From 6aabd24f0e39338b63402dd59b006c05997b2658 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Fri, 3 Oct 2014 10:18:51 +0200 Subject: XAdES 1.4 changes for MOA --- .../sig/connectors/bku/DetachedBKUConnector.java | 7 +- .../moa/MOASoapWithAttachmentConnector.java | 1445 ++++++++++---------- .../sig/sigid/DetachedLocRefMOAIdFormatter.java | 2 + .../wag/egov/egiz/sig/sigkz/SigKZIDHelper.java | 50 + .../atrust/ATrustSignatureLayoutHandler.java | 1 + 5 files changed, 818 insertions(+), 687 deletions(-) (limited to 'pdf-as-lib') diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java index 646f2be..67fc481 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java @@ -375,7 +375,12 @@ public class DetachedBKUConnector implements Connector, LocalConnector return moa_conn.prepareXMLContent(data, so); // MOCCA - } else if (SigKZIDHelper.isMOCCASigned(so)) { + } else if (SigKZIDHelper.isMOAXAdES14Signed(so)) { + log.debug("The signature is MOA XAdES 1.4 signed -> getting XML content from DetachedLocRefMOA connector."); + DetachedLocRefMOAConnector moa_conn = new DetachedLocRefMOAConnector(this.environment.getProfile(), "loc ref not needed here"); + return moa_conn.prepareXMLContent(data, so); + // ATRUST + }else if (SigKZIDHelper.isMOCCASigned(so)) { log.debug("MOCCA signature detected."); String algorithmId = SigKZIDHelper.parseAlgorithmId(so.id); log.debug("Algorithm = " + algorithmId); diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java index 03c2dda..f446b85 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOASoapWithAttachmentConnector.java @@ -57,691 +57,764 @@ import at.knowcenter.wag.egov.egiz.tools.CodingHelper; * * @author wprinz */ -public class MOASoapWithAttachmentConnector implements Connector -{ - //23.11.2010 changed by exthex - added reconstructXMLDsig method and moved xmldsig creation to chooseAndCreateXMLDsig method - public static final String ATRUST_VERIFY_TEMPLATE_KEY = "atrust.verify.template.detached"; - public static final String ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY = "atrust.xades14.verify.template.detached"; - -/** - * The SIG_ID prefix. - */ - // public static final String SIG_ID_PREFIX = "etsi-bku-detached@"; //$NON-NLS-1$ - /** - * The log. - */ - private static Log log = LogFactory.getLog(MOASoapWithAttachmentConnector.class); - - private static Log moaLog = LogFactory.getLog("at.knowcenter.wag.egov.egiz.sig.connectors.MOASSRepsonseLogger"); - - protected static final String MULTIPART_LOC_REF_CONTENT = "formdata:fileupload"; //$NON-NLS-1$ - - protected static final String RETURN_HASH_INPUT_DATA = ""; //$NON-NLS-1$ - - /** - * The connector parameters. - */ - protected ConnectorParameters params = null; - - /** - * The environemnt configuration of this connector containing templates and - * other configurable elements. - */ - protected Environment environment = null; - - - /** - * Constructor that builds the configuration environment for this connector - * according to the given profile. - * - *

- * If confuguration parameters are not defined on that profile, the default - * parameters defined in the configuration are used. - *

- * - * @param connectorParameters - * The parameters for this connector. - * @throws ConnectorException - * f.e. - */ - public MOASoapWithAttachmentConnector(ConnectorParameters connectorParameters) throws ConnectorException - { - this.params = connectorParameters; - this.environment = new Environment(this.params.getProfileId(), this.params.getSignatureKeyIdentifier(), MULTIPART_LOC_REF_CONTENT); - } - - protected String prepareSignRequest(SignatureData data) throws ConnectorException - { - log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$ - - String sign_request_template = this.environment.getSignRequestTemplate(); - - String sign_key_identifier = this.environment.getSignKeyIdentifier(); - String loc_ref_content = this.environment.getSignatureDataUrl(); - String mime_type = data.getMimeType(); - if (log.isDebugEnabled()) - { - log.debug("sign keybox identifier = " + sign_key_identifier); //$NON-NLS-1$ - log.debug("LocRefContent = " + loc_ref_content); //$NON-NLS-1$ - log.debug("mime type = " + mime_type); //$NON-NLS-1$ - } - - String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEY_IDENTIFIER_REPLACE, sign_key_identifier); - sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, loc_ref_content); - sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, mime_type); - - log.debug("prepareSignRequestDetached finished."); //$NON-NLS-1$ - return sign_request_xml; - } - - /** - * @see at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector#analyzeSignResponse(java.util.Properties) - */ - public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException - { - log.debug("analyzeSignResponse:"); //$NON-NLS-1$ - - String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); - moaLog.debug("MOA-SS Response: " + response_string); - BKUHelper.checkResponseForError(response_string); - - SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new DetachedLocRefMOAIdFormatter(), this.environment); - - log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ - return so; - } - - /** - * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doSign(at.knowcenter.wag.egov.egiz.sig.SignatureData) - */ - public SignSignatureObject doSign(SignatureData data) throws ConnectorException - { - log.debug("doSign:"); //$NON-NLS-1$ - String sign_request_xml = prepareSignRequest(data); -// DebugHelper.debugStringToFile(sign_request_xml, "MOA_DetLocRef_sign_request.xml"); //$NON-NLS-1$ - - String url = this.environment.getSignURL(); - Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_SIGN, sign_request_xml, data); - -// DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "MOA_DetLocRef_sign_response.xml"); //$NON-NLS-1$ - SignSignatureObject sso = analyzeSignResponse(response_properties); - - sso.response_properties = response_properties; - - log.debug("doSign finished."); //$NON-NLS-1$ - return sso; - } - - /** - * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doVerify(at.knowcenter.wag.egov.egiz.sig.SignatureData, - * at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject) - */ - public SignatureResponse doVerify(SignatureData data, SignSignatureObject so, XMLDsigData dsig) throws ConnectorException - { - log.debug("doVerify:"); //$NON-NLS-1$ - - String verify_request_xml = prepareVerifyRequest(data, so, dsig); - log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$ - - String url = this.environment.getVerifyURL(); - Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_VERIFY, verify_request_xml, data); - - SignatureResponse signature_response = analyzeVerifyResponse(response_properties); - - log.debug("doVerify finished."); //$NON-NLS-1$ - return signature_response; - } - - /** - * Prepares the verify request xml to be sent using the verify request - * template. - * - * @param data - * The SignatureData. - * @param so - * The signature information object. - * @return Returns the verify request xml to be sent. - * @throws ConnectorException - * f.e. - */ - public String prepareVerifyRequest(SignatureData data, SignSignatureObject so, XMLDsigData dsigData) throws ConnectorException - { - String verify_request_template = this.environment.getVerifyRequestTemplate(); - - String xml_content = null; - if (dsigData != null && dsigData.getXmlDsig() != null) - { - xml_content = dsigData.getXmlDsig(); - } - else - { - xml_content = chooseAndCreateXMLDsig(data, so); - } - - // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) - // methods are regarded, backslashes in the replacement string may cause the results to be different than - // if it were being treated as a literal replacement string. -// String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); - String verify_request_xml = verify_request_template.replace(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); - verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId()); - verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getSignatureDataUrl()); - - String returnHashInputDataElement = ""; - if (this.params.isReturnHashInputData()) - { - returnHashInputDataElement = RETURN_HASH_INPUT_DATA; - } - verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.RETURN_HASH_INPUT_DATA_REPLACE, returnHashInputDataElement); - - verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper.formDateTimeElement(this.params.getVerificationTime())); - - - log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n"); - - return verify_request_xml; - } - - private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException { - - // MOA - if (SigKZIDHelper.isMOASigned(so)) { - log.debug("MOA signature detected."); - return prepareXMLContent(data, so); - - // MOCCA - } else if (SigKZIDHelper.isMOCCASigned(so)) { - log.debug("MOCCA signature detected."); - String algorithmId = SigKZIDHelper.parseAlgorithmId(so.id); - log.debug("Algorithm = " + algorithmId); - LocRefDetachedMOCCAConnector mocca_connector = new LocRefDetachedMOCCAConnector(this.params, "not needed here", algorithmId); - return mocca_connector.prepareXMLContent(data, so); - - // ATrust - } else if (SigKZIDHelper.isATrustSigned(so)) { - log.debug("A-Trust signature detected."); - this.environment.reInitVerifyTemplate(ATRUST_VERIFY_TEMPLATE_KEY); - return prepareXMLContent(data, so); - } else if (SigKZIDHelper.isATrustX14Signed(so)) { - log.debug("ATrust Xades 1.4 signature detected"); - MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector(this.params); - moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY); - return moaConn.prepareXMLContent(data, so); - // TD bku - } else if (SigKZIDHelper.isBKUSigned(so)) { - log.debug("TD bku signature detected."); - DetachedBKUConnector bku_connector = new DetachedBKUConnector(this.params, "not needed here"); - return bku_connector.prepareXMLContent(data, so); - } else { - throw new ConnectorException(ErrorCode.UNSUPPORTED_SIGNATURE, "Unsupported signature (" + so.id + ", " +so.kz + "). Please get a new version of PDF-AS. Your version is: " + PdfAS.PDFAS_VERSION); - - } - } - - /** - * Analyzes the verify response string. - * - * @param response_properties - * The response properties containing the response XML. - * @return Returns the SignatureResponse containing the verification result. - * @throws ConnectorException - * f.e. - */ - public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException - { - log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$ - - String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); - - BKUHelper.checkResponseForError(response_string); - - SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string); - - log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$ - return signature_response; - } - - public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException - { - log.debug("prepareXMLContent:"); //$NON-NLS-1$ - try - { - - String verify_xml = null; - X509Certificate cert = so.getX509Certificate(); - - // dferbas - AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject(); - verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so); - - - // data digest replace - { -// byte[] data_value = data.getData(); -// byte[] data_value_hash = CodingHelper.buildDigest(data_value); - byte[] data_value_hash = CodingHelper.buildDigest(data.getDataSource(), algSuite.getDataDigestMethod()); - String object_data_hash = CodingHelper.encodeBase64(data_value_hash); - - verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash); - } - - verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue()); - - // X.509 Certificate replace - byte[] der = cert.getEncoded(); - byte[] cert_hash = CodingHelper.buildDigest(der, algSuite.getCertDigestMethod()); - String certDigest = CodingHelper.encodeBase64(cert_hash); - String x509_cert_string = CodingHelper.encodeBase64(der); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string); - - // Qualified Properties replaces - verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); - // fixed by dti: Issuer names may contain escapted commas ("\,"). As far as replaceFirst (and replaceAll) - // methods are regarded, backslashes in the replacement string may cause the results to be different than - // if it were being treated as a literal replacement string. -// verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); - verify_xml = verify_xml.replace(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); - // SigDataRefReplace already done above - verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); - - // Signed Properties hash - { - final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; - final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length(); - assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; - assert hash_end > hash_start; - - final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end); - log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$ - - final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$ - byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, algSuite.getPropertiesDigestMethod()); - String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); - - verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash); - } - - log.debug("prepareXMLContent finished."); //$NON-NLS-1$ - return verify_xml; - } - catch (Exception e) - { - log.debug(e); - throw new ConnectorException(310, e); - } - } - - - protected Properties sendRequest(String url, String mode, String request_string, SignatureData data) throws ConnectorException - { - try - { - -// Properties response_properties = MOASoapConnection.connectMOA(request_string, MOASoapConnection.SERVICE_SIGN, url); - log.debug("Connecting to " + url); - Properties response_properties = MOASoapConnection.doPostRequestMultipart(url,mode, request_string, data ); - - return response_properties; - } - catch (Exception e) - { - throw new ConnectorException(330, e); - } - } - - public void reInitVerifyTemplate(String templatePropKey) throws ConnectorException { - this.environment.reInitVerifyTemplate(templatePropKey); - } - - /** - * Holds environment configuration information like templates. - * - * @author wprinz - */ - public static class Environment extends ConnectorEnvironment - { - /** - * The configuration key of the sign keybox identifier. - */ - protected static final String SIGN_KEY_IDENTIFIER_KEY = "moa.sign.KeyIdentifier"; //$NON-NLS-1$ - - /** - * The configuration key of the sign request template. - */ - protected static final String SIGN_REQUEST_TEMPLATE_KEY = "moa.sign.request.detached"; //$NON-NLS-1$ - - /** - * The configuration key of the sign URL. - */ - protected static final String SIGN_URL_KEY = "moa.sign.url"; //$NON-NLS-1$ - - /** - * MOA template file prefix - */ - protected static final String TEMPLATE_FILE_PREFIX = "/templates/moa."; - - /** - * signing file template sufix - */ - protected static final String SIGN_TEMPLATE_FILE_SUFIX = ".sign.xml"; - - /** - * verifing template file sufix - */ - protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml"; - - /** - * verifing file template key sufix - */ - protected static final String VERIFY_TEMPLATE_SUFIX = ".verify.template.xml"; - - /** - * The configuration key of the verify request template. - */ - protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "moa.verify.request.detached"; //$NON-NLS-1$ - - /** - * The configuration key of the verify template. - */ - protected static final String VERIFY_TEMPLATE_KEY = "moa.verify.template.detached"; //$NON-NLS-1$ - - /** - * The configuration key of the verify URL. - */ - protected static final String VERIFY_URL_KEY = "moa.verify.url"; //$NON-NLS-1$ - - /** - * The configuration key of the trust profile id. - */ - protected static final String VERIFY_TRUST_PROFILE_ID = "moa.verify.TrustProfileID"; //$NON-NLS-1$ - - /** - * The configuration key for the ECDSA cert alg property. - */ - protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$ - - /** - * The configuration key for the RSA cert alg property. - */ - protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ - - protected String profile = null; - - protected String signature_data_url = null; - - protected String sign_key_identifier = null; - - protected String sign_request_template = null; - - protected String sign_url = null; - - protected String verify_request_template = null; - - protected String verify_template = null; - - protected String verify_url = null; - - protected String verify_trust_profile_id = null; - - protected String cert_alg_ecdsa = null; - - protected String cert_alg_rsa = null; - - - public void reInitVerifyTemplate(String templatePropKey) throws ConnectorException { - SettingsReader settings = null; - try - { - settings = SettingsReader.getInstance(); - } - catch (SettingsException e) - { - throw new ConnectorException(300, e); - } - - String verify_request_filename = getConnectorValueFromProfile(settings, this.profile, templatePropKey); - this.verify_template = settings.readInternalResourceAsString(verify_request_filename); - - } - /** - * Initializes the environment with a given profile. - * - * @param profile - * The configuration profile. - * @throws SettingsException - * f.e. - * @throws ConnectorException - * f.e. - */ - public Environment(String profile, String signKeyIdentifier, String signature_data_url) throws ConnectorException - { - this.profile = profile; - - this.signature_data_url = signature_data_url; - - SettingsReader settings = null; - try - { - settings = SettingsReader.getInstance(); - } - catch (SettingsException e) - { - throw new ConnectorException(300, e); - } - - if (signKeyIdentifier != null) - { - this.sign_key_identifier = signKeyIdentifier; - } - else - { - this.sign_key_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEY_IDENTIFIER_KEY); - } - - String sign_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.moa.algorithm.id") + SIGN_TEMPLATE_FILE_SUFIX; - - // try to load template from file - //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); - this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename); - - if (this.sign_request_template == null) - { - sign_request_filename = getConnectorValueFromProfile(settings, profile, SIGN_REQUEST_TEMPLATE_KEY); - this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename); - //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); - } - - //this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); - if (this.sign_request_template == null) - { - throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the create xml request template"); //$NON-NLS-1$ - } - - this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY); - - String verify_request_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.moa.algorithm.id") + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX; - - // try to load template file for verifing - //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); - this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename); - - if (this.verify_request_template == null) - { - verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY); - //this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); - this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename); - } - - if (this.verify_request_template == null) - { - throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$ - } - - // load template key file - String verify_filename = TEMPLATE_FILE_PREFIX + settings.getValueFromKey("default.moa.algorithm.id") + VERIFY_TEMPLATE_SUFIX; - //this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename)); - this.verify_template = settings.readInternalResourceAsString(verify_filename); - - if (this.verify_template == null) - { - verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY); - //this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename)); - this.verify_template = settings.readInternalResourceAsString(verify_filename); - } - - if (this.verify_template == null) - { - throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template"); //$NON-NLS-1$ - } - - this.verify_url = getConnectorValueFromProfile(settings, profile, VERIFY_URL_KEY); - - this.verify_trust_profile_id = settings.getValueFromKey(VERIFY_TRUST_PROFILE_ID); - - this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY); - - this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY); - - } - - public String getProfile() - { - return this.profile; - } - - /** - * Returns the URL where to load the detached data from. - * - * @return Returns the URL where to load the detached data from. - */ - public String getSignatureDataUrl() - { - return this.signature_data_url; - } - - /** - * Returns the sign key identifier. - * - * @return Returns the sign key identifier. - */ - public String getSignKeyIdentifier() - { - return this.sign_key_identifier; - } - - /** - * Returns the sign request template. - * - * @return Returns the sign request template. - */ - public String getSignRequestTemplate() - { - return this.sign_request_template; - } - - /** - * Returns the sign URL. - * - * @return Returns the sign URL. - */ - public String getSignURL() - { - return this.sign_url; - } - - /** - * Returns the verify request template. - * - * @return Returns the verify request template. - */ - public String getVerifyRequestTemplate() - { - return this.verify_request_template; - } - - /** - * Returns the verify template. - * - * @return Returns the verify template. - */ - public String getVerifyTemplate() - { - return this.verify_template; - } - - /** - * Returns the verify URL. - * - * @return Returns the verify URL. - */ - public String getVerifyURL() - { - return this.verify_url; - } - - /** - * Returns the verify trust profile id. - * - * @return Returns the verify trust profile id. - */ - public String getVerifyTrustProfileId() - { - return this.verify_trust_profile_id; - } - - /** - * Returns the ecdsa cert alg property. - * - * @return Returns the ecdsa cert alg property. - */ - public String getCertAlgEcdsa() - { - return this.cert_alg_ecdsa; - } - - /** - * Returns the rsa cert alg property. - * - * @return Returns the rsa cert alg property. - */ - public String getCertAlgRsa() - { - return this.cert_alg_rsa; - } - - /** - * Reads the configuration entry given by the key, first from the given - * profile, if not found from the defaults. - * - * @param settings - * The settings. - * @param profile - * The profile. - * @param key - * The configuration key. - * @return Returns the configuration entry. - */ - public static String getConnectorValueFromProfile(SettingsReader settings, String profile, String key) - { - String value = settings.getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$ - if (value == null) - { - value = settings.getValueFromKey(key); - } - return value; - } - - } - - public XMLDsigData reconstructXMLDsig(SignatureData data, SignSignatureObject so) - throws ConnectorException { - String xmldsig = chooseAndCreateXMLDsig(data, so); - return new XMLDsigData(xmldsig, true); - } +public class MOASoapWithAttachmentConnector implements Connector { + // 23.11.2010 changed by exthex - added reconstructXMLDsig method and moved + // xmldsig creation to chooseAndCreateXMLDsig method + public static final String ATRUST_VERIFY_TEMPLATE_KEY = "atrust.verify.template.detached"; + public static final String ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY = "atrust.xades14.verify.template.detached"; + + /** + * The SIG_ID prefix. + */ + // public static final String SIG_ID_PREFIX = "etsi-bku-detached@"; //$NON-NLS-1$ + /** + * The log. + */ + private static Log log = LogFactory + .getLog(MOASoapWithAttachmentConnector.class); + + private static Log moaLog = LogFactory + .getLog("at.knowcenter.wag.egov.egiz.sig.connectors.MOASSRepsonseLogger"); + + protected static final String MULTIPART_LOC_REF_CONTENT = "formdata:fileupload"; //$NON-NLS-1$ + + protected static final String RETURN_HASH_INPUT_DATA = ""; //$NON-NLS-1$ + + /** + * The connector parameters. + */ + protected ConnectorParameters params = null; + + /** + * The environemnt configuration of this connector containing templates and + * other configurable elements. + */ + protected Environment environment = null; + + /** + * Constructor that builds the configuration environment for this connector + * according to the given profile. + * + *

+ * If confuguration parameters are not defined on that profile, the default + * parameters defined in the configuration are used. + *

+ * + * @param connectorParameters + * The parameters for this connector. + * @throws ConnectorException + * f.e. + */ + public MOASoapWithAttachmentConnector( + ConnectorParameters connectorParameters) throws ConnectorException { + this.params = connectorParameters; + this.environment = new Environment(this.params.getProfileId(), + this.params.getSignatureKeyIdentifier(), + MULTIPART_LOC_REF_CONTENT); + } + + protected String prepareSignRequest(SignatureData data) + throws ConnectorException { + log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$ + + String sign_request_template = this.environment + .getSignRequestTemplate(); + + String sign_key_identifier = this.environment.getSignKeyIdentifier(); + String loc_ref_content = this.environment.getSignatureDataUrl(); + String mime_type = data.getMimeType(); + if (log.isDebugEnabled()) { + log.debug("sign keybox identifier = " + sign_key_identifier); //$NON-NLS-1$ + log.debug("LocRefContent = " + loc_ref_content); //$NON-NLS-1$ + log.debug("mime type = " + mime_type); //$NON-NLS-1$ + } + + String sign_request_xml = sign_request_template.replaceFirst( + TemplateReplaces.KEY_IDENTIFIER_REPLACE, sign_key_identifier); + sign_request_xml = sign_request_xml.replaceFirst( + TemplateReplaces.LOC_REF_CONTENT_REPLACE, loc_ref_content); + sign_request_xml = sign_request_xml.replaceFirst( + TemplateReplaces.MIME_TYPE_REPLACE, mime_type); + + log.debug("prepareSignRequestDetached finished."); //$NON-NLS-1$ + return sign_request_xml; + } + + /** + * @see at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector#analyzeSignResponse(java.util.Properties) + */ + public SignSignatureObject analyzeSignResponse( + Properties response_properties) throws ConnectorException { + log.debug("analyzeSignResponse:"); //$NON-NLS-1$ + + String response_string = response_properties + .getProperty(BKUPostConnection.RESPONSE_STRING_KEY); + moaLog.debug("MOA-SS Response: " + response_string); + BKUHelper.checkResponseForError(response_string); + + SignSignatureObject so = MOAHelper.parseCreateXMLResponse( + response_string, new DetachedLocRefMOAIdFormatter(), + this.environment); + + log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ + return so; + } + + /** + * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doSign(at.knowcenter.wag.egov.egiz.sig.SignatureData) + */ + public SignSignatureObject doSign(SignatureData data) + throws ConnectorException { + log.debug("doSign:"); //$NON-NLS-1$ + String sign_request_xml = prepareSignRequest(data); + // DebugHelper.debugStringToFile(sign_request_xml, "MOA_DetLocRef_sign_request.xml"); //$NON-NLS-1$ + + String url = this.environment.getSignURL(); + Properties response_properties = sendRequest(url, + MOASoapConnection.SERVICE_SIGN, sign_request_xml, data); + + // DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "MOA_DetLocRef_sign_response.xml"); //$NON-NLS-1$ + SignSignatureObject sso = analyzeSignResponse(response_properties); + + sso.response_properties = response_properties; + + log.debug("doSign finished."); //$NON-NLS-1$ + return sso; + } + + /** + * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doVerify(at.knowcenter.wag.egov.egiz.sig.SignatureData, + * at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject) + */ + public SignatureResponse doVerify(SignatureData data, + SignSignatureObject so, XMLDsigData dsig) throws ConnectorException { + log.debug("doVerify:"); //$NON-NLS-1$ + + String verify_request_xml = prepareVerifyRequest(data, so, dsig); + log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$ + + String url = this.environment.getVerifyURL(); + Properties response_properties = sendRequest(url, + MOASoapConnection.SERVICE_VERIFY, verify_request_xml, data); + + SignatureResponse signature_response = analyzeVerifyResponse(response_properties); + + log.debug("doVerify finished."); //$NON-NLS-1$ + return signature_response; + } + + /** + * Prepares the verify request xml to be sent using the verify request + * template. + * + * @param data + * The SignatureData. + * @param so + * The signature information object. + * @return Returns the verify request xml to be sent. + * @throws ConnectorException + * f.e. + */ + public String prepareVerifyRequest(SignatureData data, + SignSignatureObject so, XMLDsigData dsigData) + throws ConnectorException { + String verify_request_template = this.environment + .getVerifyRequestTemplate(); + + String xml_content = null; + if (dsigData != null && dsigData.getXmlDsig() != null) { + xml_content = dsigData.getXmlDsig(); + } else { + xml_content = chooseAndCreateXMLDsig(data, so); + } + + // fixed by dti: Issuer names may contain escapted commas ("\,"). As far + // as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may cause + // the results to be different than + // if it were being treated as a literal replacement string. + // String verify_request_xml = + // verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, + // xml_content); + String verify_request_xml = verify_request_template.replace( + TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + verify_request_xml = verify_request_xml.replaceFirst( + TemplateReplaces.TRUST_PROFILE_ID_REPLACE, + this.environment.getVerifyTrustProfileId()); + verify_request_xml = verify_request_xml.replaceFirst( + TemplateReplaces.LOC_REF_CONTENT_REPLACE, + this.environment.getSignatureDataUrl()); + + String returnHashInputDataElement = ""; + if (this.params.isReturnHashInputData()) { + returnHashInputDataElement = RETURN_HASH_INPUT_DATA; + } + verify_request_xml = verify_request_xml.replaceFirst( + TemplateReplaces.RETURN_HASH_INPUT_DATA_REPLACE, + returnHashInputDataElement); + + verify_request_xml = verify_request_xml + .replaceFirst(TemplateReplaces.DATE_TIME_REPLACE, BKUHelper + .formDateTimeElement(this.params.getVerificationTime())); + + log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n"); + + return verify_request_xml; + } + + private String chooseAndCreateXMLDsig(SignatureData data, + SignSignatureObject so) throws ConnectorException { + + // MOA + if (SigKZIDHelper.isMOASigned(so)) { + log.debug("MOA signature detected."); + return prepareXMLContent(data, so); + } else if (SigKZIDHelper.isMOAXAdES14Signed(so)) { + log.debug("The signature is MOA XAdES 1.4 signed -> getting XML content from DetachedLocRefMOA connector."); + DetachedLocRefMOAConnector moa_conn = new DetachedLocRefMOAConnector( + this.environment.getProfile(), "loc ref not needed here"); + return moa_conn.prepareXMLContent(data, so); + // ATRUST + // MOCCA + } else if (SigKZIDHelper.isMOCCASigned(so)) { + log.debug("MOCCA signature detected."); + String algorithmId = SigKZIDHelper.parseAlgorithmId(so.id); + log.debug("Algorithm = " + algorithmId); + LocRefDetachedMOCCAConnector mocca_connector = new LocRefDetachedMOCCAConnector( + this.params, "not needed here", algorithmId); + return mocca_connector.prepareXMLContent(data, so); + + // ATrust + } else if (SigKZIDHelper.isATrustSigned(so)) { + log.debug("A-Trust signature detected."); + this.environment.reInitVerifyTemplate(ATRUST_VERIFY_TEMPLATE_KEY); + return prepareXMLContent(data, so); + } else if (SigKZIDHelper.isATrustX14Signed(so)) { + log.debug("ATrust Xades 1.4 signature detected"); + MOASoapWithAttachmentConnector moaConn = new MOASoapWithAttachmentConnector( + this.params); + moaConn.reInitVerifyTemplate(MOASoapWithAttachmentConnector.ATRUST_XADES_1_4_VERIFY_TEMPLATE_KEY); + return moaConn.prepareXMLContent(data, so); + // TD bku + } else if (SigKZIDHelper.isBKUSigned(so)) { + log.debug("TD bku signature detected."); + DetachedBKUConnector bku_connector = new DetachedBKUConnector( + this.params, "not needed here"); + return bku_connector.prepareXMLContent(data, so); + } else { + throw new ConnectorException( + ErrorCode.UNSUPPORTED_SIGNATURE, + "Unsupported signature (" + + so.id + + ", " + + so.kz + + "). Please get a new version of PDF-AS. Your version is: " + + PdfAS.PDFAS_VERSION); + + } + } + + /** + * Analyzes the verify response string. + * + * @param response_properties + * The response properties containing the response XML. + * @return Returns the SignatureResponse containing the verification result. + * @throws ConnectorException + * f.e. + */ + public SignatureResponse analyzeVerifyResponse( + Properties response_properties) throws ConnectorException { + log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$ + + String response_string = response_properties + .getProperty(BKUPostConnection.RESPONSE_STRING_KEY); + + BKUHelper.checkResponseForError(response_string); + + SignatureResponse signature_response = BKUHelper + .parseVerifyXMLResponse(response_string); + + log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$ + return signature_response; + } + + public String prepareXMLContent(SignatureData data, SignSignatureObject so) + throws ConnectorException { + log.debug("prepareXMLContent:"); //$NON-NLS-1$ + try { + + String verify_xml = null; + X509Certificate cert = so.getX509Certificate(); + + // dferbas + AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject(); + verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, + this.environment, so); + + // data digest replace + { + // byte[] data_value = data.getData(); + // byte[] data_value_hash = + // CodingHelper.buildDigest(data_value); + byte[] data_value_hash = CodingHelper.buildDigest( + data.getDataSource(), algSuite.getDataDigestMethod()); + String object_data_hash = CodingHelper + .encodeBase64(data_value_hash); + + verify_xml = verify_xml.replaceFirst( + TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, + object_data_hash); + } + + verify_xml = verify_xml.replaceFirst( + TemplateReplaces.SIGNATURE_VALUE_REPLACE, + so.getSignatureValue()); + + // X.509 Certificate replace + byte[] der = cert.getEncoded(); + byte[] cert_hash = CodingHelper.buildDigest(der, + algSuite.getCertDigestMethod()); + String certDigest = CodingHelper.encodeBase64(cert_hash); + String x509_cert_string = CodingHelper.encodeBase64(der); + verify_xml = verify_xml + .replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, + x509_cert_string); + + // Qualified Properties replaces + verify_xml = verify_xml.replaceFirst( + TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); + verify_xml = verify_xml.replaceFirst( + TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, + certDigest); + // fixed by dti: Issuer names may contain escapted commas ("\,"). As + // far as replaceFirst (and replaceAll) + // methods are regarded, backslashes in the replacement string may + // cause the results to be different than + // if it were being treated as a literal replacement string. + // verify_xml = + // verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, + // so.getIssuer()); + verify_xml = verify_xml.replace( + TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + verify_xml = verify_xml.replaceFirst( + TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, + so.getSerialNumber()); + // SigDataRefReplace already done above + verify_xml = verify_xml.replaceFirst( + TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); + + // Signed Properties hash + { + final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; + final int hash_end = verify_xml.indexOf( + ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + + ETSI_SIGNED_PROPERTIES_END_TAG.length(); + assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; + assert hash_end > hash_start; + + final String string_to_be_hashed = verify_xml.substring( + hash_start, hash_end); + log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$ + + final byte[] bytes_to_be_hashed = string_to_be_hashed + .getBytes("UTF-8"); //$NON-NLS-1$ + byte[] sig_prop_code = CodingHelper.buildDigest( + bytes_to_be_hashed, + algSuite.getPropertiesDigestMethod()); + String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); + + verify_xml = verify_xml + .replaceFirst( + TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, + sig_prop_hash); + } + + log.debug("prepareXMLContent finished."); //$NON-NLS-1$ + return verify_xml; + } catch (Exception e) { + log.debug(e); + throw new ConnectorException(310, e); + } + } + + protected Properties sendRequest(String url, String mode, + String request_string, SignatureData data) + throws ConnectorException { + try { + + // Properties response_properties = + // MOASoapConnection.connectMOA(request_string, + // MOASoapConnection.SERVICE_SIGN, url); + log.debug("Connecting to " + url); + Properties response_properties = MOASoapConnection + .doPostRequestMultipart(url, mode, request_string, data); + + return response_properties; + } catch (Exception e) { + throw new ConnectorException(330, e); + } + } + + public void reInitVerifyTemplate(String templatePropKey) + throws ConnectorException { + this.environment.reInitVerifyTemplate(templatePropKey); + } + + /** + * Holds environment configuration information like templates. + * + * @author wprinz + */ + public static class Environment extends ConnectorEnvironment { + /** + * The configuration key of the sign keybox identifier. + */ + protected static final String SIGN_KEY_IDENTIFIER_KEY = "moa.sign.KeyIdentifier"; //$NON-NLS-1$ + + /** + * The configuration key of the sign request template. + */ + protected static final String SIGN_REQUEST_TEMPLATE_KEY = "moa.sign.request.detached"; //$NON-NLS-1$ + + /** + * The configuration key of the sign URL. + */ + protected static final String SIGN_URL_KEY = "moa.sign.url"; //$NON-NLS-1$ + + /** + * MOA template file prefix + */ + protected static final String TEMPLATE_FILE_PREFIX = "/templates/moa."; + + /** + * signing file template sufix + */ + protected static final String SIGN_TEMPLATE_FILE_SUFIX = ".sign.xml"; + + /** + * verifing template file sufix + */ + protected static final String VERIFY_REQUEST_TEMPLATE_FILE_SUFIX = ".verify.request.xml"; + + /** + * verifing file template key sufix + */ + protected static final String VERIFY_TEMPLATE_SUFIX = ".verify.template.xml"; + + /** + * The configuration key of the verify request template. + */ + protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "moa.verify.request.detached"; //$NON-NLS-1$ + + /** + * The configuration key of the verify template. + */ + protected static final String VERIFY_TEMPLATE_KEY = "moa.verify.template.detached"; //$NON-NLS-1$ + + /** + * The configuration key of the verify URL. + */ + protected static final String VERIFY_URL_KEY = "moa.verify.url"; //$NON-NLS-1$ + + /** + * The configuration key of the trust profile id. + */ + protected static final String VERIFY_TRUST_PROFILE_ID = "moa.verify.TrustProfileID"; //$NON-NLS-1$ + + /** + * The configuration key for the ECDSA cert alg property. + */ + protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$ + + /** + * The configuration key for the RSA cert alg property. + */ + protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ + + protected String profile = null; + + protected String signature_data_url = null; + + protected String sign_key_identifier = null; + + protected String sign_request_template = null; + + protected String sign_url = null; + + protected String verify_request_template = null; + + protected String verify_template = null; + + protected String verify_url = null; + + protected String verify_trust_profile_id = null; + + protected String cert_alg_ecdsa = null; + + protected String cert_alg_rsa = null; + + public void reInitVerifyTemplate(String templatePropKey) + throws ConnectorException { + SettingsReader settings = null; + try { + settings = SettingsReader.getInstance(); + } catch (SettingsException e) { + throw new ConnectorException(300, e); + } + + String verify_request_filename = getConnectorValueFromProfile( + settings, this.profile, templatePropKey); + this.verify_template = settings + .readInternalResourceAsString(verify_request_filename); + + } + + /** + * Initializes the environment with a given profile. + * + * @param profile + * The configuration profile. + * @throws SettingsException + * f.e. + * @throws ConnectorException + * f.e. + */ + public Environment(String profile, String signKeyIdentifier, + String signature_data_url) throws ConnectorException { + this.profile = profile; + + this.signature_data_url = signature_data_url; + + SettingsReader settings = null; + try { + settings = SettingsReader.getInstance(); + } catch (SettingsException e) { + throw new ConnectorException(300, e); + } + + if (signKeyIdentifier != null) { + this.sign_key_identifier = signKeyIdentifier; + } else { + this.sign_key_identifier = getConnectorValueFromProfile( + settings, profile, SIGN_KEY_IDENTIFIER_KEY); + } + + String sign_request_filename = TEMPLATE_FILE_PREFIX + + settings.getValueFromKey("default.moa.algorithm.id") + + SIGN_TEMPLATE_FILE_SUFIX; + + // try to load template from file + // this.sign_request_template = + // FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); + this.sign_request_template = settings + .readInternalResourceAsString(sign_request_filename); + + if (this.sign_request_template == null) { + sign_request_filename = getConnectorValueFromProfile(settings, + profile, SIGN_REQUEST_TEMPLATE_KEY); + this.sign_request_template = settings + .readInternalResourceAsString(sign_request_filename); + // this.sign_request_template = + // FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); + } + + // this.sign_request_template = + // FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); + if (this.sign_request_template == null) { + throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, + "Can not read the create xml request template"); //$NON-NLS-1$ + } + + this.sign_url = getConnectorValueFromProfile(settings, profile, + SIGN_URL_KEY); + + String verify_request_filename = TEMPLATE_FILE_PREFIX + + settings.getValueFromKey("default.moa.algorithm.id") + + VERIFY_REQUEST_TEMPLATE_FILE_SUFIX; + + // try to load template file for verifing + // this.verify_request_template = + // FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); + this.verify_request_template = settings + .readInternalResourceAsString(verify_request_filename); + + if (this.verify_request_template == null) { + verify_request_filename = getConnectorValueFromProfile( + settings, profile, VERIFY_REQUEST_TEMPLATE_KEY); + // this.verify_request_template = + // FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); + this.verify_request_template = settings + .readInternalResourceAsString(verify_request_filename); + } + + if (this.verify_request_template == null) { + throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, + "Can not read the verify xml request template"); //$NON-NLS-1$ + } + + // load template key file + String verify_filename = TEMPLATE_FILE_PREFIX + + settings.getValueFromKey("default.moa.algorithm.id") + + VERIFY_TEMPLATE_SUFIX; + // this.verify_template = + // FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename)); + this.verify_template = settings + .readInternalResourceAsString(verify_filename); + + if (this.verify_template == null) { + verify_filename = getConnectorValueFromProfile(settings, + profile, VERIFY_TEMPLATE_KEY); + // this.verify_template = + // FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename)); + this.verify_template = settings + .readInternalResourceAsString(verify_filename); + } + + if (this.verify_template == null) { + throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, + "Can not read the verify template"); //$NON-NLS-1$ + } + + this.verify_url = getConnectorValueFromProfile(settings, profile, + VERIFY_URL_KEY); + + this.verify_trust_profile_id = settings + .getValueFromKey(VERIFY_TRUST_PROFILE_ID); + + this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY); + + this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY); + + } + + public String getProfile() { + return this.profile; + } + + /** + * Returns the URL where to load the detached data from. + * + * @return Returns the URL where to load the detached data from. + */ + public String getSignatureDataUrl() { + return this.signature_data_url; + } + + /** + * Returns the sign key identifier. + * + * @return Returns the sign key identifier. + */ + public String getSignKeyIdentifier() { + return this.sign_key_identifier; + } + + /** + * Returns the sign request template. + * + * @return Returns the sign request template. + */ + public String getSignRequestTemplate() { + return this.sign_request_template; + } + + /** + * Returns the sign URL. + * + * @return Returns the sign URL. + */ + public String getSignURL() { + return this.sign_url; + } + + /** + * Returns the verify request template. + * + * @return Returns the verify request template. + */ + public String getVerifyRequestTemplate() { + return this.verify_request_template; + } + + /** + * Returns the verify template. + * + * @return Returns the verify template. + */ + public String getVerifyTemplate() { + return this.verify_template; + } + + /** + * Returns the verify URL. + * + * @return Returns the verify URL. + */ + public String getVerifyURL() { + return this.verify_url; + } + + /** + * Returns the verify trust profile id. + * + * @return Returns the verify trust profile id. + */ + public String getVerifyTrustProfileId() { + return this.verify_trust_profile_id; + } + + /** + * Returns the ecdsa cert alg property. + * + * @return Returns the ecdsa cert alg property. + */ + public String getCertAlgEcdsa() { + return this.cert_alg_ecdsa; + } + + /** + * Returns the rsa cert alg property. + * + * @return Returns the rsa cert alg property. + */ + public String getCertAlgRsa() { + return this.cert_alg_rsa; + } + + /** + * Reads the configuration entry given by the key, first from the given + * profile, if not found from the defaults. + * + * @param settings + * The settings. + * @param profile + * The profile. + * @param key + * The configuration key. + * @return Returns the configuration entry. + */ + public static String getConnectorValueFromProfile( + SettingsReader settings, String profile, String key) { + String value = settings + .getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$ + if (value == null) { + value = settings.getValueFromKey(key); + } + return value; + } + + } + + public XMLDsigData reconstructXMLDsig(SignatureData data, + SignSignatureObject so) throws ConnectorException { + String xmldsig = chooseAndCreateXMLDsig(data, so); + return new XMLDsigData(xmldsig, true); + } } diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java index a83540b..3c67d54 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java @@ -42,6 +42,8 @@ public class DetachedLocRefMOAIdFormatter implements IdFormatter */ public static String SIG_ID_PREFIX = "etsi-bka-moa-1.0"; //$NON-NLS-1$ + public static String SIG_ID_X14_PREFIX = "etsi-bka-moa-1.1"; //$NON-NLS-1$ + private static final Logger logger_ = ConfigLogger.getLogger(DetachedLocRefMOAIdFormatter.class); /** diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java index 5a20a30..87d3aae 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java @@ -101,9 +101,39 @@ public final class SigKZIDHelper { return true; } + return false; } + public static boolean isMOAXAdES14Signed(PdfASID sig_kz, String sig_id) + { + if (sig_kz == null || sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0)) + { + // old signature - if sig_id is null this means MOA + + return sig_id == null; + } + + // According to the specification no signature parameter means MOA signature. + // Fixed: empty ("") or blank (" "), non-null signature parameter should also be regarded as "no signature parameter" +// if (sig_id != null) + if (StringUtils.isBlank(sig_id)) + return true; + + // new signature - sig_id decides + String [] ids = sig_id.split("@"); + // dferbas + String prefix = (ids[0].split(":"))[0]; + + + if (prefix.equals(DetachedLocRefMOAIdFormatter.SIG_ID_X14_PREFIX)) + { + return true; + } + + return false; + } + public static boolean isMOASigned(SignSignatureObject so) { String sig_kz = so.kz; @@ -123,6 +153,26 @@ public final class SigKZIDHelper return isMOASigned(kz, sig_id); } + + public static boolean isMOAXAdES14Signed(SignSignatureObject so) + { + String sig_kz = so.kz; + String sig_id = so.id; + PdfASID kz = null; + if (sig_kz != null) + { + try + { + kz = new PdfASID(sig_kz); + } + catch (InvalidIDException e) + { + logger.error(e.getMessage(), e); + } + } + + return isMOAXAdES14Signed(kz, sig_id); + } /** * @author tknall diff --git a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustSignatureLayoutHandler.java b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustSignatureLayoutHandler.java index b7cf72b..d0eb964 100644 --- a/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustSignatureLayoutHandler.java +++ b/pdf-as-lib/src/main/java/at/knowcenter/wag/egov/egiz/sig/signaturelayout/atrust/ATrustSignatureLayoutHandler.java @@ -27,6 +27,7 @@ import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; import at.knowcenter.wag.egov.egiz.sig.connectors.moa.MOAHelper; +import at.knowcenter.wag.egov.egiz.sig.connectors.mocca.MOCCAHelper; import at.knowcenter.wag.egov.egiz.sig.sigid.SimpleIdFormatter; import at.knowcenter.wag.egov.egiz.sig.signaturelayout.SignatureLayoutHandler; -- cgit v1.2.3