true, if it is binary. */ public boolean isBinary() @@ -1237,14 +1237,14 @@ public class SignatureObject implements Serializable { logger_.error(e.getMessage(), e); } - + return SigKZIDHelper.isBinary(kz); } /** * Takes the signation id value of the current SignatureObject and split them * into the corresponding id array added with the id-base. - * + * * @return the id array */ // TODO hotifx @@ -1328,7 +1328,7 @@ public class SignatureObject implements Serializable real_ids[3] = "0-" + base + "-" + ids[3]; real_ids[4] = "0-" + base + "-" + ids[4]; real_ids[5] = etsi_string; - + if (logger_.isDebugEnabled()) { for (int id_idx = 0; id_idx < real_ids.length; id_idx++) @@ -1345,7 +1345,7 @@ public class SignatureObject implements Serializable * for equition. Used to store and find corresponting certificates. * Normalzing: normalizing the string using the normalizer, remove all white * spaces, encode as base64 and replace all "/" chars with "_". - * + * * @param issuer * the issuer string to normalize * @return the normalized issuer string @@ -1357,7 +1357,7 @@ public class SignatureObject implements Serializable { if (issuer != null) { - // use explicit method for normalization + // use explicit method for normalization issuer = normalizeIssuer(issuer); /* this block may be used to enhance normalization (tknall) try { @@ -1375,7 +1375,6 @@ public class SignatureObject implements Serializable } catch (UnsupportedEncodingException e) { - e.printStackTrace(); throw new RuntimeException(e); } } @@ -1443,7 +1442,7 @@ public class SignatureObject implements Serializable } } } - + private X509Cert loadCertificateFromCertstore(String serialNumber, String issuer) { String iss_hash = getIssuerFileHash(issuer); String cert_store_path = certPath_ + iss_hash; @@ -1476,10 +1475,10 @@ public class SignatureObject implements Serializable *

  • add the .txt extension to get the meta information of * the certificate
    • * - * + * * The certificate meta file is build by the base64 coded issuer string and * the cert digest value devided by the @ char. - * + * * @param serialNumber * the file name of the certificate .der|.txt * @param issuer @@ -1541,7 +1540,7 @@ public class SignatureObject implements Serializable /** * Writes the certificate data to a file and stores the file in the local * certificate store. - * + * * @param cert_data * The binary certificate data. */ @@ -1580,17 +1579,17 @@ public class SignatureObject implements Serializable /** * Connects to the LDAP server to look for the certificate. - * + * * @param serialNumber * The serial number String of the certificate being sought. E.g. * "123455676744123432". * @param issuer * The issuer String of the certificate being sought. - * + * * @return Returns the DER certificate file as can be stored in the local * repository. Returns null, if the document wasn't found on the * server. - * @throws ClassNotFoundException + * @throws ClassNotFoundException */ protected byte[] loadCertificateFromLDAP(String serialNumber, String issuer) { // START modification by TK @@ -1629,10 +1628,10 @@ public class SignatureObject implements Serializable *
  • add the .txt extension to get the meta information of * the certificate
    • * - * + * * The certificate meta file is build by the base64 coded issuer string and * the cert digest value devided by the @ char. - * + * * @param serialNumber * the file name of the certificate .der|.txt * @param issuer @@ -1650,7 +1649,7 @@ public class SignatureObject implements Serializable { return storeCertificate(serialNumber, issuer, x509Certificate); } - + /** * This method stores a X509v3 certificate to the filesystem. The reference to * the stored certificate is build by the serialNumber and the issuer string. @@ -1673,10 +1672,10 @@ public class SignatureObject implements Serializable *
  • add the .txt extension to get the meta information of * the certificate
    • * - * + * * The certificate meta file is build by the base64 coded issuer string and * the cert digest value devided by the @ char. - * + * * @param serialNumber * the file name of the certificate .der|.txt * @param issuer @@ -1723,7 +1722,7 @@ public class SignatureObject implements Serializable } return store_complete; } - + /** * @return Returns the AbstractTable. * @see at.knowcenter.wag.egov.egiz.table.Table @@ -1739,7 +1738,7 @@ public class SignatureObject implements Serializable /** * This method read the style definitions from the settings file. - * + * * @param styleKey * the key to read the style definitions * @return the defined style informations @@ -1762,7 +1761,7 @@ public class SignatureObject implements Serializable * This method creates an abstract signature table object. It takes all keys * and values set by the signature object to create the corresponding abstract * table object. The table definition is read from the settings file. - * + * * @param tableKey * is the name of the table definition in the settings file * @return a new abstract signature table @@ -1964,7 +1963,7 @@ public class SignatureObject implements Serializable /** * This method returns a signature entry object. - * + * * @param key * the corresponding key * @return the signature entry object of the given key, null if the key does @@ -1977,7 +1976,7 @@ public class SignatureObject implements Serializable /** * This method is a helper function to remove all white spaces from a text. - * + * * @param text * the white spaces should remove from * @return a text without white spaces @@ -1993,7 +1992,7 @@ public class SignatureObject implements Serializable } /** - * + * * @param placeholder * @return Returns the list of SignatureFieldDefinitions that's values in the * SignatureObject have been filled out with placeholders. @@ -2015,7 +2014,7 @@ public class SignatureObject implements Serializable setValueBruteForce(SignatureTypes.SIG_ID, null); continue; } - + if (sfd.field_name.equals(SignatureTypes.SIG_ALG) && !baikEnabled) { setValueBruteForce(SignatureTypes.SIG_ID, null); continue; @@ -2040,7 +2039,7 @@ public class SignatureObject implements Serializable /** * Returns the raw signature response XML string as set by the signing * Connector. - * + * * @return Returns the XML response String. */ public String getRawSignatureResponse() @@ -2050,12 +2049,12 @@ public class SignatureObject implements Serializable /** * Sets the raw signature response XML string. - * + * *

    * This should be used by the Connector to pass the response String to the * signer. *

    - * + * * @param raw_response_string * The new raw signature response string. */ @@ -2063,8 +2062,8 @@ public class SignatureObject implements Serializable { this.raw_signature_response = raw_response_string; } - - + + /** * get timestamp if available diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureTypes.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureTypes.java index 783512c..a4d71fd 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureTypes.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureTypes.java @@ -26,7 +26,9 @@ package at.knowcenter.wag.egov.egiz.sig; import java.util.ArrayList; +import java.util.Collection; import java.util.HashMap; +import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; @@ -45,6 +47,118 @@ import at.knowcenter.wag.exactparser.ByteArrayUtils; public class SignatureTypes { + /** + * Defines all supported states for {@link SignatureTypes} (signature profiles). Signature types can be enabled + * ("on"), can be set to support signature only ("sign_only"), to verification only ("verify_only") or can be + * disabled ("off" or any other value not covered by other enum values). + * + * @author Datentechnik Innovation GmbH + */ + public enum State { + + /** + * Enables a signature profile. + */ + ON ("on", "yes", "true", "enabled"), + + /** + * Disables a signature profile. + */ + OFF (), + + /** + * Restricts the signature profile so that is can only be used for verification purposes and not for signature. + */ + VERIFY_ONLY ("verify_only", "verify-only", "verifyonly", "verify only", "verify"), + + /** + * Allows the signature profile to be used for signature but not for verification. + */ + SIGN_ONLY ("sign_only", "sign-only", "signonly", "sign only", "sign"); + + /** + * Sets the default state when no valid value was provided. + */ + private static final State DEFAULT = OFF; + + /** + * States that allow signatures. + */ + private static final State[] CAN_SIGN = { ON, SIGN_ONLY }; + + /** + * States that allow verification. + */ + private static final State[] CAN_VERIFY = { ON, VERIFY_ONLY }; + + private String[] keyWords; + + private State(String... keyWords) { + this.keyWords = keyWords; + } + + /** + * Returns a valid State from a given {@code keyWord}. If the {@code keyWord} cannot be matched to a certain + * state, the default State {@link #OFF} is returned. + * + * @param keyWord + * A valid keyword like "on", "sign_only"... + * @return The enum State. + */ + public static State fromString(String keyWord) { + if (keyWord == null) { + return DEFAULT; + } + try { + return valueOf(keyWord.toUpperCase()); + } catch (IllegalArgumentException e) { + for (State candidate : values()) { + for (String candidateKeyWord : candidate.keyWords) { + if (keyWord.equalsIgnoreCase(candidateKeyWord)) { + return candidate; + } + } + } + return DEFAULT; + } + } + + /** + * Returns {@code true} when the current state is one of the given candidate {@code states}. + * + * @param states + * The candidate states. + * @return {@code true} when the current state is one of the given candidate states, {@code false} if not. + */ + public boolean in(State... states) { + if (states != null) { + for (State state : states) { + if (this == state) { + return true; + } + } + } + return false; + } + + /** + * Returns if the respective state allows signatures. + * @return {@code true} if signatures are allowed, {@code false} if not. + */ + public boolean canSign() { + return in(CAN_SIGN); + } + + /** + * Returns if the respective state allows verification. + * @return {@code true} if verification is allowed, {@code false} if not. + */ + public boolean canVerify() { + return in(CAN_VERIFY); + } + + } + // 03.11.2010 changed by exthex - commented unneeded setDefaultStyles method to reduce confusion /** @@ -70,8 +184,8 @@ public class SignatureTypes /** * The state value activating an signature definition */ - private static final String STATE_ON = "on"; - +// public static final String STATE_ON = "on"; + // /** // * The state value de activating an signature definition // */ @@ -403,10 +517,12 @@ public class SignatureTypes if (settings_ != null) { ArrayList types = settings_.getKeys(TYPES); - for (int type_idx = 0; type_idx < types.size(); type_idx++) - { - String type = (String) types.get(type_idx); - addSignatureType(type); + if (types != null) { + for (int type_idx = 0; type_idx < types.size(); type_idx++) + { + String type = (String) types.get(type_idx); + addSignatureType(type); + } } } } @@ -420,8 +536,9 @@ public class SignatureTypes * @param typeName */ public void addSignatureType(String typeName) { - - if (STATE_ON.equals(settings_.getSetting(TYPES + "." + typeName, null))) + +// if (STATE_ON.equals(settings_.getSetting(TYPES + "." + typeName, null))) + if (State.fromString(settings_.getSetting(TYPES + "." + typeName, null)) != State.OFF) { SignatureTypeDefinition sig_type_def; try @@ -446,6 +563,23 @@ public class SignatureTypes return this.typeDefMap_.keySet(); } + /** + * Returns a set of identifiers for profiles than can be used for signature, i.e. profiles that are either enabled + * ("on") or set to "sign_only"). + * + * @return A set of signature profile/type identifiers. + */ + @SuppressWarnings("unchecked") + public Set getSignatureTypesForSignature() { + Set filteredResult = new HashSet(); + for (String signatureProfileId : (Set) typeDefMap_.keySet()) { + if (State.fromString(settings_.getSetting(TYPES + "." + signatureProfileId, null)).canSign()) { + filteredResult.add(signatureProfileId); + } + } + return filteredResult; + } + /** * @return a list of signature type definitions */ @@ -453,6 +587,23 @@ public class SignatureTypes { return new ArrayList(this.typeDefMap_.values()); } + + /** + * Returns a (filtered) list of signature type definitions useable for verification. Those definitions for profiles + * that are not allowed to be used for verification are filtered. + * + * @return A filtered list of signature type definitions. + */ + @SuppressWarnings("unchecked") + public List getSignatureTypeDefinitionsForVerification() { + List filteredResult = new ArrayList(typeDefMap_.size()); + for (String signatureProfileId : (Set) typeDefMap_.keySet()) { + if (State.fromString(settings_.getSetting(TYPES + "." + signatureProfileId, null)).canVerify()) { + filteredResult.add((SignatureTypeDefinition) typeDefMap_.get(signatureProfileId)); + } + } + return filteredResult; + } /** * This method returns the corresponding signature type definition to a given diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java index 7b4e463..e11a38c 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java @@ -99,7 +99,7 @@ public class X509Cert implements Serializable * statement and remove all whitespaces in the string. The result string * (base64) is used by reconstructing the certiface sign by the verification * process. - * + * * @param certString * the string to normalize * @return the normalized cert string @@ -115,7 +115,7 @@ public class X509Cert implements Serializable /** * This method initialzes a X509Certificate by a string value. It must be * coded Base64 or as plain binary stream. - * + * * @param certString * the certificate string to analyse * @return the X509Cert object @@ -150,7 +150,9 @@ public class X509Cert implements Serializable String serial_num = cert.getSerialNumber().toString(); String issuer = cert.getIssuerDN().getName(); - issuer = issuer.replaceAll(", ", ","); + // fixed by dti: commas within issuer rdns are escapted by "\,". These escapted commas must not be replaced. +// issuer = issuer.replaceAll(", ", ","); + issuer = issuer.replaceAll("[^\\\\], ", ","); String subject_name = cert.getSubjectDN().toString(); x509_cert.setSerialNumber(serial_num); x509_cert.setIssuerName(issuer); @@ -174,7 +176,7 @@ public class X509Cert implements Serializable } return x509_cert; } - + public static X509Cert initByX509Certificate(X509Certificate cert) throws CertificateEncodingException { X509Cert x509_cert = new X509Cert(); x509_cert.setX509Cert(cert); @@ -182,7 +184,9 @@ public class X509Cert implements Serializable String serial_num = cert.getSerialNumber().toString(); String issuer = cert.getIssuerDN().getName(); - issuer = issuer.replaceAll(", ", ","); + // fixed by dti: commas within issuer rdns are escapted by "\,". These escapted commas must not be replaced. +// issuer = issuer.replaceAll(", ", ","); + issuer = issuer.replaceAll("[^\\\\], ", ","); String subject_name = cert.getSubjectDN().toString(); x509_cert.setSerialNumber(serial_num); x509_cert.setIssuerName(issuer); @@ -210,7 +214,9 @@ public class X509Cert implements Serializable String serial_num = cert.getSerialNumber().toString(); String issuer = cert.getIssuerDN().getName(); - issuer = issuer.replaceAll(", ", ","); + // fixed by dti: commas within issuer rdns are escapted by "\,". These escapted commas must not be replaced. +// issuer = issuer.replaceAll(", ", ","); + issuer = issuer.replaceAll("[^\\\\], ", ","); String subject_name = cert.getSubjectDN().toString(); x509_cert.setSerialNumber(serial_num); x509_cert.setIssuerName(issuer); @@ -226,7 +232,7 @@ public class X509Cert implements Serializable { // nothing to do, cause certString is not X509 conformc logger_.error(ce.getMessage(), ce); - + } catch (IOException ioe) { @@ -240,7 +246,7 @@ public class X509Cert implements Serializable /** * This method initialzes a X509Certificate by a file path value. The file * must be a plain binary file like .cer format. - * + * * @param filePath * the certificate file to analyse * @return the X509Cert object @@ -276,7 +282,9 @@ public class X509Cert implements Serializable String serial_num = cert.getSerialNumber().toString(); String issuer = cert.getIssuerDN().getName(); - issuer = issuer.replaceAll(", ", ","); + // fixed by dti: commas within issuer rdns are escapted by "\,". These escapted commas must not be replaced. +// issuer = issuer.replaceAll(", ", ","); + issuer = issuer.replaceAll("[^\\\\], ", ","); String subject_name = cert.getSubjectDN().toString(); x509_cert.setSerialNumber(serial_num); x509_cert.setIssuerName(issuer); @@ -300,7 +308,7 @@ public class X509Cert implements Serializable /** * This method initialzes a X509Certificate by a file value. The file must be * a plain binary file like .cer format. - * + * * @param certFile * the certificate file to analyse * @return the X509Cert object @@ -314,7 +322,7 @@ public class X509Cert implements Serializable /** * This method checks if a certificate file is X509 conform. - * + * * @return true if a certificate file is X509 conform, false otherwise */ public boolean isX509Cert() @@ -480,7 +488,7 @@ public class X509Cert implements Serializable /** * This method checks, if a X509Certificate has a public key with the rsa * algorithm. - * + * * @return true if the public key is produced with rsa, false otherwise */ public boolean isRSA() diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java index c3b6421..e4d78c3 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java @@ -49,9 +49,9 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /** * Connector for communicating with BKU. - * + * * @deprecated use the new connectors. - * + * * @author wlackner * @author wprinz */ @@ -59,7 +59,7 @@ public class BKUConnector implements LocalConnector { /** * ConnectorInformation that identifies this Connector to the system. - * + * * @see at.knowcenter.wag.egov.egiz.sig.ConnectorFactory * @see ConnectorInformation */ @@ -85,7 +85,7 @@ public class BKUConnector implements LocalConnector /** * load the inital signature settings - * + * * @see SettingsReader */ public void loadSettings() throws SignatureException @@ -111,7 +111,7 @@ public class BKUConnector implements LocalConnector * SignatureObject is filled out by the parsed BKU-Response.
    * If an error request is send back from BKU, an error message is generated an * an exception is thrown. - * + * * @param sigType * the type of the SignatureObject that should be returned * @param userName @@ -137,7 +137,7 @@ public class BKUConnector implements LocalConnector * This method generates the BKU verify prozess. It checks if the given * SignatureObject is signed by MOA or BKU. The verify template string is * filled out by the corresponding method. - * + * * @param normalizedText * the normalized text to verify * @param sigObject @@ -163,7 +163,7 @@ public class BKUConnector implements LocalConnector * X509Certificate, CertDigest, DigestValue and the signation id-s. If the * X509Certificate is extracted it would be stored in the certificates * directory. - * + * * @param xmlResponse * the response string from the BKU sign-request * @param sigObj @@ -177,7 +177,7 @@ public class BKUConnector implements LocalConnector private void parseCreateXMLResponse(Properties response_properties, SignatureObject sigObj) throws SignatureException { String xmlResponse = response_properties.getProperty("response_string"); - + Pattern sig_val_p_s = Pattern.compile("<[\\w]*:?SignatureValue>"); Pattern sig_val_p_e = Pattern.compile(""); Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>"); @@ -280,7 +280,7 @@ public class BKUConnector implements LocalConnector ids[2] = extractId(xmlResponse, "signed-data-object-"); ids[3] = extractId(xmlResponse, "etsi-data-reference-"); ids[4] = extractId(xmlResponse, "etsi-data-object-"); - + //TODO hotfix - already deprecated String final_ids =SignatureObject.formatSigIds(response_properties, ids); //sigObj.setSignationIDs(ids); @@ -289,7 +289,7 @@ public class BKUConnector implements LocalConnector /** * This emthod extracts id-values from a text. The id is given by the name. - * + * * @param text * the id-value that should extract from * @param name @@ -301,13 +301,13 @@ public class BKUConnector implements LocalConnector String id = null; int start_idx = text.indexOf(name) + name.length(); int end_idx = text.indexOf("\"", start_idx); - + // TODO hotfix! - already deprecated - final int quot_end_idx = end_idx; + final int quot_end_idx = end_idx; final int squot_end_idx = text.indexOf("'", start_idx); end_idx = Math.min(quot_end_idx, squot_end_idx); // TODO hotfix end! - already deprecated - + id = text.substring(start_idx, end_idx); if (logger_.isDebugEnabled()) { @@ -319,7 +319,7 @@ public class BKUConnector implements LocalConnector /** * This method reads the verify template from the file system and fills out * the template with the SignatureObject values. - * + * * @param normalizedText * the normalized text to veryfied * @param sigObject @@ -362,7 +362,7 @@ public class BKUConnector implements LocalConnector verify_template = getConnectorValueFromProfile(sigObject.getSignationType(), "bku.verify.template2"); //"./templates/BKUVerifyTemplateB64_neueBKU.xml"; sig_prop_filename = getConnectorValueFromProfile(sigObject.getSignationType(), "bku.verify.template2.SP"); //"./templates/BKUVerifyTemplateSP_neueBKU.xml"; } - + //String ver_temp_str = FileHelper.readFromFile(SettingsReader.relocateFile(verify_template)); String ver_temp_str = this.settings_.readInternalResourceAsString(verify_template); @@ -388,13 +388,18 @@ public class BKUConnector implements LocalConnector } sig_prop_str = sig_prop_str.replaceFirst("SigningTimeReplace", sigObject.getSignationDate()); - + String issuer_name = sigObject.getSignationIssuer(); // The issuer is already unicode, so it mustn't be encoded again. //byte[] issuer_name = CodingHelper.encodeUTF8(sigObject.getSignationIssuer()); // new String(issuer_name); // this would double encode the String, not to mention the missing encoding - sig_prop_str = sig_prop_str.replaceFirst("X509IssuerNameReplace", issuer_name); - + + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// sig_prop_str = sig_prop_str.replaceFirst("X509IssuerNameReplace", issuer_name); + sig_prop_str = sig_prop_str.replace("X509IssuerNameReplace", issuer_name); + sig_prop_str = sig_prop_str.replaceFirst("X509SerialNumberReplace", sigObject.getSignationSerialNumber()); sig_prop_str = sig_prop_str.replaceFirst("DigestValueX509CertificateReplace", sigObject.getX509CertificateDigest()); sig_prop_str = sig_prop_str.replaceFirst("SigIdReplace", ids[0]); @@ -403,30 +408,30 @@ public class BKUConnector implements LocalConnector ver_temp_str = ver_temp_str.replaceFirst("CertAlgReplace", cert_alg); ver_temp_str = ver_temp_str.replaceFirst("TemplateQualifyingPropertiesReplace", sig_prop_str); byte[] sig_prop_code = CodingHelper.buildDigest(sig_prop_str.getBytes("UTF-8"), "sha1"); - + // TODO hotfix - already deprecated if (neue_bku) { final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; final int hash_end = sig_prop_str.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length(); assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; assert hash_end > hash_start; - + final String string_to_be_hashed = sig_prop_str.substring(hash_start, hash_end); logger_.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); - + logger_.debug("\n--------------------- ETSI properties string to be hashed: start ---------------------"); logger_.debug(string_to_be_hashed); logger_.debug("\n--------------------- ETSI properties string to be hashed: stop ---------------------"); - + final byte [] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, "sha1"); } - + String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); ver_temp_str = ver_temp_str.replaceFirst("DigestValueSignedPropertiesReplace", sig_prop_hash); if (logger_.isDebugEnabled()) @@ -453,7 +458,7 @@ public class BKUConnector implements LocalConnector //String raw_b64 = CodingHelper.encodeUTF8AsBase64(normalizedText); String raw_b64 = CodingHelper.encodeBase64(data_value); - + ver_temp_str = ver_temp_str.replaceFirst("Base64ContentReplace", raw_b64); ver_temp_str = ver_temp_str.replaceFirst("DigestValueSignedDataReplace", object_data_hash); @@ -479,7 +484,7 @@ public class BKUConnector implements LocalConnector * This method parses the verify response string and return a * SignatureResponse object. The SignatureResponse object is filled out by the * response values from the BKU-response. - * + * * @param xmlResponse * the response values from the BKU-verify request * @return SignatureResponse object @@ -621,8 +626,8 @@ public class BKUConnector implements LocalConnector return sig_res; } - - + + public String prepareSignRequest(String userName, String signText, String signType) throws SignatureException @@ -636,7 +641,7 @@ public class BKUConnector implements LocalConnector //String sign_req_str = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); String sign_req_str = this.settings_.readInternalResourceAsString(sign_request_filename); - //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); + //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); if (logger_.isDebugEnabled()) { //logger_.debug(sign_request_filename + "_signText.xml :" + signText); @@ -660,7 +665,7 @@ public class BKUConnector implements LocalConnector SignatureObject sigObject) throws SignatureException { String verify_request = getVerifyRequestTemplateFileName(sigObject.getSignationType()); - + //String verify_req_str = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request)); String verify_req_str = this.settings_.readInternalResourceAsString(verify_request); @@ -681,7 +686,11 @@ public class BKUConnector implements LocalConnector // get the BKU-template verify_template_str = getVerifyTemplate(normalizedText, sigObject); } - verify_req_str = verify_req_str.replaceFirst("XMLContentReplace", verify_template_str); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// verify_req_str = verify_req_str.replaceFirst("XMLContentReplace", verify_template_str); + verify_req_str = verify_req_str.replace("XMLContentReplace", verify_template_str); if (logger_.isDebugEnabled()) { logger_.debug("verify_req_str.xml : " + verify_req_str); @@ -692,7 +701,7 @@ public class BKUConnector implements LocalConnector /** * Sends the request to the given URL. - * + * * @param url * The URL. * @param request_string @@ -722,7 +731,7 @@ public class BKUConnector implements LocalConnector // TODO hotfix - already deprecated String response_string = response_properties.getProperty("response_string"); - + SignatureObject sig_obj = new SignatureObject(); sig_obj.setRawSignatureResponse(response_string); try @@ -783,7 +792,7 @@ public class BKUConnector implements LocalConnector public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws SignatureException { String response_string = response_properties.getProperty("response_string"); - + if (!response_string.equals("")) { Pattern erc_p_s = Pattern.compile("<[\\w]*:?ErrorCode>"); @@ -880,13 +889,13 @@ public class BKUConnector implements LocalConnector /** * Returns the type of this BKU-like connector. - * + * *

    * All settings keys will be prefixed by this type. So to reuse the BKU * connector, a deriving class has to implement this method specifying an own * type. *

    - * + * * @return Returns the type of this BKU-like connector. */ protected String getType() diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java index ef355a0..d413a29 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/MOAConnector.java @@ -63,7 +63,7 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /** * Connector to access the MOA service. - * + * * @deprecated * @author wlackner * @author wprinz @@ -72,7 +72,7 @@ public class MOAConnector implements Connector { /** * ConnectorInformation that identifies this Connector to the system. - * + * * @see at.knowcenter.wag.egov.egiz.sig.ConnectorFactory * @see ConnectorInformation */ @@ -80,7 +80,7 @@ public class MOAConnector implements Connector /** * The class type value. - * + * *

    * Just for convenience. *

    @@ -122,7 +122,7 @@ public class MOAConnector implements Connector /** * load the inital signature settings - * + * * @see SettingsReader */ private void loadSettings() throws SignatureException @@ -148,7 +148,7 @@ public class MOAConnector implements Connector * SignatureObject is filled out by the parsed MOA-Response.
    * If an error request is send back from MOA, an error message is generated an * an exception is thrown. - * + * * @param sigType * the type of the SignatureObject that should be returned * @param userName @@ -282,7 +282,7 @@ public class MOAConnector implements Connector * SignatureValue, X509IssuerName, SigningTime, X509SerialNumber, * X509Certificate, CertDigest and DigestValues. If the X509Certificate is * extracted it would be stored in the certificates directory. - * + * * @param xmlResponse * the response string from the MOA sign-request * @param sigObj @@ -393,7 +393,7 @@ public class MOAConnector implements Connector /** * This method reads the verify template from the file system and fills out * the template with the SignatureObject values. - * + * * @param normalizedText * the normalized text to veryfied * @param sigObject @@ -453,12 +453,18 @@ public class MOAConnector implements Connector // byte[] issuer_name = // CodingHelper.encodeUTF8(sigObject.getSignationIssuer()); // new String(issuer_name) - sig_prop_str = sig_prop_str.replaceFirst("X509IssuerNameReplace", sigObject.getSignationIssuer()); + + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// sig_prop_str = sig_prop_str.replaceFirst("X509IssuerNameReplace", sigObject.getSignationIssuer()); + sig_prop_str = sig_prop_str.replace("X509IssuerNameReplace", sigObject.getSignationIssuer()); sig_prop_str = sig_prop_str.replaceFirst("X509SerialNumberReplace", sigObject.getSignationSerialNumber()); sig_prop_str = sig_prop_str.replaceFirst("DigestValueX509CertificateReplace", sigObject.getX509CertificateDigest()); verify_req_str = verify_req_str.replaceFirst("CertAlgReplace", cert_alg); - verify_req_str = verify_req_str.replaceFirst("TemplateSignedPropertiesReplace", sig_prop_str); +// verify_req_str = verify_req_str.replaceFirst("TemplateSignedPropertiesReplace", sig_prop_str); + verify_req_str = verify_req_str.replace("TemplateSignedPropertiesReplace", sig_prop_str); byte[] sig_prop_code = CodingHelper.buildDigest(sig_prop_str.getBytes("UTF-8"), "sha1"); // added // the // ("UTF-8") @@ -509,7 +515,7 @@ public class MOAConnector implements Connector * This method generates the MOA verify prozess. It checks if the given * SignatureObject is signed by MOA or BKU. The verify template string is * filled out by the corresponding method. - * + * * @param normalizedText * the normalized text to verify * @param sigObject @@ -548,7 +554,12 @@ public class MOAConnector implements Connector BKUConnector bku_conn = new BKUConnector(); verify_template_str = bku_conn.getVerifyTemplate(normalizedText, sigObject); } - verify_req_str = verify_req_str.replaceFirst("XMLContentReplace", verify_template_str); + + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// verify_req_str = verify_req_str.replaceFirst("XMLContentReplace", verify_template_str); + verify_req_str = verify_req_str.replace("XMLContentReplace", verify_template_str); verify_req_str = verify_req_str.replaceFirst("TrustProfileIDReplace", trust_profile); if (logger_.isDebugEnabled()) @@ -564,10 +575,6 @@ public class MOAConnector implements Connector } catch (WebException we) { - if (logger_.isDebugEnabled()) - { - we.printStackTrace(); - } SignatureException se = new SignatureException(we.getErrorCode(), we); throw se; } @@ -616,7 +623,7 @@ public class MOAConnector implements Connector * This method parses the verify response string and return a * SignatureResponse object. The SignatureResponse object is filled out by the * response values from the BKU-response. - * + * * @param xmlResponse * the response values from the MOA-verify request * @return SignatureResponse object @@ -639,7 +646,7 @@ public class MOAConnector implements Connector Pattern cert_qualified_p = Pattern.compile(""); Matcher cert_qualified_m = cert_qualified_p.matcher(xmlResponse); // [tknall] stop qualified certificate - + Pattern sig_chk_p_s = Pattern.compile(""); Pattern sig_chk_p_e = Pattern.compile(""); Pattern man_chk_p_s = Pattern.compile(""); @@ -671,11 +678,11 @@ public class MOAConnector implements Connector Matcher cert_m_e = cert_p_e.matcher(xmlResponse); SignatureResponse sig_res = new SignatureResponse(); - + // [tknall] start qualified certificate sig_res.setQualifiedCertificate(cert_qualified_m.find()); // [tknall] stop qualified certificate - + // public authority Pattern publicAuthority_p = Pattern.compile(""); Matcher publicAuthority_m = publicAuthority_p.matcher(xmlResponse); @@ -821,7 +828,7 @@ public class MOAConnector implements Connector * SOAP Message send and recieve by the AXIS module. The Response SOAP message * of the MOA server is parsed by AXIS and the message envelope is send back * to the calling method. - * + * * @param requestString * the request string (XML) to send. * @param serviceMode diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java index ee250ff..908ed57 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java @@ -60,14 +60,14 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /** * Contains static helper methods used by the BKU Connectors. - * + * * @author wprinz */ public final class BKUHelper { private static final Pattern ALLOWED_SL_RESPONSE_PATTERN = Pattern.compile("^.*<[\\w]*:?(CreateXMLSignatureResponse|VerifyXMLSignatureResponse)[^>]*>(.*).*$", Pattern.DOTALL); - + /** * The log. */ @@ -75,21 +75,21 @@ public final class BKUHelper /** * Encodes the given SignatureData to a valid Base64Content. - * + * *

    * The data is Base64 encoded. If the mime-type suggests that the data is * binary, it is Base64 encoded for a second time. *

    - * + * * @param data * The data to be converted to a valid Base64 content. * @return Returns the Base64 content. */ public static String prepareBase64Content(SignatureData data) { - // PERF: base64 encoding needs byte array + // PERF: base64 encoding needs byte array byte [] d = DataSourceHelper.convertDataSourceToByteArray(data.getDataSource()); - + String base64 = CodingHelper.encodeBase64(d); if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$ { @@ -105,7 +105,7 @@ public final class BKUHelper *

    * This is useful for building the hash. *

    - * + * * @param data * The data to be prepared. * @return Returns the prepared data. @@ -114,7 +114,7 @@ public final class BKUHelper { // PERF: prepareEnvelopingData needs byte array byte[] enc = DataSourceHelper.convertDataSourceToByteArray(data.getDataSource()); - + if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$ { log.debug("The data is application/pdf - so the binary data is Base64 encoded."); //$NON-NLS-1$ @@ -125,7 +125,6 @@ public final class BKUHelper } catch (UnsupportedEncodingException e) { - e.printStackTrace(); throw new RuntimeException("Very Strange: US-ASCII encoding not supported???", e); //$NON-NLS-1$ } } @@ -135,7 +134,7 @@ public final class BKUHelper /** * Checks the response xml for an error description and if found throws an * appropriate exception. - * + * * @param response_string * The response xml. * @throws ConnectorException @@ -169,29 +168,29 @@ public final class BKUHelper throw new ExternalErrorException(error_code, error_mess); } log.debug("No error found. Assuring that CreateXMLSignatureResponse or VerifyXMLSignatureResponse elements are available."); - + // assure that a CreateXMLSignatureResponse or a VerifyXMLSignatureResponse is available Matcher slMatcher = ALLOWED_SL_RESPONSE_PATTERN.matcher(response_string); if (!slMatcher.matches()) { throw new ConnectorException(ErrorCode.UNABLE_TO_RECEIVE_SUITABLE_RESPONSE, "No suitable response received: " + response_string); } - + } /** * This method parses the BKU-Response string. - * + * *

    * It separates the SignatureValue, X509IssuerName, SigningTime, * X509SerialNumber, X509Certificate, CertDigest, DigestValue and the * signation id-s. If the X509Certificate is extracted it would be stored in * the certificates directory. *

    - * + * * @param xmlResponse * The response string. * @return Returns the parsed signature object holding the data. - * + * * @throws ConnectorException * ErrorCode (303, 304) * @see SignatureObject @@ -355,7 +354,7 @@ public final class BKUHelper ids[2] = extractId(xmlResponse, "signed-data-object-"); //$NON-NLS-1$ ids[3] = extractId(xmlResponse, "etsi-data-reference-"); //$NON-NLS-1$ ids[4] = extractId(xmlResponse, "etsi-data-object-"); //$NON-NLS-1$ - + String algs = AlgorithmSuiteUtil.extractAlgorithmSuiteString(xmlResponse); SignSignatureObject so = new SignSignatureObject(); @@ -363,26 +362,26 @@ public final class BKUHelper so.issuer = iss_nam; so.signatureValue = sig_val; so.x509Certificate = cert; - + AlgorithmSuiteObject suite = new AlgorithmSuiteObject(algs, false); so.sigAlgorithm = AlgorithmMapper.getUri(suite.getSignatureMethod()); - + String defaultCertAlg = environment.getDefaultAlgForCert(cert); if (AlgorithmSuiteUtil.isDefaultCertAlg(algs, defaultCertAlg)) { // do not embed default alg algs = null; - } + } String final_ids = id_formatter.formatIds(ids, algs); so.id = final_ids; - + return so; } /** * Removes all whitespaces ("\\s") from the String. - * + * * @param str * The String. * @return The String with all whitespaces removed. @@ -394,7 +393,7 @@ public final class BKUHelper /** * This emthod extracts id-values from a text. The id is given by the name. - * + * * @param text * the id-value that should extract from * @param name @@ -411,7 +410,7 @@ public final class BKUHelper return ""; } // stop - + int start_idx = startOfName + name.length(); int end_idx = text.indexOf("\"", start_idx); //$NON-NLS-1$ @@ -430,7 +429,7 @@ public final class BKUHelper * This method parses the verify response string and return a * SignatureResponse object. The SignatureResponse object is filled out by the * response values from the BKU-response. - * + * * @param xmlResponse * the response values from the BKU-verify request * @return SignatureResponse object @@ -521,14 +520,14 @@ public final class BKUHelper if (hash_data_m_s.find() && hash_data_m_e.find()) { String hashInputData = xmlResponse.substring(hash_data_m_s.end(), hash_data_m_e.start()); - + Pattern b64_p_s = Pattern.compile(""); //$NON-NLS-1$ Pattern b64_p_e = Pattern.compile(""); //$NON-NLS-1$ Matcher b64_m_s = b64_p_s.matcher(hashInputData); Matcher b64_m_e = b64_p_e.matcher(hashInputData); boolean hashInputDataFound = b64_m_s.find() && b64_m_e.find(); - + String b64 = hashInputDataFound ? hashInputData.substring(b64_m_s.end(), b64_m_e.start()) : ""; sig_res.setHashInputData(b64); @@ -623,7 +622,7 @@ public final class BKUHelper public static String formDateTimeElement(Date verificationTime, String namespace) { String nsPrefix = StringUtils.isBlank(namespace) ? "" : (namespace + ":"); - + String dateTimeElement = ""; if (verificationTime != null) { @@ -633,25 +632,25 @@ public final class BKUHelper df.setTimeZone(TimeZone.getTimeZone("UTC")); String dateTime = df.format(verificationTime) + "Z"; log.debug("DateTime (VerificationTime in UTC) = " + dateTime); - + dateTimeElement = "<" + nsPrefix + "DateTime>" + dateTime + ""; }; return dateTimeElement; } - + public static String getBKUIdentifier(Properties parsedResponseProperties) { - + // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.browser String bkuServerHeader = parsedResponseProperties.getProperty(BKUPostConnection.BKU_SERVER_HEADER_KEY); // http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.html#http.kodierung.response.dataurl String bkuUserAgentHeader = parsedResponseProperties.getProperty(BKUPostConnection.BKU_USER_AGENT_HEADER_KEY); - + String bkuSignatureLayout = parsedResponseProperties.getProperty(BKUPostConnection.BKU_SIGNATURE_LAYOUT_HEADER_KEY); - + return getBKUIdentifier(bkuServerHeader, bkuUserAgentHeader, bkuSignatureLayout); } - + public static String getBKUIdentifier(String bkuServerHeader, String bkuUserAgentHeader, String bkuSignatureLayout) { log.debug("BKU response header \"user-agent\": " + bkuUserAgentHeader); @@ -659,7 +658,7 @@ public final class BKUHelper log.trace("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\": " + bkuSignatureLayout); String result = null; - + if (bkuServerHeader != null) { result = bkuServerHeader; } else if (bkuUserAgentHeader != null) { @@ -667,7 +666,7 @@ public final class BKUHelper } else { log.warn("Unable to find any BKU identifier (neither header value \"user-agent\" nor \"server\".)"); } - + if (bkuSignatureLayout != null && result != null) { log.debug("BKU response header \"" + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "\" found."); String signatureLayoutData = " " + Constants.BKU_HEADER_SIGNATURE_LAYOUT + "/" + bkuSignatureLayout; @@ -678,18 +677,18 @@ public final class BKUHelper log.debug("Signature layout already encoded in server/user-agent header."); } } - + if (result != null) { log.debug("Returning BKU identifier \"" + result + "\""); } else { log.debug("Returning null BKU identifier."); } - + return result; } public static String getBKUIdentifier(LocalBKUParams bkuParams) { return getBKUIdentifier(bkuParams.getServer(), bkuParams.getUserAgent(), bkuParams.getSignatureLayout()); } - + } diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java index a8de41e..6926d2b 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java @@ -55,11 +55,11 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /** * Connects to the BKU using the detached multipart/formdata requests. - * + * *

    * This feature is available since BKU version 2.7.4. *

    - * + * * @author wprinz */ public class DetachedBKUConnector implements Connector, LocalConnector @@ -85,12 +85,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Constructor that builds the configuration environment for this connector * according to the given profile. - * + * *

    * If confuguration parameters are not defined on that profile, the default * parameters defined in the configuration are used. *

    - * + * * @param connectorParameters * The connectot parameters. * @throws ConnectorException @@ -101,10 +101,10 @@ public class DetachedBKUConnector implements Connector, LocalConnector this.params = connectorParameters; this.environment = new Environment(this.params.getProfileId(), loc_ref_content); } - + /** * Prepares the sign request xml to be sent using the sign request template. - * + * * @param data * The SignatureData. * @return Returns the sign request xml to be sent. @@ -120,7 +120,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector String sign_keybox_identifier = this.environment.getSignKeyboxIdentifier(); String mime_type = data.getMimeType(); String loc_ref_content = this.environment.getLocRefContent(); - + if (log.isDebugEnabled()) { log.debug("sign keybox identifier = " + sign_keybox_identifier); //$NON-NLS-1$ @@ -139,7 +139,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Analyzes the sign response xml and extracts the signature data. - * + * * @param response_properties * The response properties containing the response String and * transport related information. @@ -155,14 +155,14 @@ public class DetachedBKUConnector implements Connector, LocalConnector String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties); log.debug("BKU identifier: " + (bkuIdentifier != null ? ("\"" + bkuIdentifier + "\"") : "n/a")); - + SignatureLayoutHandler sigLayout; try { sigLayout = SignatureLayoutHandlerFactory.getSignatureLayoutHandlerInstance(bkuIdentifier); } catch (SettingsException e) { throw new ConnectorException(e.getErrorCode(), e.getMessage()); } - + BKUHelper.checkResponseForError(response_string); SignSignatureObject so = sigLayout.parseCreateXMLSignatureResponse(response_string, this.environment); @@ -225,15 +225,15 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Sends the request and data to the given URL. - * + * *

    * This method mainly handles communication exceptions. The actual send work * is done by doPostRequestMultipart. *

    - * + * * @see BKUPostConnection#doPostRequestMultipart(String, String, * SignatureData) - * + * * @param url * The URL to send the request to. * @param request_string @@ -262,7 +262,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Performs a sign. - * + * * @param data * The data to be signed. * @return Returns the signature object containing the signature data. @@ -289,7 +289,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Performs a verification. - * + * * @param data * The data to be verified. * @param so @@ -331,7 +331,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Prepares the verify request xml to be sent using the verify request * template. - * + * * @param data * The SignatureData. * @param so @@ -345,7 +345,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector String verify_request_template = this.environment.getVerifyRequestTemplate(); String xml_content = null; - + if (dsigData != null && dsigData.getXmlDsig() != null) { xml_content = dsigData.getXmlDsig(); @@ -355,16 +355,18 @@ public class DetachedBKUConnector implements Connector, LocalConnector xml_content = chooseAndCreateXMLDsig(data, so); } - - - String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getLocRefContent()); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime(), "sl")); return verify_request_xml; } - - private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException { + + private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException { // MOA if (SigKZIDHelper.isMOASigned(so)) { @@ -379,7 +381,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector log.debug("Algorithm = " + algorithmId); LocRefDetachedMOCCAConnector mocca_connector = new LocRefDetachedMOCCAConnector(this.params, "not needed here", algorithmId); return mocca_connector.prepareXMLContent(data, so); - + // ATRUST } else if (SigKZIDHelper.isATrustSigned(so)) { log.debug("ATrust signature detected"); @@ -391,20 +393,20 @@ public class DetachedBKUConnector implements Connector, LocalConnector else if (SigKZIDHelper.isBKUSigned(so)) { log.debug("TD signature signature detected."); return prepareXMLContent(data, so); - } + } // unknown else { throw new ConnectorException(ErrorCode.UNSUPPORTED_SIGNATURE, "Unsupported signature (" + so.id + ", " +so.kz + "). Please get a new version of PDF-AS. Your version is: " + PdfAS.PDFAS_VERSION); } - } + } /** * Prepares the XML content the holds the actual signature data. - * + * *

    * This strongly rebuilds the XML content as retuned from a sign request. *

    - * + * * @param data * The data. * @param so @@ -421,13 +423,13 @@ public class DetachedBKUConnector implements Connector, LocalConnector String ids_string = so.getSigID(); String[] ids = SignatureObject.parseSigIds(ids_string); - + X509Certificate cert = so.getX509Certificate(); - + // dferbas AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject(); String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so); - + // data digest replace { // byte[] data_value = data.getData(); @@ -457,7 +459,11 @@ public class DetachedBKUConnector implements Connector, LocalConnector verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]); verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); // SigDataRefReplace already done above verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); @@ -495,7 +501,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Analyzes the verify response string. - * + * * @param response_properties * The response properties containing the response XML. * @return Returns the SignatureResponse containing the verification result. @@ -518,7 +524,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Holds environment configuration information like templates. - * + * * @author wprinz */ public static class Environment extends ConnectorEnvironment @@ -537,27 +543,27 @@ public class DetachedBKUConnector implements Connector, LocalConnector * The configuration key of the sign URL. */ protected static final String SIGN_URL_KEY = "bku.sign.url"; //$NON-NLS-1$ - + /** * BKU template file prefix */ protected static final String TEMPLATE_FILE_PREFIX = "/templates/bku."; - + /** * signing file template sufix */ protected static final String SIGN_TEMPLATE_FILE_SUFIX = ".sign.xml"; - + /** * verifing template file sufix */ - protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml"; + protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml"; /** * verifing file template key sufix */ protected static final String VERIFY_TEMPLATE_SUFIX = ".verify.template.xml"; - + /** * The configuration key of the verify request template. */ @@ -605,7 +611,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Initializes the environment with a given profile. - * + * * @param profile * The configuration profile. * @throws ConnectorException @@ -614,7 +620,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector public Environment(String profile, String loc_ref_content) throws ConnectorException { this.profile = profile; - + this.loc_ref_content = loc_ref_content; SettingsReader settings = null; @@ -626,7 +632,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector { throw new ConnectorException(300, e); } - + this.sign_keybox_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEYBOX_IDENTIFIER_KEY); String sign_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + SIGN_TEMPLATE_FILE_SUFIX; @@ -634,7 +640,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector // try to load template from file //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename); - + // when first load failed (the template file does'nt exist), load it from default template file if(this.sign_request_template == null) { @@ -642,7 +648,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename); } - + if (this.sign_request_template == null) { throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$ @@ -651,20 +657,20 @@ public class DetachedBKUConnector implements Connector, LocalConnector this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY); // verify - + String verify_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX; - + // try to load template file for verifing //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename); - + if(this.verify_request_template == null) { verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY); //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename); } - + if (this.verify_request_template == null) { throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$ @@ -674,7 +680,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector String verify_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.bku.algorithm.id") + VERIFY_TEMPLATE_SUFIX; //this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename)); this.verify_template = settings.readInternalResourceAsString(verify_filename); - + if(this.verify_template == null) { verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY); @@ -702,7 +708,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the LocRef content. - * + * * @return Returns the LocRef content. */ public String getLocRefContent() @@ -712,7 +718,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the sign keybox identifier. - * + * * @return Returns the sign keybox identifier. */ public String getSignKeyboxIdentifier() @@ -722,7 +728,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the sign request template. - * + * * @return Returns the sign request template. */ public String getSignRequestTemplate() @@ -732,7 +738,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the sign URL. - * + * * @return Returns the sign URL. */ public String getSignURL() @@ -742,7 +748,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the verify request template. - * + * * @return Returns the verify request template. */ public String getVerifyRequestTemplate() @@ -752,7 +758,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the verify template. - * + * * @return Returns the verify template. */ public String getVerifyTemplate() @@ -762,7 +768,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the verify URL. - * + * * @return Returns the verify URL. */ public String getVerifyURL() @@ -772,7 +778,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the ecdsa cert alg property. - * + * * @return Returns the ecdsa cert alg property. */ public String getCertAlgEcdsa() @@ -782,7 +788,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the rsa cert alg property. - * + * * @return Returns the rsa cert alg property. */ public String getCertAlgRsa() @@ -793,7 +799,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Reads the configuration entry given by the key, first from the given * profile, if not found from the defaults. - * + * * @param settings * The settings. * @param profile diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java index 170cc45..22318a2 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java @@ -52,7 +52,7 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /** * @author wprinz - * + * */ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector { @@ -72,16 +72,16 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Constructor that builds the configuration environment for this connector * according to the given profile. - * + * *

    * If confuguration parameters are not defined on that profile, the default * parameters defined in the configuration are used. *

    - * + * *

    * This is the new "hotfix" base64 connector. *

    - * + * * @param profile * The profile from which the Environment should be assembled. * @throws ConnectorException @@ -137,7 +137,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector // /** // * This emthod extracts id-values from a text. The id is given by the name. -// * +// * // * @param text // * the id-value that should extract from // * @param name @@ -166,11 +166,11 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Prepares the XML content the holds the actual signature data. - * + * *

    * This strongly rebuilds the XML content as retuned from a sign request. *

    - * + * * @param data * The data. * @param so @@ -186,13 +186,13 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector { String ids_string = so.getSigID(); String[] ids = SignatureObject.parseSigIds(ids_string); - + X509Certificate cert = so.getX509Certificate(); - + // dferbas AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject(); String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so); - + // data digest replace byte[] data_value = BKUHelper.prepareEnvelopingData(data); { @@ -225,7 +225,11 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]); verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); // SigDataRefReplace already done above @@ -276,7 +280,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Prepares the sign request xml to be sent using the sign request template. - * + * * @param data * The SignatureData. * @return Returns the sign request xml to be sent. @@ -302,7 +306,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Prepares the verify request xml to be sent using the verify request * template. - * + * * @param data * The SignatureData. * @param so @@ -325,7 +329,11 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector xml_content = chooseAndCreateXMLDsig(data, so); } - String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); // log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n"); @@ -349,7 +357,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Sends the request to the given URL. - * + * * @param url * The URL. * @param request_string @@ -373,7 +381,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Analyzes the sign response xml and extracts the signature data. - * + * * @param response_properties * The response properties containing the response String and * transport related information. @@ -391,7 +399,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties); log.debug("BKU identifier: \"" + bkuIdentifier + "\""); - + SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new HotfixIdFormatter(), this.environment); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ @@ -400,7 +408,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Analyzes the verify response string. - * + * * @param response_properties * The response properties containing the response XML. * @return Returns the SignatureResponse containing the verification result. @@ -423,7 +431,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Holds environment configuration information like templates. - * + * * @author wprinz */ public static class Environment extends ConnectorEnvironment @@ -488,7 +496,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Initializes the environment with a given profile. - * + * * @param profile * The configuration profile. * @throws ConnectorException @@ -524,7 +532,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename); log.debug("Verify request template filename = " + verify_request_filename); - + if (this.verify_request_template == null) { throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$ @@ -555,7 +563,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Returns the sign keybox identifier. - * + * * @return Returns the sign keybox identifier. */ public String getSignKeyboxIdentifier() @@ -565,7 +573,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Returns the sign request template. - * + * * @return Returns the sign request template. */ public String getSignRequestTemplate() @@ -575,7 +583,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Returns the sign URL. - * + * * @return Returns the sign URL. */ public String getSignURL() @@ -585,7 +593,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Returns the verify request template. - * + * * @return Returns the verify request template. */ public String getVerifyRequestTemplate() @@ -595,7 +603,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Returns the verify template. - * + * * @return Returns the verify template. */ public String getVerifyTemplate() @@ -605,7 +613,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Returns the verify URL. - * + * * @return Returns the verify URL. */ public String getVerifyURL() @@ -615,7 +623,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Returns the ecdsa cert alg property. - * + * * @return Returns the ecdsa cert alg property. */ public String getCertAlgEcdsa() @@ -625,7 +633,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Returns the rsa cert alg property. - * + * * @return Returns the rsa cert alg property. */ public String getCertAlgRsa() @@ -636,7 +644,7 @@ public class EnvelopedBase64BKUConnector implements Connector, LocalConnector /** * Reads the configuration entry given by the key, first from the given * profile, if not found from the defaults. - * + * * @param settings * The settings. * @param profile diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java index ea90841..07e9ccd 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java @@ -55,7 +55,7 @@ import at.knowcenter.wag.egov.egiz.tools.FileHelper; /** * Connects to MOA providing the Data detached as LocRef on a local resource. - * + * * @author wprinz */ public class DetachedLocRefMOAConnector implements Connector @@ -79,12 +79,12 @@ public class DetachedLocRefMOAConnector implements Connector /** * Constructor that builds the configuration environment for this connector * according to the given profile. - * + * *

    * If confuguration parameters are not defined on that profile, the default * parameters defined in the configuration are used. *

    - * + * * @param profile * The profile from which the Environment should be assembled. * @throws SettingsException @@ -183,7 +183,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Prepares the verify request xml to be sent using the verify request * template. - * + * * @param data * The SignatureData. * @param so @@ -206,7 +206,11 @@ public class DetachedLocRefMOAConnector implements Connector xml_content = chooseAndCreateXMLDsig(data, so); } - String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId()); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getSignatureDataUrl()); @@ -217,7 +221,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Analyzes the verify response string. - * + * * @param response_properties * The response properties containing the response XML. * @return Returns the SignatureResponse containing the verification result. @@ -272,7 +276,11 @@ public class DetachedLocRefMOAConnector implements Connector // Qualified Properties replaces verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); // SigDataRefReplace already done above verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); @@ -323,7 +331,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Holds environment configuration information like templates. - * + * * @author wprinz */ public static class Environment extends ConnectorEnvironment @@ -417,7 +425,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Initializes the environment with a given profile. - * + * * @param profile * The configuration profile. * @throws SettingsException @@ -516,7 +524,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the URL where to load the detached data from. - * + * * @return Returns the URL where to load the detached data from. */ public String getSignatureDataUrl() @@ -526,7 +534,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the sign key identifier. - * + * * @return Returns the sign key identifier. */ public String getSignKeyIdentifier() @@ -536,7 +544,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the sign request template. - * + * * @return Returns the sign request template. */ public String getSignRequestTemplate() @@ -546,7 +554,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the sign URL. - * + * * @return Returns the sign URL. */ public String getSignURL() @@ -556,7 +564,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the verify request template. - * + * * @return Returns the verify request template. */ public String getVerifyRequestTemplate() @@ -566,7 +574,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the verify template. - * + * * @return Returns the verify template. */ public String getVerifyTemplate() @@ -576,7 +584,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the verify URL. - * + * * @return Returns the verify URL. */ public String getVerifyURL() @@ -586,7 +594,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the verify trust profile id. - * + * * @return Returns the verify trust profile id. */ public String getVerifyTrustProfileId() @@ -596,7 +604,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the ecdsa cert alg property. - * + * * @return Returns the ecdsa cert alg property. */ public String getCertAlgEcdsa() @@ -606,7 +614,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Returns the rsa cert alg property. - * + * * @return Returns the rsa cert alg property. */ public String getCertAlgRsa() @@ -617,7 +625,7 @@ public class DetachedLocRefMOAConnector implements Connector /** * Reads the configuration entry given by the key, first from the given * profile, if not found from the defaults. - * + * * @param settings * The settings. * @param profile diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java index 6f2d171..4a33fc8 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java @@ -54,7 +54,7 @@ import at.knowcenter.wag.egov.egiz.tools.FileHelper; /** * @author wprinz - * + * */ public class EnvelopingBase64MOAConnector implements Connector { @@ -69,18 +69,18 @@ public class EnvelopingBase64MOAConnector implements Connector * other configurable elements. */ protected Environment environment = null; - + protected ConnectorParameters params = null; /** * Constructor that builds the configuration environment for this connector * according to the given profile. - * + * *

    * If confuguration parameters are not defined on that profile, the default * parameters defined in the configuration are used. *

    - * + * * @param profile * The profile from which the Environment should be assembled. * @throws ConnectorException @@ -150,7 +150,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Prepares the sign request xml to be sent using the sign request template. - * + * * @param data * The SignatureData. * @return Returns the sign request xml to be sent. @@ -176,7 +176,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Prepares the verify request xml to be sent using the verify request * template. - * + * * @param data * The SignatureData. * @param so @@ -199,7 +199,11 @@ public class EnvelopingBase64MOAConnector implements Connector xml_content = chooseAndCreateXMLDsig(data, so); } - String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId()); String returnHashInputDataElement = ""; @@ -208,10 +212,10 @@ public class EnvelopingBase64MOAConnector implements Connector returnHashInputDataElement = MOASoapWithAttachmentConnector.RETURN_HASH_INPUT_DATA; } verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.RETURN_HASH_INPUT_DATA_REPLACE, returnHashInputDataElement); - + verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime())); - + log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n"); return verify_request_xml; @@ -219,7 +223,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Analyzes the sign response xml and extracts the signature data. - * + * * @param response_properties * The response properties containing the response String and * transport related information. @@ -243,7 +247,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Analyzes the verify response string. - * + * * @param response_properties * The response properties containing the response XML. * @return Returns the SignatureResponse containing the verification result. @@ -266,11 +270,11 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Prepares the XML content the holds the actual signature data. - * + * *

    * This strongly rebuilds the XML content as retuned from a sign request. *

    - * + * * @param data * The data. * @param so @@ -285,7 +289,7 @@ public class EnvelopingBase64MOAConnector implements Connector try { X509Certificate cert = so.getX509Certificate(); - + // dferbas AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject(); String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so); @@ -311,7 +315,11 @@ public class EnvelopingBase64MOAConnector implements Connector // Qualified Properties replaces verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); // SigDataRefReplace already done above @@ -339,7 +347,7 @@ public class EnvelopingBase64MOAConnector implements Connector // Base64 content replace -> do this at last for performance String base64 = CodingHelper.encodeBase64(data_value); verify_xml = verify_xml.replaceFirst(TemplateReplaces.BASE64_CONTENT_REPLACE, base64); - + log.debug("prepareXMLContent finished."); //$NON-NLS-1$ return verify_xml; } @@ -352,7 +360,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Holds environment configuration information like templates. - * + * * @author wprinz */ public static class Environment extends ConnectorEnvironment @@ -401,7 +409,7 @@ public class EnvelopingBase64MOAConnector implements Connector * The configuration key for the RSA cert alg property. */ protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ - + protected String profile = null; protected String sign_key_identifier = null; @@ -424,7 +432,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Initializes the environment with a given profile. - * + * * @param profile * The configuration profile. * @throws ConnectorException @@ -433,7 +441,7 @@ public class EnvelopingBase64MOAConnector implements Connector public Environment(String profile, String signKeyIdentifier) throws ConnectorException { this.profile = profile; - + SettingsReader settings = null; try { @@ -449,7 +457,7 @@ public class EnvelopingBase64MOAConnector implements Connector this.sign_key_identifier = signKeyIdentifier; } else - { + { this.sign_key_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEY_IDENTIFIER_KEY); } @@ -488,7 +496,7 @@ public class EnvelopingBase64MOAConnector implements Connector this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY); } - + public String getProfile() { return this.profile; @@ -496,7 +504,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Returns the sign key identifier. - * + * * @return Returns the sign key identifier. */ public String getSignKeyIdentifier() @@ -506,7 +514,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Returns the sign request template. - * + * * @return Returns the sign request template. */ public String getSignRequestTemplate() @@ -516,7 +524,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Returns the sign URL. - * + * * @return Returns the sign URL. */ public String getSignURL() @@ -526,7 +534,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Returns the verify request template. - * + * * @return Returns the verify request template. */ public String getVerifyRequestTemplate() @@ -536,7 +544,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Returns the verify template. - * + * * @return Returns the verify template. */ public String getVerifyTemplate() @@ -546,7 +554,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Returns the verify URL. - * + * * @return Returns the verify URL. */ public String getVerifyURL() @@ -556,7 +564,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Returns the verify trust profile id. - * + * * @return Returns the verify trust profile id. */ public String getVerifyTrustProfileId() @@ -566,7 +574,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Returns the ecdsa cert alg property. - * + * * @return Returns the ecdsa cert alg property. */ public String getCertAlgEcdsa() @@ -576,7 +584,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Returns the rsa cert alg property. - * + * * @return Returns the rsa cert alg property. */ public String getCertAlgRsa() @@ -587,7 +595,7 @@ public class EnvelopingBase64MOAConnector implements Connector /** * Reads the configuration entry given by the key, first from the given * profile, if not found from the defaults. - * + * * @param settings * The settings. * @param profile diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java index db0a04f..401921b 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java @@ -54,7 +54,7 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /** * Connects to MOA providing the Data detached as LocRef on a local resource. - * + * * @author wprinz */ public class MOASoapWithAttachmentConnector implements Connector @@ -72,9 +72,9 @@ public class MOASoapWithAttachmentConnector implements Connector private static Log log = LogFactory.getLog(MOASoapWithAttachmentConnector.class); protected static final String MULTIPART_LOC_REF_CONTENT = "formdata:fileupload"; //$NON-NLS-1$ - + protected static final String RETURN_HASH_INPUT_DATA = ""; //$NON-NLS-1$ - + /** * The connector parameters. */ @@ -85,17 +85,17 @@ public class MOASoapWithAttachmentConnector implements Connector * other configurable elements. */ protected Environment environment = null; - - + + /** * Constructor that builds the configuration environment for this connector * according to the given profile. - * + * *

    * If confuguration parameters are not defined on that profile, the default * parameters defined in the configuration are used. *

    - * + * * @param connectorParameters * The parameters for this connector. * @throws ConnectorException @@ -193,7 +193,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Prepares the verify request xml to be sent using the verify request * template. - * + * * @param data * The SignatureData. * @param so @@ -216,32 +216,36 @@ public class MOASoapWithAttachmentConnector implements Connector xml_content = chooseAndCreateXMLDsig(data, so); } - String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId()); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getSignatureDataUrl()); - + String returnHashInputDataElement = ""; if (this.params.isReturnHashInputData()) { returnHashInputDataElement = RETURN_HASH_INPUT_DATA; } verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.RETURN_HASH_INPUT_DATA_REPLACE, returnHashInputDataElement); - + verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime())); - + log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n"); return verify_request_xml; } - + private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException { - + // MOA if (SigKZIDHelper.isMOASigned(so)) { log.debug("MOA signature detected."); return prepareXMLContent(data, so); - + // MOCCA } else if (SigKZIDHelper.isMOCCASigned(so)) { log.debug("MOCCA signature detected."); @@ -255,7 +259,7 @@ public class MOASoapWithAttachmentConnector implements Connector log.debug("A-Trust signature detected."); this.environment.reInitVerifyTemplate(ATRUST_VERIFY_TEMPLATE_KEY); return prepareXMLContent(data, so); - + // TD bku } else if (SigKZIDHelper.isBKUSigned(so)) { log.debug("TD bku signature detected."); @@ -263,13 +267,13 @@ public class MOASoapWithAttachmentConnector implements Connector return bku_connector.prepareXMLContent(data, so); } else { throw new ConnectorException(ErrorCode.UNSUPPORTED_SIGNATURE, "Unsupported signature (" + so.id + ", " +so.kz + "). Please get a new version of PDF-AS. Your version is: " + PdfAS.PDFAS_VERSION); - + } } - + /** * Analyzes the verify response string. - * + * * @param response_properties * The response properties containing the response XML. * @return Returns the SignatureResponse containing the verification result. @@ -298,7 +302,7 @@ public class MOASoapWithAttachmentConnector implements Connector String verify_xml = null; X509Certificate cert = so.getX509Certificate(); - + // dferbas AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject(); verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so); @@ -326,7 +330,11 @@ public class MOASoapWithAttachmentConnector implements Connector // Qualified Properties replaces verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); // SigDataRefReplace already done above verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); @@ -367,23 +375,11 @@ public class MOASoapWithAttachmentConnector implements Connector { try { - // for performance measurement -// long startTime = 0; -// if (log.isInfoEnabled()) { -// startTime = System.currentTimeMillis(); -// } - + // Properties response_properties = MOASoapConnection.connectMOA(request_string, MOASoapConnection.SERVICE_SIGN, url); log.debug("Connecting to " + url); Properties response_properties = MOASoapConnection.doPostRequestMultipart(url,mode, request_string, data ); - - // for performance measurement -// if (log.isInfoEnabled()) { -// long endTime = System.currentTimeMillis(); -// String toReport = "MOA-PROCESSING;-;-;" + (endTime - startTime) + ";"; -// log.info(toReport); -// } - + return response_properties; } catch (Exception e) @@ -391,14 +387,14 @@ public class MOASoapWithAttachmentConnector implements Connector throw new ConnectorException(330, e); } } - + public void reInitVerifyTemplate(String templatePropKey) throws ConnectorException { this.environment.reInitVerifyTemplate(templatePropKey); } /** * Holds environment configuration information like templates. - * + * * @author wprinz */ public static class Environment extends ConnectorEnvironment @@ -490,7 +486,7 @@ public class MOASoapWithAttachmentConnector implements Connector protected String cert_alg_rsa = null; - + public void reInitVerifyTemplate(String templatePropKey) throws ConnectorException { SettingsReader settings = null; try @@ -501,14 +497,14 @@ public class MOASoapWithAttachmentConnector implements Connector { throw new ConnectorException(300, e); } - + String verify_request_filename = getConnectorValueFromProfile(settings, this.profile, templatePropKey); this.verify_template = settings.readInternalResourceAsString(verify_request_filename); - + } /** * Initializes the environment with a given profile. - * + * * @param profile * The configuration profile. * @throws SettingsException @@ -537,7 +533,7 @@ public class MOASoapWithAttachmentConnector implements Connector this.sign_key_identifier = signKeyIdentifier; } else - { + { this.sign_key_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEY_IDENTIFIER_KEY); } @@ -570,7 +566,7 @@ public class MOASoapWithAttachmentConnector implements Connector if (this.verify_request_template == null) { - verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY); + verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY); //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename); } @@ -614,7 +610,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the URL where to load the detached data from. - * + * * @return Returns the URL where to load the detached data from. */ public String getSignatureDataUrl() @@ -624,7 +620,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the sign key identifier. - * + * * @return Returns the sign key identifier. */ public String getSignKeyIdentifier() @@ -634,7 +630,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the sign request template. - * + * * @return Returns the sign request template. */ public String getSignRequestTemplate() @@ -644,7 +640,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the sign URL. - * + * * @return Returns the sign URL. */ public String getSignURL() @@ -654,7 +650,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the verify request template. - * + * * @return Returns the verify request template. */ public String getVerifyRequestTemplate() @@ -664,7 +660,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the verify template. - * + * * @return Returns the verify template. */ public String getVerifyTemplate() @@ -674,7 +670,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the verify URL. - * + * * @return Returns the verify URL. */ public String getVerifyURL() @@ -684,7 +680,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the verify trust profile id. - * + * * @return Returns the verify trust profile id. */ public String getVerifyTrustProfileId() @@ -694,7 +690,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the ecdsa cert alg property. - * + * * @return Returns the ecdsa cert alg property. */ public String getCertAlgEcdsa() @@ -704,7 +700,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Returns the rsa cert alg property. - * + * * @return Returns the rsa cert alg property. */ public String getCertAlgRsa() @@ -715,7 +711,7 @@ public class MOASoapWithAttachmentConnector implements Connector /** * Reads the configuration entry given by the key, first from the given * profile, if not found from the defaults. - * + * * @param settings * The settings. * @param profile diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java index 12fc709..f9fe70b 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/mocca/LocRefDetachedMOCCAConnector.java @@ -120,10 +120,10 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * @throws ConnectorException Thrown in case of an error. */ public SignSignatureObject doSign(SignatureData data) throws ConnectorException { - log.debug("doSign:"); + log.debug("doSign:"); String sign_request_xml = prepareSignRequest(data); - log.debug("sign_request_xml = " + sign_request_xml); + log.debug("sign_request_xml = " + sign_request_xml); String url = this.environment.getSignURL(); Properties response_properties = sendRequest(url, sign_request_xml, data); @@ -132,7 +132,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { sso.response_properties = response_properties; - log.debug("doSign finished."); + log.debug("doSign finished."); return sso; } @@ -148,12 +148,12 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * This method analyzes a signature response of the signature device. * @param response_properties The response elements of the signature device. * @return The parsed signed signature object. - * @throws ConnectorException Thrown in case of an error. + * @throws ConnectorException Thrown in case of an error. */ public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException { - log.debug("analyzeSignResponse:"); + log.debug("analyzeSignResponse:"); String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); - + String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties); log.debug("BKU identifier: \"" + bkuIdentifier + "\""); SignatureLayoutHandler sigLayout; @@ -162,13 +162,13 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { } catch (SettingsException e) { throw new ConnectorException(e.getErrorCode(), e.getMessage()); } - + BKUHelper.checkResponseForError(response_string); - + // SignSignatureObject so = MOCCAHelper.parseCreateXMLResponse(response_string, new DetachedMOCIdFormatter()); SignSignatureObject so = sigLayout.parseCreateXMLSignatureResponse(response_string, this.environment); so.response_properties = response_properties; - log.debug("analyzeSignResponse finished."); + log.debug("analyzeSignResponse finished."); return so; } @@ -187,7 +187,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * @throws ConnectorException Thrown in case of an error. */ public String prepareSignRequest(SignatureData data) throws ConnectorException { - log.debug("prepareSignRequestDetached:"); + log.debug("prepareSignRequestDetached:"); String sign_request_template = this.environment.getSignRequestTemplate(); @@ -196,9 +196,9 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { String loc_ref_content = this.environment.getLocRefContent(); if (log.isDebugEnabled()) { - log.debug("sign keybox identifier = " + sign_keybox_identifier); - log.debug("mime type = " + mime_type); - log.debug("loc_ref_content = " + loc_ref_content); + log.debug("sign keybox identifier = " + sign_keybox_identifier); + log.debug("mime type = " + mime_type); + log.debug("loc_ref_content = " + loc_ref_content); } String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEYBOX_IDENTIFIER_REPLACE, sign_keybox_identifier); @@ -206,7 +206,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, loc_ref_content); log.debug("sign_request_xml = " + sign_request_xml); - log.debug("prepareSignRequestDetached finished."); + log.debug("prepareSignRequestDetached finished."); return sign_request_xml; } @@ -226,15 +226,15 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * @throws ConnectorException Thrown in case of an error. */ public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException { - log.debug("prepareXMLContent:"); + log.debug("prepareXMLContent:"); try { - + String ids_string = so.getSigID(); String sigId = this.parseSigId(ids_string); X509Certificate cert = so.getX509Certificate(); - - + + // dferbas AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject(); String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so); @@ -244,7 +244,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { String object_data_hash = CodingHelper.encodeBase64(data_value_hash); // template replacements - + verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash); verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue()); @@ -259,7 +259,11 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, sigId); verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause the results to be different than + // if it were being treated as a literal replacement string. +// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); // SigDataRefReplace already done above verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); @@ -270,15 +274,15 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { if (matcher.find()) { log.debug("SignedProperties found."); String string_to_be_hashed = matcher.group(1); - log.debug("SignedProperties string to be hashed: " + string_to_be_hashed); - final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); + log.debug("SignedProperties string to be hashed: " + string_to_be_hashed); + final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, algSuite.getPropertiesDigestMethod()); String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash); } - log.debug("prepareXMLContent finished."); + log.debug("prepareXMLContent finished."); return verify_xml; } catch (Exception e) { log.debug(e); @@ -291,21 +295,21 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { * @author wprinz */ public static class Environment extends ConnectorEnvironment { - + /** * The configuration key of the sign keybox identifier. */ - protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "moc.sign.KeyboxIdentifier"; + protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "moc.sign.KeyboxIdentifier"; /** * The configuration key of the sign request template. */ - protected static final String SIGN_REQUEST_TEMPLATE_KEY = "moc.sign.request.detached"; + protected static final String SIGN_REQUEST_TEMPLATE_KEY = "moc.sign.request.detached"; /** * The configuration key of the sign URL. */ - protected static final String SIGN_URL_KEY = "moc.sign.url"; + protected static final String SIGN_URL_KEY = "moc.sign.url"; /** * BKU template file prefix @@ -334,29 +338,29 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { */ /* signature verification is not supported by mocca protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "moc.verify.request.detached"; - */ + */ /** * The configuration key of the verify template. */ - protected static final String VERIFY_TEMPLATE_KEY = "moc.verify.template.detached"; + protected static final String VERIFY_TEMPLATE_KEY = "moc.verify.template.detached"; /** * The configuration key of the verify URL. */ /* signature verification is not supported by mocca protected static final String xxxVERIFY_URL_KEY = "moc.verify.url"; - */ + */ /** * The configuration key for the ECDSA cert alg property. */ - protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; + protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; /** * The configuration key for the RSA cert alg property. */ - protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; + protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; protected String profile = null; @@ -381,7 +385,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { protected String cert_alg_ecdsa = null; protected String cert_alg_rsa = null; - + protected String algorithmId = null; /** @@ -411,7 +415,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { } // SIGN REQUEST - + // try specific file String sign_request_filename = TEMPLATE_FILE_PREFIX + this.algorithmId + SIGN_TEMPLATE_FILE_SUFFIX; log.debug("Trying to load specific sign request file " + sign_request_filename); @@ -428,15 +432,15 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { // request file is needed !!! if (this.sign_request_template == null) { - throw new ConnectorException(300, "Can not read the create xml request template"); + throw new ConnectorException(300, "Can not read the create xml request template"); } this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY); - + // VERIFY REQUEST /* signature verification is not supported by mocca - + // try specific file String verify_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.moc.algorithm.id") + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX; log.debug("Trying to load specific verify request file " + verify_request_filename); @@ -451,11 +455,11 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { // request file is needed !!! if (this.verify_request_template == null) { - throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); + throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); } - + */ - + // load template file // try specific file String verify_filename = TEMPLATE_FILE_PREFIX + this.algorithmId + VERIFY_TEMPLATE_SUFFIX; @@ -473,7 +477,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { // signature template is needed !!! if (this.verify_template == null) { - throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template"); + throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template"); } /* signature verification is not supported by mocca @@ -496,7 +500,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Returns the LocRef content. - * + * * @return Returns the LocRef content. */ public String getLocRefContent() { @@ -505,7 +509,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Returns the sign keybox identifier. - * + * * @return Returns the sign keybox identifier. */ public String getSignKeyboxIdentifier() { @@ -514,7 +518,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Returns the sign request template. - * + * * @return Returns the sign request template. */ public String getSignRequestTemplate() { @@ -523,7 +527,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Returns the sign URL. - * + * * @return Returns the sign URL. */ public String getSignURL() { @@ -532,7 +536,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Returns the verify request template. - * + * * @return Returns the verify request template. */ /* signature verification is not supported by mocca @@ -543,7 +547,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Returns the verify template. - * + * * @return Returns the verify template. */ public String getVerifyTemplate() { @@ -552,7 +556,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Returns the verify URL. - * + * * @return Returns the verify URL. */ /* signature verification is not supported by mocca @@ -563,7 +567,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Returns the ecdsa cert alg property. - * + * * @return Returns the ecdsa cert alg property. */ public String getCertAlgEcdsa() { @@ -572,7 +576,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Returns the rsa cert alg property. - * + * * @return Returns the rsa cert alg property. */ public String getCertAlgRsa() { @@ -582,7 +586,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { /** * Reads the configuration entry given by the key, first from the given * profile, if not found from the defaults. - * + * * @param settings * The settings. * @param profile @@ -599,7 +603,7 @@ public class LocRefDetachedMOCCAConnector implements Connector, LocalConnector { return value; } } - + /** * Parses the common part for all id attributes from a given signature parameter string. * @param sigIdString The given signature parameter string. diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java index 094880d..03bf931 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java @@ -50,49 +50,52 @@ import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter; */ public final class SigKZIDHelper { - + /** * The Logger. */ protected static Log logger = LogFactory.getLog(SigKZIDHelper.class); - + public static boolean isTextual(PdfASID sig_kz) { if (sig_kz == null) { // Old signature -> must be textual. - + return true; } - + // new signauture -> sig_kz decides return sig_kz.getType().equals(SignatorFactory.TYPE_TEXTUAL); } - + public static boolean isBinary(PdfASID sig_kz) { return ! isTextual(sig_kz); } - - + + public static boolean isMOASigned(PdfASID sig_kz, String sig_id) { if (sig_kz == null || sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0)) { // old signature - if sig_id is null this means MOA - + return sig_id == null; } - - if(sig_id == null) + + // According to the specification no signature parameter means MOA signature. + // Fixed: empty ("") or blank (" "), non-null signature parameter should also be regarded as "no signature parameter" +// if (sig_id != null) + if (StringUtils.isBlank(sig_id)) return true; - + // new signature - sig_id decides String [] ids = sig_id.split("@"); // dferbas String prefix = (ids[0].split(":"))[0]; - - + + if (prefix.equals(DetachedLocRefMOAIdFormatter.SIG_ID_PREFIX)) { return true; @@ -116,10 +119,10 @@ public final class SigKZIDHelper logger.error(e.getMessage(), e); } } - + return isMOASigned(kz, sig_id); } - + /** * @author tknall */ @@ -128,7 +131,7 @@ public final class SigKZIDHelper if (StringUtils.isEmpty(sig_id)) { return false; } - String[] ids = sig_id.split("@"); + String[] ids = sig_id.split("@"); if (ArrayUtils.isEmpty(ids)) { return false; } @@ -136,7 +139,7 @@ public final class SigKZIDHelper if (algorithmId == null) { return false; } else { - return algorithmId.startsWith("etsi-moc-1.0") || algorithmId.startsWith("etsi-moc-1.1"); + return algorithmId.startsWith("etsi-moc-1.0") || algorithmId.startsWith("etsi-moc-1.1") || algorithmId.startsWith("etsi-moc-1.2"); } } @@ -203,16 +206,16 @@ public final class SigKZIDHelper logger.error(e.getMessage(), e); } } - + return isOldBKU(kz, sig_id); } - + public static String getAlgorithmId(String bkuIdentifier) throws SettingsException, SettingNotFoundException, ConnectorException { SettingsReader sr = SettingsReader.getInstance(); String base = "signaturelayout.pattern"; Vector v = sr.getSettingKeys(base); - + Iterator it = v.iterator(); while (it.hasNext()) { String subKey = (String) it.next(); @@ -225,7 +228,7 @@ public final class SigKZIDHelper return algValue; } } - + if ("true".equalsIgnoreCase(sr.getSetting("signaturelayout.strict", "false"))) { logger.debug("Enforcing bku support check."); throw new ConnectorException(ErrorCode.BKU_NOT_SUPPORTED, "Unsupported BKU: " + bkuIdentifier); @@ -233,7 +236,7 @@ public final class SigKZIDHelper logger.debug("bku support check disabled."); return null; } - + } public static boolean isATrustSigned(SignSignatureObject so) { @@ -241,7 +244,7 @@ public final class SigKZIDHelper if (sig_id == null && StringUtils.isEmpty(sig_id)) { return false; } - return sig_id.startsWith("etsi-bka-atrust-1.0"); + return sig_id.startsWith("etsi-bka-atrust-1.0"); } /** @@ -251,11 +254,11 @@ public final class SigKZIDHelper */ public static boolean isBKUSigned(SignSignatureObject so) throws ConnectorException { if (isOldBKU(so)) return true; - + if (so.id.startsWith("etsi-bka-1.0")) { return true; } - + return false; } diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/mocca/MoccaXades14SignatureLayoutHandler.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/mocca/MoccaXades14SignatureLayoutHandler.java new file mode 100644 index 0000000..ed14315 --- /dev/null +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/mocca/MoccaXades14SignatureLayoutHandler.java @@ -0,0 +1,53 @@ +/** + * Copyright 2006 by Know-Center, Graz, Austria + * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a + * joint initiative of the Federal Chancellery Austria and Graz University of + * Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.knowcenter.wag.egov.egiz.sig.signaturelayout.mocca; + +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; +import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; +import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.MOCCAHelper; +import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedMOCIdFormatter; +import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandler; + +/** + * Layout handler for XAdES 1.4 based signature layouts. + * + * @author Datentechnik Innovation GmbH + */ +public class MoccaXades14SignatureLayoutHandler implements SignatureLayoutHandler { + + /** + * The signature parameter identifier for XAdES 1.4 signatures. + */ + private final static String ALGORITHM_ID = "etsi-moc-1.2"; + + /** + * Parses the given xmlResponse with respect to the specific signature layout of mocca. + */ + public SignSignatureObject parseCreateXMLSignatureResponse(String xmlResponse, ConnectorEnvironment env) + throws ConnectorException { + return MOCCAHelper.parseCreateXMLResponse(xmlResponse, new DetachedMOCIdFormatter(ALGORITHM_ID), env); + } + +} -- cgit v1.2.3