/**
* Copyright 2006 by Know-Center, Graz, Austria
* PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a
* joint initiative of the Federal Chancellery Austria and Graz University of
* Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.knowcenter.wag.egov.egiz.sig.connectors.bku;
import java.io.UnsupportedEncodingException;
import java.security.cert.X509Certificate;
import java.util.Properties;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteObject;
import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteUtil;
import at.gv.egiz.pdfas.api.xmldsig.XMLDsigData;
import at.gv.egiz.pdfas.exceptions.ErrorCode;
import at.gv.egiz.pdfas.framework.ConnectorParameters;
import at.knowcenter.wag.egov.egiz.cfg.SettingsReader;
import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException;
import at.knowcenter.wag.egov.egiz.exceptions.SettingsException;
import at.knowcenter.wag.egov.egiz.sig.SignatureData;
import at.knowcenter.wag.egov.egiz.sig.SignatureObject;
import at.knowcenter.wag.egov.egiz.sig.SignatureResponse;
import at.knowcenter.wag.egov.egiz.sig.connectors.Connector;
import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment;
import at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector;
import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces;
import at.knowcenter.wag.egov.egiz.sig.connectors.moa.EnvelopingBase64MOAConnector;
import at.knowcenter.wag.egov.egiz.sig.sigid.HotfixIdFormatter;
import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper;
import at.knowcenter.wag.egov.egiz.tools.CodingHelper;
/**
* @author wprinz
*
*/
public class EnvelopedBase64BKUConnector implements Connector, LocalConnector
{
//23.11.2010 changed by exthex - added reconstructXMLDsig method and moved xmldsig creation to chooseAndCreateXMLDsig method
/**
* The log.
*/
private static Log log = LogFactory.getLog(EnvelopedBase64BKUConnector.class);
/**
* The environemnt configuration of this connector containing templates and
* other configurable elements.
*/
protected Environment environment = null;
/**
* Constructor that builds the configuration environment for this connector
* according to the given profile.
*
*
* If confuguration parameters are not defined on that profile, the default
* parameters defined in the configuration are used.
*
*
*
* This is the new "hotfix" base64 connector.
*
*
* @param profile
* The profile from which the Environment should be assembled.
* @throws ConnectorException
* f.e.
*/
public EnvelopedBase64BKUConnector(String profile) throws ConnectorException
{
this.environment = new Environment(profile);
}
/**
* @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doSign(at.knowcenter.wag.egov.egiz.sig.SignatureData)
*/
public SignSignatureObject doSign(SignatureData data) throws ConnectorException
{
log.debug("doSign:"); //$NON-NLS-1$
String sign_request_xml = prepareSignRequest(data);
// DebugHelper.debugStringToFile(sign_request_xml, "BKU_EnvB64_sign_request.xml"); //$NON-NLS-1$
String url = this.environment.getSignURL();
Properties response_properties = sendRequest(url, sign_request_xml);
// DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "BKU_EnvB64_sign_response.xml"); //$NON-NLS-1$
SignSignatureObject sso = analyzeSignResponse(response_properties);
sso.response_properties = response_properties;
log.debug("doSign finished."); //$NON-NLS-1$
return sso;
}
/**
* @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doVerify(at.knowcenter.wag.egov.egiz.sig.SignatureData,
* at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject)
*/
public SignatureResponse doVerify(SignatureData data, SignSignatureObject so, XMLDsigData dsig) throws ConnectorException
{
log.debug("doVerify:"); //$NON-NLS-1$
String verify_request_xml = prepareVerifyRequest(data, so, dsig);
// DebugHelper.debugStringToFile(verify_request_xml, "BKU_EnvB64_verify_request.xml"); //$NON-NLS-1$
String url = this.environment.getVerifyURL();
Properties response_properties = sendRequest(url, verify_request_xml);
// DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "BKU_EnvB64_verify_response.xml"); //$NON-NLS-1$
SignatureResponse signature_response = analyzeVerifyResponse(response_properties);
log.debug("doVerify finished."); //$NON-NLS-1$
return signature_response;
}
// /**
// * This emthod extracts id-values from a text. The id is given by the name.
// *
// * @param text
// * the id-value that should extract from
// * @param name
// * the id-key
// * @return the value of the given key in the text
// */
// private String extractId(String text, String name)
// {
// String id = null;
// int start_idx = text.indexOf(name) + name.length();
// int end_idx = text.indexOf("\"", start_idx);
//
// // TODO hotfix!
// final int quot_end_idx = end_idx;
// final int squot_end_idx = text.indexOf("'", start_idx);
// end_idx = Math.min(quot_end_idx, squot_end_idx);
// // TODO hotfix end!
//
// id = text.substring(start_idx, end_idx);
// if (log.isDebugEnabled())
// {
// log.debug("extract id:" + name + id);
// }
// return id;
// }
/**
* Prepares the XML content the holds the actual signature data.
*
*
* This strongly rebuilds the XML content as retuned from a sign request.
*
*
* @param data
* The data.
* @param so
* The signature object containing the signature information.
* @return Returns the XML content.
* @throws ConnectorException
* f.e.
*/
public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException
{
log.debug("prepareXMLContent:"); //$NON-NLS-1$
try
{
String ids_string = so.getSigID();
String[] ids = SignatureObject.parseSigIds(ids_string);
X509Certificate cert = so.getX509Certificate();
// dferbas
AlgorithmSuiteObject algSuite = new AlgorithmSuiteObject();
String verify_xml = AlgorithmSuiteUtil.evaluateReplaceAlgs(algSuite, this.environment, so);
// data digest replace
byte[] data_value = BKUHelper.prepareEnvelopingData(data);
{
byte[] data_value_hash = CodingHelper.buildDigest(data_value, algSuite.getDataDigestMethod());
String object_data_hash = CodingHelper.encodeBase64(data_value_hash);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash);
}
// SIG id replaces
verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_REF_REPLACE, ids[1]);
verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_REF_REPLACE, ids[3]);
verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_DATA_OBJ_URI_REPLACE, ids[2]);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue());
// X.509 Certificate replace
byte[] der = cert.getEncoded();
byte[] cert_hash = CodingHelper.buildDigest(der, algSuite.getCertDigestMethod());
String certDigest = CodingHelper.encodeBase64(cert_hash);
String x509_cert_string = CodingHelper.encodeBase64(der);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string);
// Base64 content replace
String base64 = CodingHelper.encodeBase64(data_value);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.BASE64_CONTENT_REPLACE, base64);
// Qualified Properties replaces
verify_xml = verify_xml.replaceAll(TemplateReplaces.ETSI_DATA_OBJ_URI_REPLACE, ids[4]);
verify_xml = verify_xml.replaceAll(TemplateReplaces.SIG_ID_REPLACE, ids[0]);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer());
verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber());
// SigDataRefReplace already done above
// Signed Properties hash
{
String sig_prop_hash = computeSignedPropertiesReplace(verify_xml, algSuite);
verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_PROPERTIES_REPLACE, sig_prop_hash);
}
log.debug("prepareXMLContent finished."); //$NON-NLS-1$
return verify_xml;
}
catch (Exception e)
{
log.debug(e);
throw new ConnectorException(310, e);
}
}
protected String computeSignedPropertiesReplace(String verify_xml, AlgorithmSuiteObject algSuite)
{
try
{
final String ETSI_SIGNED_PROPERTIES_START_TAG = "= 0;
final int hash_end = verify_xml.indexOf(ETSI_SIGNED_PROPERTIES_END_TAG, hash_start) + ETSI_SIGNED_PROPERTIES_END_TAG.length();
assert hash_end - ETSI_SIGNED_PROPERTIES_END_TAG.length() >= 0;
assert hash_end > hash_start;
final String string_to_be_hashed = verify_xml.substring(hash_start, hash_end);
log.debug("etsi:SignedProperties string to be hashed: " + string_to_be_hashed); //$NON-NLS-1$
final byte[] bytes_to_be_hashed = string_to_be_hashed.getBytes("UTF-8"); //$NON-NLS-1$
byte[] sig_prop_code = CodingHelper.buildDigest(bytes_to_be_hashed, algSuite.getPropertiesDigestMethod());
String sig_prop_hash = CodingHelper.encodeBase64(sig_prop_code);
return sig_prop_hash;
}
catch (UnsupportedEncodingException e)
{
throw new RuntimeException("Very Strange: UTF-8 character encoding not supported.", e);
}
}
/**
* Prepares the sign request xml to be sent using the sign request template.
*
* @param data
* The SignatureData.
* @return Returns the sign request xml to be sent.
* @throws ConnectorException
* f.e.
*/
public String prepareSignRequest(SignatureData data) throws ConnectorException
{
log.debug("prepareSignRequest:"); //$NON-NLS-1$
String sign_request_template = this.environment.getSignRequestTemplate();
String sign_keybox_identifier = this.environment.getSignKeyboxIdentifier();
String base64 = BKUHelper.prepareBase64Content(data);
String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEYBOX_IDENTIFIER_REPLACE, sign_keybox_identifier);
sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.BASE64_CONTENT_REPLACE, base64);
log.debug("prepareSignRequest finished."); //$NON-NLS-1$
return sign_request_xml;
}
/**
* Prepares the verify request xml to be sent using the verify request
* template.
*
* @param data
* The SignatureData.
* @param so
* The signature information object.
* @return Returns the verify request xml to be sent.
* @throws ConnectorException
* f.e.
*/
public String prepareVerifyRequest(SignatureData data, SignSignatureObject so, XMLDsigData dsigData) throws ConnectorException
{
String verify_request_template = this.environment.getVerifyRequestTemplate();
String xml_content = null;
if (dsigData != null && dsigData.getXmlDsig() != null)
{
xml_content = dsigData.getXmlDsig();
}
else
{
xml_content = chooseAndCreateXMLDsig(data, so);
}
String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content);
// log.debug("\r\n\r\n" + verify_request_xml + "\r\n\r\n");
return verify_request_xml;
}
private String chooseAndCreateXMLDsig(SignatureData data, SignSignatureObject so) throws ConnectorException {
if (SigKZIDHelper.isMOASigned(so))
{
log.debug("The signature is MOA signed -> getting XML content from Base64MOA connector.");
ConnectorParameters cp = new ConnectorParameters();
cp.setProfileId(this.environment.getProfile());
EnvelopingBase64MOAConnector moa_conn = new EnvelopingBase64MOAConnector(cp);
return moa_conn.prepareXMLContent(data, so);
}
else
{
return prepareXMLContent(data, so);
}
}
/**
* Sends the request to the given URL.
*
* @param url
* The URL.
* @param request_string
* The request string.
* @return Returns the response string.
* @throws ConnectorException
* F.e.
*/
protected Properties sendRequest(String url, String request_string) throws ConnectorException
{
try
{
Properties response_properties = at.knowcenter.wag.egov.egiz.sig.connectors.BKUPostConnection.doPostRequest(url, request_string);
return response_properties;
}
catch (Exception e)
{
throw new ConnectorException(320, e);
}
}
/**
* Analyzes the sign response xml and extracts the signature data.
*
* @param response_properties
* The response properties containing the response String and
* transport related information.
* @return Returns the extracted data encapsulated in a SignatureObject.
* @throws ConnectorException
* f.e.
*/
public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException
{
log.debug("analyzeSignResponse:"); //$NON-NLS-1$
String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
BKUHelper.checkResponseForError(response_string);
String bkuIdentifier = BKUHelper.getBKUIdentifier(response_properties);
log.debug("BKU identifier: \"" + bkuIdentifier + "\"");
SignSignatureObject so = BKUHelper.parseCreateXMLResponse(response_string, new HotfixIdFormatter(), this.environment);
log.debug("analyzeSignResponse finished."); //$NON-NLS-1$
return so;
}
/**
* Analyzes the verify response string.
*
* @param response_properties
* The response properties containing the response XML.
* @return Returns the SignatureResponse containing the verification result.
* @throws ConnectorException
* f.e.
*/
public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException
{
log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$
String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY);
BKUHelper.checkResponseForError(response_string);
SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string);
log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$
return signature_response;
}
/**
* Holds environment configuration information like templates.
*
* @author wprinz
*/
public static class Environment extends ConnectorEnvironment
{
/**
* The configuration key of the sign keybox identifier.
*/
protected static final String SIGN_KEYBOX_IDENTIFIER_KEY = "bku.sign.KeyboxIdentifier"; //$NON-NLS-1$
/**
* The configuration key of the sign request template.
*/
protected static final String SIGN_REQUEST_TEMPLATE_KEY = "bku.sign.request.base64"; //$NON-NLS-1$
/**
* The configuration key of the sign URL.
*/
protected static final String SIGN_URL_KEY = "bku.sign.url"; //$NON-NLS-1$
/**
* The configuration key of the verify request template.
*/
protected static final String VERIFY_REQUEST_TEMPLATE_KEY = "bku.verify.request.base64"; //$NON-NLS-1$
/**
* The configuration key of the verify template.
*/
protected static final String VERIFY_TEMPLATE_KEY = "bku.verify.template.base64"; //$NON-NLS-1$
/**
* The configuration key of the verify URL.
*/
protected static final String VERIFY_URL_KEY = "bku.verify.url"; //$NON-NLS-1$
/**
* The configuration key for the ECDSA cert alg property.
*/
protected static final String ECDSA_CERT_ALG_KEY = "cert.alg.ecdsa"; //$NON-NLS-1$
/**
* The configuration key for the RSA cert alg property.
*/
protected static final String RSA_CERT_ALG_KEY = "cert.alg.rsa"; //$NON-NLS-1$
protected String profile = null;
protected String sign_keybox_identifier = null;
protected String sign_request_template = null;
protected String sign_url = null;
protected String verify_request_template = null;
protected String verify_template = null;
protected String verify_url = null;
protected String cert_alg_ecdsa = null;
protected String cert_alg_rsa = null;
/**
* Initializes the environment with a given profile.
*
* @param profile
* The configuration profile.
* @throws ConnectorException
* f.e.
*/
public Environment(String profile) throws ConnectorException
{
this.profile = profile;
SettingsReader settings = null;
try
{
settings = SettingsReader.getInstance();
}
catch (SettingsException e)
{
throw new ConnectorException(300, e);
}
this.sign_keybox_identifier = getConnectorValueFromProfile(settings, profile, SIGN_KEYBOX_IDENTIFIER_KEY);
String sign_request_filename = getConnectorValueFromProfile(settings, profile, SIGN_REQUEST_TEMPLATE_KEY);
//this.sign_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(sign_request_filename));
this.sign_request_template = settings.readInternalResourceAsString(sign_request_filename);
if (this.sign_request_template == null)
{
throw new ConnectorException(300, "Can not read the create xml request template"); //$NON-NLS-1$
}
this.sign_url = getConnectorValueFromProfile(settings, profile, SIGN_URL_KEY);
String verify_request_filename = getConnectorValueFromProfile(settings, profile, VERIFY_REQUEST_TEMPLATE_KEY);
//this.verify_request_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_request_filename));
this.verify_request_template = settings.readInternalResourceAsString(verify_request_filename);
log.debug("Verify request template filename = " + verify_request_filename);
if (this.verify_request_template == null)
{
throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify xml request template"); //$NON-NLS-1$
}
log.debug("Verify request template = " + this.verify_request_template);
String verify_filename = getConnectorValueFromProfile(settings, profile, VERIFY_TEMPLATE_KEY);
//this.verify_template = FileHelper.readFromFile(SettingsReader.relocateFile(verify_filename));
this.verify_template = settings.readInternalResourceAsString(verify_filename);
if (this.verify_template == null)
{
throw new ConnectorException(ErrorCode.SETTING_NOT_FOUND, "Can not read the verify template"); //$NON-NLS-1$
}
this.verify_url = getConnectorValueFromProfile(settings, profile, VERIFY_URL_KEY);
this.cert_alg_ecdsa = settings.getValueFromKey(ECDSA_CERT_ALG_KEY);
this.cert_alg_rsa = settings.getValueFromKey(RSA_CERT_ALG_KEY);
}
public String getProfile()
{
return this.profile;
}
/**
* Returns the sign keybox identifier.
*
* @return Returns the sign keybox identifier.
*/
public String getSignKeyboxIdentifier()
{
return this.sign_keybox_identifier;
}
/**
* Returns the sign request template.
*
* @return Returns the sign request template.
*/
public String getSignRequestTemplate()
{
return this.sign_request_template;
}
/**
* Returns the sign URL.
*
* @return Returns the sign URL.
*/
public String getSignURL()
{
return this.sign_url;
}
/**
* Returns the verify request template.
*
* @return Returns the verify request template.
*/
public String getVerifyRequestTemplate()
{
return this.verify_request_template;
}
/**
* Returns the verify template.
*
* @return Returns the verify template.
*/
public String getVerifyTemplate()
{
return this.verify_template;
}
/**
* Returns the verify URL.
*
* @return Returns the verify URL.
*/
public String getVerifyURL()
{
return this.verify_url;
}
/**
* Returns the ecdsa cert alg property.
*
* @return Returns the ecdsa cert alg property.
*/
public String getCertAlgEcdsa()
{
return this.cert_alg_ecdsa;
}
/**
* Returns the rsa cert alg property.
*
* @return Returns the rsa cert alg property.
*/
public String getCertAlgRsa()
{
return this.cert_alg_rsa;
}
/**
* Reads the configuration entry given by the key, first from the given
* profile, if not found from the defaults.
*
* @param settings
* The settings.
* @param profile
* The profile.
* @param key
* The configuration key.
* @return Returns the configuration entry.
*/
public static String getConnectorValueFromProfile(SettingsReader settings,
String profile, String key)
{
String value = settings.getValueFromKey("sig_obj." + profile + "." + key); //$NON-NLS-1$//$NON-NLS-2$
if (value == null)
{
value = settings.getValueFromKey(key);
}
return value;
}
}
public XMLDsigData reconstructXMLDsig(SignatureData data, SignSignatureObject so)
throws ConnectorException {
String xmldsig = chooseAndCreateXMLDsig(data, so);
return new XMLDsigData(xmldsig, false);
}
}