From ad806535da32c317abba16d29326e65b7c10bf13 Mon Sep 17 00:00:00 2001
From: tknall <tknall@7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c>
Date: Thu, 12 Aug 2010 07:50:58 +0000
Subject: more logging new errorcode for invalid signature dictionary (232)
 detect invalid signature dictionary detect errors (invalid glyph mappings)
 when extracting text remove useless certificate digest calculation remove
 invocation of erroneous getCertDigest method webapp: hotfix for NPE
 adjustments for new mocca (applet) version (layout) POM: removed deprecated
 maven elements

git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@587 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c
---
 .../wag/egov/egiz/sig/SignatureObject.java         | 61 +++++++++++++++++++---
 .../at/knowcenter/wag/egov/egiz/sig/X509Cert.java  |  2 +-
 2 files changed, 54 insertions(+), 9 deletions(-)

(limited to 'src/main/java/at/knowcenter/wag/egov/egiz/sig')

diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
index 66daf57..0b39a5b 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java
@@ -570,7 +570,7 @@ public class SignatureObject implements Serializable
     {
       setSigValue(SignatureTypes.SIG_ISSUER, cert.getIssuerName());
       setSigValue(SIG_CER, cert.getCertString());
-      setSigValue(SIG_CER_DIG, cert.getCertDigest());
+      // setSigValue(SIG_CER_DIG, cert.getCertDigest());
       x509Cert_ = cert;
     }
     issuer = getSigValue(SignatureTypes.SIG_ISSUER);
@@ -670,13 +670,13 @@ public class SignatureObject implements Serializable
     {
       setSigValue(SignatureTypes.SIG_ISSUER, cert.getIssuerName());
       setSigValue(SIG_CER, cert.getCertString());
-      setSigValue(SIG_CER_DIG, cert.getCertDigest());
+      // setSigValue(SIG_CER_DIG, cert.getCertDigest());
       x509Cert_ = cert;
     }
   }
 
   /**
-   * @return the current X509CertificateDigest value.
+   * @return the current X509CertificateDigest value (as SHA1 digest).
    */
   public String getX509CertificateDigest()
   {
@@ -684,7 +684,10 @@ public class SignatureObject implements Serializable
     if (dig == null)
     {
       loadCurrentCert();
-      dig = getSigValue(SIG_CER_DIG);
+      byte[] cert_b64 = CodingHelper.decodeBase64(x509Cert_.getCertString());
+      byte[] cert_hash = CodingHelper.buildDigest(cert_b64, "SHA");
+      dig = new String(CodingHelper.encodeBase64(cert_hash));
+      setSigValue(SIG_CER_DIG, dig);
     }
     return dig;
   }
@@ -710,7 +713,7 @@ public class SignatureObject implements Serializable
   public void setX509Certificate(String x509Certificate)
   {
     setSigValue(SIG_CER, x509Certificate);
-    storeCertificate(getSignationSerialNumber(), getSignationIssuer(), x509Certificate, getX509CertificateDigest());
+    storeCertificate(getSignationSerialNumber(), getSignationIssuer(), x509Certificate);
   }
   
   public void setX509Certificate(X509Certificate cert)
@@ -722,7 +725,7 @@ public class SignatureObject implements Serializable
 //      setX509Certificate(certStr);
       X509Cert knowcenterCert = X509Cert.initByX509Certificate(cert);
       setSigValue(SIG_CER, knowcenterCert.getCertString());
-      storeCertificate(cert.getSerialNumber().toString(), knowcenterCert.getIssuerName(), knowcenterCert.getCertString(), knowcenterCert.getCertDigest());
+      storeCertificate(cert.getSerialNumber().toString(), knowcenterCert.getIssuerName(), knowcenterCert.getCertString());
     }
     catch (CertificateEncodingException e)
     {
@@ -1339,9 +1342,51 @@ public class SignatureObject implements Serializable
    * @param x509Digest
    *          the digest value of the given x509Certificate
    * @return true the certificate is stored completely, false otherwise
+   * @deprecated Use {@link #storeCertificate(String, String, String)} instead.
    */
   private boolean storeCertificate(String serialNumber, String issuer,
-      String x509Certificate, String x509Digest)
+		  String x509Certificate, String x509Digest)
+  {
+	  return storeCertificate(serialNumber, issuer, x509Certificate);
+  }
+  
+  /**
+   * This method stores a X509v3 certificate to the filesystem. The reference to
+   * the stored certificate is build by the serialNumber and the issuer string.
+   * The issuer string is normalized because if getting this value from a pdf
+   * extraction it can be splited into more sections or necessary spaces are
+   * removed. The real issuer value is stored in the certificates meta file. The
+   * certficate is devided into two files: certificate.der (the binary value)
+   * and the meta information used in SignatureObjects as well in
+   * SignatureImages of a signed pdf-document. The storing path of the
+   * certificate is build by:
+   * <ol>
+   * <li>normalize the issuer string</li>
+   * <li>reduce all white spaces in the normalized issuer string</li>
+   * <li>build a hash value of this reduced string</li>
+   * <li>code this hash value as base64 value</li>
+   * <li>add the base64 normalized issuer hash value to the certificate base
+   * store path</li>
+   * <li>add the serialNumber to the cert path</li>
+   * <li>add the <code>.der</code> extension to get the certificate binary</li>
+   * <li>add the <code>.txt</code> extension to get the meta information of
+   * the certificate</li>
+   * </ol>
+   * 
+   * The certificate meta file is build by the base64 coded issuer string and
+   * the cert digest value devided by the <code>@</code> char.
+   * 
+   * @param serialNumber
+   *          the file name of the certificate .der|.txt
+   * @param issuer
+   *          the issuer string for the file path value of the certificate and
+   *          for metainformation
+   * @param x509Certificate
+   *          the x509v3 binary string
+   * @return true the certificate is stored completely, false otherwise
+   */
+  private boolean storeCertificate(String serialNumber, String issuer,
+      String x509Certificate)
   {
     boolean store_complete = false;
     if (issuer != null && serialNumber != null)
@@ -1377,7 +1422,7 @@ public class SignatureObject implements Serializable
     }
     return store_complete;
   }
-
+  
   /**
    * @return Returns the AbstractTable.
    * @see at.knowcenter.wag.egov.egiz.table.Table
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java
index fbd89fa..3e230c5 100644
--- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java
+++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/X509Cert.java
@@ -316,6 +316,7 @@ public class X509Cert implements Serializable
 
   /**
    * @return Returns the certificate digest value.
+   * @deprecated Should not be used any more.
    */
   public String getCertDigest()
   {
@@ -324,7 +325,6 @@ public class X509Cert implements Serializable
       if (certString_ != null)
       {
         byte[] cert_b64 = CodingHelper.decodeBase64(certString_);
-        // dferbas: read digest method from certificate
         String sigAlgName = this.x509Cert_.getSigAlgName();
         String digestAlg = sigAlgName.split("/")[0];
         if (sigAlgName.toLowerCase().indexOf("with") != -1 ) {
-- 
cgit v1.2.3