diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2013-12-11 12:04:19 +0100 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2013-12-11 12:04:19 +0100 |
commit | 05bb51dd0190c56f7ec59f6f0c759e00f1d72edc (patch) | |
tree | 0c49fa461cc659b335f6e2979d53954d599c6988 /pdf-as-lib/src/main/java/at/gv/egiz/sl | |
parent | 84553d9bc5eb670ee6f9cf21b3f9aa516530bc56 (diff) | |
download | pdf-as-4-05bb51dd0190c56f7ec59f6f0c759e00f1d72edc.tar.gz pdf-as-4-05bb51dd0190c56f7ec59f6f0c759e00f1d72edc.tar.bz2 pdf-as-4-05bb51dd0190c56f7ec59f6f0c759e00f1d72edc.zip |
Signature profile implementations
Diffstat (limited to 'pdf-as-lib/src/main/java/at/gv/egiz/sl')
-rw-r--r-- | pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java | 38 | ||||
-rw-r--r-- | pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java | 179 |
2 files changed, 170 insertions, 47 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java index cf7333b4..409b984f 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java @@ -1,7 +1,12 @@ package at.gv.egiz.sl.util; +import iaik.cms.CMSException; +import iaik.cms.SignedData; +import iaik.cms.SignerInfo; +import iaik.x509.X509Certificate; + import java.io.ByteArrayInputStream; -import java.security.MessageDigest; +import java.io.IOException; import java.security.SignatureException; import java.security.cert.CertificateException; import java.util.Iterator; @@ -9,12 +14,8 @@ import java.util.Iterator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import iaik.cms.SignedData; -import iaik.cms.SignerInfo; -import iaik.x509.X509Certificate; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; -import at.gv.egiz.pdfas.common.utils.StringUtils; -import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; +import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; import at.gv.egiz.sl.CreateCMSSignatureRequestType; import at.gv.egiz.sl.CreateCMSSignatureResponseType; @@ -72,11 +73,16 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { // get the signer infos SignerInfo[] signerInfos = signedData.getSignerInfos(); + if (signerInfos.length == 0) { + throw new PdfAsSignatureException("Invalid Signature (no signer info created!)", null); + } // verify the signatures for (int i = 0; i < signerInfos.length; i++) { VerifyResultImpl verifyResult = new VerifyResultImpl(); try { - + logger.info("Signature Algo: {}, Digest {}", signedData + .getSignerInfos()[i].getSignatureAlgorithm(), + signedData.getSignerInfos()[i].getDigestAlgorithm()); // verify the signature for SignerInfo at index i X509Certificate signer_cert = signedData.verify(i); // if the signature is OK the certificate of the @@ -84,21 +90,27 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { logger.info("Signature OK from signer: " + signer_cert.getSubjectDN()); verifyResult.setSignerCertificate(signer_cert); + } catch (SignatureException ex) { // if the signature is not OK a SignatureException // is thrown - logger.info("Signature ERROR from signer: " - + signedData.getCertificate( - signerInfos[i].getSignerIdentifier()) - .getSubjectDN()); + logger.error( + "Signature ERROR from signer: " + + signedData.getCertificate( + signerInfos[i] + .getSignerIdentifier()) + .getSubjectDN(), ex); verifyResult.setSignerCertificate(signedData .getCertificate(signerInfos[i] .getSignerIdentifier())); + throw new PdfAsSignatureException("Invalid Signature", ex); } } - } catch (Exception e) { - logger.error("ERROR", e); + } catch (CMSException e) { + throw new PdfAsSignatureException("Invalid Signature", e); + } catch (IOException e) { + throw new PdfAsSignatureException("Invalid Signature", e); } return response.getCMSSignature(); diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java index d75aa66e..d46f34a3 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java @@ -2,41 +2,78 @@ package at.gv.egiz.sl.util; import iaik.x509.X509Certificate; +import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.io.InputStreamReader; import java.security.cert.CertificateException; import javax.activation.DataHandler; +import org.apache.axis2.databinding.types.Token; +import org.apache.commons.codec.binary.Base64; +import org.apache.http.HttpResponse; +import org.apache.http.client.entity.EntityBuilder; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.entity.ContentType; +import org.apache.http.entity.mime.MultipartEntityBuilder; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.moa.ByteArrayDataSource; import at.gv.egiz.moa.SignatureCreationServiceStub; import at.gv.egiz.moa.SignatureCreationServiceStub.CMSContentBaseType; import at.gv.egiz.moa.SignatureCreationServiceStub.CreateCMSSignatureRequest; import at.gv.egiz.moa.SignatureCreationServiceStub.CreateCMSSignatureResponse; +import at.gv.egiz.moa.SignatureCreationServiceStub.CreateSignatureInfo_type0; import at.gv.egiz.moa.SignatureCreationServiceStub.DataObjectInfo_type1; import at.gv.egiz.moa.SignatureCreationServiceStub.DataObject_type1; import at.gv.egiz.moa.SignatureCreationServiceStub.KeyIdentifierType; +import at.gv.egiz.moa.SignatureCreationServiceStub.MetaInfoType; +import at.gv.egiz.moa.SignatureCreationServiceStub.MimeTypeType; import at.gv.egiz.moa.SignatureCreationServiceStub.SingleSignatureInfo_type1; +import at.gv.egiz.moa.SignatureCreationServiceStub.Structure_type1; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.common.utils.StreamUtils; import at.gv.egiz.pdfas.lib.api.Configuration; public class MOAConnector implements ISignatureConnector { + private static final Logger logger = LoggerFactory + .getLogger(MOAConnector.class); + public static final String MOA_SIGN_URL = "moa.sign.url"; public static final String MOA_SIGN_KEY_ID = "moa.sign.KeyIdentifier"; public static final String MOA_SIGN_CERTIFICATE = "moa.sign.Certificate"; - + + public static final String KEY_ID_PATTERN = "##KEYID##"; + public static final String CONTENT_PATTERN = "##CONTENT##"; + + public static final String CMS_REQUEST = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + + "<soapenv:Header/><soapenv:Body><ns:CreateCMSSignatureRequest><ns:KeyIdentifier>" + + KEY_ID_PATTERN + + "</ns:KeyIdentifier>" + + "<ns:SingleSignatureInfo SecurityLayerConformity=\"true\"><ns:DataObjectInfo Structure=\"detached\"><ns:DataObject>" + + "<ns:MetaInfo><ns:MimeType>application/pdf</ns:MimeType></ns:MetaInfo><ns:Content>" + + "<ns:Base64Content>" + + CONTENT_PATTERN + + "</ns:Base64Content>" + + "</ns:Content></ns:DataObject></ns:DataObjectInfo></ns:SingleSignatureInfo>" + + "</ns:CreateCMSSignatureRequest></soapenv:Body></soapenv:Envelope>"; + private X509Certificate certificate; private String moaEndpoint; private String keyIdentifier; - public MOAConnector(Configuration config) - throws CertificateException, FileNotFoundException, IOException { - this.certificate = new X509Certificate(new FileInputStream(new File(config.getValue(MOA_SIGN_CERTIFICATE)))); + public MOAConnector(Configuration config) throws CertificateException, + FileNotFoundException, IOException { + this.certificate = new X509Certificate(new FileInputStream(new File( + config.getValue(MOA_SIGN_CERTIFICATE)))); this.moaEndpoint = config.getValue(MOA_SIGN_URL); this.keyIdentifier = config.getValue(MOA_SIGN_KEY_ID); } @@ -45,40 +82,114 @@ public class MOAConnector implements ISignatureConnector { return this.certificate; } + private CloseableHttpClient buildHttpClient() { + HttpClientBuilder builder = HttpClientBuilder.create(); + return builder.build(); + } + public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { + CloseableHttpClient client = null; try { - SignatureCreationServiceStub signatureCreationService = new SignatureCreationServiceStub( - this.moaEndpoint); - - CreateCMSSignatureRequest createCMSSignatureRequest = new CreateCMSSignatureRequest(); - SingleSignatureInfo_type1 singleSignature = new SingleSignatureInfo_type1(); - DataObjectInfo_type1 dataObjectType = new DataObjectInfo_type1(); - singleSignature.setDataObjectInfo(dataObjectType); - DataObject_type1 dataObject = new DataObject_type1(); - dataObjectType.setDataObject(dataObject); - CMSContentBaseType cmsContent = new CMSContentBaseType(); - cmsContent.setBase64Content(new DataHandler( - new ByteArrayDataSource(input, "application/pdf"))); - dataObject.setContent(cmsContent); - - createCMSSignatureRequest - .setSingleSignatureInfo(new SingleSignatureInfo_type1[] { singleSignature }); - KeyIdentifierType keyId = new KeyIdentifierType(); - keyId.setKeyIdentifierType(this.keyIdentifier); - createCMSSignatureRequest.setKeyIdentifier(keyId); - - CreateCMSSignatureResponse response = signatureCreationService - .createCMSSignature(createCMSSignatureRequest); - - InputStream is = response.getCreateCMSSignatureResponse() - .getCreateCMSSignatureResponseTypeChoice()[0] - .getCMSSignature().getInputStream(); + client = buildHttpClient(); + HttpPost post = new HttpPost(this.moaEndpoint); + + logger.info("signature with MOA [" + this.keyIdentifier + "] @ " + + this.moaEndpoint); + + Base64 base64 = new Base64(); + String content = base64.encodeAsString(input); + + String request = CMS_REQUEST; + request = request.replace(CONTENT_PATTERN, content.trim()); + request = request + .replace(KEY_ID_PATTERN, this.keyIdentifier.trim()); + + //SOAPAction: "urn:CreateCMSSignatureAction" + post.setHeader("SOAPAction", "urn:CreateCMSSignatureAction"); - byte[] signature = StreamUtils.inputStreamToByteArray(is); + EntityBuilder entityBuilder = EntityBuilder.create(); - return signature; - } catch (Exception e) { - throw new PdfAsException(e.getMessage()); + entityBuilder.setContentType(ContentType.TEXT_XML); + entityBuilder.setContentEncoding("UTF-8"); + entityBuilder.setText(request); + + post.setEntity(entityBuilder.build()); + + HttpResponse response = client.execute(post); + logger.debug("Response Code : " + + response.getStatusLine().getStatusCode()); + + BufferedReader rd = new BufferedReader(new InputStreamReader( + response.getEntity().getContent())); + + StringBuffer result = new StringBuffer(); + String line = ""; + while ((line = rd.readLine()) != null) { + result.append(line); + } + + logger.trace(result.toString()); + return new byte[] {}; + } catch (IllegalStateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } finally { + if (client != null) { + try { + client.close(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } } + return new byte[] {}; } + + /* + * public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { + * try { + * + * SignatureCreationServiceStub signatureCreationService = new + * SignatureCreationServiceStub( this.moaEndpoint); + * + * CreateCMSSignatureRequest createCMSSignatureRequest = new + * CreateCMSSignatureRequest(); KeyIdentifierType keyId = new + * KeyIdentifierType(); keyId.setKeyIdentifierType(keyIdentifier); + * createCMSSignatureRequest.setKeyIdentifier(keyId); + * + * SingleSignatureInfo_type1 singleSignature = new + * SingleSignatureInfo_type1(); DataObjectInfo_type1 dataObjectType = new + * DataObjectInfo_type1(); + * + * dataObjectType.setStructure(Structure_type1.detached); + * singleSignature.setDataObjectInfo(dataObjectType); DataObject_type1 + * dataObject = new DataObject_type1(); MetaInfoType metaInfoType = new + * MetaInfoType(); MimeTypeType mimeTypeType = new MimeTypeType(); + * mimeTypeType.setMimeTypeType(new Token("application/pdf")); + * metaInfoType.setMimeType(mimeTypeType); + * dataObject.setMetaInfo(metaInfoType); + * dataObjectType.setDataObject(dataObject); CMSContentBaseType cmsContent = + * new CMSContentBaseType(); cmsContent.setBase64Content(new DataHandler( + * new ByteArrayDataSource(input, "application/pdf"))); + * + * dataObject.setContent(cmsContent); + * + * createCMSSignatureRequest.addSingleSignatureInfo(singleSignature); + * + * CreateCMSSignatureResponse response = signatureCreationService + * .createCMSSignature(createCMSSignatureRequest); + * + * InputStream is = response.getCreateCMSSignatureResponse() + * .getCreateCMSSignatureResponseTypeChoice()[0] + * .getCMSSignature().getInputStream(); + * + * byte[] signature = StreamUtils.inputStreamToByteArray(is); + * + * return signature; } catch (Exception e) { throw new + * PdfAsException(e.getMessage()); } } + */ } |