From 8f2a983cb8e9be9e71e3df04edd00a4bc0673862 Mon Sep 17 00:00:00 2001 From: knowcenter Date: Fri, 18 May 2007 15:42:55 +0000 Subject: detached connectors git-svn-id: https://joinup.ec.europa.eu/svn/pdf-as/trunk@92 7b5415b0-85f9-ee4d-85bd-d5d0c3b42d1c --- .../java/at/knowcenter/wag/egov/egiz/PdfAS.java | 227 +++++++--------- .../knowcenter/wag/egov/egiz/commandline/Main.java | 32 ++- .../wag/egov/egiz/sig/SignatureObject.java | 36 +-- .../egov/egiz/sig/connectors/ConnectorChooser.java | 297 +++++++++++++++++++++ .../sig/connectors/bku/DetachedBKUConnector.java | 45 ++-- .../bku/EnvelopedBase64BKUConnector.java | 93 ++++--- .../bku/OldEnvelopingBase64BKUConnector.java | 112 ++++++++ .../connectors/moa/DetachedLocRefMOAConnector.java | 2 +- .../moa/EnvelopingBase64MOAConnector.java | 58 ++-- .../egov/egiz/sig/sigid/DetachedIdFormatter.java | 4 +- .../sig/sigid/DetachedLocRefMOAIdFormatter.java | 2 +- .../wag/egov/egiz/sig/sigid/HotfixIdFormatter.java | 4 +- .../wag/egov/egiz/sig/sigkz/SigKZIDHelper.java | 131 +++++++++ .../wag/egov/egiz/web/LocalRequestHelper.java | 9 +- .../wag/egov/egiz/web/servlets/DataURLServlet.java | 11 +- .../wag/egov/egiz/web/servlets/SignServlet.java | 3 +- .../wag/egov/egiz/web/servlets/VerifyServlet.java | 23 +- 17 files changed, 830 insertions(+), 259 deletions(-) create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/ConnectorChooser.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java create mode 100644 src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java (limited to 'src/main/java/at/knowcenter') diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java index 9359c96..98a164d 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/PdfAS.java @@ -19,6 +19,7 @@ package at.knowcenter.wag.egov.egiz; import java.io.ByteArrayInputStream; import java.io.IOException; +import java.io.UnsupportedEncodingException; import java.util.ArrayList; import java.util.Collections; import java.util.Comparator; @@ -30,7 +31,6 @@ import org.apache.commons.logging.LogFactory; import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; -import at.knowcenter.wag.egov.egiz.exceptions.ConnectorFactoryException; import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException; import at.knowcenter.wag.egov.egiz.exceptions.PDFDocumentException; import at.knowcenter.wag.egov.egiz.exceptions.PresentableException; @@ -60,11 +60,8 @@ import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; import at.knowcenter.wag.egov.egiz.sig.SignatureTypeDefinition; import at.knowcenter.wag.egov.egiz.sig.SignatureTypes; import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; -import at.knowcenter.wag.egov.egiz.sig.connectors.bku.DetachedBKUConnector; -import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector; -import at.knowcenter.wag.egov.egiz.sig.connectors.bku.MultipartDetachedBKUConnector; +import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; -import at.knowcenter.wag.egov.egiz.sig.connectors.moa.EnvelopingBase64MOAConnector; import at.knowcenter.wag.egov.egiz.tools.CodingHelper; import at.knowcenter.wag.egov.egiz.tools.Normalizer; import at.knowcenter.wag.exactparser.ParseDocument; @@ -773,6 +770,21 @@ public abstract class PdfAS } return results; } + + // TODO the choosing algorithm should be extracted into a visitor or factory design pattern. + public static List verifySignatureHoldersWeb(List signature_holders, + String connector, String loc_ref) throws PDFDocumentException, NormalizeException, SignatureException + { + List results = new ArrayList(); + for (int i = 0; i < signature_holders.size(); i++) + { + SignatureHolder holder = (SignatureHolder) signature_holders.get(i); + + SignatureResponse result = verifyWeb(holder, connector, loc_ref); + results.add(result); + } + return results; + } /** * Verifies a SignatureHolder using the given connector. @@ -810,40 +822,95 @@ public abstract class PdfAS throw new SignatureException(312, "Document can not be verified because no signature object are set."); } - try + // FIXME this has to be made better + SignatureData sd = null; + if (so_to_be_verified.isBinary()) + { + byte[] data = CodingHelper.decodeBase64(text_to_be_verified); + sd = new SignatureDataImpl(data, "application/pdf"); + } + else { - // FIXME this has to be made better - SignatureData sd = null; - if (so_to_be_verified.isBinary()) + try { - byte[] data = CodingHelper.decodeBase64(text_to_be_verified); - sd = new SignatureDataImpl(data, "application/pdf"); + sd = new SignatureDataImpl(text_to_be_verified.getBytes("UTF-8"), "text/plain", "UTF-8"); } - else + catch (UnsupportedEncodingException e) { - sd = new SignatureDataImpl(text_to_be_verified.getBytes("UTF-8"), "text/plain", "UTF-8"); + throw new RuntimeException("Very Strange: UTF-8 character encoding not supported???"); } + } + + SignSignatureObject so = new SignSignatureObject(); + so.date = so_to_be_verified.getSignationDate(); + so.signatureValue = so_to_be_verified.getSignationValue(); + so.issuer = so_to_be_verified.getSignationIssuer(); + so.x509Certificate = so_to_be_verified.getX509Cert().getX509Certificate(); + so.id = so_to_be_verified.getSignationIds(); + so.kz = so_to_be_verified.getKZ() == null ? null : so_to_be_verified.getKZ().toString(); + + String profile = so_to_be_verified.getSignatureTypeDefinition().getType(); + Connector c = ConnectorChooser.chooseCommandlineConnectorForVerify(connector, so_to_be_verified.getKZ(), so.id, profile); - SignSignatureObject so = new SignSignatureObject(); - so.date = so_to_be_verified.getSignationDate(); - so.signatureValue = so_to_be_verified.getSignationValue(); - so.issuer = so_to_be_verified.getSignationIssuer(); - so.x509Certificate = so_to_be_verified.getX509Cert().getX509Certificate(); - so.id = so_to_be_verified.getSignationIds(); - so.kz = so_to_be_verified.getKZ().toString(); + return c.doVerify(sd, so); - String profile = so_to_be_verified.getSignatureTypeDefinition().getType(); - Connector connector_impl = chooseConnector(profile, so_to_be_verified.getKZ(), so.getSigID(), connector); + } + + // TODO make this better using the visitor DP. + public static SignatureResponse verifyWeb(SignatureHolder signature_holder, + String connector, String loc_ref) throws NormalizeException, PDFDocumentException, SignatureException + { + String text_to_be_verified = signature_holder.getSignedText(); + // logger_.debug("verify text_to_be_verified"+text_to_be_verified); + SignatureObject so_to_be_verified = signature_holder.getSignatureObject(); - // Connector connector_impl = ConnectorFactory.createConnector(connector); - return connector_impl.doVerify(sd, so); + if (text_to_be_verified == null) + { + throw new SignatureException(311, "Document can not be verified because the text to be verified is either null."); } - catch (Exception e) + if (text_to_be_verified.length() <= 0) { - throw new SignatureException(310, e); + throw new SignatureException(311, "Document can not be verified because the length of the text to be verified is 0. (length = " + text_to_be_verified.length() + ")"); } - } + if (so_to_be_verified == null) + { + throw new SignatureException(312, "Document can not be verified because no signature object are set."); + } + + // FIXME this has to be made better + SignatureData sd = null; + if (so_to_be_verified.isBinary()) + { + byte[] data = CodingHelper.decodeBase64(text_to_be_verified); + sd = new SignatureDataImpl(data, "application/pdf"); + } + else + { + try + { + sd = new SignatureDataImpl(text_to_be_verified.getBytes("UTF-8"), "text/plain", "UTF-8"); + } + catch (UnsupportedEncodingException e) + { + throw new RuntimeException("Very Strange: UTF-8 character encoding not supported???"); + } + } + + SignSignatureObject so = new SignSignatureObject(); + so.date = so_to_be_verified.getSignationDate(); + so.signatureValue = so_to_be_verified.getSignationValue(); + so.issuer = so_to_be_verified.getSignationIssuer(); + so.x509Certificate = so_to_be_verified.getX509Cert().getX509Certificate(); + so.id = so_to_be_verified.getSignationIds(); + so.kz = so_to_be_verified.getKZ() == null ? null : so_to_be_verified.getKZ().toString(); + + String profile = so_to_be_verified.getSignatureTypeDefinition().getType(); + Connector c = ConnectorChooser.chooseWebConnectorForVerify(connector, so_to_be_verified.getKZ(), so.id, profile, loc_ref); + + return c.doVerify(sd, so); + + } /** * Signs the given text with the provided connector using the given signature * type. @@ -861,7 +928,7 @@ public abstract class PdfAS * F.e. */ public static SignSignatureObject sign(final SignatureData data_to_sign, - final String signature_type, final String connector) throws SignatureException, PDFDocumentException + final Connector connector) throws SignatureException, PDFDocumentException { if (data_to_sign == null || data_to_sign.getData() == null) { @@ -872,17 +939,8 @@ public abstract class PdfAS throw new SignatureException(301, "Signature can not be produced. Data is empty. (length = " + data_to_sign.getData().length + ")"); //$NON-NLS-1$ //$NON-NLS-2$ } - try - { - Connector connector_impl = chooseDetachedMultipartConnector(signature_type, connector); - - SignSignatureObject signed_signature_object = connector_impl.doSign(data_to_sign); - return signed_signature_object; - } - catch (ConnectorFactoryException e) - { - throw new SignatureException(300, e); - } + SignSignatureObject signed_signature_object = connector.doSign(data_to_sign); + return signed_signature_object; } /** @@ -937,7 +995,9 @@ public abstract class PdfAS IncrementalUpdateInformation iui = signator.prepareSign(pdf, signature_type, pos, ConnectorFactory.needsSIG_ID(connector)); - iui.signed_signature_object = sign(iui.signature_data, signature_type, connector); + Connector c = ConnectorChooser.chooseCommandlineConnectorForSign(connector, signature_type); + + iui.signed_signature_object = sign(iui.signature_data, c); SignResult sign_result = signator.finishSign(iui); @@ -1333,91 +1393,4 @@ public abstract class PdfAS return pos; } - /** - * - * @param sig_kz - * @param sig_id - * @return Returns the chosen Connector. - * @throws ConnectorFactoryException - */ - public static at.knowcenter.wag.egov.egiz.sig.connectors.Connector chooseConnector( - String profile, - PdfASID sig_kz, String sig_id, String sig_app) throws ConnectorFactoryException, ConnectorException - { - log.debug("chooseConnector:"); //$NON-NLS-1$ - - log.debug("sig_kz = " + sig_kz); //$NON-NLS-1$ - log.debug("sig_id = " + sig_id); //$NON-NLS-1$ - log.debug("sig_app = " + sig_app); //$NON-NLS-1$ - - if (sig_kz == null) - { - log.debug("sig_kz is null ==> alte Signatur"); //$NON-NLS-1$ - - return chooseEnvelopedBase64Connector(profile, sig_app); - } - - { - log.debug("sig_kz is not null ==> one of the newer signatures"); - - if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0)) - { - log.debug("Version is 1.0.0 ==> Base64 Signatur eventuell Hotfix."); - - return chooseEnvelopedBase64Connector(profile, sig_app); - } - if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_1_0)) - { - log.debug("Version is 1.1.0 ==> Detached Multipart Signatur."); - - return chooseDetachedMultipartConnector(profile, sig_app); - } - } - - log.debug("chooseConnector."); //$NON-NLS-1$ - return null; - } - - protected static final String BKU = "bku"; //$NON-NLS-1$ - - protected static final String MOA = "moa"; //$NON-NLS-1$ - - protected static at.knowcenter.wag.egov.egiz.sig.connectors.Connector chooseEnvelopedBase64Connector( - String profile, String sig_app) throws ConnectorFactoryException, ConnectorException - { - if (sig_app.equals(BKU)) - { - log.debug("sig_app is BKU ==> EnvelopedBase64BKUConnector"); //$NON-NLS-1$ - - return new EnvelopedBase64BKUConnector(profile); - } - if (sig_app.equals(MOA)) - { - log.debug("sig_app is MOA ==> EnvelopedBase64MOAConnector"); //$NON-NLS-1$ - - return new EnvelopingBase64MOAConnector(profile); - } - throw new ConnectorFactoryException("Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$ - - } - - protected static at.knowcenter.wag.egov.egiz.sig.connectors.Connector chooseDetachedMultipartConnector( - String profile, String sig_app) throws ConnectorException, ConnectorFactoryException - { - if (sig_app.equals(BKU)) - { - log.debug("sig_app is BKU ==> DetachedMultipartBKUConnector"); //$NON-NLS-1$ - - return new MultipartDetachedBKUConnector(profile); - } - if (sig_app.equals(MOA)) - { - log.debug("sig_app is MOA ==> EnvelopedBase64MOAConnector"); //$NON-NLS-1$ - - return null; - } - throw new ConnectorFactoryException("Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$ - - } - } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/commandline/Main.java b/src/main/java/at/knowcenter/wag/egov/egiz/commandline/Main.java index 614005e..73ee69a 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/commandline/Main.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/commandline/Main.java @@ -45,7 +45,9 @@ import at.knowcenter.wag.egov.egiz.exceptions.SignatureTypesException; import at.knowcenter.wag.egov.egiz.framework.SignResult; import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; import at.knowcenter.wag.egov.egiz.framework.VerificationFilter; +import at.knowcenter.wag.egov.egiz.framework.signators.BinarySignator_1_0_0; import at.knowcenter.wag.egov.egiz.framework.signators.DetachedSignator_1_0_0; +import at.knowcenter.wag.egov.egiz.framework.signators.TextualSignator_1_0_0; import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder; import at.knowcenter.wag.egov.egiz.pdf.TablePos; import at.knowcenter.wag.egov.egiz.sig.ConnectorFactory; @@ -126,7 +128,7 @@ public abstract class Main * The application mode verify */ public static final String VALUE_SIGNATURE_MODE_DETACHED = "detached"; - + /** * The application mode verify */ @@ -470,6 +472,26 @@ public abstract class Main } PdfASID algorithm = translateSignatureModeToPdfASID(signature_mode); + + // TODO MOA detached signing is not allowed at the commandline + logger_.debug("Suggested sign algorithm = " + algorithm); + if (connector.equals("moa")) + { + String msg = "Hinweis: Der MOA Detached Connector ist für die Kommandozeile nicht geeignet. Die Signatur wird daher im alten Base64 enveloping Format ausgeführt."; + System.out.println(msg); + logger_.warn(msg); + + if (signature_mode.equals(VALUE_SIGNATURE_MODE_BINARY)) + { + algorithm = BinarySignator_1_0_0.MY_ID; + } + if (signature_mode.equals(VALUE_SIGNATURE_MODE_TEXTUAL)) + { + algorithm = TextualSignator_1_0_0.MY_ID; + } + } + logger_.debug("Finally used sign algorithm = " + algorithm); + SignResult sign_result = PdfAS.sign(algorithm, input_bytes, signature_type, connector, user_name, user_password, pos); try @@ -770,12 +792,12 @@ public abstract class Main writer.println(" y_algo:='auto' ... automatic positioning y"); writer.println(" floatvalue ... absolute y must be >= 0"); writer.println(" w_algo:='auto' ... automatic width"); - writer.println(" floatvalue ... absolute width must be > 0"); + writer.println(" floatvalue ... absolute width must be > 0"); writer.println(" p_algo:='auto' ... automatic last page"); - writer.println(" 'new' ... new page"); + writer.println(" 'new' ... new page"); writer.println(" intvalue ... pagenumber must be > 0 if p>number of pages in document p-->handled like p:'new'"); writer.println(" f_algo floatvalue ... consider footerline must be >= 0 (only if y_algo is auto and p_algo is not 'new')"); - + writer.println(" OPTIONS for verification:"); writer.println(" " + PARAMETER_VERIFY_WHICH + " ... [optional] zero based number of the signature"); writer.println(" to be verified. If omitted, all signatures are verified."); @@ -870,7 +892,7 @@ public abstract class Main if (signature_mode.equals(VALUE_SIGNATURE_MODE_DETACHED_TEXt)) { return SignatorFactory.MOST_RECENT_DETACHEDTEXT_SIGNATOR_ID; - } + } return null; } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java index e510d53..d67bb90 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java @@ -49,6 +49,7 @@ import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIException; import at.knowcenter.wag.egov.egiz.ldap.api.LDAPAPIFactory; import at.knowcenter.wag.egov.egiz.ldap.client.LDAPIssuerNameFilter; +import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper; import at.knowcenter.wag.egov.egiz.table.Entry; import at.knowcenter.wag.egov.egiz.table.Style; import at.knowcenter.wag.egov.egiz.table.Table; @@ -732,7 +733,10 @@ public class SignatureObject implements Serializable */ public void setSignationIDs(String sigIds) { - setSigValue(SignatureTypes.SIG_ID, sigIds); + if (sigIds != null) + { + setSigValue(SignatureTypes.SIG_ID, sigIds); + } } // /** @@ -838,7 +842,18 @@ public class SignatureObject implements Serializable */ public boolean isMOASigned() { - return getSignationIds() == null; + try + { + PdfASID sig_kz = getKZ(); + String sig_id = getSignationIds(); + return SigKZIDHelper.isMOASigned(sig_kz, sig_id); + //return getSignationIds() == null; + } + catch (InvalidIDException e) + { + logger_.error(e); + return false; + } } /** @@ -857,13 +872,7 @@ public class SignatureObject implements Serializable { e.printStackTrace(); } - if (kz == null) - { - return true; // must be an old Signature - } - - boolean textual = kz.getType().equals(SignatorFactory.TYPE_TEXTUAL); - return textual; + return SigKZIDHelper.isTextual(kz); } /** @@ -882,13 +891,8 @@ public class SignatureObject implements Serializable { e.printStackTrace(); } - if (kz == null) - { - return false; // must be an old Signature - } - - boolean binary = kz.getType().equals(SignatorFactory.TYPE_BINARY); - return binary; + + return SigKZIDHelper.isBinary(kz); } /** diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/ConnectorChooser.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/ConnectorChooser.java new file mode 100644 index 0000000..af94f94 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/ConnectorChooser.java @@ -0,0 +1,297 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.connectors; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.knowcenter.wag.egov.egiz.PdfASID; +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; +import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.LocRefDetachedBKUConnector; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.MultipartDetachedBKUConnector; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.OldEnvelopingBase64BKUConnector; +import at.knowcenter.wag.egov.egiz.sig.connectors.moa.DetachedLocRefMOAConnector; +import at.knowcenter.wag.egov.egiz.sig.connectors.moa.EnvelopingBase64MOAConnector; +import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter; + +/** + * Helper class that provides static methods that help the application to + * "choose" the right connector for a given task. + * + * @author wprinz + */ +public final class ConnectorChooser +{ + /** + * The log. + */ + private static Log log = LogFactory.getLog(ConnectorChooser.class); + + public static LocalConnector chooseLocalConnectorForSign(String connector, + String profile, String loc_ref_url) throws ConnectorException + { + log.debug("Choosing LocalConnector for signation..."); + + log.debug("connector type = " + connector); + + if (!connector.equals("bku")) + { + log.error("Currently only the BKU connector is fully implemented."); + } + + log.debug("choosing locref detached BKU connector."); + return new LocRefDetachedBKUConnector(profile, loc_ref_url); + } + + public static Connector chooseWebConnectorForSign(String connector, + String profile, String loc_ref_url) throws ConnectorException + { + log.debug("Choosing Connector for WEB signation..."); + + log.debug("connector type = " + connector); + + if (!connector.equals("moa")) + { + log.error("Currently only the MOA connector is available for non local WEB signation."); + } + + log.debug("choosing locref detached MOA connector."); + return new DetachedLocRefMOAConnector(profile, loc_ref_url); + } + + public static Connector chooseCommandlineConnectorForSign(String connector, + String profile) throws ConnectorException + { + log.debug("Choosing Connector for commandline signation..."); + + log.debug("connector type = " + connector); + + if (connector.equals(BKU)) + { + log.debug("sig_app is BKU ==> MultipartDetachedBKUConnector"); //$NON-NLS-1$ + + return new MultipartDetachedBKUConnector(profile); + } + if (connector.equals(MOA)) + { + // TODO MOA detached signing is not allowed at the commandline + log.warn("Detached MOA is not supported on the commandline. -> choosing Base64 temporarily."); + return new EnvelopingBase64MOAConnector(profile); + } + + throw new ConnectorException(300, "Unknown connector type '" + connector + "' specified."); + } + + public static LocalConnector chooseLocalConnectorForVerify(String connector, + PdfASID sig_kz, String sig_id, String profile, String loc_ref_url) throws ConnectorException + { + log.debug("Choosing LocalConnector for verification..."); + + log.debug("connector type = " + connector); + log.debug("sig_kz = " + sig_kz); + log.debug("sig_id = " + sig_id); + + if (!connector.equals("bku")) + { + log.error("Currently only the BKU connector is fully implemented."); + } + + if (sig_kz == null) + { + log.debug("sig_kz is null -> must be old signature -> choosing old Base64 connector."); + + return new OldEnvelopingBase64BKUConnector(profile); + } + + log.debug("sig_kz is not null -> must be one of the newer ... base64, base64 hotfix, or detached"); + + if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0)) + { + log.debug("sig_kz version is 1.0.0 -> choosing base64 (old or hotfix)"); + + if (sig_id == null) + { + log.debug("sig_id is null, which means that it is a MOA signature -> choose a hotfix base64 connector (thus it is moa - it doesn't matter)."); + + return new EnvelopedBase64BKUConnector(profile); + } + + String[] sig_id_parts = sig_id.split("@"); + if (sig_id_parts.length == 2) + { + log.debug("sig_id has 2 @-separated parts -> choosing old base64 connector"); + + return new OldEnvelopingBase64BKUConnector(profile); + } + if (sig_id_parts[0].equals(HotfixIdFormatter.SIG_ID_PREFIX)) + { + log.debug("sig_id prefix is hotfix -> choosing hotfix base64 connector"); + + return new EnvelopedBase64BKUConnector(profile); + } + + throw new ConnectorException(300, "The SIG_KZ version is 1.0.0, but SIG_ID is neither MOA nor Old base64 nor Hotfix base64 ???'"); + } + if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_1_0)) + { + log.debug("sig_kz version is 1.1.0 -> choosing detached (loc ref) connector."); + + return new LocRefDetachedBKUConnector(profile, loc_ref_url); + } + + throw new ConnectorException(310, "The SIG_KZ version '" + sig_kz.getVersion() + "' is unknown."); + } + + public static Connector chooseWebConnectorForVerify(String connector, + PdfASID sig_kz, String sig_id, String profile, String loc_ref_url) throws ConnectorException + { + log.debug("Choosing Connector for WEB verification..."); + + log.debug("connector type = " + connector); + log.debug("sig_kz = " + sig_kz); + log.debug("sig_id = " + sig_id); + + if (!connector.equals("moa")) + { + log.error("Currently only the MOA connector is available for non local WEB signation."); + } + + if (sig_kz == null || sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0)) + { + log.debug("sig_kz is null or sig_kz version is 1.0.0 -> choosing Base64 connector."); + + return new EnvelopingBase64MOAConnector(profile); + } + + if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_1_0)) + { + log.debug("sig_kz version is 1.1.0 -> choosing detached (loc ref) connector."); + + throw new ConnectorException(370, "The MOA detached connector is not suitable for verification."); + //return new DetachedLocRefMOAConnector(profile, loc_ref_url); + } + + throw new ConnectorException(310, "The SIG_KZ version '" + sig_kz.getVersion() + "' is unknown."); + } + + public static Connector chooseCommandlineConnectorForVerify(String connector, + PdfASID sig_kz, String sig_id, String profile) throws ConnectorException + { + log.debug("Choosing Connector for Commandline verification..."); + + log.debug("connector type = " + connector); + log.debug("sig_kz = " + sig_kz); //$NON-NLS-1$ + log.debug("sig_id = " + sig_id); //$NON-NLS-1$ + + if (sig_kz == null) + { + log.debug("sig_kz is null -> chose an old enveloped base64 connector"); //$NON-NLS-1$ + + return chooseEnvelopedBase64ConnectorOld(profile, connector); + } + + log.debug("sig_kz is not null -> one of the newer signatures"); + + if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0)) + { + log.debug("Version is 1.0.0 -> Base64 Signatur (old or Hotfix)."); + + if (sig_id == null) + { + log.debug("sig_id is null, which means that it is a MOA signature -> choose a hotfix base64 connector (thus it is moa - it doesn't matter)."); + + return chooseEnvelopedBase64ConnectorHotfix(profile, connector); + } + + String[] sig_id_parts = sig_id.split("@"); + if (sig_id_parts.length == 2) + { + log.debug("sig_id has 2 @-separated parts -> choosing old base64 connector"); + + return chooseEnvelopedBase64ConnectorOld(profile, connector); + } + if (sig_id_parts[0].equals(HotfixIdFormatter.SIG_ID_PREFIX)) + { + log.debug("sig_id prefix is hotfix -> choosing hotfix base64 connector"); + + return chooseEnvelopedBase64ConnectorHotfix(profile, connector); + } + + throw new ConnectorException(300, "The SIG_KZ version is 1.0.0, but SIG_ID is neither MOA nor Old base64 nor Hotfix base64 ???'"); + } + if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_1_0)) + { + log.debug("Version is 1.1.0 -> chose a detached connector."); + + return chooseDetachedMultipartConnector(profile, connector); + } + + throw new ConnectorException(310, "The SIG_KZ version '" + sig_kz.getVersion() + "' is unknown."); + } + + protected static final String BKU = "bku"; //$NON-NLS-1$ + + protected static final String MOA = "moa"; //$NON-NLS-1$ + + protected static Connector chooseEnvelopedBase64ConnectorOld(String profile, + String sig_app) throws ConnectorException + { + if (sig_app.equals(BKU)) + { + log.debug("sig_app is BKU ==> OldEnvelopingBase64BKUConnector"); //$NON-NLS-1$ + + return new OldEnvelopingBase64BKUConnector(profile); + } + if (sig_app.equals(MOA)) + { + log.debug("sig_app is MOA ==> EnvelopingBase64MOAConnector"); //$NON-NLS-1$ + + return new EnvelopingBase64MOAConnector(profile); + } + throw new ConnectorException(310, "Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$ + + } + + protected static Connector chooseEnvelopedBase64ConnectorHotfix( + String profile, String sig_app) throws ConnectorException + { + if (sig_app.equals(BKU)) + { + log.debug("sig_app is BKU ==> EnvelopedBase64BKUConnector"); //$NON-NLS-1$ + + return new EnvelopedBase64BKUConnector(profile); + } + if (sig_app.equals(MOA)) + { + log.debug("sig_app is MOA ==> EnvelopedBase64MOAConnector"); //$NON-NLS-1$ + + return new EnvelopingBase64MOAConnector(profile); + } + throw new ConnectorException(310, "Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$ + + } + + protected static Connector chooseDetachedMultipartConnector(String profile, + String sig_app) throws ConnectorException + { + if (sig_app.equals(BKU)) + { + log.debug("sig_app is BKU ==> DetachedMultipartBKUConnector"); //$NON-NLS-1$ + + return new MultipartDetachedBKUConnector(profile); + } + if (sig_app.equals(MOA)) + { + log.debug("sig_app is MOA ==> DetachedMOAConnector"); //$NON-NLS-1$ + + String msg = "A Detached signature cannot be verified with the MOA connector (yet)."; //$NON-NLS-1$ + log.error(msg); + throw new ConnectorException(370, msg); + } + throw new ConnectorException(310, "Unknown sig_app '" + sig_app + "'."); //$NON-NLS-1$ //$NON-NLS-2$ + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java index 44beb40..d018a13 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/DetachedBKUConnector.java @@ -19,6 +19,7 @@ import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector; import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedIdFormatter; +import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper; import at.knowcenter.wag.egov.egiz.tools.CodingHelper; import at.knowcenter.wag.egov.egiz.tools.FileHelper; @@ -120,10 +121,6 @@ public class DetachedBKUConnector implements Connector, LocalConnector return so; } - - - - public static String[] parseSigIds(String sig_ids) { if (sig_ids == null || sig_ids.length() == 0) @@ -292,29 +289,29 @@ public class DetachedBKUConnector implements Connector, LocalConnector * @throws ConnectorException * f.e. */ - public String prepareVerifyRequest(SignatureData data, - SignSignatureObject so) throws ConnectorException + public String prepareVerifyRequest(SignatureData data, SignSignatureObject so) throws ConnectorException { String verify_request_template = this.environment.getVerifyRequestTemplate(); String xml_content = null; - // TODO implement MOA - // if (sigObject.isMOASigned()) - // { - // MOAConnector moa_conn = new MOAConnector(); - // // get the MOA-template - // verify_template_str = moa_conn.getVerifyTemplate(normalizedText, - // sigObject); - // } - // else - // { - // get the BKU-template - xml_content = prepareXMLContent(data, so); - // } + if (SigKZIDHelper.isMOASigned(so)) + { + // TODO once the detached moa connector is fully functional - implement this. + log.error("Zur Zeit gibt es keinen detached MOA connector fuer die Verifikation."); + throw new ConnectorException(300, "Detached MOA is disabled."); + // MOAConnector moa_conn = new MOAConnector(); + // // get the MOA-template + // verify_template_str = moa_conn.getVerifyTemplate(normalizedText, + // sigObject); + } + else + { + xml_content = prepareXMLContent(data, so); + } String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getLocRefContent()); - + return verify_request_xml; } @@ -441,7 +438,6 @@ public class DetachedBKUConnector implements Connector, LocalConnector return signature_response; } - /** * Holds environment configuration information like templates. * @@ -490,7 +486,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ protected String loc_ref_content = null; - + protected String sign_keybox_identifier = null; protected String sign_request_template = null; @@ -518,7 +514,7 @@ public class DetachedBKUConnector implements Connector, LocalConnector public Environment(String profile, String loc_ref_content) throws ConnectorException { this.loc_ref_content = loc_ref_content; - + SettingsReader settings = null; try { @@ -566,13 +562,14 @@ public class DetachedBKUConnector implements Connector, LocalConnector /** * Returns the LocRef content. + * * @return Returns the LocRef content. */ public String getLocRefContent() { return this.loc_ref_content; } - + /** * Returns the sign keybox identifier. * diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java index 1c628b1..3d5cf36 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/EnvelopedBase64BKUConnector.java @@ -3,6 +3,7 @@ */ package at.knowcenter.wag.egov.egiz.sig.connectors.bku; +import java.io.UnsupportedEncodingException; import java.security.cert.X509Certificate; import java.util.Properties; @@ -16,8 +17,11 @@ import at.knowcenter.wag.egov.egiz.sig.SignatureData; import at.knowcenter.wag.egov.egiz.sig.SignatureObject; import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; +import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector; import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; +import at.knowcenter.wag.egov.egiz.sig.connectors.moa.EnvelopingBase64MOAConnector; import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter; +import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper; import at.knowcenter.wag.egov.egiz.tools.CodingHelper; import at.knowcenter.wag.egov.egiz.tools.DebugHelper; import at.knowcenter.wag.egov.egiz.tools.FileHelper; @@ -26,7 +30,7 @@ import at.knowcenter.wag.egov.egiz.tools.FileHelper; * @author wprinz * */ -public class EnvelopedBase64BKUConnector implements Connector +public class EnvelopedBase64BKUConnector implements Connector, LocalConnector { /** @@ -49,6 +53,10 @@ public class EnvelopedBase64BKUConnector implements Connector * parameters defined in the configuration are used. *

* + *

+ * This is the new "hotfix" base64 connector. + *

+ * * @param profile * The profile from which the Environment should be assembled. * @throws ConnectorException @@ -131,7 +139,6 @@ public class EnvelopedBase64BKUConnector implements Connector } return id; } - /** * Prepares the XML content the holds the actual signature data. @@ -169,7 +176,7 @@ public class EnvelopedBase64BKUConnector implements Connector String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg); // data digest replace - byte [] data_value = BKUHelper.prepareEnvelopingData(data); + byte[] data_value = BKUHelper.prepareEnvelopingData(data); { byte[] data_value_hash = CodingHelper.buildDigest(data_value); String object_data_hash = CodingHelper.encodeBase64(data_value_hash); @@ -206,21 +213,7 @@ public class EnvelopedBase64BKUConnector implements Connector // Signed Properties hash { - final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; - final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length(); - assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; - assert hash_end > hash_start; - - final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end); - log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$ - - final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$ - byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed); - String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); + String sig_prop_hash = computeSignedPropertiesReplace(verify_xml); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash); } @@ -235,6 +228,34 @@ public class EnvelopedBase64BKUConnector implements Connector } } + protected String computeSignedPropertiesReplace(String verify_xml) + { + try + { + final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0; + final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length(); + assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0; + assert hash_end > hash_start; + + final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end); + log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$ + + final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$ + byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed); + String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); + + return sig_prop_hash; + } + catch (UnsupportedEncodingException e) + { + throw new RuntimeException("Very Strange: UTF-8 character encoding not supported.", e); + } + } + /** * Prepares the sign request xml to be sent using the sign request template. * @@ -272,32 +293,27 @@ public class EnvelopedBase64BKUConnector implements Connector * @throws ConnectorException * f.e. */ - public String prepareVerifyRequest(SignatureData data, - SignSignatureObject so) throws ConnectorException + public String prepareVerifyRequest(SignatureData data, SignSignatureObject so) throws ConnectorException { String verify_request_template = this.environment.getVerifyRequestTemplate(); String xml_content = null; - // TODO implement MOA - // if (sigObject.isMOASigned()) - // { - // MOAConnector moa_conn = new MOAConnector(); - // // get the MOA-template - // verify_template_str = moa_conn.getVerifyTemplate(normalizedText, - // sigObject); - // } - // else - // { - // get the BKU-template - xml_content = prepareXMLContent(data, so); - // } + if (SigKZIDHelper.isMOASigned(so)) + { + log.debug("The signature is MOA signed -> getting XML content from Base64MOA connector."); + EnvelopingBase64MOAConnector moa_conn = new EnvelopingBase64MOAConnector(this.environment.getProfile()); + xml_content = moa_conn.prepareXMLContent(data, so); + } + else + { + xml_content = prepareXMLContent(data, so); + } String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); return verify_request_xml; } - /** * Sends the request to the given URL. * @@ -416,6 +432,8 @@ public class EnvelopedBase64BKUConnector implements Connector */ protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ + protected String profile = null; + protected String sign_keybox_identifier = null; protected String sign_request_template = null; @@ -442,6 +460,8 @@ public class EnvelopedBase64BKUConnector implements Connector */ public Environment(String profile) throws ConnectorException { + this.profile = profile; + SettingsReader settings = null; try { @@ -487,6 +507,11 @@ public class EnvelopedBase64BKUConnector implements Connector } + public String getProfile() + { + return this.profile; + } + /** * Returns the sign keybox identifier. * diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java new file mode 100644 index 0000000..d1fffb1 --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/bku/OldEnvelopingBase64BKUConnector.java @@ -0,0 +1,112 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.connectors.bku; + +import java.io.UnsupportedEncodingException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; +import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; +import at.knowcenter.wag.egov.egiz.tools.CodingHelper; +import at.knowcenter.wag.egov.egiz.tools.FileHelper; + +/** + * + *

+ * This is the old base64 connector. The difference is in the way the sign + * response is parsed and the verify content_xml. + *

+ * + * @author wprinz + * + */ +public class OldEnvelopingBase64BKUConnector extends EnvelopedBase64BKUConnector +{ + /** + * The log. + */ + private static Log log = LogFactory.getLog(OldEnvelopingBase64BKUConnector.class); + + // TODO implement signing - with old pre 2.7.2 BKUs... not really necessary + // though because this connector is only used for verification + + public OldEnvelopingBase64BKUConnector(String profile) throws ConnectorException + { + super(profile); + + this.environment = new OverriddenEnvironment(profile); + } + + + + /** + * @see at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector#computeSignedPropertiesReplace(java.lang.String) + */ + protected String computeSignedPropertiesReplace(String verify_xml) + { + try + { + final String ETSI_QUALIFYING_PROPERTIES_START_TAG = "= 0; + final int hash_end = verify_xml.indexOf(ETSI_QUALIFYING_PROPERTIES_END_TAG, hash_start) + ETSI_QUALIFYING_PROPERTIES_END_TAG.length(); + assert hash_end - ETSI_QUALIFYING_PROPERTIES_END_TAG.length() >= 0; + assert hash_end > hash_start; + + final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end); + log.debug("etsi:QualifyingProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$ + + final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$ + byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed); + String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code); + + return sig_prop_hash; + } + catch (UnsupportedEncodingException e) + { + throw new RuntimeException("Very Strange: UTF-8 character encoding not supported.", e); + } + } + + + + public static class OverriddenEnvironment extends EnvelopedBase64BKUConnector.Environment + { + + /** + * The configuration key of the verify template. + */ + protected static final String VERIFY_TEMPLATE_KEY = "bku.verify.template.base64old"; //$NON-NLS-1$ + + public OverriddenEnvironment(String profile) throws ConnectorException + { + super(profile); + + SettingsReader settings = null; + try + { + settings = SettingsReader.getInstance(); + } + catch (SettingsException e) + { + throw new ConnectorException(300, e); + } + + String verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY); + this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename)); + if (this.verify_template == null) + { + // TODO make this a settings exception + throw new ConnectorException(300, "Can not read the verify template"); //$NON-NLS-1$ + } + + } + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java index 220a3d0..7c326f5 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/DetachedLocRefMOAConnector.java @@ -62,7 +62,7 @@ public class DetachedLocRefMOAConnector implements Connector * @throws SignatureException * f.e. */ - public DetachedLocRefMOAConnector(String profile, String signature_data_url) throws SignatureException, SettingsException + public DetachedLocRefMOAConnector(String profile, String signature_data_url) throws ConnectorException { this.environment = new Environment(profile, signature_data_url); } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java index f6580af..a29df2a 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/connectors/moa/EnvelopingBase64MOAConnector.java @@ -15,11 +15,15 @@ import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; import at.knowcenter.wag.egov.egiz.sig.SignatureData; import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; +import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser; import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUHelper; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUPostConnection; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.OldEnvelopingBase64BKUConnector; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; import at.knowcenter.wag.egov.egiz.sig.sigid.OldMOAIdFormatter; +import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper; import at.knowcenter.wag.egov.egiz.tools.CodingHelper; import at.knowcenter.wag.egov.egiz.tools.FileHelper; @@ -140,7 +144,7 @@ public class EnvelopingBase64MOAConnector implements Connector log.debug("prepareSignRequest finished."); //$NON-NLS-1$ return sign_request_xml; } - + /** * Prepares the verify request xml to be sent using the verify request * template. @@ -153,25 +157,28 @@ public class EnvelopingBase64MOAConnector implements Connector * @throws ConnectorException * f.e. */ - public String prepareVerifyRequest(SignatureData data, - SignSignatureObject so) throws ConnectorException + public String prepareVerifyRequest(SignatureData data, SignSignatureObject so) throws ConnectorException { String verify_request_template = this.environment.getVerifyRequestTemplate(); String xml_content = null; - // TODO implement MOA - // if (sigObject.isMOASigned()) - // { - // MOAConnector moa_conn = new MOAConnector(); - // // get the MOA-template - // verify_template_str = moa_conn.getVerifyTemplate(normalizedText, - // sigObject); - // } - // else - // { - // get the BKU-template - xml_content = prepareXMLContent(data, so); - // } + if (!SigKZIDHelper.isMOASigned(so)) + { + if (SigKZIDHelper.isOldBKU(so)) + { + OldEnvelopingBase64BKUConnector bku_connector = new OldEnvelopingBase64BKUConnector(this.environment.getProfile()); + xml_content = bku_connector.prepareXMLContent(data, so); + } + else + { + EnvelopedBase64BKUConnector bku_connector = new EnvelopedBase64BKUConnector(this.environment.getProfile()); + xml_content = bku_connector.prepareXMLContent(data, so); + } + } + else + { + xml_content = prepareXMLContent(data, so); + } String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId()); @@ -226,7 +233,6 @@ public class EnvelopingBase64MOAConnector implements Connector return signature_response; } - /** * Prepares the XML content the holds the actual signature data. * @@ -355,12 +361,11 @@ public class EnvelopingBase64MOAConnector implements Connector * The configuration key of the verify URL. */ protected static final String VERIFY_URL_KEY = "moa.verify.url"; //$NON-NLS-1$ - + /** * The configuration key of the trust profile id. */ - protected static final String VERIFY_TRUST_PROFILE_ID = "moa.verify.TrustProfileID"; //$NON-NLS-1$ - + protected static final String VERIFY_TRUST_PROFILE_ID = "moa.verify.TrustProfileID"; //$NON-NLS-1$ /** * The configuration key for the ECDSA cert alg property. @@ -371,6 +376,8 @@ public class EnvelopingBase64MOAConnector implements Connector * The configuration key for the RSA cert alg property. */ protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$ + + protected String profile = null; protected String sign_key_identifier = null; @@ -383,7 +390,7 @@ public class EnvelopingBase64MOAConnector implements Connector protected String verify_template = null; protected String verify_url = null; - + protected String verify_trust_profile_id = null; protected String cert_alg_ecdsa = null; @@ -395,11 +402,13 @@ public class EnvelopingBase64MOAConnector implements Connector * * @param profile * The configuration profile. - * @throws ConnectorException + * @throws ConnectorException * f.e. */ public Environment(String profile) throws ConnectorException { + this.profile = profile; + SettingsReader settings = null; try { @@ -444,6 +453,11 @@ public class EnvelopingBase64MOAConnector implements Connector this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY); } + + public String getProfile() + { + return this.profile; + } /** * Returns the sign key identifier. diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedIdFormatter.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedIdFormatter.java index 273be52..25e4504 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedIdFormatter.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedIdFormatter.java @@ -15,7 +15,7 @@ public class DetachedIdFormatter implements IdFormatter /** * The SIG_ID prefix. */ - public static final String SIG_ID_PREFIX = "etsi-bku-detached@"; //$NON-NLS-1$ + public static final String SIG_ID_PREFIX = "etsi-bku-detached"; //$NON-NLS-1$ /** * The log. @@ -51,7 +51,7 @@ public class DetachedIdFormatter implements IdFormatter join += "-" + cur_id; //$NON-NLS-1$ } String idstr = base + "@" + join.substring(1); //$NON-NLS-1$ - String final_ids = SIG_ID_PREFIX + idstr; + String final_ids = SIG_ID_PREFIX + "@" + idstr; return final_ids; } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java index d37ead0..f1060fb 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/DetachedLocRefMOAIdFormatter.java @@ -12,7 +12,7 @@ public class DetachedLocRefMOAIdFormatter implements IdFormatter /** * The SIG_ID prefix. */ - public static final String SIG_ID_PREFIX = "etsi-moa-detached@"; //$NON-NLS-1$ + public static final String SIG_ID_PREFIX = "etsi-moa-detached"; //$NON-NLS-1$ /** * @see at.knowcenter.wag.egov.egiz.sig.sigid.IdFormatter#formatIds(java.lang.String[]) diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/HotfixIdFormatter.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/HotfixIdFormatter.java index cb04d03..ac86b4f 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/HotfixIdFormatter.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigid/HotfixIdFormatter.java @@ -15,7 +15,7 @@ public class HotfixIdFormatter implements IdFormatter /** * The SIG_ID prefix. */ - public static final String SIG_ID_PREFIX = "etsi-bka-1.0@"; //$NON-NLS-1$ + public static final String SIG_ID_PREFIX = "etsi-bka-1.0"; //$NON-NLS-1$ /** * The log. @@ -47,7 +47,7 @@ public class HotfixIdFormatter implements IdFormatter } String idstr = base + "@" + join.substring(1); //$NON-NLS-1$ - String final_ids = SIG_ID_PREFIX + idstr; + String final_ids = SIG_ID_PREFIX + "@" + idstr; return final_ids; } diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java new file mode 100644 index 0000000..d50006a --- /dev/null +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/sigkz/SigKZIDHelper.java @@ -0,0 +1,131 @@ +/** + * + */ +package at.knowcenter.wag.egov.egiz.sig.sigkz; + +import at.knowcenter.wag.egov.egiz.PdfASID; +import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; +import at.knowcenter.wag.egov.egiz.exceptions.InvalidIDException; +import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; +import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; +import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedLocRefMOAIdFormatter; +import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter; + +/** + * @author wprinz + * + */ +public final class SigKZIDHelper +{ + + public static boolean isTextual(PdfASID sig_kz) + { + if (sig_kz == null) + { + // Old signature -> must be textual. + + return true; + } + + // new signauture -> sig_kz decides + return sig_kz.getType().equals(SignatorFactory.TYPE_TEXTUAL); + } + + public static boolean isBinary(PdfASID sig_kz) + { + return ! isTextual(sig_kz); + } + + + public static boolean isMOASigned(PdfASID sig_kz, String sig_id) + { + if (sig_kz == null || sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0)) + { + // old signature - if sig_id is null this means MOA + + return sig_id == null; + } + + // new signature - sig_id decides + String [] ids = sig_id.split("@"); + String prefix = ids[0]; + + if (prefix.equals(DetachedLocRefMOAIdFormatter.SIG_ID_PREFIX)) + { + return true; + } + return false; + } + + public static boolean isMOASigned(SignSignatureObject so) + { + String sig_kz = so.kz; + String sig_id = so.id; + PdfASID kz = null; + if (sig_kz != null) + { + try + { + kz = new PdfASID(sig_kz); + } + catch (InvalidIDException e) + { + e.printStackTrace(); + } + } + + return isMOASigned(kz, sig_id); + } + + public static boolean isOldBKU(PdfASID sig_kz, String sig_id) throws ConnectorException + { + if (sig_kz == null) + { + return true; + } + + if (sig_kz.getVersion().equals(SignatorFactory.VERSION_1_0_0)) + { + if (sig_id == null) + { + throw new ConnectorException(310, "The SIG_ID is null - so this isn't a BKU at all."); + } + + String[] sig_id_parts = sig_id.split("@"); + if (sig_id_parts.length == 2) + { + return true; + } + if (sig_id_parts[0].equals(HotfixIdFormatter.SIG_ID_PREFIX)) + { + + return false; + } + + throw new ConnectorException(310, "The SIG_KZ version is 1.0.0, but SIG_ID is neither MOA nor Old base64 nor Hotfix base64 ???'"); + } + + return false; + } + + public static boolean isOldBKU(SignSignatureObject so) throws ConnectorException + { + String sig_kz = so.kz; + String sig_id = so.id; + PdfASID kz = null; + if (sig_kz != null) + { + try + { + kz = new PdfASID(sig_kz); + } + catch (InvalidIDException e) + { + e.printStackTrace(); + } + } + + return isOldBKU(kz, sig_id); + } + +} diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java index 723bc90..8fac221 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/LocalRequestHelper.java @@ -32,6 +32,7 @@ import at.knowcenter.wag.egov.egiz.exceptions.PresentableException; import at.knowcenter.wag.egov.egiz.exceptions.SignatureException; import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder; import at.knowcenter.wag.egov.egiz.sig.ConnectorFactory; +import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser; import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector; import at.knowcenter.wag.egov.egiz.sig.SignatureData; import at.knowcenter.wag.egov.egiz.sig.SignatureDataImpl; @@ -79,7 +80,7 @@ public abstract class LocalRequestHelper URL loc_ref_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/RetrieveSignatureData"); String loc_ref_url = response.encodeURL(loc_ref_URL.toString()); - LocalConnector c = new LocRefDetachedBKUConnector(si.type, loc_ref_url); + LocalConnector c = ConnectorChooser.chooseLocalConnectorForSign(si.connector, si.type, loc_ref_url); String sign_request = c.prepareSignRequest(si.iui.signature_data); // TODO local URL @@ -169,8 +170,6 @@ public abstract class LocalRequestHelper URL loc_ref_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/RetrieveSignatureData"); String loc_ref_url = response.encodeURL(loc_ref_URL.toString()); - LocalConnector local_conn = new LocRefDetachedBKUConnector(si.type, loc_ref_url); - for (int i = 0; i < si.requests.length; i++) { SignatureHolder holder = (SignatureHolder) holders_to_verify.get(i); @@ -197,8 +196,9 @@ public abstract class LocalRequestHelper so.issuer = s.getSignationIssuer(); so.x509Certificate = s.getX509Cert().getX509Certificate(); so.id = s.getSignationIds(); - so.kz = s.getKZ().toString(); + so.kz = s.getKZ() == null ? null : s.getKZ().toString(); + LocalConnector local_conn = ConnectorChooser.chooseLocalConnectorForVerify(si.connector, s.getKZ(), so.id, si.type, loc_ref_url); String request_string = local_conn.prepareVerifyRequest(sd, so); LocalRequest local_request = new LocalRequest("not-needed", request_string); @@ -206,6 +206,7 @@ public abstract class LocalRequestHelper si.response_properties[i] = null; } + // TODO read from config String local_request_url = "http://127.0.0.1:3495/http-security-layer-request"; URL data_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/DataURL"); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java index 7d7220c..72f7c2d 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/DataURLServlet.java @@ -25,7 +25,9 @@ import at.knowcenter.wag.egov.egiz.PdfASID; import at.knowcenter.wag.egov.egiz.exceptions.PresentableException; import at.knowcenter.wag.egov.egiz.framework.Signator; import at.knowcenter.wag.egov.egiz.framework.SignatorFactory; +import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder; import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; +import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser; import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUPostConnection; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector; @@ -152,7 +154,7 @@ public class DataURLServlet extends HttpServlet if (si.sign_result == null) { - LocalConnector c = new LocRefDetachedBKUConnector(si.type, "loc ref content not needed here"); //$NON-NLS-1$ + LocalConnector c = ConnectorChooser.chooseLocalConnectorForSign(si.connector, si.type, "loc ref content not needed here"); //$NON-NLS-1$ si.iui.signed_signature_object = c.analyzeSignResponse(si.response_properties[0]); @@ -172,7 +174,12 @@ public class DataURLServlet extends HttpServlet for (int i = 0; i < si.response_properties.length; i++) { - LocalConnector c = new LocRefDetachedBKUConnector(si.type, "loc ref content not needed here"); //$NON-NLS-1$ + SignatureHolder sh = (SignatureHolder) si.signature_holders.get(i); + + PdfASID sig_kz = sh.getSignatureObject().getKZ(); + String sig_id = sh.getSignatureObject().getSignationIds(); + + LocalConnector c = ConnectorChooser.chooseLocalConnectorForVerify(si.connector, sig_kz, sig_id, si.type, "loc ref content not needed here"); //$NON-NLS-1$ SignatureResponse sig_resp = c.analyzeVerifyResponse(si.response_properties[i]); results.add(sig_resp); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java index f2cbde8..a98fb79 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/SignServlet.java @@ -58,6 +58,7 @@ import at.knowcenter.wag.egov.egiz.sig.ConnectorFactory; import at.knowcenter.wag.egov.egiz.sig.SignatureData; import at.knowcenter.wag.egov.egiz.sig.SignatureDataImpl; import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; +import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorChooser; import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.DetachedBKUConnector; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.EnvelopedBase64BKUConnector; @@ -430,7 +431,7 @@ public class SignServlet extends HttpServlet URL signature_data_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/RetrieveSignatureData"); String signature_data_url = response.encodeURL(signature_data_URL.toString()); - Connector c = new DetachedLocRefMOAConnector(si.type, signature_data_url); + Connector c = ConnectorChooser.chooseWebConnectorForSign(si.connector, si.type, signature_data_url); si.iui.signed_signature_object = c.doSign(si.iui.signature_data); si.sign_result = signator.finishSign(si.iui); diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java index ee20498..40ec9d9 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/web/servlets/VerifyServlet.java @@ -22,7 +22,6 @@ import java.io.UnsupportedEncodingException; import java.net.URL; import java.util.Iterator; import java.util.List; -import java.util.Properties; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; @@ -36,33 +35,17 @@ import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.log4j.Logger; import at.knowcenter.wag.egov.egiz.PdfAS; -import at.knowcenter.wag.egov.egiz.cfg.ConfigLogger; import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; -import at.knowcenter.wag.egov.egiz.exceptions.ConnectorFactoryException; -import at.knowcenter.wag.egov.egiz.exceptions.NormalizeException; import at.knowcenter.wag.egov.egiz.exceptions.PDFDocumentException; import at.knowcenter.wag.egov.egiz.exceptions.PresentableException; -import at.knowcenter.wag.egov.egiz.exceptions.SignatureException; -import at.knowcenter.wag.egov.egiz.exceptions.SignatureTypesException; import at.knowcenter.wag.egov.egiz.framework.VerificationFilter; -import at.knowcenter.wag.egov.egiz.pdf.SignatureHolder; import at.knowcenter.wag.egov.egiz.sig.ConnectorFactory; -import at.knowcenter.wag.egov.egiz.sig.SignatureData; -import at.knowcenter.wag.egov.egiz.sig.SignatureDataImpl; -import at.knowcenter.wag.egov.egiz.sig.SignatureObject; -import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector; -import at.knowcenter.wag.egov.egiz.sig.connectors.bku.LocRefDetachedBKUConnector; -import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; -import at.knowcenter.wag.egov.egiz.tools.CodingHelper; import at.knowcenter.wag.egov.egiz.web.FormFields; -import at.knowcenter.wag.egov.egiz.web.LocalRequest; import at.knowcenter.wag.egov.egiz.web.LocalRequestHelper; import at.knowcenter.wag.egov.egiz.web.SessionAttributes; import at.knowcenter.wag.egov.egiz.web.SessionInformation; -import at.knowcenter.wag.egov.egiz.web.servlets.SignServlet.UploadedData; /** * This method is the verify servlet for the pdf-as web application. It takes @@ -144,7 +127,11 @@ public class VerifyServlet extends HttpServlet return; } - List results = PdfAS.verifySignatureHolders(signature_holders, si.connector); + String host = request.getServerName(); + URL loc_ref_URL = new URL(request.getScheme(), host, request.getServerPort(), request.getContextPath() + "/RetrieveSignatureData"); + String loc_ref_url = response.encodeURL(loc_ref_URL.toString()); + + List results = PdfAS.verifySignatureHoldersWeb(signature_holders, si.connector, loc_ref_url); dispatchToResults(results, request, response); } -- cgit v1.2.3