Implemented Verification level (Full incl. Certificate Path, and Integrity Only)

2 files changed, 27 insertions, 242 deletions

diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
index 2df2368e..d1e185ab 100644
--- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
@@ -23,41 +23,21 @@
  ******************************************************************************/
 package at.gv.egiz.pdfas.sigs.pades;
 
-import iaik.x509.X509Certificate;
-
 import java.util.ArrayList;
-import java.util.Calendar;
 import java.util.Date;
 import java.util.List;
 
-import javax.activation.DataHandler;
-import javax.xml.bind.JAXBElement;
-
-import org.apache.axis2.databinding.types.Token;
 import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import at.gv.egiz.dsig.X509DataType;
-import at.gv.egiz.dsig.util.DsigMarschaller;
-import at.gv.egiz.moa.ByteArrayDataSource;
-import at.gv.egiz.moa.SignatureVerificationServiceStub;
-import at.gv.egiz.moa.SignatureVerificationServiceStub.CMSContentBaseType;
-import at.gv.egiz.moa.SignatureVerificationServiceStub.CMSDataObjectOptionalMetaType;
-import at.gv.egiz.moa.SignatureVerificationServiceStub.KeyInfoTypeChoice;
-import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureRequest;
-import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponse;
-import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponseTypeSequence;
-import at.gv.egiz.moa.SignatureVerificationServiceStub.X509DataTypeSequence;
 import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
-import at.gv.egiz.pdfas.common.messages.CodesResolver;
 import at.gv.egiz.pdfas.common.utils.PDFUtils;
-import at.gv.egiz.pdfas.common.utils.StreamUtils;
 import at.gv.egiz.pdfas.lib.api.Configuration;
 import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
 import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry;
+import at.gv.egiz.pdfas.lib.impl.verify.IVerifier;
 import at.gv.egiz.pdfas.lib.impl.verify.IVerifyFilter;
-import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
 import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
 
 public class PAdESVerifier implements IVerifyFilter {
@@ -76,169 +56,19 @@ public class PAdESVerifier implements IVerifyFilter {
 
 	@SuppressWarnings("rawtypes")
 	public List<VerifyResult> verify(byte[] contentData,
-			byte[] signatureContent, Date verificationTime, int[] byteRange)
+			byte[] signatureContent, Date verificationTime, int[] byteRange, IVerifier verifier)
 			throws PdfAsException {
-
-		List<VerifyResult> resultList = new ArrayList<VerifyResult>();
-		try {
-			logger.info("verification with MOA @ " + this.moaEndpoint);
-
-			SignatureVerificationServiceStub service = new SignatureVerificationServiceStub(
-					this.moaEndpoint);
-			VerifyCMSSignatureRequest verifyCMSSignatureRequest = new VerifyCMSSignatureRequest();
-			Token token = new Token();
-			token.setValue(this.moaTrustProfile);
-			verifyCMSSignatureRequest.setTrustProfileID(token);
-
-			byte[] data = contentData;
-			byte[] signature = signatureContent;
-
-			CMSDataObjectOptionalMetaType cmsDataObjectOptionalMetaType = new CMSDataObjectOptionalMetaType();
-			CMSContentBaseType cmsDataContent = new CMSContentBaseType();
-			cmsDataContent.setBase64Content(new DataHandler(
-					new ByteArrayDataSource(data, "application/pdf")));
-			DataHandler cmsSignature = new DataHandler(new ByteArrayDataSource(
-					signature, "application/pdf"));
-			cmsDataObjectOptionalMetaType.setContent(cmsDataContent);
-			verifyCMSSignatureRequest.setCMSSignature(cmsSignature);
-			verifyCMSSignatureRequest
-					.setDataObject(cmsDataObjectOptionalMetaType);
-			if (verificationTime != null) {
-				Calendar cal = Calendar.getInstance();
-				cal.setTime(verificationTime);
-				verifyCMSSignatureRequest.setDateTime(cal);
-			}
-			// cmsDataObjectOptionalMetaType.
-			VerifyCMSSignatureResponse response = service
-					.verifyCMSSignature(verifyCMSSignatureRequest);
-
-			logger.debug("Got Verify Response from MOA");
-			
-			VerifyCMSSignatureResponseTypeSequence[] verifySequence = response
-					.getVerifyCMSSignatureResponse()
-					.getVerifyCMSSignatureResponseTypeSequence();
-			for (int i = 0; i < verifySequence.length; i++) {
-				VerifyResultImpl result = new VerifyResultImpl();
-				logger.debug(" ---------------------- ");
-				logger.debug("Signature: " + i);
-				
-				SignatureCheckImpl certificateCheck;
-
-				verifySequence[i].getSignerInfo().getKeyInfoTypeChoice()[0]
-						.getExtraElement();
-				if (verifySequence[i].getCertificateCheck() != null) {
-					certificateCheck = new SignatureCheckImpl(verifySequence[i]
-							.getCertificateCheck().getCode().intValue(),
-							verifySequence[i].getCertificateCheck()
-									.isInfoSpecified() ? verifySequence[i]
-									.getCertificateCheck().getInfo().toString()
-									: "");
-				} else {
-					certificateCheck = new SignatureCheckImpl(
-							1,
-							"");
-				}
-
-				if(certificateCheck.getMessage() == null || certificateCheck.getMessage().trim().length() == 0) {
-					String resourceString = "verify.cert." + certificateCheck.getCode();
-					String message = CodesResolver.resolveMessage(resourceString);
-					certificateCheck.setMessage(message);
-				}
-				
-				logger.debug("Certificate Check: " + certificateCheck.getCode() + " [" + certificateCheck.getMessage() + "]");
-				
-				SignatureCheckImpl signatureCheck = new SignatureCheckImpl(
-						verifySequence[i].getSignatureCheck().getCode()
-								.intValue(),
-						verifySequence[i].getSignatureCheck().isInfoSpecified() ? verifySequence[i]
-								.getSignatureCheck().getInfo().toString()
-								: "");
-
-				if(signatureCheck.getMessage() == null || signatureCheck.getMessage().trim().length() == 0) {
-					String resourceString = "verify.value." + signatureCheck.getCode();
-					String message = CodesResolver.resolveMessage(resourceString);
-					signatureCheck.setMessage(message);
-				}
-				
-				logger.debug("Signature Check: " + signatureCheck.getCode() + " [" + signatureCheck.getMessage() + "]");
-				
-				result.setCertificateCheck(certificateCheck);
-				result.setValueCheckCode(signatureCheck);
-				result.setVerificationDone(true);
-
-				KeyInfoTypeChoice[] keyInfo = verifySequence[i].getSignerInfo()
-						.getKeyInfoTypeChoice();
-				KeyInfoTypeChoice choice = keyInfo[0];
-				result.setSignatureData(PDFUtils.blackOutSignature(data, byteRange));
-
-				// extract certificate
-				if (choice.isX509DataSpecified()) {
-					byte[] certData = null;
-					X509DataTypeSequence[] x509Sequence = choice.getX509Data()
-							.getX509DataTypeSequence();
-					for (int k = 0; k < x509Sequence.length; k++) {
-						X509DataTypeSequence x509Data = x509Sequence[k];
-						if (x509Data.getX509DataTypeChoice_type0()
-								.isX509CertificateSpecified()) {
-							DataHandler handler = x509Data
-									.getX509DataTypeChoice_type0()
-									.getX509Certificate();
-							certData = StreamUtils
-									.inputStreamToByteArray(handler
-											.getInputStream());
-						} else if (x509Data.getX509DataTypeChoice_type0()
-								.isExtraElementSpecified()) {
-							if (x509Data
-									.getX509DataTypeChoice_type0()
-									.getExtraElement()
-									.getLocalName()
-									.equals(SignatureVerificationServiceStub.QualifiedCertificate.MY_QNAME
-											.getLocalPart())) {
-								result.setQualifiedCertificate(true);
-							}
-						}
-					}
-					X509Certificate certificate = new X509Certificate(certData);
-					result.setSignerCertificate(certificate);
-				} else if (choice.isExtraElementSpecified()) {
-					String xmldisg = choice.getExtraElement().toString();
-					JAXBElement jaxbElement = (JAXBElement) DsigMarschaller
-							.unmarshalFromString(xmldisg);
-					if (jaxbElement.getValue() instanceof X509DataType) {
-						X509DataType x509Data = (X509DataType) jaxbElement
-								.getValue();
-						List<Object> dsigElements = x509Data
-								.getX509IssuerSerialOrX509SKIOrX509SubjectName();
-						for (int j = 0; j < dsigElements.size(); j++) {
-							Object jaxElement = dsigElements.get(j);
-							if (jaxElement instanceof JAXBElement) {
-								JAXBElement jaxbElementMember = (JAXBElement) jaxElement;
-								if (jaxbElementMember
-										.getName()
-										.equals(DsigMarschaller.X509DataTypeX509Certificate_QNAME)) {
-									if (jaxbElementMember.getValue() instanceof byte[]) {
-										byte[] certData = (byte[]) jaxbElementMember
-												.getValue();
-										X509Certificate certificate = new X509Certificate(
-												certData);
-										result.setSignerCertificate(certificate);
-										break;
-									}
-								}
-							}
-						}
-					}
-				}
-
-				resultList.add(result);
-				
-				logger.debug(" ---------------------- ");
-			}
-		} catch (Throwable e) {
-			logger.error("Verification failed", e);
-			throw new PdfAsException("error.pdf.verify.02", e);
+		
+		byte[] data = contentData;
+		byte[] signature = signatureContent;
+		
+		List<VerifyResult> verifieResults = verifier.verify(signature, data, verificationTime);
+		for(int i =0; i < verifieResults.size();i++) {
+			VerifyResultImpl result = (VerifyResultImpl)verifieResults.get(i);
+			result.setSignatureData(PDFUtils.blackOutSignature(data, byteRange));
 		}
-		return resultList;
+		
+		return verifieResults;
 	}
 
 	public List<FilterEntry> getFiters() {
diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
index bef034b1..fb7fa5ab 100644
--- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
+++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java
@@ -46,6 +46,7 @@ import at.gv.egiz.pdfas.common.utils.PDFUtils;
 import at.gv.egiz.pdfas.lib.api.Configuration;
 import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
 import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry;
+import at.gv.egiz.pdfas.lib.impl.verify.IVerifier;
 import at.gv.egiz.pdfas.lib.impl.verify.IVerifyFilter;
 import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
 import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
@@ -57,68 +58,22 @@ public class PKCS7DetachedVerifier implements IVerifyFilter {
 	public PKCS7DetachedVerifier() {
 	}
 	
-	public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, Date verificationTime, int[] byteRange)
+	public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent, 
+			Date verificationTime, int[] byteRange, IVerifier verifier)
 			throws PdfAsException {
-		try {
-			List<VerifyResult> result = new ArrayList<VerifyResult>();
-			
-			SignedData signedData = new SignedData(contentData, new AlgorithmID[] { 
-					AlgorithmID.sha256, AlgorithmID.sha1, AlgorithmID.ripeMd160,  AlgorithmID.ripeMd160_ISO
-			});			
-			ContentInfo ci = new ContentInfo(new ByteArrayInputStream(
-					signatureContent));
-			if (!ci.getContentType().equals(ObjectID.cms_signedData)) {
-				throw new PdfAsException("error.pdf.verify.01");
-			}
-			//SignedData signedData = (SignedData)ci.getContent();
-			//signedData.setContent(contentData);
-
-			signedData.decode(ci.getContentInputStream());
-			
-			// get the signer infos
-			SignerInfo[] signerInfos = signedData.getSignerInfos();
-			// verify the signatures
-			for (int i = 0; i < signerInfos.length; i++) {
-				VerifyResultImpl verifyResult = new VerifyResultImpl();
-				verifyResult.setSignatureData(PDFUtils.blackOutSignature(contentData, byteRange));
-				try {
-					// verify the signature for SignerInfo at index i
-					X509Certificate signer_cert = signedData.verify(i);
-					logger.info("Signature Algo: {}, Digest {}",  
-							signedData.getSignerInfos()[i].getSignatureAlgorithm(),
-							signedData.getSignerInfos()[i].getDigestAlgorithm());
-					// if the signature is OK the certificate of the
-					// signer is returned
-					logger.info("Signature OK from signer: "
-							+ signer_cert.getSubjectDN());
-					verifyResult.setSignerCertificate(signer_cert);
-					verifyResult.setValueCheckCode(new SignatureCheckImpl(0, "OK"));
-					verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
-					verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
-					verifyResult.setVerificationDone(true);
-				} catch (SignatureException ex) {
-					// if the signature is not OK a SignatureException
-					// is thrown
-					logger.info("Signature ERROR from signer: "
-							+ signedData.getCertificate(
-									signerInfos[i].getSignerIdentifier())
-									.getSubjectDN(), ex);
-					
-					verifyResult.setSignerCertificate(
-							signedData.getCertificate(signerInfos[i].getSignerIdentifier()));
-					verifyResult.setValueCheckCode(new SignatureCheckImpl(1, "failed to check signature"));
-					verifyResult.setManifestCheckCode(new SignatureCheckImpl(99, "not checked"));
-					verifyResult.setCertificateCheck(new SignatureCheckImpl(99, "not checked"));
-					verifyResult.setVerificationDone(false);
-					verifyResult.setVerificationException(new PdfAsSignatureException("failed to check signature", ex));
-				}
-				result.add(verifyResult);
-			}
-
-			return result;
-		} catch (Throwable e) {
-			throw new PdfAsException("error.pdf.verify.02", e);
+		
+		byte[] data = contentData;
+		byte[] signature = signatureContent;
+		
+		List<VerifyResult> verifieResults = verifier.verify(signature, data, verificationTime);
+		for(int i =0; i < verifieResults.size();i++) {
+			VerifyResultImpl result = (VerifyResultImpl)verifieResults.get(i);
+			result.setSignatureData(PDFUtils.blackOutSignature(data, byteRange));
 		}
+		
+		return verifieResults;
+		
+		
 	}
 
 	public List<FilterEntry> getFiters() {