From 527484bcc0a65c61d50209849f7b3db34f0128f7 Mon Sep 17 00:00:00 2001 From: knowcenter Date: Thu, 17 May 2007 15:28:32 +0000 Subject: web git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@87 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../bku/DetachedMultipartBKUConnector.java | 661 --------------------- 1 file changed, 661 deletions(-) delete mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedMultipartBKUConnector.java (limited to 'src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedMultipartBKUConnector.java') diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedMultipartBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedMultipartBKUConnector.java deleted file mode 100644 index 68ff62e..0000000 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedMultipartBKUConnector.java +++ /dev/null @@ -1,661 +0,0 @@ -/** - * - */ -package at.knowcenter.wag.egov.egiz.sig.connectors.bku; - -import java.security.cert.X509Certificate; -import java.util.Properties; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; -import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; -import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; -import at.knowcenter.wag.egov.egiz.sig.SignatureData; -import at.knowcenter.wag.egov.egiz.sig.SignatureObject; -import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; -import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; -import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; -import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedIdFormatter; -import at.knowcenter.wag.egov.egiz.tools.CodingHelper; -import at.knowcenter.wag.egov.egiz.tools.FileHelper; - -/** - * Connects to the BKU using the detached multipart/formdata requests. - * - *

- * This feature is available since BKU version 2.7.4. - *

- * - * @author wprinz - */ -public class DetachedMultipartBKUConnector implements Connector -{ - /** - * The log. - */ - private static Log log = LogFactory.getLog(DetachedMultipartBKUConnector.class); - - /** - * The environemnt configuration of this connector containing templates and - * other configurable elements. - */ - protected Environment environment = null; - - /** - * Constructor that builds the configuration environment for this connector - * according to the given profile. - * - *

- * If confuguration parameters are not defined on that profile, the default - * parameters defined in the configuration are used. - *

- * - * @param profile - * The profile from which the Environment should be assembled. - * @throws ConnectorException - * f.e. - */ - public DetachedMultipartBKUConnector(String profile) throws ConnectorException - { - this.environment = new Environment(profile); - } - - /** - * Prepares the sign request xml to be sent using the sign request template. - * - * @param data - * The SignatureData. - * @return Returns the sign request xml to be sent. - * @throws ConnectorException - * f.e. - */ - protected String prepareSignRequestDetached(SignatureData data) throws ConnectorException - { - log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$ - - String sign_request_template = this.environment.getSignRequestTemplate(); - - String sign_keybox_identifier = this.environment.getSignKeyboxIdentifier(); - String mime_type = data.getMimeType(); - if (log.isDebugEnabled()) - { - log.debug("sign keybox identifier = " + sign_keybox_identifier); //$NON-NLS-1$ - log.debug("mime type = " + mime_type); //$NON-NLS-1$ - } - - String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEYBOX_IDENTIFIER_REPLACE, sign_keybox_identifier); - sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, mime_type); - - log.debug("prepareSignRequestDetached finished."); //$NON-NLS-1$ - return sign_request_xml; - } - - /** - * Analyzes the sign response xml and extracts the signature data. - * - * @param response_properties - * The response properties containing the response String and - * transport related information. - * @return Returns the extracted data encapsulated in a SignatureObject. - * @throws ConnectorException - * f.e. - */ - public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException - { - log.debug("analyzeSignResponse:"); //$NON-NLS-1$ - - String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); - - BKUHelper.checkResponseForError(response_string); - - SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new DetachedIdFormatter()); - - log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ - return so; - } - - - - - - public static String[] parseSigIds(String sig_ids) - { - if (sig_ids == null || sig_ids.length() == 0) - { - return null; - } - - // int index = sig_ids.indexOf(PdfAS.IDS); - // if (index < 0) - // { - // return null; - // } - // sig_ids = sig_ids.substring(index + PdfAS.IDS.length()); - // - // if (sig_ids == null || sig_ids.length() == 0) - // { - // return null; - // } - - String[] ids_str = sig_ids.split("@"); - - String etsi_string = null; - if (ids_str.length == 3) - { - etsi_string = ids_str[0]; - String[] rest_ids = new String[] { ids_str[1], ids_str[2] }; - ids_str = rest_ids; - } - - String base = ids_str[0]; - String[] ids = ids_str[1].split("-"); - String[] real_ids = new String[6]; // the last one contains the etsi string - real_ids[0] = base + "-" + ids[0]; - real_ids[1] = "0-" + base + "-" + ids[1]; - real_ids[2] = "0-" + base + "-" + ids[2]; - real_ids[3] = "0-" + base + "-" + ids[3]; - real_ids[4] = "0-" + base + "-" + ids[4]; - real_ids[5] = etsi_string; - - if (log.isDebugEnabled()) - { - for (int id_idx = 0; id_idx < real_ids.length; id_idx++) - { - log.debug("real_ids[" + id_idx + "] = " + real_ids[id_idx]); - } - } - - return real_ids; - } - - /** - * Sends the request and data to the given URL. - * - *

- * This method mainly handles communication exceptions. The actual send work - * is done by doPostRequestMultipart. - *

- * - * @see BKUPostConnection#doPostRequestMultipart(String, String, - * SignatureData) - * - * @param url - * The URL to send the request to. - * @param request_string - * The request XML. - * @param data - * The data. - * @return Returns the response properties containing among others the - * response XML. - * @throws ConnectorException - * f.e. - */ - protected Properties sendRequest(String url, String request_string, - SignatureData data) throws ConnectorException - { - try - { - Properties response_properties = BKUPostConnection.doPostRequestMultipart(url, request_string, data); - return response_properties; - } - catch (Exception e) - { - ConnectorException se = new ConnectorException(320, e); - throw se; - } - } - - /** - * Performs a sign. - * - * @param data - * The data to be signed. - * @return Returns the signature object containing the signature data. - * @throws ConnectorException - * f.e. - */ - public SignSignatureObject doSign(SignatureData data) throws ConnectorException - { - log.debug("doSign:"); //$NON-NLS-1$ - - String sign_request_xml = prepareSignRequestDetached(data); - log.debug("sign_request_xml = " + sign_request_xml); //$NON-NLS-1$ - - String url = this.environment.getSignURL(); - Properties response_properties = sendRequest(url, sign_request_xml, data); - - SignSignatureObject sso = analyzeSignResponse(response_properties); - - // TODO this could be made more generic - sso.response_properties = response_properties; - - log.debug("doSign finished."); //$NON-NLS-1$ - return sso; - } - - /** - * Performs a verification. - * - * @param data - * The data to be verified. - * @param so - * The signature object with the signature information. - * @return Returns the SignatureResponse with the result of the verification. - * @throws ConnectorException - * f.e. - */ - public SignatureResponse doVerify(SignatureData data, SignSignatureObject so) throws ConnectorException - { - log.debug("doVerify:"); //$NON-NLS-1$ - - String verify_request_xml = prepareVerifyRequestDetached(data, so); - log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$ - - // TODO debug - // try - // { - // FileOutputStream fos = new - // FileOutputStream("C:\\wprinz\\Filer\\egiz2\\verify_request.utf8.xml"); - // //$NON-NLS-1$ - // fos.write(verify_request_xml.getBytes("UTF-8")); //$NON-NLS-1$ - // fos.close(); - // } - // catch (Exception e) - // { - // log.error(e); - // } - - String url = this.environment.getVerifyURL(); - Properties response_properties = sendRequest(url, verify_request_xml, data); - - SignatureResponse signature_response = analyzeVerifyResponse(response_properties); - - log.debug("doVerify finished."); //$NON-NLS-1$ - return signature_response; - } - - /** - * Prepares the verify request xml to be sent using the verify request - * template. - * - * @param data - * The SignatureData. - * @param so - * The signature information object. - * @return Returns the verify request xml to be sent. - * @throws ConnectorException - * f.e. - */ - public String prepareVerifyRequestDetached(SignatureData data, - SignSignatureObject so) throws ConnectorException - { - String verify_request_template = this.environment.getVerifyRequestTemplate(); - - String xml_content = null; - // TODO implement MOA - // if (sigObject.isMOASigned()) - // { - // MOAConnector moa_conn = new MOAConnector(); - // // get the MOA-template - // verify_template_str = moa_conn.getVerifyTemplate(normalizedText, - // sigObject); - // } - // else - // { - // get the BKU-template - xml_content = prepareXMLContent(data, so); - // } - - String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); - - return verify_request_xml; - } - - /** - * Prepares the XML content the holds the actual signature data. - * - *

- * This strongly rebuilds the XML content as retuned from a sign request. - *

- * - * @param data - * The data. - * @param so - * The signature object containing the signature information. - * @return Returns the XML content. - * @throws ConnectorException - * f.e. - */ - public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException - { - log.debug("prepareXMLContent:"); //$NON-NLS-1$ - try - { - - String verify_template = this.environment.getVerifyTemplate(); - - String ids_string = so.getSigID(); - String[] ids = SignatureObject.parseSigIds(ids_string); - - X509Certificate cert = so.getX509Certificate(); - String cert_alg = this.environment.getCertAlgEcdsa(); - if (cert.getPublicKey().getAlgorithm().indexOf("RSA") >= 0) //$NON-NLS-1$ - { - cert_alg = this.environment.getCertAlgRsa(); - } - - // cert alg replace - String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg); - - // data digest replace - { - byte[] data_value = data.getData(); - byte[] data_value_hash = CodingHelper.buildDigest(data_value); - String object_data_hash = CodingHelper.encodeBase64(data_value_hash); - - verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash); - } - - // SIG id replaces - verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_REF_REPLACE, ids[1]); - verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_REF_REPLACE, ids[3]); - verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_OBJ_URI_REPLACE, ids[2]); - - verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue()); - - // X.509 Certificate replace - byte[] der = cert.getEncoded(); - byte[] cert_hash = CodingHelper.buildDigest(der); - String certDigest = CodingHelper.encodeBase64(cert_hash); - String x509_cert_string = CodingHelper.encodeBase64(der); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string); - - // Qualified Properties replaces - verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_OBJ_URI_REPLACE, ids[4]); - verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); - // SigDataRefReplace already done above - verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); - - // Signed Properties hash - { - final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; - final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length(); - assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; - assert hash_end > hash_start; - - final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end); - log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$ - - final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$ - byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed); - String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); - - verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash); - } - - log.debug("prepareXMLContent finished."); //$NON-NLS-1$ - return verify_xml; - } - catch (Exception e) - { - log.debug(e); - throw new ConnectorException(310, e); - } - } - - /** - * Analyzes the verify response string. - * - * @param response_properties - * The response properties containing the response XML. - * @return Returns the SignatureResponse containing the verification result. - * @throws ConnectorException - * f.e. - */ - public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException - { - log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$ - - String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); - - BKUHelper.checkResponseForError(response_string); - - SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string); - - log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$ - return signature_response; - } - - - /** - * Holds environment configuration information like templates. - * - * @author wprinz - */ - public static class Environment - { - /** - * The configuration key of the sign keybox identifier. - */ - protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "bku.sign.KeyboxIdentifier"; //$NON-NLS-1$ - - /** - * The configuration key of the sign request template. - */ - protected static final String SIGN_REQUEST_TEMPLATE_KEY = "bku.sign.request.detached"; //$NON-NLS-1$ - - /** - * The configuration key of the sign URL. - */ - protected static final String SIGN_URL_KEY = "bku.sign.url"; //$NON-NLS-1$ - - /** - * The configuration key of the verify request template. - */ - protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "bku.verify.request.detached"; //$NON-NLS-1$ - - /** - * The configuration key of the verify template. - */ - protected static final String VERIFY_TEMPLATE_KEY = "bku.verify.template.detached"; //$NON-NLS-1$ - - /** - * The configuration key of the verify URL. - */ - protected static final String VERIFY_URL_KEY = "bku.verify.url"; //$NON-NLS-1$ - - /** - * The configuration key for the ECDSA cert alg property. - */ - protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$ - - /** - * The configuration key for the RSA cert alg property. - */ - protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ - - protected String sign_keybox_identifier = null; - - protected String sign_request_template = null; - - protected String sign_url = null; - - protected String verify_request_template = null; - - protected String verify_template = null; - - protected String verify_url = null; - - protected String cert_alg_ecdsa = null; - - protected String cert_alg_rsa = null; - - /** - * Initializes the environment with a given profile. - * - * @param profile - * The configuration profile. - * @throws ConnectorException - * f.e. - */ - public Environment(String profile) throws ConnectorException - { - SettingsReader settings = null; - try - { - settings = SettingsReader.getInstance(); - } - catch (SettingsException e) - { - throw new ConnectorException(300, e); - } - - this.sign_keybox_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEYBOX_IDENTIFIER_KEY); - - String sign_request_filename = getConnectorValueFromProfile(settings, profile, SIGN_REQUEST_TEMPLATE_KEY); - this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); - if (this.sign_request_template == null) - { - throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$ - } - - this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY); - - String verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY); - this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); - if (this.verify_request_template == null) - { - // TODO make this a settings exception - throw new ConnectorException(300, "Can not read the verify xml request template"); //$NON-NLS-1$ - } - - String verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY); - this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename)); - if (this.verify_template == null) - { - // TODO make this a settings exception - throw new ConnectorException(300, "Can not read the verify template"); //$NON-NLS-1$ - } - - this.verify_url = getConnectorValueFromProfile(settings, profile, VERIFY_URL_KEY); - - this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY); - - this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY); - - } - - /** - * Returns the sign keybox identifier. - * - * @return Returns the sign keybox identifier. - */ - public String getSignKeyboxIdentifier() - { - return this.sign_keybox_identifier; - } - - /** - * Returns the sign request template. - * - * @return Returns the sign request template. - */ - public String getSignRequestTemplate() - { - return this.sign_request_template; - } - - /** - * Returns the sign URL. - * - * @return Returns the sign URL. - */ - public String getSignURL() - { - return this.sign_url; - } - - /** - * Returns the verify request template. - * - * @return Returns the verify request template. - */ - public String getVerifyRequestTemplate() - { - return this.verify_request_template; - } - - /** - * Returns the verify template. - * - * @return Returns the verify template. - */ - public String getVerifyTemplate() - { - return this.verify_template; - } - - /** - * Returns the verify URL. - * - * @return Returns the verify URL. - */ - public String getVerifyURL() - { - return this.verify_url; - } - - /** - * Returns the ecdsa cert alg property. - * - * @return Returns the ecdsa cert alg property. - */ - public String getCertAlgEcdsa() - { - return this.cert_alg_ecdsa; - } - - /** - * Returns the rsa cert alg property. - * - * @return Returns the rsa cert alg property. - */ - public String getCertAlgRsa() - { - return this.cert_alg_rsa; - } - - /** - * Reads the configuration entry given by the key, first from the given - * profile, if not found from the defaults. - * - * @param settings - * The settings. - * @param profile - * The profile. - * @param key - * The configuration key. - * @return Returns the configuration entry. - */ - public static String getConnectorValueFromProfile(SettingsReader settings, - String profile, String key) - { - String value = settings.getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$ - if (value == null) - { - value = settings.getValueFromKey(key); - } - return value; - } - } -} -- cgit v1.2.3