package at.knowcenter.wag.egov.egiz.sig.connectors.bku; import; import; import; import; import; import; import; import java.util.regex.Matcher; import java.util.regex.Pattern; import at.gv.egiz.pdfas.exceptions.external.ExternalErrorException; import at.gv.egiz.pdfas.impl.input.helper.DataSourceHelper; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; import at.knowcenter.wag.egov.egiz.sig.SignatureData; import at.knowcenter.wag.egov.egiz.sig.SignatureObject; import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; import at.knowcenter.wag.egov.egiz.sig.X509Cert; import at.knowcenter.wag.egov.egiz.sig.sigid.IdFormatter; import; /** * Contains static helper methods used by the BKU Connectors. * * @author wprinz */ public final class BKUHelper { /** * The log. */ private static Log log = LogFactory.getLog(BKUHelper.class); /** * Encodes the given SignatureData to a valid Base64Content. * *

* The data is Base64 encoded. If the mime-type suggests that the data is * binary, it is Base64 encoded for a second time. *

* * @param data * The data to be converted to a valid Base64 content. * @return Returns the Base64 content. */ public static String prepareBase64Content(SignatureData data) { // PERF: base64 encoding needs byte array byte [] d = DataSourceHelper.convertDataSourceToByteArray(data.getDataSource()); String base64 = CodingHelper.encodeBase64(d); if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$ { log.debug("The data is application/pdf - so the binary data is Base64 encoded."); //$NON-NLS-1$ base64 = CodingHelper.encodeUTF8AsBase64(base64); } return base64; } /** * Prepares the enveloping data. *

* This is useful for building the hash. *

* * @param data * The data to be prepared. * @return Returns the prepared data. */ public static byte[] prepareEnvelopingData(SignatureData data) { // PERF: prepareEnvelopingData needs byte array byte[] enc = DataSourceHelper.convertDataSourceToByteArray(data.getDataSource()); if (data.getMimeType().equals("application/pdf")) //$NON-NLS-1$ { log.debug("The data is application/pdf - so the binary data is Base64 encoded."); //$NON-NLS-1$ String base64 = CodingHelper.encodeBase64(enc); try { enc = base64.getBytes("US-ASCII"); //$NON-NLS-1$ } catch (UnsupportedEncodingException e) { e.printStackTrace(); throw new RuntimeException("Very Strange: US-ASCII encoding not supported???", e); //$NON-NLS-1$ } } return enc; } /** * Checks the response xml for an error description and if found throws an * appropriate exception. * * @param response_string * The response xml. * @throws ConnectorException * f.e. */ public static void checkResponseForError(String response_string) throws ConnectorException { Pattern erc_p_s = Pattern.compile("<[\\w]*:?ErrorCode>"); //$NON-NLS-1$ Pattern erc_p_e = Pattern.compile(""); //$NON-NLS-1$ Matcher erc_m_s = erc_p_s.matcher(response_string); Matcher erc_m_e = erc_p_e.matcher(response_string); if (erc_m_s.find() && erc_m_e.find()) { log.error("Found error in response: " + response_string); //$NON-NLS-1$ Pattern erm_p_s = Pattern.compile("<[\\w]*:?Info>"); //$NON-NLS-1$ Pattern erm_p_e = Pattern.compile(""); //$NON-NLS-1$ Matcher erm_m_s = erm_p_s.matcher(response_string); Matcher erm_m_e = erm_p_e.matcher(response_string); String error_code = response_string.substring(erc_m_s.end(), erc_m_e.start()); String error_mess = null; if (erm_m_s.find() && erm_m_e.find()) { error_mess = response_string.substring(erm_m_s.end(), erm_m_e.start()); } throw new ExternalErrorException(error_code, error_mess); } } /** * This method parses the BKU-Response string. * *

* It separates the SignatureValue, X509IssuerName, SigningTime, * X509SerialNumber, X509Certificate, CertDigest, DigestValue and the * signation id-s. If the X509Certificate is extracted it would be stored in * the certificates directory. *

* * @param xmlResponse * The response string. * @return Returns the parsed signature object holding the data. * * @throws ConnectorException * ErrorCode (303, 304) * @see SignatureObject * @see CodingHelper * @see X509Cert */ public static SignSignatureObject parseCreateXMLResponse(String xmlResponse, IdFormatter id_formatter) throws ConnectorException { Pattern sig_val_p_s = Pattern.compile("<[\\w]*:?SignatureValue>"); //$NON-NLS-1$ Pattern sig_val_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>"); //$NON-NLS-1$ Pattern iss_nam_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern sig_tim_p_s = Pattern.compile("<[\\w]*:?SigningTime>"); //$NON-NLS-1$ Pattern sig_tim_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern ser_num_p_s = Pattern.compile("<[\\w]*:?X509SerialNumber>"); //$NON-NLS-1$ Pattern ser_num_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern sig_cer_p_s = Pattern.compile("<[\\w]*:?X509Certificate>"); //$NON-NLS-1$ Pattern sig_cer_p_e = Pattern.compile(""); //$NON-NLS-1$ // Pattern sig_cer_d_p_s = Pattern.compile("<[\\w]*:?CertDigest>"); // //$NON-NLS-1$ // Pattern sig_cer_d_p_e = Pattern.compile(""); // //$NON-NLS-1$ // Pattern dig_val_p_s = Pattern.compile("<[\\w]*:?DigestValue>"); // //$NON-NLS-1$ // Pattern dig_val_p_e = Pattern.compile(""); // //$NON-NLS-1$ Matcher sig_val_m_s = sig_val_p_s.matcher(xmlResponse); Matcher sig_val_m_e = sig_val_p_e.matcher(xmlResponse); Matcher iss_nam_m_s = iss_nam_p_s.matcher(xmlResponse); Matcher iss_nam_m_e = iss_nam_p_e.matcher(xmlResponse); Matcher sig_tim_m_s = sig_tim_p_s.matcher(xmlResponse); Matcher sig_tim_m_e = sig_tim_p_e.matcher(xmlResponse); Matcher ser_num_m_s = ser_num_p_s.matcher(xmlResponse); Matcher ser_num_m_e = ser_num_p_e.matcher(xmlResponse); Matcher sig_cer_m_s = sig_cer_p_s.matcher(xmlResponse); Matcher sig_cer_m_e = sig_cer_p_e.matcher(xmlResponse); // Matcher sig_cer_d_m_s = sig_cer_d_p_s.matcher(xmlResponse); // Matcher sig_cer_d_m_e = sig_cer_d_p_e.matcher(xmlResponse); // Matcher dig_val_m_s = dig_val_p_s.matcher(xmlResponse); // Matcher dig_val_m_e = dig_val_p_e.matcher(xmlResponse); // SignatureValue String sig_val = null; if (sig_val_m_s.find() && sig_val_m_e.find()) { sig_val = removeAllWhitespace(xmlResponse.substring(sig_val_m_s.end(), sig_val_m_e.start())); } log.debug("sig_val = " + sig_val); //$NON-NLS-1$ // X509IssuerName String iss_nam = null; if (iss_nam_m_s.find() && iss_nam_m_e.find()) { iss_nam = xmlResponse.substring(iss_nam_m_s.end(), iss_nam_m_e.start()); } log.debug("iss_nam = " + iss_nam); //$NON-NLS-1$ // X509SerialNumber String ser_num = null; if (ser_num_m_s.find() && ser_num_m_e.find()) { ser_num = removeAllWhitespace(xmlResponse.substring(ser_num_m_s.end(), ser_num_m_e.start())); } log.debug("ser_num = " + ser_num); //$NON-NLS-1$ // SigningTime String sig_tim = null; if (sig_tim_m_s.find() && sig_tim_m_e.find()) { sig_tim = xmlResponse.substring(sig_tim_m_s.end(), sig_tim_m_e.start()); } log.debug("sig_tim = " + sig_tim); //$NON-NLS-1$ // CertDigest // if (sig_cer_d_m_s.find() && sig_cer_d_m_e.find()) // { // String cert_digest = xmlResponse.substring(sig_cer_d_m_s.end(), // sig_cer_d_m_e.start()); // if (dig_val_m_s.find() && dig_val_m_e.find()) // { // sig_dig = cert_digest.substring(dig_val_m_s.end(), dig_val_m_e.start()); // //sigObj.setX509CertificateDigest(sig_dig); // } // } // X509Certificate X509Certificate cert = null; if (sig_cer_m_s.find() && sig_cer_m_e.find()) { String sig_cer = removeAllWhitespace(xmlResponse.substring(sig_cer_m_s.end(), sig_cer_m_e.start())); try { byte[] der = CodingHelper.decodeBase64(sig_cer); ByteArrayInputStream bais = new ByteArrayInputStream(der); CertificateFactory cf = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$ cert = (X509Certificate) cf.generateCertificate(bais); bais.close(); } catch (UnsupportedEncodingException e) { log.error(e); throw new ConnectorException(300, e); } catch (CertificateException e) { log.error(e); throw new ConnectorException(300, e); } catch (IOException e) { log.error(e); throw new ConnectorException(300, e); } } log.debug("X509Certificate = " + cert); //$NON-NLS-1$ if (log.isDebugEnabled()) { String cert_iss = cert.getIssuerDN().getName(); log.debug("certificate's issuer = " + cert_iss); //$NON-NLS-1$ log.debug("response's issuer = " + iss_nam); //$NON-NLS-1$ log.debug("issuer matches = " + cert_iss.equals(iss_nam)); //$NON-NLS-1$ log.debug("ser number matches = " + cert.getSerialNumber().toString().equals(ser_num)); //$NON-NLS-1$ } // extract Subject Name from X509Certificate // if (sig_cer_m_s.find() && sig_cer_m_e.find()) // { // sig_cer = xmlResponse.substring(sig_cer_m_s.end(), sig_cer_m_e.start()); // sig_cer = sig_cer.replaceAll("\\s", ""); // //sigObj.setX509Certificate(sig_cer); // X509Cert cert = X509Cert.initByString(sig_cer); // if (cert.isX509Cert()) // { // //sigObj.setX509Certificate(cert.getCertString()); // String serial_num = cert.getSerialNumber(); // String subject_name = cert.getSubjectName(); // if (!ser_num.equals(serial_num)) // { // ConnectorException se = new ConnectorException(303, "Serialnumber of // certificate and tag X509SerialNumber differs!"); // throw se; // } // //sigObj.setSignationName(subject_name); // } // } // extract Signature Id's String[] ids = new String[5]; ids[0] = extractId(xmlResponse, "signature-"); //$NON-NLS-1$ ids[1] = extractId(xmlResponse, "signed-data-reference-"); //$NON-NLS-1$ ids[2] = extractId(xmlResponse, "signed-data-object-"); //$NON-NLS-1$ ids[3] = extractId(xmlResponse, "etsi-data-reference-"); //$NON-NLS-1$ ids[4] = extractId(xmlResponse, "etsi-data-object-"); //$NON-NLS-1$ String final_ids = id_formatter.formatIds(ids); SignSignatureObject so = new SignSignatureObject(); = sig_tim; so.issuer = iss_nam; so.signatureValue = sig_val; so.x509Certificate = cert; = final_ids; return so; } /** * Removes all whitespaces ("\\s") from the String. * * @param str * The String. * @return The String with all whitespaces removed. */ public static String removeAllWhitespace(String str) { return str.replaceAll("\\s", ""); //$NON-NLS-1$ //$NON-NLS-2$ } /** * This emthod extracts id-values from a text. The id is given by the name. * * @param text * the id-value that should extract from * @param name * the id-key * @return the value of the given key in the text */ private static String extractId(String text, String name) { String id = null; int start_idx = text.indexOf(name) + name.length(); int end_idx = text.indexOf("\"", start_idx); //$NON-NLS-1$ final int quot_end_idx = end_idx; final int squot_end_idx = text.indexOf("'", start_idx); //$NON-NLS-1$ end_idx = Math.min(quot_end_idx, squot_end_idx); id = text.substring(start_idx, end_idx);"extract id:" + name + id); //$NON-NLS-1$ if (log.isDebugEnabled()) { log.debug("extract id:" + name + id); //$NON-NLS-1$ } return id; } /** * This method parses the verify response string and return a * SignatureResponse object. The SignatureResponse object is filled out by the * response values from the BKU-response. * * @param xmlResponse * the response values from the BKU-verify request * @return SignatureResponse object * @see SignatureResponse */ public static SignatureResponse parseVerifyXMLResponse(String xmlResponse) { log.debug("parseVerifyXMLResponse:"); //$NON-NLS-1$ Pattern sub_nam_p_s = Pattern.compile(""); //$NON-NLS-1$ Pattern sub_nam_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern iss_nam_p_s = Pattern.compile(""); //$NON-NLS-1$ Pattern iss_nam_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern ser_num_p_s = Pattern.compile(""); //$NON-NLS-1$ Pattern ser_num_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern sig_chk_p_s = Pattern.compile("<[\\w]*:?SignatureCheck>"); //$NON-NLS-1$ Pattern sig_chk_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern man_chk_p_s = Pattern.compile("<[\\w]*:?SignatureManifestCheck>"); //$NON-NLS-1$ Pattern man_chk_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern cer_chk_p_s = Pattern.compile("<[\\w]*:?CertificateCheck>"); //$NON-NLS-1$ Pattern cer_chk_p_e = Pattern.compile(""); //$NON-NLS-1$ // [tknall] start qualified certificate Pattern cert_qualified_p = Pattern.compile("<[\\w]*:?QualifiedCertificate/>"); //$NON-NLS-1$ Matcher cert_qualified_m = cert_qualified_p.matcher(xmlResponse); // [tknall] stop qualified certificate Pattern code_p_s = Pattern.compile("<[\\w]*:?Code>"); //$NON-NLS-1$ Pattern code_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern info_p_s = Pattern.compile("<[\\w]*:?Info>"); //$NON-NLS-1$ Pattern info_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern cert_p_s = Pattern.compile(""); //$NON-NLS-1$ Pattern cert_p_e = Pattern.compile(""); //$NON-NLS-1$ Matcher sub_nam_m_s = sub_nam_p_s.matcher(xmlResponse); Matcher sub_nam_m_e = sub_nam_p_e.matcher(xmlResponse); Matcher iss_nam_m_s = iss_nam_p_s.matcher(xmlResponse); Matcher iss_nam_m_e = iss_nam_p_e.matcher(xmlResponse); Matcher ser_num_m_s = ser_num_p_s.matcher(xmlResponse); Matcher ser_num_m_e = ser_num_p_e.matcher(xmlResponse); Matcher sig_chk_m_s = sig_chk_p_s.matcher(xmlResponse); Matcher sig_chk_m_e = sig_chk_p_e.matcher(xmlResponse); Matcher man_chk_m_s = man_chk_p_s.matcher(xmlResponse); Matcher man_chk_m_e = man_chk_p_e.matcher(xmlResponse); Matcher cer_chk_m_s = cer_chk_p_s.matcher(xmlResponse); Matcher cer_chk_m_e = cer_chk_p_e.matcher(xmlResponse); Matcher cert_m_s = cert_p_s.matcher(xmlResponse); Matcher cert_m_e = cert_p_e.matcher(xmlResponse); SignatureResponse sig_res = new SignatureResponse(); // [tknall] start qualified certificate sig_res.setQualifiedCertificate(cert_qualified_m.find()); // [tknall] stop qualified certificate if (sub_nam_m_s.find() && sub_nam_m_e.find()) { String sub_nam = xmlResponse.substring(sub_nam_m_s.end(), sub_nam_m_e.start()); sig_res.setX509SubjectName(sub_nam); } if (iss_nam_m_s.find() && iss_nam_m_e.find()) { String iss_nam = xmlResponse.substring(iss_nam_m_s.end(), iss_nam_m_e.start()); sig_res.setX509IssuerName(iss_nam); } if (ser_num_m_s.find() && ser_num_m_e.find()) { String ser_num = xmlResponse.substring(ser_num_m_s.end(), ser_num_m_e.start()); sig_res.setX509SerialNumber(ser_num); } if (sig_chk_m_s.find() && sig_chk_m_e.find()) { String sig_chk = xmlResponse.substring(sig_chk_m_s.end(), sig_chk_m_e.start()); Matcher code_m_s = code_p_s.matcher(sig_chk); Matcher code_m_e = code_p_e.matcher(sig_chk); Matcher info_m_s = info_p_s.matcher(sig_chk); Matcher info_m_e = info_p_e.matcher(sig_chk); if (code_m_s.find() && code_m_e.find()) { String code = sig_chk.substring(code_m_s.end(), code_m_e.start()); sig_res.setSignatureCheckCode(code); } if (info_m_s.find() && info_m_e.find()) { String info = sig_chk.substring(info_m_s.end(), info_m_e.start()); sig_res.setSignatureCheckInfo(info); } } if (man_chk_m_s.find() && man_chk_m_e.find()) { String man_chk = xmlResponse.substring(man_chk_m_s.end(), man_chk_m_e.start()); Matcher code_m_s = code_p_s.matcher(man_chk); Matcher code_m_e = code_p_e.matcher(man_chk); Matcher info_m_s = info_p_s.matcher(man_chk); Matcher info_m_e = info_p_e.matcher(man_chk); if (code_m_s.find() && code_m_e.find()) { String code = man_chk.substring(code_m_s.end(), code_m_e.start()); sig_res.setSignatureManifestCheckCode(code); } if (info_m_s.find() && info_m_e.find()) { String info = man_chk.substring(info_m_s.end(), info_m_e.start()); sig_res.setSignatureManifestCheckInfo(info); } } if (cer_chk_m_s.find() && cer_chk_m_e.find()) { String cer_chk = xmlResponse.substring(cer_chk_m_s.end(), cer_chk_m_e.start()); Matcher code_m_s = code_p_s.matcher(cer_chk); Matcher code_m_e = code_p_e.matcher(cer_chk); Matcher info_m_s = info_p_s.matcher(cer_chk); Matcher info_m_e = info_p_e.matcher(cer_chk); if (code_m_s.find() && code_m_e.find()) { String code = cer_chk.substring(code_m_s.end(), code_m_e.start()); sig_res.setCertificateCheckCode(code); } if (info_m_s.find() && info_m_e.find()) { String info = cer_chk.substring(info_m_s.end(), info_m_e.start()); sig_res.setCertificateCheckInfo(info); } } if (cert_m_s.find() && cert_m_e.find()) { String cert_string = xmlResponse.substring(cert_m_s.end(), cert_m_e.start()); X509Cert resp_cert = X509Cert.initByString(cert_string); sig_res.setCertificate(resp_cert); } log.debug("parseVerifyXMLResponse finished."); //$NON-NLS-1$ return sig_res; } }