aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-lib/src/main/java/at/gv
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-09-23 12:01:09 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2014-09-23 12:01:09 +0200
commit11f07848733143b19bc53aaf42cad2ff2db9385d (patch)
treeadc8fa2adbdb7ff9a37fc9734a3ecbfaad7f0a20 /pdf-as-lib/src/main/java/at/gv
parent2af47a35e7e1339f193de4e53af6db340d3d5ea5 (diff)
downloadpdf-as-4-11f07848733143b19bc53aaf42cad2ff2db9385d.tar.gz
pdf-as-4-11f07848733143b19bc53aaf42cad2ff2db9385d.tar.bz2
pdf-as-4-11f07848733143b19bc53aaf42cad2ff2db9385d.zip
Allow MOA Certificate resolving via HTTP or HTTPS
Diffstat (limited to 'pdf-as-lib/src/main/java/at/gv')
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java96
1 files changed, 64 insertions, 32 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
index 7970b567..311520dc 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
@@ -32,6 +32,8 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.cert.CertificateException;
import javax.xml.parsers.DocumentBuilder;
@@ -66,12 +68,14 @@ import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
import at.gv.egiz.pdfas.lib.util.SignatureUtils;
-public class MOAConnector implements ISignatureConnector, IConfigurationConstants {
+public class MOAConnector implements ISignatureConnector,
+ IConfigurationConstants {
private static final Logger logger = LoggerFactory
.getLogger(MOAConnector.class);
-
- private static final Logger moalogger = LoggerFactory.getLogger("at.knowcenter.wag.egov.egiz.sig.connectors.MOASSRepsonseLogger");
+
+ private static final Logger moalogger = LoggerFactory
+ .getLogger("at.knowcenter.wag.egov.egiz.sig.connectors.MOASSRepsonseLogger");
public static final String KEY_ID_PATTERN = "##KEYID##";
public static final String CONTENT_PATTERN = "##CONTENT##";
@@ -100,35 +104,58 @@ public class MOAConnector implements ISignatureConnector, IConfigurationConstant
public MOAConnector(Configuration config) throws CertificateException,
FileNotFoundException, IOException {
- if(config.getValue(MOA_SIGN_CERTIFICATE) == null) {
- logger.error(MOA_SIGN_CERTIFICATE + " not configured for MOA connector");
- throw new PdfAsWrappedIOException(new PdfAsException("Please configure: " + MOA_SIGN_CERTIFICATE + " to use MOA connector"));
+ if (config.getValue(MOA_SIGN_CERTIFICATE) == null) {
+ logger.error(MOA_SIGN_CERTIFICATE
+ + " not configured for MOA connector");
+ throw new PdfAsWrappedIOException(new PdfAsException(
+ "Please configure: " + MOA_SIGN_CERTIFICATE
+ + " to use MOA connector"));
}
-
- if(!(config instanceof ISettings)) {
+
+ if (!(config instanceof ISettings)) {
logger.error("Configuration is no instance of ISettings");
- throw new PdfAsWrappedIOException(new PdfAsException("Configuration is no instance of ISettings"));
+ throw new PdfAsWrappedIOException(new PdfAsException(
+ "Configuration is no instance of ISettings"));
}
-
- ISettings settings = (ISettings)config;
-
+
+ ISettings settings = (ISettings) config;
+
String certificateValue = config.getValue(MOA_SIGN_CERTIFICATE);
-
- File certFile = new File(certificateValue);
- if(!certFile.isAbsolute()) {
- certificateValue = settings.getWorkingDirectory() + "/" +
- config.getValue(MOA_SIGN_CERTIFICATE);
- certFile = new File(certificateValue);
+
+ if (certificateValue.startsWith("http")) {
+ logger.info("Loading certificate from url: " + certificateValue);
+
+ try {
+ URL certificateURL = new URL(certificateValue);
+
+ this.certificate = new X509Certificate(certificateURL.openStream());
+ } catch(MalformedURLException e) {
+ logger.error(certificateValue
+ + " is not a valid url but!");
+ throw new PdfAsWrappedIOException(new PdfAsException(
+ certificateValue
+ + " is not a valid url but!"));
+ }
+ } else {
+
+ File certFile = new File(certificateValue);
+ if (!certFile.isAbsolute()) {
+ certificateValue = settings.getWorkingDirectory() + "/"
+ + config.getValue(MOA_SIGN_CERTIFICATE);
+ certFile = new File(certificateValue);
+ }
+
+ logger.info("Loading certificate from file: " + certificateValue);
+
+ this.certificate = new X509Certificate(
+ new FileInputStream(certFile));
}
-
- logger.info("Loading certificate: " + certificateValue);
-
- this.certificate = new X509Certificate(new FileInputStream(certFile));
this.moaEndpoint = config.getValue(MOA_SIGN_URL);
this.keyIdentifier = config.getValue(MOA_SIGN_KEY_ID);
}
- public X509Certificate getCertificate(SignParameter parameter) throws PdfAsException {
+ public X509Certificate getCertificate(SignParameter parameter)
+ throws PdfAsException {
return this.certificate;
}
@@ -137,8 +164,8 @@ public class MOAConnector implements ISignatureConnector, IConfigurationConstant
return builder.build();
}
- public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter
- , RequestedSignature requestedSignature) throws PdfAsException {
+ public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter,
+ RequestedSignature requestedSignature) throws PdfAsException {
CloseableHttpClient client = null;
try {
client = buildHttpClient();
@@ -224,16 +251,21 @@ public class MOAConnector implements ISignatureConnector, IConfigurationConstant
if (cmsSignature != null) {
try {
byte[] cmsSignatureData = base64.decode(cmsSignature);
-
- VerifyResult verifyResult = SignatureUtils.verifySignature(cmsSignatureData, input);
- if(!StreamUtils.dataCompare(requestedSignature.getCertificate().getFingerprintSHA(),
- ((X509Certificate)verifyResult.getSignerCertificate()).getFingerprintSHA())) {
- throw new PdfAsSignatureException("Certificates missmatch!");
+ VerifyResult verifyResult = SignatureUtils
+ .verifySignature(cmsSignatureData, input);
+
+ if (!StreamUtils.dataCompare(requestedSignature
+ .getCertificate().getFingerprintSHA(),
+ ((X509Certificate) verifyResult
+ .getSignerCertificate())
+ .getFingerprintSHA())) {
+ throw new PdfAsSignatureException(
+ "Certificates missmatch!");
}
-
+
return cmsSignatureData;
- } catch(Exception e) {
+ } catch (Exception e) {
throw new PdfAsException("error.pdf.io.07", e);
}
} else {