diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-07-11 13:38:49 +0200 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-07-11 13:38:49 +0200 |
commit | 1219abaf9f0029e39f5fbdf342fd4ebf07144b5b (patch) | |
tree | 1baeb54030e016158ea287a9c87d70597e0f19f5 /pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper | |
parent | 0bfafff409078ef49b2d4a0d71405e8f5b0eb078 (diff) | |
download | pdf-as-4-1219abaf9f0029e39f5fbdf342fd4ebf07144b5b.tar.gz pdf-as-4-1219abaf9f0029e39f5fbdf342fd4ebf07144b5b.tar.bz2 pdf-as-4-1219abaf9f0029e39f5fbdf342fd4ebf07144b5b.zip |
added Signature Verification Level
Diffstat (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper')
-rw-r--r-- | pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java | 231 |
1 files changed, 176 insertions, 55 deletions
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index 041c7df3..b79075a1 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -45,14 +45,19 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.xml.bind.JAXBElement; +import javax.xml.ws.WebServiceException; +import org.apache.commons.codec.binary.Base64; import org.apache.commons.io.FileUtils; import org.apache.commons.lang3.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.api.ws.PDFASSignParameters; +import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse; +import at.gv.egiz.pdfas.api.ws.VerificationLevel; import at.gv.egiz.pdfas.api.ws.PDFASSignParameters.Connector; +import at.gv.egiz.pdfas.api.ws.PDFASSignResponse; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSink; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; @@ -65,6 +70,7 @@ import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; import at.gv.egiz.pdfas.lib.api.sign.SignParameter; import at.gv.egiz.pdfas.lib.api.sign.SignResult; import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter; +import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel; import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.sigs.pades.PAdESSigner; import at.gv.egiz.pdfas.sigs.pades.PAdESSignerKeystore; @@ -99,6 +105,9 @@ public class PdfAsHelper { private static final String PDF_USERENTRY_PAGE = "/userentry"; private static final String PDF_ERR_URL = "PDF_ERR_URL"; private static final String PDF_FILE_NAME = "PDF_FILE_NAME"; + private static final String PDF_SIGNER_CERT = "PDF_SIGNER_CERT"; + private static final String PDF_VER_LEVEL = "PDF_VER_LEVEL"; + private static final String PDF_VER_RESP = "PDF_VER_RESP"; private static final String PDF_INVOKE_URL = "PDF_INVOKE_URL"; private static final String REQUEST_FROM_DU = "REQ_DATA_URL"; private static final String SIGNATURE_DATA_HASH = "SIGNATURE_DATA_HASH"; @@ -158,7 +167,8 @@ public class PdfAsHelper { String posR = PdfAsParameterExtractor.getSigPosR(request); String posF = PdfAsParameterExtractor.getSigPosF(request); - if (posP == null && posW == null && posX == null && posY == null && posR == null && posF == null) { + if (posP == null && posW == null && posX == null && posY == null + && posR == null && posF == null) { return null; } @@ -217,7 +227,7 @@ public class PdfAsHelper { } else { sb.append("p:auto;"); } - + if (posR != null) { try { Float.parseFloat(posR); @@ -230,7 +240,7 @@ public class PdfAsHelper { } else { sb.append("r:0;"); } - + if (posF != null) { try { Float.parseFloat(posF); @@ -279,6 +289,27 @@ public class PdfAsHelper { return results; } + public static List<VerifyResult> synchornousVerify(byte[] pdfData, + int signIdx, SignatureVerificationLevel lvl) throws Exception { + logger.debug("Verifing Signature index: " + signIdx); + + Configuration config = pdfAs.getConfiguration(); + + ByteArrayDataSource dataSource = new ByteArrayDataSource(pdfData); + + VerifyParameter verifyParameter = PdfAsFactory.createVerifyParameter( + config, dataSource); + + verifyParameter.setSignatureVerificationLevel(lvl); + verifyParameter.setDataSource(dataSource); + verifyParameter.setConfiguration(config); + verifyParameter.setWhichSignature(signIdx); + + List<VerifyResult> results = pdfAs.verify(verifyParameter); + + return results; + } + /** * Create synchronous PDF Signature * @@ -311,7 +342,7 @@ public class PdfAsHelper { IPlainSigner signer; if (connector.equals("moa")) { signer = new PAdESSigner(new MOAConnector(config)); - } else if(connector.equals("jks")) { + } else if (connector.equals("jks")) { signer = new PAdESSignerKeystore( WebConfiguration.getKeystoreFile(), WebConfiguration.getKeystoreAlias(), @@ -351,7 +382,8 @@ public class PdfAsHelper { * @return The signed pdf data * @throws Exception */ - public static byte[] synchornousServerSignature(byte[] pdfData, PDFASSignParameters params) throws Exception { + public static PDFASSignResponse synchornousServerSignature(byte[] pdfData, + PDFASSignParameters params) throws Exception { Configuration config = pdfAs.getConfiguration(); // Generate Sign Parameter @@ -359,15 +391,15 @@ public class PdfAsHelper { new ByteArrayDataSource(pdfData)); // Get Connector - + IPlainSigner signer; if (params.getConnector().equals(Connector.MOA)) { - if(!WebConfiguration.getMOASSEnabled()) { + if (!WebConfiguration.getMOASSEnabled()) { throw new PdfAsWebException("MOA connector disabled."); } signer = new PAdESSigner(new MOAConnector(config)); - } else if(params.getConnector().equals(Connector.JKS)) { - if(!WebConfiguration.getKeystoreEnabled()) { + } else if (params.getConnector().equals(Connector.JKS)) { + if (!WebConfiguration.getKeystoreEnabled()) { throw new PdfAsWebException("JKS connector disabled."); } signer = new PAdESSignerKeystore( @@ -391,15 +423,20 @@ public class PdfAsHelper { // set Signature Position signParameter.setSignaturePosition(params.getPosition()); - pdfAs.sign(signParameter); + SignResult signResult = pdfAs.sign(signParameter); - return output.getData(); + PDFASSignResponse signResponse = new PDFASSignResponse(); + signResponse.setSignedPDF(output.getData()); + signResponse.setSignerCertificate(signResult.getSignerCertificate() + .getEncoded()); + + return signResponse; } - + public static void startSignature(HttpServletRequest request, - HttpServletResponse response, ServletContext context, byte[] pdfData, - String connector, String position, String transactionId, String profile) - throws Exception { + HttpServletResponse response, ServletContext context, + byte[] pdfData, String connector, String position, + String transactionId, String profile) throws Exception { // TODO: Protect session so that only one PDF can be signed during one // session @@ -424,14 +461,14 @@ public class PdfAsHelper { new ByteArrayDataSource(pdfData)); logger.info("Setting TransactionID: " + transactionId); - + signParameter.setTransactionId(transactionId); - + IPlainSigner signer; if (connector.equals("bku") || connector.equals("onlinebku") || connector.equals("mobilebku")) { BKUSLConnector conn = new BKUSLConnector(config); - //conn.setBase64(true); + // conn.setBase64(true); signer = new PAdESSigner(conn); session.setAttribute(PDF_SL_CONNECTOR, conn); } else { @@ -477,25 +514,27 @@ public class PdfAsHelper { return data; } - public static byte[] generateVisualBlock(String profile, int resolution) throws IOException, CertificateException, PdfAsException { - X509Certificate cert = new X509Certificate(PdfAsHelper.class.getResourceAsStream("/qualified.cer")); + public static byte[] generateVisualBlock(String profile, int resolution) + throws IOException, CertificateException, PdfAsException { + X509Certificate cert = new X509Certificate( + PdfAsHelper.class.getResourceAsStream("/qualified.cer")); Configuration config = pdfAs.getConfiguration(); - SignParameter parameter = PdfAsFactory.createSignParameter( - config, null); + SignParameter parameter = PdfAsFactory + .createSignParameter(config, null); parameter.setSignatureProfileId(profile); - Image img = pdfAs.generateVisibleSignaturePreview(parameter, - cert, resolution); - - if(img == null) { + Image img = pdfAs.generateVisibleSignaturePreview(parameter, cert, + resolution); + + if (img == null) { return null; } - + ByteArrayOutputStream baos = new ByteArrayOutputStream(); ImageIO.write((RenderedImage) img, "png", baos); baos.close(); return baos.toByteArray(); } - + public static void injectCertificate(HttpServletRequest request, HttpServletResponse response, InfoboxReadResponseType infoboxReadResponseType, @@ -554,8 +593,8 @@ public class PdfAsHelper { HttpSession session = request.getSession(); StatusRequest statusRequest = (StatusRequest) session .getAttribute(PDF_STATUS); -// IPlainSigner plainSigner = (IPlainSigner) session -// .getAttribute(PDF_SIGNER); + // IPlainSigner plainSigner = (IPlainSigner) session + // .getAttribute(PDF_SIGNER); String connector = (String) session.getAttribute(PDF_SL_INTERACTIVE); @@ -568,7 +607,8 @@ public class PdfAsHelper { logger.debug("Needing Certificate from BKU"); // build SL Request to read certificate InfoboxReadRequestType readCertificateRequest = bkuSLConnector - .createInfoboxReadRequest(statusRequest.getSignParameter()); + .createInfoboxReadRequest(statusRequest + .getSignParameter()); JAXBElement<InfoboxReadRequestType> readRequest = of .createInfoboxReadRequest(readCertificateRequest); @@ -583,32 +623,39 @@ public class PdfAsHelper { StringEscapeUtils.escapeHtml4(slRequest)); template = template.replace("##DataURL##", url); template = template.replace("##LOCALE##", locale); - - if(statusRequest.getSignParameter().getTransactionId() != null) { - template = template.replace("##ADDITIONAL##", "<input type=\"hidden\" name=\"TransactionId_\" value=\"" + - StringEscapeUtils.escapeHtml4(statusRequest.getSignParameter().getTransactionId()) + "\">"); + + if (statusRequest.getSignParameter().getTransactionId() != null) { + template = template.replace( + "##ADDITIONAL##", + "<input type=\"hidden\" name=\"TransactionId_\" value=\"" + + StringEscapeUtils + .escapeHtml4(statusRequest + .getSignParameter() + .getTransactionId()) + + "\">"); } else { template = template.replace("##ADDITIONAL##", ""); } - + response.getWriter().write(template); - //TODO: set content type of response!! + // TODO: set content type of response!! response.setContentType("text/html"); response.getWriter().close(); } else if (statusRequest.needSignature()) { logger.debug("Needing Signature from BKU"); // build SL Request for cms signature - RequestPackage pack = bkuSLConnector - .createCMSRequest(statusRequest.getSignatureData(), - statusRequest.getSignatureDataByteRange(), - statusRequest.getSignParameter()); + RequestPackage pack = bkuSLConnector.createCMSRequest( + statusRequest.getSignatureData(), + statusRequest.getSignatureDataByteRange(), + statusRequest.getSignParameter()); String slRequest = SLMarschaller .marshalToString(of - .createCreateCMSSignatureRequest(pack.getRequestType())); + .createCreateCMSSignatureRequest(pack + .getRequestType())); logger.trace("SL Request: " + slRequest); - + response.setContentType("text/xml"); response.getWriter().write(slRequest); response.getWriter().close(); @@ -621,9 +668,32 @@ public class PdfAsHelper { DataSink output = result.getOutputDocument(); if (output instanceof ByteArrayDataSink) { ByteArrayDataSink byteDataSink = (ByteArrayDataSink) output; - PdfAsHelper.setSignedPdf(request, response, - byteDataSink.getData()); + byte[] signedPdf = byteDataSink.getData(); + + PDFASVerificationResponse verResponse = new PDFASVerificationResponse(); + List<VerifyResult> verResults = PdfAsHelper + .synchornousVerify(signedPdf, -2, + PdfAsHelper.getVerificationLevel(request)); + + if (verResults.size() != 1) { + throw new WebServiceException( + "Document verification failed!"); + } + VerifyResult verifyResult = verResults.get(0); + + verResponse.setCertificateCode(verifyResult + .getCertificateCheck().getCode()); + verResponse.setValueCode(verifyResult.getValueCheckCode() + .getCode()); + + PdfAsHelper.setPDFASVerificationResponse(request, verResponse); + PdfAsHelper.setSignedPdf(request, response, signedPdf); PdfAsHelper.gotoProvidePdf(context, request, response); + + String signerCert = Base64.encodeBase64String(result + .getSignerCertificate().getEncoded()); + + PdfAsHelper.setSignerCertificate(request, signerCert); } else { throw new PdfAsWebException("No Signature data available"); } @@ -689,7 +759,7 @@ public class PdfAsHelper { HttpSession session = request.getSession(); session.setAttribute(PDF_SIGNED_DATA, signedData); } - + public static void setLocale(HttpServletRequest request, HttpServletResponse response, String locale) { HttpSession session = request.getSession(); @@ -832,21 +902,25 @@ public class PdfAsHelper { HttpServletResponse response) { return generateURL(request, response, PDF_PDFDATA_PAGE); } - + public static String generateUserEntryURL(String storeId) { String publicURL = WebConfiguration.getPublicURL(); - if(publicURL == null) { - logger.error("To use this functionality " + WebConfiguration.PUBLIC_URL + " has to be configured in the web configuration"); + if (publicURL == null) { + logger.error("To use this functionality " + + WebConfiguration.PUBLIC_URL + + " has to be configured in the web configuration"); return null; } - + String baseURL = publicURL + PDF_USERENTRY_PAGE; try { - return baseURL + "?" + UIEntryPointServlet.REQUEST_ID_PARAM + "=" + URLEncoder.encode(storeId, "UTF-8"); - } catch(UnsupportedEncodingException e) { + return baseURL + "?" + UIEntryPointServlet.REQUEST_ID_PARAM + "=" + + URLEncoder.encode(storeId, "UTF-8"); + } catch (UnsupportedEncodingException e) { logger.warn("Encoding not supported for URL encoding", e); } - return baseURL + "?" + UIEntryPointServlet.REQUEST_ID_PARAM + "=" + storeId; + return baseURL + "?" + UIEntryPointServlet.REQUEST_ID_PARAM + "=" + + storeId; } public static String generateBKUURL(String connector) { @@ -903,6 +977,53 @@ public class PdfAsHelper { return "document.pdf"; } + public static void setSignerCertificate(HttpServletRequest request, + String value) { + HttpSession session = request.getSession(); + session.setAttribute(PDF_SIGNER_CERT, value); + } + + public static String getSignerCertificate(HttpServletRequest request) { + HttpSession session = request.getSession(); + Object obj = session.getAttribute(PDF_SIGNER_CERT); + if (obj != null) { + return obj.toString(); + } + return null; + } + + public static void setVerificationLevel(HttpServletRequest request, + SignatureVerificationLevel lvl) { + HttpSession session = request.getSession(); + session.setAttribute(PDF_VER_LEVEL, lvl); + } + + public static SignatureVerificationLevel getVerificationLevel( + HttpServletRequest request) { + HttpSession session = request.getSession(); + Object obj = session.getAttribute(PDF_VER_LEVEL); + if (obj != null && obj instanceof SignatureVerificationLevel) { + return (SignatureVerificationLevel) obj; + } + return SignatureVerificationLevel.INTEGRITY_ONLY_VERIFICATION; + } + + public static void setPDFASVerificationResponse(HttpServletRequest request, + PDFASVerificationResponse resp) { + HttpSession session = request.getSession(); + session.setAttribute(PDF_VER_RESP, resp); + } + + public static PDFASVerificationResponse getPDFASVerificationResponse( + HttpServletRequest request) { + HttpSession session = request.getSession(); + Object obj = session.getAttribute(PDF_VER_RESP); + if (obj != null && obj instanceof PDFASVerificationResponse) { + return (PDFASVerificationResponse) obj; + } + return null; + } + public static void setVerificationResult(HttpServletRequest request, List<VerifyResult> value) { HttpSession session = request.getSession(); @@ -944,11 +1065,11 @@ public class PdfAsHelper { } return false; } - + public static String getVersion() { return PdfAsFactory.getVersion(); } - + public static String getSCMRevision() { return PdfAsFactory.getSCMRevision(); } |