/** * */ package at.knowcenter.wag.egov.egiz.sig.connectors.moa; import java.security.cert.X509Certificate; import java.util.Properties; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import at.knowcenter.wag.egov.egiz.cfg.SettingsReader; import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; import at.knowcenter.wag.egov.egiz.exceptions.SettingsException; import at.knowcenter.wag.egov.egiz.exceptions.SignatureException; import at.knowcenter.wag.egov.egiz.sig.SignatureData; import at.knowcenter.wag.egov.egiz.sig.SignatureResponse; import at.knowcenter.wag.egov.egiz.sig.connectors.Connector; import at.knowcenter.wag.egov.egiz.sig.connectors.TemplateReplaces; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUHelper; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUPostConnection; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.DetachedBKUConnector; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; import at.knowcenter.wag.egov.egiz.sig.sigid.DetachedLocRefMOAIdFormatter; import at.knowcenter.wag.egov.egiz.sig.sigkz.SigKZIDHelper; import at.knowcenter.wag.egov.egiz.tools.CodingHelper; import at.knowcenter.wag.egov.egiz.tools.DebugHelper; import at.knowcenter.wag.egov.egiz.tools.FileHelper; /** * Connects to MOA providing the Data detached as LocRef on a local resource. * * @author wprinz */ public class DetachedLocRefMOAConnector implements Connector { /** * The SIG_ID prefix. */ public static final String SIG_ID_PREFIX = "etsi-bku-detached@"; //$NON-NLS-1$ /** * The log. */ private static Log log = LogFactory.getLog(DetachedLocRefMOAConnector.class); /** * The environemnt configuration of this connector containing templates and * other configurable elements. */ protected Environment environment = null; /** * Constructor that builds the configuration environment for this connector * according to the given profile. * *
* If confuguration parameters are not defined on that profile, the default * parameters defined in the configuration are used. *
* * @param profile * The profile from which the Environment should be assembled. * @throws SettingsException * f.e. * @throws SignatureException * f.e. */ public DetachedLocRefMOAConnector(String profile, String signature_data_url) throws ConnectorException { this.environment = new Environment(profile, signature_data_url); } protected String prepareSignRequest(SignatureData data) throws ConnectorException { log.debug("prepareSignRequestDetached:"); //$NON-NLS-1$ String sign_request_template = this.environment.getSignRequestTemplate(); String sign_key_identifier = this.environment.getSignKeyIdentifier(); String loc_ref_content = this.environment.getSignatureDataUrl(); String mime_type = data.getMimeType(); if (log.isDebugEnabled()) { log.debug("sign keybox identifier = " + sign_key_identifier); //$NON-NLS-1$ log.debug("LocRefContent = " + loc_ref_content); //$NON-NLS-1$ log.debug("mime type = " + mime_type); //$NON-NLS-1$ } String sign_request_xml = sign_request_template.replaceFirst(TemplateReplaces.KEY_IDENTIFIER_REPLACE, sign_key_identifier); sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, loc_ref_content); sign_request_xml = sign_request_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, mime_type); log.debug("prepareSignRequestDetached finished."); //$NON-NLS-1$ return sign_request_xml; } /** * @see at.knowcenter.wag.egov.egiz.sig.connectors.LocalConnector#analyzeSignResponse(java.util.Properties) */ public SignSignatureObject analyzeSignResponse(Properties response_properties) throws ConnectorException { log.debug("analyzeSignResponse:"); //$NON-NLS-1$ String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); BKUHelper.checkResponseForError(response_string); SignSignatureObject so = MOAHelper.parseCreateXMLResponse(response_string, new DetachedLocRefMOAIdFormatter()); log.debug("analyzeSignResponse finished."); //$NON-NLS-1$ return so; } /** * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doSign(at.knowcenter.wag.egov.egiz.sig.SignatureData) */ public SignSignatureObject doSign(SignatureData data) throws ConnectorException { log.debug("doSign:"); //$NON-NLS-1$ String sign_request_xml = prepareSignRequest(data); // DebugHelper.debugStringToFile(sign_request_xml, "MOA_DetLocRef_sign_request.xml"); //$NON-NLS-1$ String url = this.environment.getSignURL(); Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_SIGN, sign_request_xml); // DebugHelper.debugStringToFile(response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY), "MOA_DetLocRef_sign_response.xml"); //$NON-NLS-1$ SignSignatureObject sso = analyzeSignResponse(response_properties); // TODO this could be made more generic sso.response_properties = response_properties; log.debug("doSign finished."); //$NON-NLS-1$ return sso; } /** * @see at.knowcenter.wag.egov.egiz.sig.connectors.Connector#doVerify(at.knowcenter.wag.egov.egiz.sig.SignatureData, * at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject) */ public SignatureResponse doVerify(SignatureData data, SignSignatureObject so) throws ConnectorException { log.debug("doVerify:"); //$NON-NLS-1$ String verify_request_xml = prepareVerifyRequest(data, so); log.debug("verify_request_xml = " + verify_request_xml); //$NON-NLS-1$ String url = this.environment.getVerifyURL(); Properties response_properties = sendRequest(url, MOASoapConnection.SERVICE_VERIFY, verify_request_xml); SignatureResponse signature_response = analyzeVerifyResponse(response_properties); log.debug("doVerify finished."); //$NON-NLS-1$ return signature_response; } /** * Prepares the verify request xml to be sent using the verify request * template. * * @param data * The SignatureData. * @param so * The signature information object. * @return Returns the verify request xml to be sent. * @throws ConnectorException * f.e. */ public String prepareVerifyRequest(SignatureData data, SignSignatureObject so) throws ConnectorException { String verify_request_template = this.environment.getVerifyRequestTemplate(); String xml_content = null; if (!SigKZIDHelper.isMOASigned(so)) { DetachedBKUConnector bku_connector = new DetachedBKUConnector(this.environment.getProfile(), "not needed here"); xml_content = bku_connector.prepareXMLContent(data, so); } else { xml_content = prepareXMLContent(data, so); } String verify_request_xml = verify_request_template.replaceFirst(TemplateReplaces.XML_CONTENT_REPLACE, xml_content); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.TRUST_PROFILE_ID_REPLACE, this.environment.getVerifyTrustProfileId()); verify_request_xml = verify_request_xml.replaceFirst(TemplateReplaces.LOC_REF_CONTENT_REPLACE, this.environment.getSignatureDataUrl()); return verify_request_xml; } /** * Analyzes the verify response string. * * @param response_properties * The response properties containing the response XML. * @return Returns the SignatureResponse containing the verification result. * @throws ConnectorException * f.e. */ public SignatureResponse analyzeVerifyResponse(Properties response_properties) throws ConnectorException { log.debug("analyzeVerifyResponse:"); //$NON-NLS-1$ String response_string = response_properties.getProperty(BKUPostConnection.RESPONSE_STRING_KEY); BKUHelper.checkResponseForError(response_string); SignatureResponse signature_response = BKUHelper.parseVerifyXMLResponse(response_string); log.debug("analyzeVerifyResponse finished."); //$NON-NLS-1$ return signature_response; } public String prepareXMLContent(SignatureData data, SignSignatureObject so) throws ConnectorException { log.debug("prepareXMLContent:"); //$NON-NLS-1$ try { String verify_template = this.environment.getVerifyTemplate(); X509Certificate cert = so.getX509Certificate(); String cert_alg = this.environment.getCertAlgEcdsa(); if (cert.getPublicKey().getAlgorithm().indexOf("RSA") >= 0) //$NON-NLS-1$ { cert_alg = this.environment.getCertAlgRsa(); } // cert alg replace String verify_xml = verify_template.replaceFirst(TemplateReplaces.CERT_ALG_REPLACE, cert_alg); // data digest replace { byte[] data_value = data.getData(); byte[] data_value_hash = CodingHelper.buildDigest(data_value); String object_data_hash = CodingHelper.encodeBase64(data_value_hash); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_SIGNED_DATA_REPLACE, object_data_hash); } verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNATURE_VALUE_REPLACE, so.getSignatureValue()); // X.509 Certificate replace byte[] der = cert.getEncoded(); byte[] cert_hash = CodingHelper.buildDigest(der); String certDigest = CodingHelper.encodeBase64(cert_hash); String x509_cert_string = CodingHelper.encodeBase64(der); verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_CERTIFICATE_REPLACE, x509_cert_string); // Qualified Properties replaces verify_xml = verify_xml.replaceFirst(TemplateReplaces.SIGNING_TIME_REPLACE, so.getDate()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.DIGEST_VALUE_CERTIFICATE_REPLACE, certDigest); verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_ISSUER_NAME_REPLACE, so.getIssuer()); verify_xml = verify_xml.replaceFirst(TemplateReplaces.X509_SERIAL_NUMBER_REPLACE, so.getSerialNumber()); // SigDataRefReplace already done above verify_xml = verify_xml.replaceFirst(TemplateReplaces.MIME_TYPE_REPLACE, data.getMimeType()); // Signed Properties hash { final String ETSI_SIGNED_PROPERTIES_START_TAG = "