From a0de2a3b2a5f4a99f280f5caebbca0d183ae109a Mon Sep 17 00:00:00 2001 From: tknall Date: Wed, 7 Feb 2007 10:08:21 +0000 Subject: Bugfix: Querformat, BKU 2.7.x, ... git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@35 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../wag/egov/egiz/sig/LocalConnector.java | 12 +- .../wag/egov/egiz/sig/SignatureObject.java | 175 +++++++++++++++++---- .../wag/egov/egiz/sig/connectors/BKUConnector.java | 89 ++++++++--- .../egiz/sig/connectors/BKUPostConnection.java | 54 ++++++- 4 files changed, 276 insertions(+), 54 deletions(-) (limited to 'src/main/java/at/knowcenter/wag/egov/egiz/sig') diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LocalConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LocalConnector.java index 13e0b65..65c79a9 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/LocalConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/LocalConnector.java @@ -17,6 +17,8 @@ */ package at.knowcenter.wag.egov.egiz.sig; +import java.util.Properties; + import at.knowcenter.wag.egov.egiz.exceptions.SignatureException; /** @@ -74,27 +76,25 @@ public interface LocalConnector extends Connector /** * Analyzes the sign response string. * - * @param response_string - * The response string from the local service. * @param signature_type * The type of the signature. * @return Returns the SignatureObject of the sign request. * @throws SignatureException * F.e. */ - public SignatureObject analyzeSignResponse(String response_string, + // TODO hotfix + public SignatureObject analyzeSignResponse(Properties response_properties, String signature_type) throws SignatureException; /** * Analyzes the verify response string. * - * @param response_string - * The response string from the local service. * @return Returns the SignatureResponse of the verify request. * @throws SignatureException * F.e. */ - public SignatureResponse analyzeVerifyResponse(String response_string) throws SignatureException; + // TODO hotfix + public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws SignatureException; /** * Returns the sign URL of the local service. diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java index 9a7a036..ae50c5e 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java @@ -31,6 +31,7 @@ import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Properties; import java.util.Set; import java.util.Vector; @@ -41,13 +42,14 @@ import at.knowcenter.wag.egov.egiz.cfg.ConfigLogger; import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; import at.knowcenter.wag.egov.egiz.exceptions.InvalidIDException; import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException; +import at.knowcenter.wag.egov.egiz.exceptions.SettingNotFoundException; import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; import at.knowcenter.wag.egov.egiz.exceptions.SignatureException; import at.knowcenter.wag.egov.egiz.exceptions.SignatureTypesException; -import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIException; import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIFactory; import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter; +import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; import at.knowcenter.wag.egov.egiz.table.Entry; import at.knowcenter.wag.egov.egiz.table.Style; import at.knowcenter.wag.egov.egiz.table.Table; @@ -181,7 +183,7 @@ public class SignatureObject implements Serializable *

*/ protected String raw_signature_response = null; - + /** * Filters the issuer name in order to find matches. * @author tknall @@ -199,8 +201,6 @@ public class SignatureObject implements Serializable } }; - - /** * The empty constructor. It initilize the normlizer, load the settings and * set the default styles. @@ -270,7 +270,6 @@ public class SignatureObject implements Serializable defaultImageStyle_.setPadding(3); defaultImageStyle_.setHAlign(Style.CENTER); defaultImageStyle_.setVAlign(Style.MIDDLE); -// defaultImageStyle_.setBgColor(new Color(255, 255, 255)); defaultImageStyle_.setBgColor(null); defaultCaptionStyle_.setHAlign(Style.CENTER); @@ -737,20 +736,42 @@ public class SignatureObject implements Serializable setSigValue(SignatureTypes.SIG_ID, sigIds); } - /** - * Set the signation id's build by a BKU signated SignatureObject. - * - * @param sigIds - * The sination id's are defined into five parts, that have the same - * base as prefix. Therefore the ids's are reduced by the base prefix - * and stored in the SignatureObject. - */ - public void setSignationIDs(String[] sigIds) + // /** + // * Set the signation id's build by a BKU signated SignatureObject. + // * + // * @param sigIds + // * The sination id's are defined into five parts, that have the same + // * base as prefix. Therefore the ids's are reduced by the base prefix + // * and stored in the SignatureObject. + // */ + // public void setSignationIDs(String[] sigIds) + // { + // String join = ""; + // String base = null; + // for (int arr_idx = 0; arr_idx < sigIds.length; arr_idx++) + // { + // String id = sigIds[arr_idx]; + // if (logger_.isDebugEnabled()) + // { + // logger_.debug("Set BKU id:" + id); + // } + // int id_idx = id.lastIndexOf("-"); + // if (arr_idx == 0) + // { + // base = id.substring(0, id_idx); + // } + // String cur_id = id.substring(id_idx + 1); + // join += "-" + cur_id; + // } + // setSignationIDs(base + "@" + join.substring(1)); + // } + + // TODO hotfix + public static String formatSigIds(Properties response_properties, + String[] sigIds) throws SignatureException { - - // FIXME[tknall]: implement workaround resp. failsafe behaviour for ids like "Signature-123456789" - - String join = ""; + // ids algorithm: + String join = ""; String base = null; for (int arr_idx = 0; arr_idx < sigIds.length; arr_idx++) { @@ -767,7 +788,47 @@ public class SignatureObject implements Serializable String cur_id = id.substring(id_idx + 1); join += "-" + cur_id; } - setSignationIDs(base + "@" + join.substring(1)); + // setSignationIDs(base + "@" + join.substring(1)); + String ids = base + "@" + join.substring(1); + // :ids algorithm + + String productName = response_properties.getProperty("productName"); + logger_.debug("productName = " + productName); + if (!productName.equals("trustDeskbasic")) + { + final String msg = "The BKU environment " + productName + " is not trustDeskbasic and therefore the productVersion cannot be decided."; + logger_.error(msg); + throw new SignatureException(0, msg); + } + + String productVersion = response_properties.getProperty("productVersion"); + logger_.debug("productVersion = " + productVersion); + boolean new_etsi = decideNewEtsiByBKUVersion(productVersion); + logger_.debug("verwende neue etsi properties = " + new_etsi); + + String etsi_prefix = ""; + if (new_etsi) + { + // TODO hotfix + etsi_prefix = "etsi-bka-1.0@"; + } + + String final_ids = etsi_prefix + ids; + logger_.debug("final_ids = " + final_ids); + + return final_ids; + } + + // TODO hotfix + public static boolean decideNewEtsiByBKUVersion(String productVersion) + { + boolean new_etsi = true; + // TODO make better + if (productVersion.startsWith("2.5") || productVersion.startsWith("2.4") || productVersion.startsWith("2.3") || productVersion.startsWith("2.2") || productVersion.startsWith("2.1") || productVersion.startsWith("1") || productVersion.startsWith("0")) + { + new_etsi = false; + } + return new_etsi; } /** @@ -837,9 +898,51 @@ public class SignatureObject implements Serializable * * @return the id array */ - public String[] getSignationIds() + // TODO hotifx + public String getSignationIds() { String sig_ids = getSigValue(SignatureTypes.SIG_ID); + return sig_ids; + + // if (sig_ids == null || sig_ids.length() == 0) + // { + // return null; + // } + // + // // int index = sig_ids.indexOf(PdfAS.IDS); + // // if (index < 0) + // // { + // // return null; + // // } + // // sig_ids = sig_ids.substring(index + PdfAS.IDS.length()); + // // + // // if (sig_ids == null || sig_ids.length() == 0) + // // { + // // return null; + // // } + // + // String[] ids_str = sig_ids.split("@"); + // String base = ids_str[0]; + // String[] ids = ids_str[1].split("-"); + // String[] real_ids = new String[5]; + // real_ids[0] = base + "-" + ids[0]; + // real_ids[1] = "0-" + base + "-" + ids[1]; + // real_ids[2] = "0-" + base + "-" + ids[2]; + // real_ids[3] = "0-" + base + "-" + ids[3]; + // real_ids[4] = "0-" + base + "-" + ids[4]; + // if (logger_.isDebugEnabled()) + // { + // for (int id_idx = 0; id_idx < real_ids.length; id_idx++) + // { + // logger_.debug("Set BKU id:" + real_ids[id_idx]); + // } + // } + // return real_ids; + } + + // TODO hotfix + public static String[] parseSigIds(String sig_ids) + { if (sig_ids == null || sig_ids.length() == 0) { return null; @@ -858,21 +961,33 @@ public class SignatureObject implements Serializable // } String[] ids_str = sig_ids.split("@"); + + String etsi_string = null; + if (ids_str.length == 3) + { + etsi_string = ids_str[0]; + String[] rest_ids = new String[] { ids_str[1], ids_str[2] }; + ids_str = rest_ids; + } + String base = ids_str[0]; String[] ids = ids_str[1].split("-"); - String[] real_ids = new String[5]; + String[] real_ids = new String[6]; // the last one contains the etsi string real_ids[0] = base + "-" + ids[0]; real_ids[1] = "0-" + base + "-" + ids[1]; real_ids[2] = "0-" + base + "-" + ids[2]; real_ids[3] = "0-" + base + "-" + ids[3]; real_ids[4] = "0-" + base + "-" + ids[4]; + real_ids[5] = etsi_string; + if (logger_.isDebugEnabled()) { for (int id_idx = 0; id_idx < real_ids.length; id_idx++) { - logger_.debug("Set BKU id:" + real_ids[id_idx]); + logger_.debug("real_ids[" + id_idx + "] = " + real_ids[id_idx]); } } + return real_ids; } @@ -1364,6 +1479,12 @@ public class SignatureObject implements Serializable } SignatureTypes sig_types = SignatureTypes.getInstance(); signatureDefinition_ = sig_types.getSignatureTypeDefinition(sigType_); + if (signatureDefinition_ == null) + { + final String msg = "The SignatureObject's sigType '" + sigType_ + "' wasn't found in the configuration file's specified signature profiles. This usually happens if the sig_obj.type.default object has been turned off or is misspelled."; + logger_.error(msg); + throw new SignatureTypesException(msg); + } Map key_cap_map = signatureDefinition_.getKeyCaptionMap(); if (key_cap_map != null) { @@ -1409,10 +1530,10 @@ public class SignatureObject implements Serializable } } // value = new String(CodingHelper.encodeUTF8(value)); -// if (logger_.isDebugEnabled()) -// { -// logger_.debug("key:" + key + " value:" + value); -// } + // if (logger_.isDebugEnabled()) + // { + // logger_.debug("key:" + key + " value:" + value); + // } setSigValue(key, value); } } @@ -1534,6 +1655,4 @@ public class SignatureObject implements Serializable return strg; } - - } \ No newline at end of file diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java index 3b672f1..6327a11 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUConnector.java @@ -18,6 +18,7 @@ package at.knowcenter.wag.egov.egiz.sig.connectors; import java.io.UnsupportedEncodingException; +import java.util.Properties; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -116,9 +117,9 @@ public class BKUConnector implements LocalConnector String request_string = prepareSignRequest(userName, signText, sigType); String sign_url = getSignURL(sigType); - String response_string = sendRequest(sign_url, request_string); + Properties response_properties = sendRequest(sign_url, request_string); - return analyzeSignResponse(response_string, sigType); + return analyzeSignResponse(response_properties, sigType); } /** @@ -140,9 +141,9 @@ public class BKUConnector implements LocalConnector String request_string = prepareVerifyRequest(normalizedText, sigObject); String verify_url = getVerifyURL(sigObject.getSignationType()); - String response_string = sendRequest(verify_url, request_string); + Properties response_properties = sendRequest(verify_url, request_string); - return analyzeVerifyResponse(response_string); + return analyzeVerifyResponse(response_properties); } /** @@ -162,8 +163,10 @@ public class BKUConnector implements LocalConnector * @see CodingHelper * @see X509Cert */ - private void parseCreateXMLResponse(String xmlResponse, SignatureObject sigObj) throws SignatureException + private void parseCreateXMLResponse(Properties response_properties, SignatureObject sigObj) throws SignatureException { + String xmlResponse = response_properties.getProperty("response_string"); + Pattern sig_val_p_s = Pattern.compile("<[\\w]*:?SignatureValue>"); Pattern sig_val_p_e = Pattern.compile(""); Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>"); @@ -266,7 +269,11 @@ public class BKUConnector implements LocalConnector ids[2] = extractId(xmlResponse, "signed-data-object-"); ids[3] = extractId(xmlResponse, "etsi-data-reference-"); ids[4] = extractId(xmlResponse, "etsi-data-object-"); - sigObj.setSignationIDs(ids); + + //TODO hotfix + String final_ids =SignatureObject.formatSigIds(response_properties, ids); + //sigObj.setSignationIDs(ids); + sigObj.setSignationIDs(final_ids); } /** @@ -283,6 +290,13 @@ public class BKUConnector implements LocalConnector String id = null; int start_idx = text.indexOf(name) + name.length(); int end_idx = text.indexOf("\"", start_idx); + + // TODO hotfix! + final int quot_end_idx = end_idx; + final int squot_end_idx = text.indexOf("'", start_idx); + end_idx = Math.min(quot_end_idx, squot_end_idx); + // TODO hotfix end! + id = text.substring(start_idx, end_idx); if (logger_.isDebugEnabled()) { @@ -324,6 +338,21 @@ public class BKUConnector implements LocalConnector String verify_template = getVerifyTemplateFileName(sigObject.getSignationType()); String sig_prop_filename = getSigPropFileName(sigObject.getSignationType()); + String ids_string = sigObject.getSignationIds(); + logger_.debug("ids_string = " + ids_string); + String[] ids = SignatureObject.parseSigIds(ids_string); + + // TODO hotfix + final boolean neue_bku = ids[5] != null; + logger_.debug("ids[5] = " + ids[5]); + logger_.debug("neue_bku = " + neue_bku); + if (neue_bku) + { + verify_template = getConnectorValueFromProfile(sigObject.getSignationType(), "bku.verify.template2"); //"./templates/BKUVerifyTemplateB64_neueBKU.xml"; + sig_prop_filename = getConnectorValueFromProfile(sigObject.getSignationType(), "bku.verify.template2.SP"); //"./templates/BKUVerifyTemplateSP_neueBKU.xml"; + } + + String ver_temp_str = FileHelper.readFromFile(SettingsReader.relocateFile(verify_template)); String sig_prop_str = FileHelper.readFromFile(SettingsReader.relocateFile(sig_prop_filename)); if (logger_.isDebugEnabled()) @@ -345,8 +374,7 @@ public class BKUConnector implements LocalConnector cert_alg = settings_.getValueFromKey("cert.alg.rsa"); } - String[] ids = sigObject.getSignationIds(); - sig_prop_str = sig_prop_str.replaceFirst("SigningTimeReplace", sigObject.getSignationDate()); + sig_prop_str = sig_prop_str.replaceFirst("SigningTimeReplace", sigObject.getSignationDate()); String issuer_name = sigObject.getSignationIssuer(); // The issuer is already unicode, so it mustn't be encoded again. @@ -362,6 +390,26 @@ public class BKUConnector implements LocalConnector ver_temp_str = ver_temp_str.replaceFirst("CertAlgReplace", cert_alg); ver_temp_str = ver_temp_str.replaceFirst("TemplateQualifyingPropertiesReplace", sig_prop_str); byte[] sig_prop_code = CodingHelper.buildDigest(sig_prop_str.getBytes("UTF-8")); + + // TODO hotfix + if (neue_bku) + { + final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; + final int hash_end = sig_prop_str.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length(); + assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; + assert hash_end > hash_start; + + final String string_to_be_hashed = sig_prop_str.substring(hash_start, hash_end); + logger_.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); + + final byte [] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); + sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed); + } + String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); ver_temp_str = ver_temp_str.replaceFirst("DigestValueSignedPropertiesReplace", sig_prop_hash); if (logger_.isDebugEnabled()) @@ -445,7 +493,7 @@ public class BKUConnector implements LocalConnector Pattern cert_qualified_p = Pattern.compile(""); Matcher cert_qualified_m = cert_qualified_p.matcher(xmlResponse); // [tknall] stop qualified certificate - + Pattern code_p_s = Pattern.compile(""); Pattern code_p_e = Pattern.compile(""); Pattern info_p_s = Pattern.compile(""); @@ -472,7 +520,7 @@ public class BKUConnector implements LocalConnector Matcher cert_m_e = cert_p_e.matcher(xmlResponse); SignatureResponse sig_res = new SignatureResponse(); - + // [tknall] start qualified certificate sig_res.setQualifiedCertificate(cert_qualified_m.find()); // [tknall] stop qualified certificate @@ -613,7 +661,7 @@ public class BKUConnector implements LocalConnector verify_req_str = verify_req_str.replaceFirst("XMLContentReplace", verify_template_str); if (logger_.isDebugEnabled()) { - //logger_.debug(verify_request + "_request.xml : " + verify_req_str); + logger_.debug("verify_req_str.xml : " + verify_req_str); } return verify_req_str; @@ -630,12 +678,12 @@ public class BKUConnector implements LocalConnector * @throws SignatureException * F.e. */ - protected String sendRequest(String url, String request_string) throws SignatureException + protected Properties sendRequest(String url, String request_string) throws SignatureException { try { - String response_string = BKUPostConnection.doPostRequest(url, request_string); - return response_string; + Properties response_properties = BKUPostConnection.doPostRequest(url, request_string); + return response_properties; } catch (Exception e) { @@ -644,11 +692,14 @@ public class BKUConnector implements LocalConnector } } - public SignatureObject analyzeSignResponse(String response_string, + public SignatureObject analyzeSignResponse(Properties response_properties, String sigType) throws SignatureException { //String sign_request_filename = getSignRequestTemplateFileName(sigType); + // TODO hotfix + String response_string = response_properties.getProperty("response_string"); + SignatureObject sig_obj = new SignatureObject(); sig_obj.setRawSignatureResponse(response_string); try @@ -699,17 +750,19 @@ public class BKUConnector implements LocalConnector { if (logger_.isDebugEnabled()) { - //logger_.debug(sign_request_filename + "_response.xml : " + response_string); + logger_.debug("signature_response_string: " + response_string); } - parseCreateXMLResponse(response_string, sig_obj); + parseCreateXMLResponse(response_properties, sig_obj); } } sig_obj.setSigResponse(response_string); return sig_obj; } - public SignatureResponse analyzeVerifyResponse(String response_string) throws SignatureException + public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws SignatureException { + String response_string = response_properties.getProperty("response_string"); + if (!response_string.equals("")) { Pattern erc_p_s = Pattern.compile("<[\\w]*:?ErrorCode>"); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUPostConnection.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUPostConnection.java index 773b248..1ddef5f 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUPostConnection.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/BKUPostConnection.java @@ -18,7 +18,11 @@ package at.knowcenter.wag.egov.egiz.sig.connectors; import java.io.IOException; +import java.util.Properties; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import org.apache.commons.httpclient.Header; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpException; import org.apache.commons.httpclient.NameValuePair; @@ -52,7 +56,7 @@ public abstract class BKUPostConnection * @throws HttpException * ErrorCode:320 */ - public static String doPostRequest(String url, String request) throws HttpException, IOException + public static Properties doPostRequest(String url, String request) throws HttpException, IOException { PostMethod post_method = new PostMethod(url); @@ -81,6 +85,23 @@ public abstract class BKUPostConnection int method_response = http_client.executeMethod(post_method); logger_.debug("method_response = " + method_response); + Properties response_properties = new Properties(); + + if (logger_.isDebugEnabled()) + { + Header[] response_headers = post_method.getResponseHeaders(); + logger_.debug("#" + response_headers.length + " headers in response:"); + for (int i = 0; i < response_headers.length; i++) + { + logger_.debug(" response_header[" + i + "]: name = " + response_headers[i].getName() + ", value = " + response_headers[i].getValue()); + } + } + + Header server_header = post_method.getResponseHeader("Server"); + logger_.debug("server_header: name = " + server_header.getName() + ", value = " + server_header.getValue()); + parseBKUVersion(server_header.getValue(), response_properties); + + byte[] response_body = post_method.getResponseBody(); String response_string = new String(response_body, "UTF-8"); @@ -89,7 +110,36 @@ public abstract class BKUPostConnection // response. // String response_string = post.getResponseBodyAsString(); - return response_string; + response_properties.setProperty("response_string", response_string); + + return response_properties; } + // TODO hotfix + public static void parseBKUVersion(String header_value, Properties properties) + { + Pattern pattern = Pattern.compile("^citizen-card-environment/(\\d+\\.\\d+) (.+)/(\\d+\\.\\d+\\.\\d+)$"); + Matcher m = pattern.matcher(header_value); + + m.matches(); + + logger_.debug("group count = " + m.groupCount()); + + for (int i = 0; i <= m.groupCount(); i++) + { + logger_.debug(" group[" + i + "] = " + m.group(i)); + } + + final String cceVersion = m.group(1); + final String productName = m.group(2); + final String productVersion = m.group(3); + + logger_.debug("cceVersion = " + cceVersion); + logger_.debug("productName = " + productName); + logger_.debug("productVersion = " + productVersion); + + properties.setProperty("cceVersion", cceVersion); + properties.setProperty("productName", productName); + properties.setProperty("productVersion", productVersion); + } } -- cgit v1.2.3