From 527484bcc0a65c61d50209849f7b3db34f0128f7 Mon Sep 17 00:00:00 2001 From: knowcenter Date: Thu, 17 May 2007 15:28:32 +0000 Subject: web git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@87 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../egov/egiz/sig/connectors/LocalConnector.java | 66 ++ .../egov/egiz/sig/connectors/bku/BKUHelper.java | 33 +- .../sig/connectors/bku/DetachedBKUConnector.java | 679 +++++++++++++++++++++ .../bku/DetachedMultipartBKUConnector.java | 661 -------------------- .../bku/EnvelopedBase64BKUConnector.java | 25 +- .../connectors/bku/LocRefDetachedBKUConnector.java | 25 + .../bku/MultipartDetachedBKUConnector.java | 21 + .../connectors/moa/DetachedLocRefMOAConnector.java | 178 ++++-- .../moa/EnvelopingBase64MOAConnector.java | 166 +---- .../egov/egiz/sig/connectors/moa/MOAHelper.java | 190 ++++++ .../sig/sigid/DetachedLocRefMOAIdFormatter.java | 25 + .../wag/egov/egiz/sig/sigid/OldMOAIdFormatter.java | 21 + 12 files changed, 1196 insertions(+), 894 deletions(-) create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/LocalConnector.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java delete mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedMultipartBKUConnector.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/LocRefDetachedBKUConnector.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/MultipartDetachedBKUConnector.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOAHelper.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/OldMOAIdFormatter.java (limited to 'src/main/java/at/knowcenter/wag/egov/egiz/sig') diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/LocalConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/LocalConnector.java new file mode 100644 index 0000000..05f8149 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/LocalConnector.java @@ -0,0 +1,66 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.connectors; + +import java.util.Properties; + +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; +import at.knowcenter.wag.egov.egiz.sig.SignatureData; +import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; + +/** + * @author wprinz + */ +public interface LocalConnector +{ + /** + * Prepares the sign request xml to be sent using the sign request template. + * + * @param data + * The SignatureData. + * @return Returns the sign request xml to be sent. + * @throws ConnectorException + * f.e. + */ + public String prepareSignRequest(SignatureData data) throws ConnectorException; + + /** + * Analyzes the sign response xml and extracts the signature data. + * + * @param response_properties + * The response properties containing the response String and + * transport related information. + * @return Returns the extracted data encapsulated in a SignatureObject. + * @throws ConnectorException + * f.e. + */ + public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException; + + /** + * Prepares the verify request xml to be sent using the verify request + * template. + * + * @param data + * The SignatureData. + * @param so + * The signature information object. + * @return Returns the verify request xml to be sent. + * @throws ConnectorException + * f.e. + */ + public String prepareVerifyRequest(SignatureData data, SignSignatureObject so) throws ConnectorException; + + /** + * Analyzes the verify response string. + * + * @param response_properties + * The response properties containing the response XML. + * @return Returns the SignatureResponse containing the verification result. + * @throws ConnectorException + * f.e. + */ + public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException; + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java index 78165c2..c05c688 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/BKUHelper.java @@ -50,10 +50,41 @@ public final class BKUHelper String base64 = CodingHelper.encodeBase64(data.getData()); if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$ { - log.debug("The data is application/pdf - so it is Base64 encoded again."); //$NON-NLS-1$ + log.debug("The data is application/pdf - so the binary data is Base64 encoded."); //$NON-NLS-1$ base64 = CodingHelper.encodeUTF8AsBase64(base64); } return base64; + + } + + /** + * Prepares the enveloping data. + *

+ * This is useful for building the hash. + *

+ * + * @param data + * The data to be prepared. + * @return Returns the prepared data. + */ + public static byte[] prepareEnvelopingData(SignatureData data) + { + byte[] enc = data.getData(); + if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$ + { + log.debug("The data is application/pdf - so the binary data is Base64 encoded."); //$NON-NLS-1$ + String base64 = CodingHelper.encodeBase64(enc); + try + { + enc = base64.getBytes("US-ASCII"); //$NON-NLS-1$ + } + catch (UnsupportedEncodingException e) + { + e.printStackTrace(); + throw new RuntimeException("Very Strange: US-ASCII encoding not supported???", e); //$NON-NLS-1$ + } + } + return enc; } /** diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java new file mode 100644 index 0000000..44beb40 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java @@ -0,0 +1,679 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.connectors.bku; + +import java.security.cert.X509Certificate; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; +import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; +import at.knowcenter.wag.egov.egiz.sig.SignatureData; +import at.knowcenter.wag.egov.egiz.sig.SignatureObject; +import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; +import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; +import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector; +import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; +import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedIdFormatter; +import at.knowcenter.wag.egov.egiz.tools.CodingHelper; +import at.knowcenter.wag.egov.egiz.tools.FileHelper; + +/** + * Connects to the BKU using the detached multipart/formdata requests. + * + *

+ * This feature is available since BKU version 2.7.4. + *

+ * + * @author wprinz + */ +public class DetachedBKUConnector implements Connector, LocalConnector +{ + /** + * The log. + */ + private static Log log = LogFactory.getLog(DetachedBKUConnector.class); + + /** + * The environemnt configuration of this connector containing templates and + * other configurable elements. + */ + protected Environment environment = null; + + /** + * Constructor that builds the configuration environment for this connector + * according to the given profile. + * + *

+ * If confuguration parameters are not defined on that profile, the default + * parameters defined in the configuration are used. + *

+ * + * @param profile + * The profile from which the Environment should be assembled. + * @throws ConnectorException + * f.e. + */ + public DetachedBKUConnector(String profile, String loc_ref_content) throws ConnectorException + { + this.environment = new Environment(profile, loc_ref_content); + } + + /** + * Prepares the sign request xml to be sent using the sign request template. + * + * @param data + * The SignatureData. + * @return Returns the sign request xml to be sent. + * @throws ConnectorException + * f.e. + */ + public String prepareSignRequest(SignatureData data) throws ConnectorException + { + log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$ + + String sign_request_template = this.environment.getSignRequestTemplate(); + + String sign_keybox_identifier = this.environment.getSignKeyboxIdentifier(); + String mime_type = data.getMimeType(); + String loc_ref_content = this.environment.getLocRefContent(); + if (log.isDebugEnabled()) + { + log.debug("sign keybox identifier = " + sign_keybox_identifier); //$NON-NLS-1$ + log.debug("mime type = " + mime_type); //$NON-NLS-1$ + log.debug("loc_ref_content = " + loc_ref_content); //$NON-NLS-1$ + } + + String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEYBOX_IDENTIFIER_REPLACE, sign_keybox_identifier); + sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, mime_type); + sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, loc_ref_content); + + log.debug("prepareSignRequestDetached finished."); //$NON-NLS-1$ + return sign_request_xml; + } + + /** + * Analyzes the sign response xml and extracts the signature data. + * + * @param response_properties + * The response properties containing the response String and + * transport related information. + * @return Returns the extracted data encapsulated in a SignatureObject. + * @throws ConnectorException + * f.e. + */ + public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException + { + log.debug("analyzeSignResponse:"); //$NON-NLS-1$ + + String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); + + BKUHelper.checkResponseForError(response_string); + + SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new DetachedIdFormatter()); + + log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ + return so; + } + + + + + + public static String[] parseSigIds(String sig_ids) + { + if (sig_ids == null || sig_ids.length() == 0) + { + return null; + } + + // int index = sig_ids.indexOf(PdfAS.IDS); + // if (index < 0) + // { + // return null; + // } + // sig_ids = sig_ids.substring(index + PdfAS.IDS.length()); + // + // if (sig_ids == null || sig_ids.length() == 0) + // { + // return null; + // } + + String[] ids_str = sig_ids.split("@"); + + String etsi_string = null; + if (ids_str.length == 3) + { + etsi_string = ids_str[0]; + String[] rest_ids = new String[] { ids_str[1], ids_str[2] }; + ids_str = rest_ids; + } + + String base = ids_str[0]; + String[] ids = ids_str[1].split("-"); + String[] real_ids = new String[6]; // the last one contains the etsi string + real_ids[0] = base + "-" + ids[0]; + real_ids[1] = "0-" + base + "-" + ids[1]; + real_ids[2] = "0-" + base + "-" + ids[2]; + real_ids[3] = "0-" + base + "-" + ids[3]; + real_ids[4] = "0-" + base + "-" + ids[4]; + real_ids[5] = etsi_string; + + if (log.isDebugEnabled()) + { + for (int id_idx = 0; id_idx < real_ids.length; id_idx++) + { + log.debug("real_ids[" + id_idx + "] = " + real_ids[id_idx]); + } + } + + return real_ids; + } + + /** + * Sends the request and data to the given URL. + * + *

+ * This method mainly handles communication exceptions. The actual send work + * is done by doPostRequestMultipart. + *

+ * + * @see BKUPostConnection#doPostRequestMultipart(String, String, + * SignatureData) + * + * @param url + * The URL to send the request to. + * @param request_string + * The request XML. + * @param data + * The data. + * @return Returns the response properties containing among others the + * response XML. + * @throws ConnectorException + * f.e. + */ + protected Properties sendRequest(String url, String request_string, + SignatureData data) throws ConnectorException + { + try + { + Properties response_properties = BKUPostConnection.doPostRequestMultipart(url, request_string, data); + return response_properties; + } + catch (Exception e) + { + ConnectorException se = new ConnectorException(320, e); + throw se; + } + } + + /** + * Performs a sign. + * + * @param data + * The data to be signed. + * @return Returns the signature object containing the signature data. + * @throws ConnectorException + * f.e. + */ + public SignSignatureObject doSign(SignatureData data) throws ConnectorException + { + log.debug("doSign:"); //$NON-NLS-1$ + + String sign_request_xml = prepareSignRequest(data); + log.debug("sign_request_xml = " + sign_request_xml); //$NON-NLS-1$ + + String url = this.environment.getSignURL(); + Properties response_properties = sendRequest(url, sign_request_xml, data); + + SignSignatureObject sso = analyzeSignResponse(response_properties); + + // TODO this could be made more generic + sso.response_properties = response_properties; + + log.debug("doSign finished."); //$NON-NLS-1$ + return sso; + } + + /** + * Performs a verification. + * + * @param data + * The data to be verified. + * @param so + * The signature object with the signature information. + * @return Returns the SignatureResponse with the result of the verification. + * @throws ConnectorException + * f.e. + */ + public SignatureResponse doVerify(SignatureData data, SignSignatureObject so) throws ConnectorException + { + log.debug("doVerify:"); //$NON-NLS-1$ + + String verify_request_xml = prepareVerifyRequest(data, so); + log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$ + + // TODO debug + // try + // { + // FileOutputStream fos = new + // FileOutputStream("C:\\wprinz\\Filer\\egiz2\\verify_request.utf8.xml"); + // //$NON-NLS-1$ + // fos.write(verify_request_xml.getBytes("UTF-8")); //$NON-NLS-1$ + // fos.close(); + // } + // catch (Exception e) + // { + // log.error(e); + // } + + String url = this.environment.getVerifyURL(); + Properties response_properties = sendRequest(url, verify_request_xml, data); + + SignatureResponse signature_response = analyzeVerifyResponse(response_properties); + + log.debug("doVerify finished."); //$NON-NLS-1$ + return signature_response; + } + + /** + * Prepares the verify request xml to be sent using the verify request + * template. + * + * @param data + * The SignatureData. + * @param so + * The signature information object. + * @return Returns the verify request xml to be sent. + * @throws ConnectorException + * f.e. + */ + public String prepareVerifyRequest(SignatureData data, + SignSignatureObject so) throws ConnectorException + { + String verify_request_template = this.environment.getVerifyRequestTemplate(); + + String xml_content = null; + // TODO implement MOA + // if (sigObject.isMOASigned()) + // { + // MOAConnector moa_conn = new MOAConnector(); + // // get the MOA-template + // verify_template_str = moa_conn.getVerifyTemplate(normalizedText, + // sigObject); + // } + // else + // { + // get the BKU-template + xml_content = prepareXMLContent(data, so); + // } + + String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getLocRefContent()); + + return verify_request_xml; + } + + /** + * Prepares the XML content the holds the actual signature data. + * + *

+ * This strongly rebuilds the XML content as retuned from a sign request. + *

+ * + * @param data + * The data. + * @param so + * The signature object containing the signature information. + * @return Returns the XML content. + * @throws ConnectorException + * f.e. + */ + public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException + { + log.debug("prepareXMLContent:"); //$NON-NLS-1$ + try + { + + String verify_template = this.environment.getVerifyTemplate(); + + String ids_string = so.getSigID(); + String[] ids = SignatureObject.parseSigIds(ids_string); + + X509Certificate cert = so.getX509Certificate(); + String cert_alg = this.environment.getCertAlgEcdsa(); + if (cert.getPublicKey().getAlgorithm().indexOf("RSA") >= 0) //$NON-NLS-1$ + { + cert_alg = this.environment.getCertAlgRsa(); + } + + // cert alg replace + String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg); + + // data digest replace + { + byte[] data_value = data.getData(); + byte[] data_value_hash = CodingHelper.buildDigest(data_value); + String object_data_hash = CodingHelper.encodeBase64(data_value_hash); + + verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash); + } + + // SIG id replaces + verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_REF_REPLACE, ids[1]); + verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_REF_REPLACE, ids[3]); + verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_OBJ_URI_REPLACE, ids[2]); + + verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue()); + + // X.509 Certificate replace + byte[] der = cert.getEncoded(); + byte[] cert_hash = CodingHelper.buildDigest(der); + String certDigest = CodingHelper.encodeBase64(cert_hash); + String x509_cert_string = CodingHelper.encodeBase64(der); + verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string); + + // Qualified Properties replaces + verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_OBJ_URI_REPLACE, ids[4]); + verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]); + verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); + verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); + verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); + verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); + // SigDataRefReplace already done above + verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); + + // Signed Properties hash + { + final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; + final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length(); + assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; + assert hash_end > hash_start; + + final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end); + log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$ + + final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$ + byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed); + String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); + + verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash); + } + + log.debug("prepareXMLContent finished."); //$NON-NLS-1$ + return verify_xml; + } + catch (Exception e) + { + log.debug(e); + throw new ConnectorException(310, e); + } + } + + /** + * Analyzes the verify response string. + * + * @param response_properties + * The response properties containing the response XML. + * @return Returns the SignatureResponse containing the verification result. + * @throws ConnectorException + * f.e. + */ + public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException + { + log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$ + + String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); + + BKUHelper.checkResponseForError(response_string); + + SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string); + + log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$ + return signature_response; + } + + + /** + * Holds environment configuration information like templates. + * + * @author wprinz + */ + public static class Environment + { + /** + * The configuration key of the sign keybox identifier. + */ + protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "bku.sign.KeyboxIdentifier"; //$NON-NLS-1$ + + /** + * The configuration key of the sign request template. + */ + protected static final String SIGN_REQUEST_TEMPLATE_KEY = "bku.sign.request.detached"; //$NON-NLS-1$ + + /** + * The configuration key of the sign URL. + */ + protected static final String SIGN_URL_KEY = "bku.sign.url"; //$NON-NLS-1$ + + /** + * The configuration key of the verify request template. + */ + protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "bku.verify.request.detached"; //$NON-NLS-1$ + + /** + * The configuration key of the verify template. + */ + protected static final String VERIFY_TEMPLATE_KEY = "bku.verify.template.detached"; //$NON-NLS-1$ + + /** + * The configuration key of the verify URL. + */ + protected static final String VERIFY_URL_KEY = "bku.verify.url"; //$NON-NLS-1$ + + /** + * The configuration key for the ECDSA cert alg property. + */ + protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$ + + /** + * The configuration key for the RSA cert alg property. + */ + protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ + + protected String loc_ref_content = null; + + protected String sign_keybox_identifier = null; + + protected String sign_request_template = null; + + protected String sign_url = null; + + protected String verify_request_template = null; + + protected String verify_template = null; + + protected String verify_url = null; + + protected String cert_alg_ecdsa = null; + + protected String cert_alg_rsa = null; + + /** + * Initializes the environment with a given profile. + * + * @param profile + * The configuration profile. + * @throws ConnectorException + * f.e. + */ + public Environment(String profile, String loc_ref_content) throws ConnectorException + { + this.loc_ref_content = loc_ref_content; + + SettingsReader settings = null; + try + { + settings = SettingsReader.getInstance(); + } + catch (SettingsException e) + { + throw new ConnectorException(300, e); + } + + this.sign_keybox_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEYBOX_IDENTIFIER_KEY); + + String sign_request_filename = getConnectorValueFromProfile(settings, profile, SIGN_REQUEST_TEMPLATE_KEY); + this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); + if (this.sign_request_template == null) + { + throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$ + } + + this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY); + + String verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY); + this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); + if (this.verify_request_template == null) + { + // TODO make this a settings exception + throw new ConnectorException(300, "Can not read the verify xml request template"); //$NON-NLS-1$ + } + + String verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY); + this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename)); + if (this.verify_template == null) + { + // TODO make this a settings exception + throw new ConnectorException(300, "Can not read the verify template"); //$NON-NLS-1$ + } + + this.verify_url = getConnectorValueFromProfile(settings, profile, VERIFY_URL_KEY); + + this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY); + + this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY); + + } + + /** + * Returns the LocRef content. + * @return Returns the LocRef content. + */ + public String getLocRefContent() + { + return this.loc_ref_content; + } + + /** + * Returns the sign keybox identifier. + * + * @return Returns the sign keybox identifier. + */ + public String getSignKeyboxIdentifier() + { + return this.sign_keybox_identifier; + } + + /** + * Returns the sign request template. + * + * @return Returns the sign request template. + */ + public String getSignRequestTemplate() + { + return this.sign_request_template; + } + + /** + * Returns the sign URL. + * + * @return Returns the sign URL. + */ + public String getSignURL() + { + return this.sign_url; + } + + /** + * Returns the verify request template. + * + * @return Returns the verify request template. + */ + public String getVerifyRequestTemplate() + { + return this.verify_request_template; + } + + /** + * Returns the verify template. + * + * @return Returns the verify template. + */ + public String getVerifyTemplate() + { + return this.verify_template; + } + + /** + * Returns the verify URL. + * + * @return Returns the verify URL. + */ + public String getVerifyURL() + { + return this.verify_url; + } + + /** + * Returns the ecdsa cert alg property. + * + * @return Returns the ecdsa cert alg property. + */ + public String getCertAlgEcdsa() + { + return this.cert_alg_ecdsa; + } + + /** + * Returns the rsa cert alg property. + * + * @return Returns the rsa cert alg property. + */ + public String getCertAlgRsa() + { + return this.cert_alg_rsa; + } + + /** + * Reads the configuration entry given by the key, first from the given + * profile, if not found from the defaults. + * + * @param settings + * The settings. + * @param profile + * The profile. + * @param key + * The configuration key. + * @return Returns the configuration entry. + */ + public static String getConnectorValueFromProfile(SettingsReader settings, + String profile, String key) + { + String value = settings.getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$ + if (value == null) + { + value = settings.getValueFromKey(key); + } + return value; + } + } +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedMultipartBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedMultipartBKUConnector.java deleted file mode 100644 index 68ff62e..0000000 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedMultipartBKUConnector.java +++ /dev/null @@ -1,661 +0,0 @@ -/** - * - */ -package at.knowcenter.wag.egov.egiz.sig.connectors.bku; - -import java.security.cert.X509Certificate; -import java.util.Properties; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; -import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; -import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; -import at.knowcenter.wag.egov.egiz.sig.SignatureData; -import at.knowcenter.wag.egov.egiz.sig.SignatureObject; -import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; -import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; -import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; -import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedIdFormatter; -import at.knowcenter.wag.egov.egiz.tools.CodingHelper; -import at.knowcenter.wag.egov.egiz.tools.FileHelper; - -/** - * Connects to the BKU using the detached multipart/formdata requests. - * - *

- * This feature is available since BKU version 2.7.4. - *

- * - * @author wprinz - */ -public class DetachedMultipartBKUConnector implements Connector -{ - /** - * The log. - */ - private static Log log = LogFactory.getLog(DetachedMultipartBKUConnector.class); - - /** - * The environemnt configuration of this connector containing templates and - * other configurable elements. - */ - protected Environment environment = null; - - /** - * Constructor that builds the configuration environment for this connector - * according to the given profile. - * - *

- * If confuguration parameters are not defined on that profile, the default - * parameters defined in the configuration are used. - *

- * - * @param profile - * The profile from which the Environment should be assembled. - * @throws ConnectorException - * f.e. - */ - public DetachedMultipartBKUConnector(String profile) throws ConnectorException - { - this.environment = new Environment(profile); - } - - /** - * Prepares the sign request xml to be sent using the sign request template. - * - * @param data - * The SignatureData. - * @return Returns the sign request xml to be sent. - * @throws ConnectorException - * f.e. - */ - protected String prepareSignRequestDetached(SignatureData data) throws ConnectorException - { - log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$ - - String sign_request_template = this.environment.getSignRequestTemplate(); - - String sign_keybox_identifier = this.environment.getSignKeyboxIdentifier(); - String mime_type = data.getMimeType(); - if (log.isDebugEnabled()) - { - log.debug("sign keybox identifier = " + sign_keybox_identifier); //$NON-NLS-1$ - log.debug("mime type = " + mime_type); //$NON-NLS-1$ - } - - String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEYBOX_IDENTIFIER_REPLACE, sign_keybox_identifier); - sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, mime_type); - - log.debug("prepareSignRequestDetached finished."); //$NON-NLS-1$ - return sign_request_xml; - } - - /** - * Analyzes the sign response xml and extracts the signature data. - * - * @param response_properties - * The response properties containing the response String and - * transport related information. - * @return Returns the extracted data encapsulated in a SignatureObject. - * @throws ConnectorException - * f.e. - */ - public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException - { - log.debug("analyzeSignResponse:"); //$NON-NLS-1$ - - String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); - - BKUHelper.checkResponseForError(response_string); - - SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new DetachedIdFormatter()); - - log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ - return so; - } - - - - - - public static String[] parseSigIds(String sig_ids) - { - if (sig_ids == null || sig_ids.length() == 0) - { - return null; - } - - // int index = sig_ids.indexOf(PdfAS.IDS); - // if (index < 0) - // { - // return null; - // } - // sig_ids = sig_ids.substring(index + PdfAS.IDS.length()); - // - // if (sig_ids == null || sig_ids.length() == 0) - // { - // return null; - // } - - String[] ids_str = sig_ids.split("@"); - - String etsi_string = null; - if (ids_str.length == 3) - { - etsi_string = ids_str[0]; - String[] rest_ids = new String[] { ids_str[1], ids_str[2] }; - ids_str = rest_ids; - } - - String base = ids_str[0]; - String[] ids = ids_str[1].split("-"); - String[] real_ids = new String[6]; // the last one contains the etsi string - real_ids[0] = base + "-" + ids[0]; - real_ids[1] = "0-" + base + "-" + ids[1]; - real_ids[2] = "0-" + base + "-" + ids[2]; - real_ids[3] = "0-" + base + "-" + ids[3]; - real_ids[4] = "0-" + base + "-" + ids[4]; - real_ids[5] = etsi_string; - - if (log.isDebugEnabled()) - { - for (int id_idx = 0; id_idx < real_ids.length; id_idx++) - { - log.debug("real_ids[" + id_idx + "] = " + real_ids[id_idx]); - } - } - - return real_ids; - } - - /** - * Sends the request and data to the given URL. - * - *

- * This method mainly handles communication exceptions. The actual send work - * is done by doPostRequestMultipart. - *

- * - * @see BKUPostConnection#doPostRequestMultipart(String, String, - * SignatureData) - * - * @param url - * The URL to send the request to. - * @param request_string - * The request XML. - * @param data - * The data. - * @return Returns the response properties containing among others the - * response XML. - * @throws ConnectorException - * f.e. - */ - protected Properties sendRequest(String url, String request_string, - SignatureData data) throws ConnectorException - { - try - { - Properties response_properties = BKUPostConnection.doPostRequestMultipart(url, request_string, data); - return response_properties; - } - catch (Exception e) - { - ConnectorException se = new ConnectorException(320, e); - throw se; - } - } - - /** - * Performs a sign. - * - * @param data - * The data to be signed. - * @return Returns the signature object containing the signature data. - * @throws ConnectorException - * f.e. - */ - public SignSignatureObject doSign(SignatureData data) throws ConnectorException - { - log.debug("doSign:"); //$NON-NLS-1$ - - String sign_request_xml = prepareSignRequestDetached(data); - log.debug("sign_request_xml = " + sign_request_xml); //$NON-NLS-1$ - - String url = this.environment.getSignURL(); - Properties response_properties = sendRequest(url, sign_request_xml, data); - - SignSignatureObject sso = analyzeSignResponse(response_properties); - - // TODO this could be made more generic - sso.response_properties = response_properties; - - log.debug("doSign finished."); //$NON-NLS-1$ - return sso; - } - - /** - * Performs a verification. - * - * @param data - * The data to be verified. - * @param so - * The signature object with the signature information. - * @return Returns the SignatureResponse with the result of the verification. - * @throws ConnectorException - * f.e. - */ - public SignatureResponse doVerify(SignatureData data, SignSignatureObject so) throws ConnectorException - { - log.debug("doVerify:"); //$NON-NLS-1$ - - String verify_request_xml = prepareVerifyRequestDetached(data, so); - log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$ - - // TODO debug - // try - // { - // FileOutputStream fos = new - // FileOutputStream("C:\\wprinz\\Filer\\egiz2\\verify_request.utf8.xml"); - // //$NON-NLS-1$ - // fos.write(verify_request_xml.getBytes("UTF-8")); //$NON-NLS-1$ - // fos.close(); - // } - // catch (Exception e) - // { - // log.error(e); - // } - - String url = this.environment.getVerifyURL(); - Properties response_properties = sendRequest(url, verify_request_xml, data); - - SignatureResponse signature_response = analyzeVerifyResponse(response_properties); - - log.debug("doVerify finished."); //$NON-NLS-1$ - return signature_response; - } - - /** - * Prepares the verify request xml to be sent using the verify request - * template. - * - * @param data - * The SignatureData. - * @param so - * The signature information object. - * @return Returns the verify request xml to be sent. - * @throws ConnectorException - * f.e. - */ - public String prepareVerifyRequestDetached(SignatureData data, - SignSignatureObject so) throws ConnectorException - { - String verify_request_template = this.environment.getVerifyRequestTemplate(); - - String xml_content = null; - // TODO implement MOA - // if (sigObject.isMOASigned()) - // { - // MOAConnector moa_conn = new MOAConnector(); - // // get the MOA-template - // verify_template_str = moa_conn.getVerifyTemplate(normalizedText, - // sigObject); - // } - // else - // { - // get the BKU-template - xml_content = prepareXMLContent(data, so); - // } - - String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); - - return verify_request_xml; - } - - /** - * Prepares the XML content the holds the actual signature data. - * - *

- * This strongly rebuilds the XML content as retuned from a sign request. - *

- * - * @param data - * The data. - * @param so - * The signature object containing the signature information. - * @return Returns the XML content. - * @throws ConnectorException - * f.e. - */ - public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException - { - log.debug("prepareXMLContent:"); //$NON-NLS-1$ - try - { - - String verify_template = this.environment.getVerifyTemplate(); - - String ids_string = so.getSigID(); - String[] ids = SignatureObject.parseSigIds(ids_string); - - X509Certificate cert = so.getX509Certificate(); - String cert_alg = this.environment.getCertAlgEcdsa(); - if (cert.getPublicKey().getAlgorithm().indexOf("RSA") >= 0) //$NON-NLS-1$ - { - cert_alg = this.environment.getCertAlgRsa(); - } - - // cert alg replace - String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg); - - // data digest replace - { - byte[] data_value = data.getData(); - byte[] data_value_hash = CodingHelper.buildDigest(data_value); - String object_data_hash = CodingHelper.encodeBase64(data_value_hash); - - verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash); - } - - // SIG id replaces - verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_REF_REPLACE, ids[1]); - verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_REF_REPLACE, ids[3]); - verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_OBJ_URI_REPLACE, ids[2]); - - verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue()); - - // X.509 Certificate replace - byte[] der = cert.getEncoded(); - byte[] cert_hash = CodingHelper.buildDigest(der); - String certDigest = CodingHelper.encodeBase64(cert_hash); - String x509_cert_string = CodingHelper.encodeBase64(der); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string); - - // Qualified Properties replaces - verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_OBJ_URI_REPLACE, ids[4]); - verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); - verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); - // SigDataRefReplace already done above - verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); - - // Signed Properties hash - { - final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; - final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length(); - assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; - assert hash_end > hash_start; - - final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end); - log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$ - - final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$ - byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed); - String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); - - verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash); - } - - log.debug("prepareXMLContent finished."); //$NON-NLS-1$ - return verify_xml; - } - catch (Exception e) - { - log.debug(e); - throw new ConnectorException(310, e); - } - } - - /** - * Analyzes the verify response string. - * - * @param response_properties - * The response properties containing the response XML. - * @return Returns the SignatureResponse containing the verification result. - * @throws ConnectorException - * f.e. - */ - public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException - { - log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$ - - String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); - - BKUHelper.checkResponseForError(response_string); - - SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string); - - log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$ - return signature_response; - } - - - /** - * Holds environment configuration information like templates. - * - * @author wprinz - */ - public static class Environment - { - /** - * The configuration key of the sign keybox identifier. - */ - protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "bku.sign.KeyboxIdentifier"; //$NON-NLS-1$ - - /** - * The configuration key of the sign request template. - */ - protected static final String SIGN_REQUEST_TEMPLATE_KEY = "bku.sign.request.detached"; //$NON-NLS-1$ - - /** - * The configuration key of the sign URL. - */ - protected static final String SIGN_URL_KEY = "bku.sign.url"; //$NON-NLS-1$ - - /** - * The configuration key of the verify request template. - */ - protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "bku.verify.request.detached"; //$NON-NLS-1$ - - /** - * The configuration key of the verify template. - */ - protected static final String VERIFY_TEMPLATE_KEY = "bku.verify.template.detached"; //$NON-NLS-1$ - - /** - * The configuration key of the verify URL. - */ - protected static final String VERIFY_URL_KEY = "bku.verify.url"; //$NON-NLS-1$ - - /** - * The configuration key for the ECDSA cert alg property. - */ - protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$ - - /** - * The configuration key for the RSA cert alg property. - */ - protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ - - protected String sign_keybox_identifier = null; - - protected String sign_request_template = null; - - protected String sign_url = null; - - protected String verify_request_template = null; - - protected String verify_template = null; - - protected String verify_url = null; - - protected String cert_alg_ecdsa = null; - - protected String cert_alg_rsa = null; - - /** - * Initializes the environment with a given profile. - * - * @param profile - * The configuration profile. - * @throws ConnectorException - * f.e. - */ - public Environment(String profile) throws ConnectorException - { - SettingsReader settings = null; - try - { - settings = SettingsReader.getInstance(); - } - catch (SettingsException e) - { - throw new ConnectorException(300, e); - } - - this.sign_keybox_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEYBOX_IDENTIFIER_KEY); - - String sign_request_filename = getConnectorValueFromProfile(settings, profile, SIGN_REQUEST_TEMPLATE_KEY); - this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename)); - if (this.sign_request_template == null) - { - throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$ - } - - this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY); - - String verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY); - this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename)); - if (this.verify_request_template == null) - { - // TODO make this a settings exception - throw new ConnectorException(300, "Can not read the verify xml request template"); //$NON-NLS-1$ - } - - String verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY); - this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename)); - if (this.verify_template == null) - { - // TODO make this a settings exception - throw new ConnectorException(300, "Can not read the verify template"); //$NON-NLS-1$ - } - - this.verify_url = getConnectorValueFromProfile(settings, profile, VERIFY_URL_KEY); - - this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY); - - this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY); - - } - - /** - * Returns the sign keybox identifier. - * - * @return Returns the sign keybox identifier. - */ - public String getSignKeyboxIdentifier() - { - return this.sign_keybox_identifier; - } - - /** - * Returns the sign request template. - * - * @return Returns the sign request template. - */ - public String getSignRequestTemplate() - { - return this.sign_request_template; - } - - /** - * Returns the sign URL. - * - * @return Returns the sign URL. - */ - public String getSignURL() - { - return this.sign_url; - } - - /** - * Returns the verify request template. - * - * @return Returns the verify request template. - */ - public String getVerifyRequestTemplate() - { - return this.verify_request_template; - } - - /** - * Returns the verify template. - * - * @return Returns the verify template. - */ - public String getVerifyTemplate() - { - return this.verify_template; - } - - /** - * Returns the verify URL. - * - * @return Returns the verify URL. - */ - public String getVerifyURL() - { - return this.verify_url; - } - - /** - * Returns the ecdsa cert alg property. - * - * @return Returns the ecdsa cert alg property. - */ - public String getCertAlgEcdsa() - { - return this.cert_alg_ecdsa; - } - - /** - * Returns the rsa cert alg property. - * - * @return Returns the rsa cert alg property. - */ - public String getCertAlgRsa() - { - return this.cert_alg_rsa; - } - - /** - * Reads the configuration entry given by the key, first from the given - * profile, if not found from the defaults. - * - * @param settings - * The settings. - * @param profile - * The profile. - * @param key - * The configuration key. - * @return Returns the configuration entry. - */ - public static String getConnectorValueFromProfile(SettingsReader settings, - String profile, String key) - { - String value = settings.getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$ - if (value == null) - { - value = settings.getValueFromKey(key); - } - return value; - } - } -} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java index cabfe92..1c628b1 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java @@ -19,6 +19,7 @@ import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter; import at.knowcenter.wag.egov.egiz.tools.CodingHelper; +import at.knowcenter.wag.egov.egiz.tools.DebugHelper; import at.knowcenter.wag.egov.egiz.tools.FileHelper; /** @@ -66,11 +67,12 @@ public class EnvelopedBase64BKUConnector implements Connector log.debug("doSign:"); //$NON-NLS-1$ String sign_request_xml = prepareSignRequest(data); - log.debug("sign_request_xml = " + sign_request_xml); //$NON-NLS-1$ + DebugHelper.debugStringToFile(sign_request_xml, "BKU_EnvB64_sign_request.xml"); //$NON-NLS-1$ String url = this.environment.getSignURL(); Properties response_properties = sendRequest(url, sign_request_xml); + DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "BKU_EnvB64_sign_response.xml"); //$NON-NLS-1$ SignSignatureObject sso = analyzeSignResponse(response_properties); // TODO this could be made more generic @@ -89,25 +91,12 @@ public class EnvelopedBase64BKUConnector implements Connector log.debug("doVerify:"); //$NON-NLS-1$ String verify_request_xml = prepareVerifyRequest(data, so); - log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$ - - // TODO debug - // try - // { - // FileOutputStream fos = new - // FileOutputStream("C:\\wprinz\\Filer\\egiz2\\verify_request.utf8.xml"); - // //$NON-NLS-1$ - // fos.write(verify_request_xml.getBytes("UTF-8")); //$NON-NLS-1$ - // fos.close(); - // } - // catch (Exception e) - // { - // log.error(e); - // } + DebugHelper.debugStringToFile(verify_request_xml, "BKU_EnvB64_verify_request.xml"); //$NON-NLS-1$ String url = this.environment.getVerifyURL(); Properties response_properties = sendRequest(url, verify_request_xml); + DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "BKU_EnvB64_verify_response.xml"); //$NON-NLS-1$ SignatureResponse signature_response = analyzeVerifyResponse(response_properties); log.debug("doVerify finished."); //$NON-NLS-1$ @@ -180,8 +169,8 @@ public class EnvelopedBase64BKUConnector implements Connector String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg); // data digest replace + byte [] data_value = BKUHelper.prepareEnvelopingData(data); { - byte[] data_value = data.getData(); byte[] data_value_hash = CodingHelper.buildDigest(data_value); String object_data_hash = CodingHelper.encodeBase64(data_value_hash); @@ -203,7 +192,7 @@ public class EnvelopedBase64BKUConnector implements Connector verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string); // Base64 content replace - String base64 = BKUHelper.prepareBase64Content(data); + String base64 = CodingHelper.encodeBase64(data_value); verify_xml = verify_xml.replaceFirst(TemplateReplaces.BASE64_CONTENT_REPLACE, base64); // Qualified Properties replaces diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/LocRefDetachedBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/LocRefDetachedBKUConnector.java new file mode 100644 index 0000000..92b7b91 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/LocRefDetachedBKUConnector.java @@ -0,0 +1,25 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.connectors.bku; + +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; + +/** + * @author wprinz + * + */ +public class LocRefDetachedBKUConnector extends DetachedBKUConnector +{ + + /** + * @param profile + * @param loc_ref_content + * @throws ConnectorException + */ + public LocRefDetachedBKUConnector(String profile, String loc_ref_content) throws ConnectorException + { + super(profile, loc_ref_content); + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/MultipartDetachedBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/MultipartDetachedBKUConnector.java new file mode 100644 index 0000000..a2d4dc0 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/MultipartDetachedBKUConnector.java @@ -0,0 +1,21 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.connectors.bku; + +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; + +/** + * @author wprinz + * + */ +public class MultipartDetachedBKUConnector extends DetachedBKUConnector +{ + protected static final String MULTIPART_LOC_REF_CONTENT = "formdata:fileupload"; //$NON-NLS-1$ + + public MultipartDetachedBKUConnector(String profile) throws ConnectorException + { + super(profile, MULTIPART_LOC_REF_CONTENT); + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java index e5278b9..220a3d0 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java @@ -4,21 +4,23 @@ package at.knowcenter.wag.egov.egiz.sig.connectors.moa; import java.util.Properties; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; import at.knowcenter.wag.egov.egiz.exceptions.SignatureException; -import at.knowcenter.wag.egov.egiz.exceptions.WebException; import at.knowcenter.wag.egov.egiz.sig.SignatureData; +import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; +import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUHelper; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUPostConnection; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; +import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedLocRefMOAIdFormatter; +import at.knowcenter.wag.egov.egiz.tools.DebugHelper; import at.knowcenter.wag.egov.egiz.tools.FileHelper; /** @@ -26,7 +28,7 @@ import at.knowcenter.wag.egov.egiz.tools.FileHelper; * * @author wprinz */ -public class DetachedLocRefMOAConnector +public class DetachedLocRefMOAConnector implements Connector { /** * The SIG_ID prefix. @@ -60,31 +62,19 @@ public class DetachedLocRefMOAConnector * @throws SignatureException * f.e. */ - public DetachedLocRefMOAConnector(String profile) throws SignatureException, SettingsException + public DetachedLocRefMOAConnector(String profile, String signature_data_url) throws SignatureException, SettingsException { - this.environment = new Environment(profile); + this.environment = new Environment(profile, signature_data_url); } - /** - * Prepares the sign request xml to be sent using the sign request template. - * - * @param data - * The SignatureData. - * @return Returns the sign request xml to be sent. - * @throws SignatureException - * f.e. - */ - protected String prepareSignRequest(SignatureData data) throws SignatureException + protected String prepareSignRequest(SignatureData data) throws ConnectorException { log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$ String sign_request_template = this.environment.getSignRequestTemplate(); String sign_key_identifier = this.environment.getSignKeyIdentifier(); - String loc_ref_content = // "http://wwwx.google.at"; - // this doesn't work - MOA always complains that file system access is - // forbidden - "file:///C:/wprinz/Filer/egiz2/test.utf8.txt"; + String loc_ref_content = this.environment.getSignatureDataUrl(); String mime_type = data.getMimeType(); if (log.isDebugEnabled()) { @@ -102,16 +92,9 @@ public class DetachedLocRefMOAConnector } /** - * Analyzes the sign response xml and extracts the signature data. - * - * @param response_properties - * The response properties containing the response String and - * transport related information. - * @return Returns the extracted data encapsulated in a SignatureObject. - * @throws SignatureException - * f.e. + * @see at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector#analyzeSignResponse(java.util.Properties) */ - public SignSignatureObject analyzeSignResponse(Properties response_properties) throws SignatureException + public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException { log.debug("analyzeSignResponse:"); //$NON-NLS-1$ @@ -119,33 +102,26 @@ public class DetachedLocRefMOAConnector BKUHelper.checkResponseForError(response_string); - // SignSignatureObject so = parseCreateXMLResponse(response_string); + SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new DetachedLocRefMOAIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ - return null;// so; + return so; } /** - * Performs a sign. - * - * @param data - * The data to be signed. - * @return Returns the signature object containing the signature data. - * @throws SignatureException - * f.e. - * @throws WebException + * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doSign(at.knowcenter.wag.egov.egiz.sig.SignatureData) */ - public SignSignatureObject doSign(SignatureData data) throws SignatureException, WebException + public SignSignatureObject doSign(SignatureData data) throws ConnectorException { log.debug("doSign:"); //$NON-NLS-1$ String sign_request_xml = prepareSignRequest(data); - log.debug("sign_request_xml = " + sign_request_xml); //$NON-NLS-1$ + DebugHelper.debugStringToFile(sign_request_xml, "MOA_DetLocRef_sign_request.xml"); //$NON-NLS-1$ String url = this.environment.getSignURL(); - Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_SIGN, sign_request_xml, data); + Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_SIGN, sign_request_xml); - log.debug("response_string = " + response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY));; //$NON-NLS-1$ + DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "MOA_DetLocRef_sign_response.xml"); //$NON-NLS-1$ SignSignatureObject sso = analyzeSignResponse(response_properties); // TODO this could be made more generic @@ -155,8 +131,66 @@ public class DetachedLocRefMOAConnector return sso; } + /** + * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doVerify(at.knowcenter.wag.egov.egiz.sig.SignatureData, + * at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject) + */ + public SignatureResponse doVerify(SignatureData data, SignSignatureObject so) throws ConnectorException + { + log.debug("doVerify:"); //$NON-NLS-1$ + + String verify_request_xml = prepareVerifyRequest(data, so); + log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$ + + String url = this.environment.getVerifyURL(); + Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_VERIFY, verify_request_xml); + + // SignatureResponse signature_response = + // analyzeVerifyResponse(response_properties); + + log.debug("doVerify finished."); //$NON-NLS-1$ + return null; // signature_response; + } + + /** + * Prepares the verify request xml to be sent using the verify request + * template. + * + * @param data + * The SignatureData. + * @param so + * The signature information object. + * @return Returns the verify request xml to be sent. + * @throws ConnectorException + * f.e. + */ + public String prepareVerifyRequest(SignatureData data, SignSignatureObject so) throws ConnectorException + { + String verify_request_template = this.environment.getVerifyRequestTemplate(); + + String xml_content = null; + // TODO implement BKU + // if (sigObject.isMOASigned()) + // { + // MOAConnector moa_conn = new MOAConnector(); + // // get the MOA-template + // verify_template_str = moa_conn.getVerifyTemplate(normalizedText, + // sigObject); + // } + // else + // { + // get the BKU-template +// xml_content = prepareXMLContent(data, so); + // } + + String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); + verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId()); + + return verify_request_xml; + } + protected Properties sendRequest(String url, String mode, - String request_string, SignatureData data) throws SignatureException + String request_string) throws ConnectorException { try { @@ -165,8 +199,7 @@ public class DetachedLocRefMOAConnector } catch (Exception e) { - SignatureException se = new SignatureException(320, e); - throw se; + throw new ConnectorException(320, e); } } @@ -207,6 +240,11 @@ public class DetachedLocRefMOAConnector */ protected static final String VERIFY_URL_KEY = "moa.verify.url"; //$NON-NLS-1$ + /** + * The configuration key of the trust profile id. + */ + protected static final String VERIFY_TRUST_PROFILE_ID = "moa.verify.TrustProfileID"; //$NON-NLS-1$ + /** * The configuration key for the ECDSA cert alg property. */ @@ -217,6 +255,8 @@ public class DetachedLocRefMOAConnector */ protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ + protected String signature_data_url = null; + protected String sign_key_identifier = null; protected String sign_request_template = null; @@ -229,6 +269,8 @@ public class DetachedLocRefMOAConnector protected String verify_url = null; + protected String verify_trust_profile_id = null; + protected String cert_alg_ecdsa = null; protected String cert_alg_rsa = null; @@ -240,12 +282,22 @@ public class DetachedLocRefMOAConnector * The configuration profile. * @throws SettingsException * f.e. - * @throws SignatureException + * @throws ConnectorException * f.e. */ - public Environment(String profile) throws SettingsException, SignatureException + public Environment(String profile, String signature_data_url) throws ConnectorException { - SettingsReader settings = SettingsReader.getInstance(); + this.signature_data_url = signature_data_url; + + SettingsReader settings = null; + try + { + settings = SettingsReader.getInstance(); + } + catch (SettingsException e) + { + throw new ConnectorException(300, e); + } this.sign_key_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEY_IDENTIFIER_KEY); @@ -254,7 +306,7 @@ public class DetachedLocRefMOAConnector if (this.sign_request_template == null) { // TODO make this a settings exception - throw new SignatureException(300, "Can not read the create xml request template"); //$NON-NLS-1$ + throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$ } this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY); @@ -264,7 +316,7 @@ public class DetachedLocRefMOAConnector if (this.verify_request_template == null) { // TODO make this a settings exception - throw new SignatureException(300, "Can not read the verify xml request template"); //$NON-NLS-1$ + throw new ConnectorException(300, "Can not read the verify xml request template"); //$NON-NLS-1$ } String verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY); @@ -272,17 +324,29 @@ public class DetachedLocRefMOAConnector if (this.verify_template == null) { // TODO make this a settings exception - throw new SignatureException(300, "Can not read the verify template"); //$NON-NLS-1$ + throw new ConnectorException(300, "Can not read the verify template"); //$NON-NLS-1$ } this.verify_url = getConnectorValueFromProfile(settings, profile, VERIFY_URL_KEY); + this.verify_trust_profile_id = settings.getValueFromKey(VERIFY_TRUST_PROFILE_ID); + this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY); this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY); } + /** + * Returns the URL where to load the detached data from. + * + * @return Returns the URL where to load the detached data from. + */ + public String getSignatureDataUrl() + { + return this.signature_data_url; + } + /** * Returns the sign key identifier. * @@ -343,6 +407,16 @@ public class DetachedLocRefMOAConnector return this.verify_url; } + /** + * Returns the verify trust profile id. + * + * @return Returns the verify trust profile id. + */ + public String getVerifyTrustProfileId() + { + return this.verify_trust_profile_id; + } + /** * Returns the ecdsa cert alg property. * diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java index 4e9dd04..f6580af 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java @@ -3,15 +3,8 @@ */ package at.knowcenter.wag.egov.egiz.sig.connectors.moa; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Properties; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -20,14 +13,13 @@ import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; import at.knowcenter.wag.egov.egiz.sig.SignatureData; -import at.knowcenter.wag.egov.egiz.sig.SignatureObject; import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; -import at.knowcenter.wag.egov.egiz.sig.X509Cert; import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUHelper; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUPostConnection; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; +import at.knowcenter.wag.egov.egiz.sig.sigid.OldMOAIdFormatter; import at.knowcenter.wag.egov.egiz.tools.CodingHelper; import at.knowcenter.wag.egov.egiz.tools.FileHelper; @@ -205,7 +197,7 @@ public class EnvelopingBase64MOAConnector implements Connector BKUHelper.checkResponseForError(response_string); - SignSignatureObject so = parseCreateXMLResponse(response_string); + SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new OldMOAIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ return so; @@ -268,8 +260,8 @@ public class EnvelopingBase64MOAConnector implements Connector String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg); // data digest replace + byte[] data_value = BKUHelper.prepareEnvelopingData(data); { - byte[] data_value = data.getData(); byte[] data_value_hash = CodingHelper.buildDigest(data_value); String object_data_hash = CodingHelper.encodeBase64(data_value_hash); @@ -286,7 +278,7 @@ public class EnvelopingBase64MOAConnector implements Connector verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string); // Base64 content replace - String base64 = BKUHelper.prepareBase64Content(data); + String base64 = CodingHelper.encodeBase64(data_value); verify_xml = verify_xml.replaceFirst(TemplateReplaces.BASE64_CONTENT_REPLACE, base64); // Qualified Properties replaces @@ -327,156 +319,6 @@ public class EnvelopingBase64MOAConnector implements Connector } } - - /** - * This method parses the MOA-Response string. It separates the - * SignatureValue, X509IssuerName, SigningTime, X509SerialNumber, - * X509Certificate, CertDigest and DigestValues. If the X509Certificate is - * extracted it would be stored in the certificates directory. - * - * @param xmlResponse - * the response string from the MOA sign-request - * @throws ConnectorException - * ErrorCode (303, 304) - * @see SignatureObject - * @see CodingHelper - * @see X509Cert - */ - public static SignSignatureObject parseCreateXMLResponse(String xmlResponse) throws ConnectorException - { - Pattern sig_val_p_s = Pattern.compile("<[\\w]*:?SignatureValue>"); //$NON-NLS-1$ - Pattern sig_val_p_e = Pattern.compile(""); //$NON-NLS-1$ - Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>"); //$NON-NLS-1$ - Pattern iss_nam_p_e = Pattern.compile(""); //$NON-NLS-1$ - Pattern sig_tim_p_s = Pattern.compile("<[\\w]*:?SigningTime>"); //$NON-NLS-1$ - Pattern sig_tim_p_e = Pattern.compile(""); //$NON-NLS-1$ - Pattern ser_num_p_s = Pattern.compile("<[\\w]*:?X509SerialNumber>"); //$NON-NLS-1$ - Pattern ser_num_p_e = Pattern.compile(""); //$NON-NLS-1$ - Pattern sig_cer_p_s = Pattern.compile("<[\\w]*:?X509Certificate>"); //$NON-NLS-1$ - Pattern sig_cer_p_e = Pattern.compile(""); //$NON-NLS-1$ - - // Pattern sig_cer_d_p_s = Pattern.compile("<[\\w]*:?CertDigest>"); - // //$NON-NLS-1$ - // Pattern sig_cer_d_p_e = Pattern.compile(""); - // //$NON-NLS-1$ - // Pattern dig_val_p_s = Pattern.compile("<[\\w]*:?DigestValue>"); - // //$NON-NLS-1$ - // Pattern dig_val_p_e = Pattern.compile(""); - // //$NON-NLS-1$ - - Matcher sig_val_m_s = sig_val_p_s.matcher(xmlResponse); - Matcher sig_val_m_e = sig_val_p_e.matcher(xmlResponse); - Matcher iss_nam_m_s = iss_nam_p_s.matcher(xmlResponse); - Matcher iss_nam_m_e = iss_nam_p_e.matcher(xmlResponse); - Matcher sig_tim_m_s = sig_tim_p_s.matcher(xmlResponse); - Matcher sig_tim_m_e = sig_tim_p_e.matcher(xmlResponse); - Matcher ser_num_m_s = ser_num_p_s.matcher(xmlResponse); - Matcher ser_num_m_e = ser_num_p_e.matcher(xmlResponse); - Matcher sig_cer_m_s = sig_cer_p_s.matcher(xmlResponse); - Matcher sig_cer_m_e = sig_cer_p_e.matcher(xmlResponse); - - // Matcher sig_cer_d_m_s = sig_cer_d_p_s.matcher(xmlResponse); - // Matcher sig_cer_d_m_e = sig_cer_d_p_e.matcher(xmlResponse); - // Matcher dig_val_m_s = dig_val_p_s.matcher(xmlResponse); - // Matcher dig_val_m_e = dig_val_p_e.matcher(xmlResponse); - - // SignatureValue - String sig_val = null; - if (sig_val_m_s.find() && sig_val_m_e.find()) - { - sig_val = BKUHelper.removeAllWhitespace(xmlResponse.substring(sig_val_m_s.end(), sig_val_m_e.start())); - } - log.debug("sig_val = " + sig_val); //$NON-NLS-1$ - - // X509IssuerName - String iss_nam = null; - if (iss_nam_m_s.find() && iss_nam_m_e.find()) - { - iss_nam = xmlResponse.substring(iss_nam_m_s.end(), iss_nam_m_e.start()); - } - log.debug("iss_nam = " + iss_nam); //$NON-NLS-1$ - - // X509SerialNumber - String ser_num = null; - if (ser_num_m_s.find() && ser_num_m_e.find()) - { - ser_num = BKUHelper.removeAllWhitespace(xmlResponse.substring(ser_num_m_s.end(), ser_num_m_e.start())); - } - log.debug("ser_num = " + ser_num); //$NON-NLS-1$ - - // SigningTime - String sig_tim = null; - if (sig_tim_m_s.find() && sig_tim_m_e.find()) - { - sig_tim = xmlResponse.substring(sig_tim_m_s.end(), sig_tim_m_e.start()); - } - log.debug("sig_tim = " + sig_tim); //$NON-NLS-1$ - - // CertDigest - // if (sig_cer_d_m_s.find() && sig_cer_d_m_e.find()) - // { - // String cert_digest = xmlResponse.substring(sig_cer_d_m_s.end(), - // sig_cer_d_m_e.start()); - // if (dig_val_m_s.find() && dig_val_m_e.find()) - // { - // sig_dig = cert_digest.substring(dig_val_m_s.end(), dig_val_m_e.start()); - // //sigObj.setX509CertificateDigest(sig_dig); - // } - // } - - // X509Certificate - X509Certificate cert = null; - if (sig_cer_m_s.find() && sig_cer_m_e.find()) - { - String sig_cer = BKUHelper.removeAllWhitespace(xmlResponse.substring(sig_cer_m_s.end(), sig_cer_m_e.start())); - - try - { - byte[] der = CodingHelper.decodeBase64(sig_cer); - ByteArrayInputStream bais = new ByteArrayInputStream(der); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$ - cert = (X509Certificate) cf.generateCertificate(bais); - bais.close(); - } - catch (UnsupportedEncodingException e) - { - log.error(e); - throw new ConnectorException(300, e); - } - catch (CertificateException e) - { - log.error(e); - throw new ConnectorException(300, e); - } - catch (IOException e) - { - log.error(e); - throw new ConnectorException(300, e); - } - } - log.debug("X509Certificate = " + cert); //$NON-NLS-1$ - - if (log.isDebugEnabled()) - { - - String cert_iss = cert.getIssuerDN().getName(); - log.debug("certificate's issuer = " + cert_iss); //$NON-NLS-1$ - log.debug("response's issuer = " + iss_nam); //$NON-NLS-1$ - log.debug("issuer matches = " + cert_iss.equals(iss_nam)); //$NON-NLS-1$ - log.debug("ser number matches = " + cert.getSerialNumber().toString().equals(ser_num)); //$NON-NLS-1$ - } - - SignSignatureObject so = new SignSignatureObject(); - so.date = sig_tim; - so.issuer = iss_nam; - so.signatureValue = sig_val; - so.x509Certificate = cert; - - so.id = null; - - return so; - } - /** * Holds environment configuration information like templates. * diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOAHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOAHelper.java new file mode 100644 index 0000000..e05d55c --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/MOAHelper.java @@ -0,0 +1,190 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.connectors.moa; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; +import at.knowcenter.wag.egov.egiz.sig.SignatureObject; +import at.knowcenter.wag.egov.egiz.sig.X509Cert; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUHelper; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; +import at.knowcenter.wag.egov.egiz.sig.sigid.IdFormatter; +import at.knowcenter.wag.egov.egiz.tools.CodingHelper; + +/** + * @author wprinz + * + */ +public class MOAHelper +{ + /** + * The log. + */ + private static Log log = LogFactory.getLog(MOAHelper.class); + + /** + * This method parses the MOA-Response string. + * + *

+ * It separates the SignatureValue, X509IssuerName, SigningTime, + * X509SerialNumber, X509Certificate, CertDigest and DigestValues. If the + * X509Certificate is extracted it would be stored in the certificates + * directory. + *

+ * + * @param xmlResponse + * the response string from the MOA sign-request + * @throws ConnectorException + * ErrorCode (303, 304) + * @see SignatureObject + * @see CodingHelper + * @see X509Cert + */ + public static SignSignatureObject parseCreateXMLResponse(String xmlResponse, IdFormatter id_formatter) throws ConnectorException + { + Pattern sig_val_p_s = Pattern.compile("<[\\w]*:?SignatureValue>"); //$NON-NLS-1$ + Pattern sig_val_p_e = Pattern.compile(""); //$NON-NLS-1$ + Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>"); //$NON-NLS-1$ + Pattern iss_nam_p_e = Pattern.compile(""); //$NON-NLS-1$ + Pattern sig_tim_p_s = Pattern.compile("<[\\w]*:?SigningTime>"); //$NON-NLS-1$ + Pattern sig_tim_p_e = Pattern.compile(""); //$NON-NLS-1$ + Pattern ser_num_p_s = Pattern.compile("<[\\w]*:?X509SerialNumber>"); //$NON-NLS-1$ + Pattern ser_num_p_e = Pattern.compile(""); //$NON-NLS-1$ + Pattern sig_cer_p_s = Pattern.compile("<[\\w]*:?X509Certificate>"); //$NON-NLS-1$ + Pattern sig_cer_p_e = Pattern.compile(""); //$NON-NLS-1$ + + // Pattern sig_cer_d_p_s = Pattern.compile("<[\\w]*:?CertDigest>"); + // //$NON-NLS-1$ + // Pattern sig_cer_d_p_e = Pattern.compile(""); + // //$NON-NLS-1$ + // Pattern dig_val_p_s = Pattern.compile("<[\\w]*:?DigestValue>"); + // //$NON-NLS-1$ + // Pattern dig_val_p_e = Pattern.compile(""); + // //$NON-NLS-1$ + + Matcher sig_val_m_s = sig_val_p_s.matcher(xmlResponse); + Matcher sig_val_m_e = sig_val_p_e.matcher(xmlResponse); + Matcher iss_nam_m_s = iss_nam_p_s.matcher(xmlResponse); + Matcher iss_nam_m_e = iss_nam_p_e.matcher(xmlResponse); + Matcher sig_tim_m_s = sig_tim_p_s.matcher(xmlResponse); + Matcher sig_tim_m_e = sig_tim_p_e.matcher(xmlResponse); + Matcher ser_num_m_s = ser_num_p_s.matcher(xmlResponse); + Matcher ser_num_m_e = ser_num_p_e.matcher(xmlResponse); + Matcher sig_cer_m_s = sig_cer_p_s.matcher(xmlResponse); + Matcher sig_cer_m_e = sig_cer_p_e.matcher(xmlResponse); + + // Matcher sig_cer_d_m_s = sig_cer_d_p_s.matcher(xmlResponse); + // Matcher sig_cer_d_m_e = sig_cer_d_p_e.matcher(xmlResponse); + // Matcher dig_val_m_s = dig_val_p_s.matcher(xmlResponse); + // Matcher dig_val_m_e = dig_val_p_e.matcher(xmlResponse); + + // SignatureValue + String sig_val = null; + if (sig_val_m_s.find() && sig_val_m_e.find()) + { + sig_val = BKUHelper.removeAllWhitespace(xmlResponse.substring(sig_val_m_s.end(), sig_val_m_e.start())); + } + log.debug("sig_val = " + sig_val); //$NON-NLS-1$ + + // X509IssuerName + String iss_nam = null; + if (iss_nam_m_s.find() && iss_nam_m_e.find()) + { + iss_nam = xmlResponse.substring(iss_nam_m_s.end(), iss_nam_m_e.start()); + } + log.debug("iss_nam = " + iss_nam); //$NON-NLS-1$ + + // X509SerialNumber + String ser_num = null; + if (ser_num_m_s.find() && ser_num_m_e.find()) + { + ser_num = BKUHelper.removeAllWhitespace(xmlResponse.substring(ser_num_m_s.end(), ser_num_m_e.start())); + } + log.debug("ser_num = " + ser_num); //$NON-NLS-1$ + + // SigningTime + String sig_tim = null; + if (sig_tim_m_s.find() && sig_tim_m_e.find()) + { + sig_tim = xmlResponse.substring(sig_tim_m_s.end(), sig_tim_m_e.start()); + } + log.debug("sig_tim = " + sig_tim); //$NON-NLS-1$ + + // CertDigest + // if (sig_cer_d_m_s.find() && sig_cer_d_m_e.find()) + // { + // String cert_digest = xmlResponse.substring(sig_cer_d_m_s.end(), + // sig_cer_d_m_e.start()); + // if (dig_val_m_s.find() && dig_val_m_e.find()) + // { + // sig_dig = cert_digest.substring(dig_val_m_s.end(), dig_val_m_e.start()); + // //sigObj.setX509CertificateDigest(sig_dig); + // } + // } + + // X509Certificate + X509Certificate cert = null; + if (sig_cer_m_s.find() && sig_cer_m_e.find()) + { + String sig_cer = BKUHelper.removeAllWhitespace(xmlResponse.substring(sig_cer_m_s.end(), sig_cer_m_e.start())); + + try + { + byte[] der = CodingHelper.decodeBase64(sig_cer); + ByteArrayInputStream bais = new ByteArrayInputStream(der); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$ + cert = (X509Certificate) cf.generateCertificate(bais); + bais.close(); + } + catch (UnsupportedEncodingException e) + { + log.error(e); + throw new ConnectorException(300, e); + } + catch (CertificateException e) + { + log.error(e); + throw new ConnectorException(300, e); + } + catch (IOException e) + { + log.error(e); + throw new ConnectorException(300, e); + } + } + log.debug("X509Certificate = " + cert); //$NON-NLS-1$ + + if (log.isDebugEnabled()) + { + + String cert_iss = cert.getIssuerDN().getName(); + log.debug("certificate's issuer = " + cert_iss); //$NON-NLS-1$ + log.debug("response's issuer = " + iss_nam); //$NON-NLS-1$ + log.debug("issuer matches = " + cert_iss.equals(iss_nam)); //$NON-NLS-1$ + log.debug("ser number matches = " + cert.getSerialNumber().toString().equals(ser_num)); //$NON-NLS-1$ + } + + SignSignatureObject so = new SignSignatureObject(); + so.date = sig_tim; + so.issuer = iss_nam; + so.signatureValue = sig_val; + so.x509Certificate = cert; + + so.id = id_formatter.formatIds(null); + + return so; + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java new file mode 100644 index 0000000..d37ead0 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java @@ -0,0 +1,25 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.sigid; + +/** + * @author wprinz + * + */ +public class DetachedLocRefMOAIdFormatter implements IdFormatter +{ + /** + * The SIG_ID prefix. + */ + public static final String SIG_ID_PREFIX = "etsi-moa-detached@"; //$NON-NLS-1$ + + /** + * @see at.knowcenter.wag.egov.egiz.sig.sigid.IdFormatter#formatIds(java.lang.String[]) + */ + public String formatIds(String[] ids) + { + return SIG_ID_PREFIX; + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/OldMOAIdFormatter.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/OldMOAIdFormatter.java new file mode 100644 index 0000000..05f5db8 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/OldMOAIdFormatter.java @@ -0,0 +1,21 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.sigid; + +/** + * @author wprinz + * + */ +public class OldMOAIdFormatter implements IdFormatter +{ + + /** + * @see at.knowcenter.wag.egov.egiz.sig.sigid.IdFormatter#formatIds(java.lang.String[]) + */ + public String formatIds(String[] ids) + { + return null; + } + +} -- cgit v1.2.3