/** * Copyright 2006 by Know-Center, Graz, Austria * PDF-AS has been contracted by the E-Government Innovation Center EGIZ, a * joint initiative of the Federal Chancellery Austria and Graz University of * Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.knowcenter.wag.egov.egiz.sig.connectors.moa; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import at.gv.egiz.pdfas.algorithmSuite.AlgorithmMapper; import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteObject; import at.gv.egiz.pdfas.algorithmSuite.AlgorithmSuiteUtil; import at.knowcenter.wag.egov.egiz.exceptions.ConnectorException; import at.knowcenter.wag.egov.egiz.sig.SignatureObject; import at.knowcenter.wag.egov.egiz.sig.X509Cert; import at.knowcenter.wag.egov.egiz.sig.connectors.ConnectorEnvironment; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.BKUHelper; import at.knowcenter.wag.egov.egiz.sig.connectors.bku.SignSignatureObject; import at.knowcenter.wag.egov.egiz.sig.sigid.IdFormatter; import at.knowcenter.wag.egov.egiz.tools.CodingHelper; /** * @author wprinz * */ public class MOAHelper { /** * The log. */ private static Log log = LogFactory.getLog(MOAHelper.class); /** * This method parses the MOA-Response string. * *

* It separates the SignatureValue, X509IssuerName, SigningTime, * X509SerialNumber, X509Certificate, CertDigest and DigestValues. If the * X509Certificate is extracted it would be stored in the certificates * directory. *

* * @param xmlResponse * the response string from the MOA sign-request * @throws ConnectorException * ErrorCode (303, 304) * @see SignatureObject * @see CodingHelper * @see X509Cert */ public static SignSignatureObject parseCreateXMLResponse(String xmlResponse, IdFormatter id_formatter, ConnectorEnvironment environment) throws ConnectorException { Pattern sig_val_p_s = Pattern.compile("<[\\w]*:?SignatureValue>"); //$NON-NLS-1$ Pattern sig_val_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern iss_nam_p_s = Pattern.compile("<[\\w]*:?X509IssuerName>"); //$NON-NLS-1$ Pattern iss_nam_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern sig_tim_p_s = Pattern.compile("<[\\w]*:?SigningTime>"); //$NON-NLS-1$ Pattern sig_tim_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern ser_num_p_s = Pattern.compile("<[\\w]*:?X509SerialNumber>"); //$NON-NLS-1$ Pattern ser_num_p_e = Pattern.compile(""); //$NON-NLS-1$ Pattern sig_cer_p_s = Pattern.compile("<[\\w]*:?X509Certificate>"); //$NON-NLS-1$ Pattern sig_cer_p_e = Pattern.compile(""); //$NON-NLS-1$ // Pattern sig_cer_d_p_s = Pattern.compile("<[\\w]*:?CertDigest>"); // //$NON-NLS-1$ // Pattern sig_cer_d_p_e = Pattern.compile(""); // //$NON-NLS-1$ // Pattern dig_val_p_s = Pattern.compile("<[\\w]*:?DigestValue>"); // //$NON-NLS-1$ // Pattern dig_val_p_e = Pattern.compile(""); // //$NON-NLS-1$ Matcher sig_val_m_s = sig_val_p_s.matcher(xmlResponse); Matcher sig_val_m_e = sig_val_p_e.matcher(xmlResponse); Matcher iss_nam_m_s = iss_nam_p_s.matcher(xmlResponse); Matcher iss_nam_m_e = iss_nam_p_e.matcher(xmlResponse); Matcher sig_tim_m_s = sig_tim_p_s.matcher(xmlResponse); Matcher sig_tim_m_e = sig_tim_p_e.matcher(xmlResponse); Matcher ser_num_m_s = ser_num_p_s.matcher(xmlResponse); Matcher ser_num_m_e = ser_num_p_e.matcher(xmlResponse); Matcher sig_cer_m_s = sig_cer_p_s.matcher(xmlResponse); Matcher sig_cer_m_e = sig_cer_p_e.matcher(xmlResponse); // Matcher sig_cer_d_m_s = sig_cer_d_p_s.matcher(xmlResponse); // Matcher sig_cer_d_m_e = sig_cer_d_p_e.matcher(xmlResponse); // Matcher dig_val_m_s = dig_val_p_s.matcher(xmlResponse); // Matcher dig_val_m_e = dig_val_p_e.matcher(xmlResponse); // SignatureValue String sig_val = null; if (sig_val_m_s.find() && sig_val_m_e.find()) { sig_val = BKUHelper.removeAllWhitespace(xmlResponse.substring(sig_val_m_s.end(), sig_val_m_e.start())); } log.debug("sig_val = " + sig_val); //$NON-NLS-1$ // X509IssuerName String iss_nam = null; if (iss_nam_m_s.find() && iss_nam_m_e.find()) { iss_nam = xmlResponse.substring(iss_nam_m_s.end(), iss_nam_m_e.start()); } log.debug("iss_nam = " + iss_nam); //$NON-NLS-1$ // X509SerialNumber String ser_num = null; if (ser_num_m_s.find() && ser_num_m_e.find()) { ser_num = BKUHelper.removeAllWhitespace(xmlResponse.substring(ser_num_m_s.end(), ser_num_m_e.start())); } log.debug("ser_num = " + ser_num); //$NON-NLS-1$ // SigningTime String sig_tim = null; if (sig_tim_m_s.find() && sig_tim_m_e.find()) { sig_tim = xmlResponse.substring(sig_tim_m_s.end(), sig_tim_m_e.start()); } log.debug("sig_tim = " + sig_tim); //$NON-NLS-1$ // CertDigest // if (sig_cer_d_m_s.find() && sig_cer_d_m_e.find()) // { // String cert_digest = xmlResponse.substring(sig_cer_d_m_s.end(), // sig_cer_d_m_e.start()); // if (dig_val_m_s.find() && dig_val_m_e.find()) // { // sig_dig = cert_digest.substring(dig_val_m_s.end(), dig_val_m_e.start()); // //sigObj.setX509CertificateDigest(sig_dig); // } // } // X509Certificate X509Certificate cert = null; if (sig_cer_m_s.find() && sig_cer_m_e.find()) { String sig_cer = BKUHelper.removeAllWhitespace(xmlResponse.substring(sig_cer_m_s.end(), sig_cer_m_e.start())); try { byte[] der = CodingHelper.decodeBase64(sig_cer); ByteArrayInputStream bais = new ByteArrayInputStream(der); CertificateFactory cf = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$ cert = (X509Certificate) cf.generateCertificate(bais); bais.close(); } catch (UnsupportedEncodingException e) { log.error(e); throw new ConnectorException(300, e); } catch (CertificateException e) { log.error(e); throw new ConnectorException(300, e); } catch (IOException e) { log.error(e); throw new ConnectorException(300, e); } } log.debug("X509Certificate = " + cert); //$NON-NLS-1$ if (log.isDebugEnabled()) { String cert_iss = cert.getIssuerDN().getName(); log.debug("certificate's issuer = " + cert_iss); //$NON-NLS-1$ log.debug("response's issuer = " + iss_nam); //$NON-NLS-1$ log.debug("issuer matches = " + cert_iss.equals(iss_nam)); //$NON-NLS-1$ log.debug("ser number matches = " + cert.getSerialNumber().toString().equals(ser_num)); //$NON-NLS-1$ } SignSignatureObject so = new SignSignatureObject(); so.date = sig_tim; so.issuer = iss_nam; so.signatureValue = sig_val; so.x509Certificate = cert; String algs = AlgorithmSuiteUtil.extractAlgorithmSuiteString(xmlResponse); AlgorithmSuiteObject suite = new AlgorithmSuiteObject(algs, false); so.sigAlgorithm = AlgorithmMapper.getUri(suite.getSignatureMethod()); String defaultCertAlg = environment.getDefaultAlgForCert(cert); if (AlgorithmSuiteUtil.isDefaultCertAlg(algs, defaultCertAlg)) { // do not embed default alg algs = null; } so.id = id_formatter.formatIds(null, algs); return so; } }