Signature profile implementations

2 files changed, 170 insertions, 47 deletions

diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
index cf7333b4..409b984f 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
@@ -1,7 +1,12 @@
 package at.gv.egiz.sl.util;
 
+import iaik.cms.CMSException;
+import iaik.cms.SignedData;
+import iaik.cms.SignerInfo;
+import iaik.x509.X509Certificate;
+
 import java.io.ByteArrayInputStream;
-import java.security.MessageDigest;
+import java.io.IOException;
 import java.security.SignatureException;
 import java.security.cert.CertificateException;
 import java.util.Iterator;
@@ -9,12 +14,8 @@ import java.util.Iterator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import iaik.cms.SignedData;
-import iaik.cms.SignerInfo;
-import iaik.x509.X509Certificate;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
-import at.gv.egiz.pdfas.common.utils.StringUtils;
-import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
 import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
 import at.gv.egiz.sl.CreateCMSSignatureRequestType;
 import at.gv.egiz.sl.CreateCMSSignatureResponseType;
@@ -72,11 +73,16 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector {
 
 			// get the signer infos
 			SignerInfo[] signerInfos = signedData.getSignerInfos();
+			if (signerInfos.length == 0) {
+				throw new PdfAsSignatureException("Invalid Signature (no signer info created!)", null);
+			}
 			// verify the signatures
 			for (int i = 0; i < signerInfos.length; i++) {
 				VerifyResultImpl verifyResult = new VerifyResultImpl();
 				try {
-
+					logger.info("Signature Algo: {}, Digest {}", signedData
+							.getSignerInfos()[i].getSignatureAlgorithm(),
+							signedData.getSignerInfos()[i].getDigestAlgorithm());
 					// verify the signature for SignerInfo at index i
 					X509Certificate signer_cert = signedData.verify(i);
 					// if the signature is OK the certificate of the
@@ -84,21 +90,27 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector {
 					logger.info("Signature OK from signer: "
 							+ signer_cert.getSubjectDN());
 					verifyResult.setSignerCertificate(signer_cert);
+
 				} catch (SignatureException ex) {
 					// if the signature is not OK a SignatureException
 					// is thrown
-					logger.info("Signature ERROR from signer: "
-							+ signedData.getCertificate(
-									signerInfos[i].getSignerIdentifier())
-									.getSubjectDN());
+					logger.error(
+							"Signature ERROR from signer: "
+									+ signedData.getCertificate(
+											signerInfos[i]
+													.getSignerIdentifier())
+											.getSubjectDN(), ex);
 
 					verifyResult.setSignerCertificate(signedData
 							.getCertificate(signerInfos[i]
 									.getSignerIdentifier()));
+					throw new PdfAsSignatureException("Invalid Signature", ex);
 				}
 			}
-		} catch (Exception e) {
-			logger.error("ERROR", e);
+		} catch (CMSException e) {
+			throw new PdfAsSignatureException("Invalid Signature", e);
+		} catch (IOException e) {
+			throw new PdfAsSignatureException("Invalid Signature", e);
 		}
 
 		return response.getCMSSignature();
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
index d75aa66e..d46f34a3 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
@@ -2,41 +2,78 @@ package at.gv.egiz.sl.util;
 
 import iaik.x509.X509Certificate;
 
+import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.security.cert.CertificateException;
 
 import javax.activation.DataHandler;
 
+import org.apache.axis2.databinding.types.Token;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.entity.EntityBuilder;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.mime.MultipartEntityBuilder;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import at.gv.egiz.moa.ByteArrayDataSource;
 import at.gv.egiz.moa.SignatureCreationServiceStub;
 import at.gv.egiz.moa.SignatureCreationServiceStub.CMSContentBaseType;
 import at.gv.egiz.moa.SignatureCreationServiceStub.CreateCMSSignatureRequest;
 import at.gv.egiz.moa.SignatureCreationServiceStub.CreateCMSSignatureResponse;
+import at.gv.egiz.moa.SignatureCreationServiceStub.CreateSignatureInfo_type0;
 import at.gv.egiz.moa.SignatureCreationServiceStub.DataObjectInfo_type1;
 import at.gv.egiz.moa.SignatureCreationServiceStub.DataObject_type1;
 import at.gv.egiz.moa.SignatureCreationServiceStub.KeyIdentifierType;
+import at.gv.egiz.moa.SignatureCreationServiceStub.MetaInfoType;
+import at.gv.egiz.moa.SignatureCreationServiceStub.MimeTypeType;
 import at.gv.egiz.moa.SignatureCreationServiceStub.SingleSignatureInfo_type1;
+import at.gv.egiz.moa.SignatureCreationServiceStub.Structure_type1;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
 import at.gv.egiz.pdfas.common.utils.StreamUtils;
 import at.gv.egiz.pdfas.lib.api.Configuration;
 
 public class MOAConnector implements ISignatureConnector {
 
+	private static final Logger logger = LoggerFactory
+			.getLogger(MOAConnector.class);
+
 	public static final String MOA_SIGN_URL = "moa.sign.url";
 	public static final String MOA_SIGN_KEY_ID = "moa.sign.KeyIdentifier";
 	public static final String MOA_SIGN_CERTIFICATE = "moa.sign.Certificate";
-	
+
+	public static final String KEY_ID_PATTERN = "##KEYID##";
+	public static final String CONTENT_PATTERN = "##CONTENT##";
+
+	public static final String CMS_REQUEST = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">"
+			+ "<soapenv:Header/><soapenv:Body><ns:CreateCMSSignatureRequest><ns:KeyIdentifier>"
+			+ KEY_ID_PATTERN
+			+ "</ns:KeyIdentifier>"
+			+ "<ns:SingleSignatureInfo SecurityLayerConformity=\"true\"><ns:DataObjectInfo Structure=\"detached\"><ns:DataObject>"
+			+ "<ns:MetaInfo><ns:MimeType>application/pdf</ns:MimeType></ns:MetaInfo><ns:Content>"
+			+ "<ns:Base64Content>"
+			+ CONTENT_PATTERN
+			+ "</ns:Base64Content>"
+			+ "</ns:Content></ns:DataObject></ns:DataObjectInfo></ns:SingleSignatureInfo>"
+			+ "</ns:CreateCMSSignatureRequest></soapenv:Body></soapenv:Envelope>";
+
 	private X509Certificate certificate;
 	private String moaEndpoint;
 	private String keyIdentifier;
 
-	public MOAConnector(Configuration config)
-			throws CertificateException, FileNotFoundException, IOException {
-		this.certificate = new X509Certificate(new FileInputStream(new File(config.getValue(MOA_SIGN_CERTIFICATE))));
+	public MOAConnector(Configuration config) throws CertificateException,
+			FileNotFoundException, IOException {
+		this.certificate = new X509Certificate(new FileInputStream(new File(
+				config.getValue(MOA_SIGN_CERTIFICATE))));
 		this.moaEndpoint = config.getValue(MOA_SIGN_URL);
 		this.keyIdentifier = config.getValue(MOA_SIGN_KEY_ID);
 	}
@@ -45,40 +82,114 @@ public class MOAConnector implements ISignatureConnector {
 		return this.certificate;
 	}
 
+	private CloseableHttpClient buildHttpClient() {
+		HttpClientBuilder builder = HttpClientBuilder.create();
+		return builder.build();
+	}
+
 	public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
+		CloseableHttpClient client = null;
 		try {
-			SignatureCreationServiceStub signatureCreationService = new SignatureCreationServiceStub(
-					this.moaEndpoint);
-
-			CreateCMSSignatureRequest createCMSSignatureRequest = new CreateCMSSignatureRequest();
-			SingleSignatureInfo_type1 singleSignature = new SingleSignatureInfo_type1();
-			DataObjectInfo_type1 dataObjectType = new DataObjectInfo_type1();
-			singleSignature.setDataObjectInfo(dataObjectType);
-			DataObject_type1 dataObject = new DataObject_type1();
-			dataObjectType.setDataObject(dataObject);
-			CMSContentBaseType cmsContent = new CMSContentBaseType();
-			cmsContent.setBase64Content(new DataHandler(
-					new ByteArrayDataSource(input, "application/pdf")));
-			dataObject.setContent(cmsContent);
-
-			createCMSSignatureRequest
-					.setSingleSignatureInfo(new SingleSignatureInfo_type1[] { singleSignature });
-			KeyIdentifierType keyId = new KeyIdentifierType();
-			keyId.setKeyIdentifierType(this.keyIdentifier);
-			createCMSSignatureRequest.setKeyIdentifier(keyId);
-
-			CreateCMSSignatureResponse response = signatureCreationService
-					.createCMSSignature(createCMSSignatureRequest);
-
-			InputStream is = response.getCreateCMSSignatureResponse()
-					.getCreateCMSSignatureResponseTypeChoice()[0]
-					.getCMSSignature().getInputStream();
+			client = buildHttpClient();
+			HttpPost post = new HttpPost(this.moaEndpoint);
+
+			logger.info("signature with MOA [" + this.keyIdentifier + "] @ "
+					+ this.moaEndpoint);
+
+			Base64 base64 = new Base64();
+			String content = base64.encodeAsString(input);
+
+			String request = CMS_REQUEST;
+			request = request.replace(CONTENT_PATTERN, content.trim());
+			request = request
+					.replace(KEY_ID_PATTERN, this.keyIdentifier.trim());
+
+				//SOAPAction: "urn:CreateCMSSignatureAction"
+			post.setHeader("SOAPAction", "urn:CreateCMSSignatureAction");
 			
-			byte[] signature = StreamUtils.inputStreamToByteArray(is);
+			EntityBuilder entityBuilder = EntityBuilder.create();
 			
-			return signature;
-		} catch (Exception e) {
-			throw new PdfAsException(e.getMessage());
+			entityBuilder.setContentType(ContentType.TEXT_XML);
+			entityBuilder.setContentEncoding("UTF-8");
+			entityBuilder.setText(request);
+			
+			post.setEntity(entityBuilder.build());
+
+			HttpResponse response = client.execute(post);
+			logger.debug("Response Code : "
+					+ response.getStatusLine().getStatusCode());
+
+			BufferedReader rd = new BufferedReader(new InputStreamReader(
+					response.getEntity().getContent()));
+
+			StringBuffer result = new StringBuffer();
+			String line = "";
+			while ((line = rd.readLine()) != null) {
+				result.append(line);
+			}
+
+			logger.trace(result.toString());
+			return new byte[] {};
+		} catch (IllegalStateException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (IOException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} finally {
+			if (client != null) {
+				try {
+					client.close();
+				} catch (IOException e) {
+					// TODO Auto-generated catch block
+					e.printStackTrace();
+				}
+			}
 		}
+		return new byte[] {};
 	}
+
+	/*
+	 * public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
+	 * try {
+	 * 
+	 * SignatureCreationServiceStub signatureCreationService = new
+	 * SignatureCreationServiceStub( this.moaEndpoint);
+	 * 
+	 * CreateCMSSignatureRequest createCMSSignatureRequest = new
+	 * CreateCMSSignatureRequest(); KeyIdentifierType keyId = new
+	 * KeyIdentifierType(); keyId.setKeyIdentifierType(keyIdentifier);
+	 * createCMSSignatureRequest.setKeyIdentifier(keyId);
+	 * 
+	 * SingleSignatureInfo_type1 singleSignature = new
+	 * SingleSignatureInfo_type1(); DataObjectInfo_type1 dataObjectType = new
+	 * DataObjectInfo_type1();
+	 * 
+	 * dataObjectType.setStructure(Structure_type1.detached);
+	 * singleSignature.setDataObjectInfo(dataObjectType); DataObject_type1
+	 * dataObject = new DataObject_type1(); MetaInfoType metaInfoType = new
+	 * MetaInfoType(); MimeTypeType mimeTypeType = new MimeTypeType();
+	 * mimeTypeType.setMimeTypeType(new Token("application/pdf"));
+	 * metaInfoType.setMimeType(mimeTypeType);
+	 * dataObject.setMetaInfo(metaInfoType);
+	 * dataObjectType.setDataObject(dataObject); CMSContentBaseType cmsContent =
+	 * new CMSContentBaseType(); cmsContent.setBase64Content(new DataHandler(
+	 * new ByteArrayDataSource(input, "application/pdf")));
+	 * 
+	 * dataObject.setContent(cmsContent);
+	 * 
+	 * createCMSSignatureRequest.addSingleSignatureInfo(singleSignature);
+	 * 
+	 * CreateCMSSignatureResponse response = signatureCreationService
+	 * .createCMSSignature(createCMSSignatureRequest);
+	 * 
+	 * InputStream is = response.getCreateCMSSignatureResponse()
+	 * .getCreateCMSSignatureResponseTypeChoice()[0]
+	 * .getCMSSignature().getInputStream();
+	 * 
+	 * byte[] signature = StreamUtils.inputStreamToByteArray(is);
+	 * 
+	 * return signature; } catch (Exception e) { throw new
+	 * PdfAsException(e.getMessage()); } }
+	 */
 }