MOA integration sign/verification (not finished yet ...)

Lots of PDF-AS Web implementation
author: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2013-11-27 10:05:17 +0100
committer: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> 2013-11-27 10:05:17 +0100
commit: f3476576c50efd922593c82656efda7aec5ae97f (patch)
tree: 66107d5c5d3a88af66bd4829d8fcecc5678b749e /signature-standards
parent: 7b2e2b640b0f392183f7927f692936950d3fabfc (diff)
download: pdf-as-4-f3476576c50efd922593c82656efda7aec5ae97f.tar.gz
pdf-as-4-f3476576c50efd922593c82656efda7aec5ae97f.tar.bz2
pdf-as-4-f3476576c50efd922593c82656efda7aec5ae97f.zip
8 files changed, 171 insertions, 44 deletions
diff --git a/signature-standards/sigs-pades/bin/META-INF/MANIFEST.MF b/signature-standards/sigs-pades/bin/META-INF/MANIFEST.MF
new file mode 100644
index 00000000..5e949512
--- /dev/null
+++ b/signature-standards/sigs-pades/bin/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path: 
+
diff --git a/signature-standards/sigs-pades/build.gradle b/signature-standards/sigs-pades/build.gradle
index 58151a7e..bc8285d6 100644
--- a/signature-standards/sigs-pades/build.gradle
+++ b/signature-standards/sigs-pades/build.gradle
@@ -8,6 +8,7 @@ jar {
 }
 
 repositories {
+	mavenLocal()
     mavenCentral()
 }
 
diff --git a/signature-standards/sigs-pades/src/main/java/META-INF/MANIFEST.MF b/signature-standards/sigs-pades/src/main/java/META-INF/MANIFEST.MF
new file mode 100644
index 00000000..5e949512
--- /dev/null
+++ b/signature-standards/sigs-pades/src/main/java/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path: 
+
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java
index 91237d98..7fc0081b 100644
--- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java
@@ -2,63 +2,32 @@ package at.gv.egiz.pdfas.sigs.pades;
 
 import iaik.x509.X509Certificate;
 
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Iterator;
-
-import org.apache.pdfbox.exceptions.SignatureException;
 import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
 
 import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
 import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
-import at.gv.egiz.sl.CreateCMSSignatureRequestType;
-import at.gv.egiz.sl.CreateCMSSignatureResponseType;
-import at.gv.egiz.sl.InfoboxAssocArrayPairType;
-import at.gv.egiz.sl.InfoboxReadRequestType;
-import at.gv.egiz.sl.InfoboxReadResponseType;
-import at.gv.egiz.sl.util.BKUSLConnector;
+import at.gv.egiz.sl.util.ISignatureConnector;
+import at.gv.egiz.sl.util.ISignatureConnectorSLWrapper;
 import at.gv.egiz.sl.util.ISLConnector;
-import at.gv.egiz.sl.util.BaseSLConnector;
 
 public class PAdESSigner implements IPlainSigner {
 
-	private ISLConnector connector;
+	private ISignatureConnector plainSigner;
 	
 	public PAdESSigner(ISLConnector connector) {
-		this.connector = connector;
+		this.plainSigner = new ISignatureConnectorSLWrapper(connector);
+	}
+	
+	public PAdESSigner(ISignatureConnector signer) {
+		this.plainSigner = signer;
 	}
 
 	public X509Certificate getCertificate() throws PdfAsException {
-		X509Certificate certificate = null;
-		try {
-			InfoboxReadRequestType request = connector
-					.createInfoboxReadRequest();
-			InfoboxReadResponseType response = connector
-					.sendInfoboxReadRequest(request);
-
-			Iterator<InfoboxAssocArrayPairType> iterator = response
-					.getAssocArrayData().getPair().iterator();
-
-			while (iterator.hasNext()) {
-				InfoboxAssocArrayPairType pair = iterator.next();
-				if (pair.getKey().equals("SecureSignatureKeypair")) {
-					byte[] certData = pair.getBase64Content();
-					certificate = new X509Certificate(certData);
-					break;
-				}
-			}
-		} catch (CertificateException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-		return certificate;
+		return this.plainSigner.getCertificate();
 	}
 
 	public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
-		CreateCMSSignatureRequestType request = connector.createCMSRequest(input, byteRange);
-		CreateCMSSignatureResponseType response = connector.sendCMSRequest(request);
-		
-		return response.getCMSSignature();
+		return this.plainSigner.sign(input, byteRange);
 	}
 
 	public String getPDFSubFilter() {
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
new file mode 100644
index 00000000..71b24213
--- /dev/null
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
@@ -0,0 +1,149 @@
+package at.gv.egiz.pdfas.sigs.pades;
+
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+import iaik.x509.X509Certificate;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.activation.DataHandler;
+import javax.xml.bind.JAXBElement;
+
+import org.apache.axis2.databinding.types.Token;
+import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
+
+import at.gv.egiz.dsig.X509DataType;
+import at.gv.egiz.dsig.util.DsigMarschaller;
+import at.gv.egiz.moa.ByteArrayDataSource;
+import at.gv.egiz.moa.SignatureVerificationServiceStub;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.CMSContentBaseType;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.CMSDataObjectOptionalMetaType;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.KeyInfoTypeChoice;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureRequest;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponse;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponseTypeSequence;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.lib.api.Configuration;
+import at.gv.egiz.pdfas.lib.api.verify.SignatureCheck;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry;
+import at.gv.egiz.pdfas.lib.impl.verify.IVerifyFilter;
+import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
+import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
+
+public class PAdESVerifier  implements IVerifyFilter  {
+
+	private static final String MOA_VERIFY_URL = "moa.verify.url";
+	private static final String MOA_VERIFY_TRUSTPROFILE = "moa.verify.TrustProfileID";
+	
+	private String moaEndpoint;
+	private String moaTrustProfile;
+	
+	public PAdESVerifier(Configuration config) {
+		IAIK.getInstance();
+		ECCProvider.addAsProvider();
+		this.moaEndpoint = config.getValue(MOA_VERIFY_URL);
+		this.moaTrustProfile = config.getValue(MOA_VERIFY_TRUSTPROFILE);
+	}
+	
+	@SuppressWarnings("rawtypes")
+	public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent)
+			throws PdfAsException {
+
+		List<VerifyResult> resultList = new ArrayList<VerifyResult>();
+		try {
+			SignatureVerificationServiceStub service = new SignatureVerificationServiceStub(
+					this.moaEndpoint);
+			VerifyCMSSignatureRequest verifyCMSSignatureRequest = new VerifyCMSSignatureRequest();
+			Token token = new Token();
+			token.setValue(this.moaTrustProfile);
+			verifyCMSSignatureRequest.setTrustProfileID(token);
+
+			byte[] data = contentData;
+			byte[] signature = signatureContent;
+
+			CMSDataObjectOptionalMetaType cmsDataObjectOptionalMetaType = new CMSDataObjectOptionalMetaType();
+			CMSContentBaseType cmsDataContent = new CMSContentBaseType();
+			cmsDataContent.setBase64Content(new DataHandler(
+					new ByteArrayDataSource(data, "application/pdf")));
+			DataHandler cmsSignature = new DataHandler(new ByteArrayDataSource(
+					signature, "application/pdf"));
+			cmsDataObjectOptionalMetaType.setContent(cmsDataContent);
+			verifyCMSSignatureRequest.setCMSSignature(cmsSignature);
+			verifyCMSSignatureRequest
+					.setDataObject(cmsDataObjectOptionalMetaType);
+			
+			// cmsDataObjectOptionalMetaType.
+			VerifyCMSSignatureResponse response = service
+					.verifyCMSSignature(verifyCMSSignatureRequest);
+			
+			VerifyCMSSignatureResponseTypeSequence[] verifySequence = response.getVerifyCMSSignatureResponse().getVerifyCMSSignatureResponseTypeSequence();
+			for(int i = 0 ; i < verifySequence.length; i++) {
+				VerifyResultImpl result = new VerifyResultImpl();
+				
+				SignatureCheck certificateCheck;
+				
+				 verifySequence[i].getSignerInfo().getKeyInfoTypeChoice()[0].getExtraElement();
+				if(verifySequence[i].getCertificateCheck() != null) {
+					certificateCheck = new SignatureCheckImpl(
+						verifySequence[i].getCertificateCheck().getCode().intValue(),
+						verifySequence[i].getCertificateCheck().isInfoSpecified() ?
+						verifySequence[i].getCertificateCheck().getInfo().toString() : 
+							"");
+				} else {
+					certificateCheck = new SignatureCheckImpl(
+							1,
+							"Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden.");
+				}
+				
+				
+				SignatureCheck signatureCheck = new SignatureCheckImpl(
+						verifySequence[i].getSignatureCheck().getCode().intValue(),
+						verifySequence[i].getSignatureCheck().isInfoSpecified() ?
+								verifySequence[i].getSignatureCheck().getInfo().toString() : 
+									"");
+				
+				result.setCertificateCheck(certificateCheck);
+				result.setValueCheckCode(signatureCheck);
+				result.setVerificationDone(true);
+				
+				KeyInfoTypeChoice[] keyInfo = verifySequence[i].getSignerInfo().getKeyInfoTypeChoice();
+				String xmldisg = keyInfo[0].getExtraElement().toString();
+				JAXBElement jaxbElement = (JAXBElement) DsigMarschaller.unmarshalFromString(xmldisg);
+				result.setSignatureData(signatureContent);
+				if(jaxbElement.getValue() instanceof X509DataType) {
+					X509DataType x509Data = (X509DataType)jaxbElement.getValue();
+					List<Object> dsigElements = x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName();
+					for(int j = 0; j < dsigElements.size(); j++) {
+						Object jaxElement = dsigElements.get(j);
+						if(jaxElement instanceof JAXBElement) {
+							JAXBElement jaxbElementMember = (JAXBElement)jaxElement;
+							if(jaxbElementMember.getName().equals(
+									DsigMarschaller.X509DataTypeX509Certificate_QNAME)) {
+								if(jaxbElementMember.getValue() instanceof byte[]) {
+									byte[] certData = (byte[])jaxbElementMember.getValue();
+									X509Certificate certificate = new X509Certificate(certData);
+									result.setSignerCertificate(certificate);
+									break;
+								}
+							}
+						}
+					}
+				}
+
+				resultList.add(result);
+			}
+		} catch (Throwable e) {
+			e.printStackTrace();
+		}
+		return resultList;
+	}
+
+	public List<FilterEntry> getFiters() {
+		List<FilterEntry> result = new ArrayList<FilterEntry>();
+		result.add(new FilterEntry(PDSignature.FILTER_ADOBE_PPKLITE, PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED));
+		return result;
+	}
+
+}
diff --git a/signature-standards/sigs-pcks7detached/build.gradle b/signature-standards/sigs-pcks7detached/build.gradle
index cc0a4e33..6864bc00 100644
--- a/signature-standards/sigs-pcks7detached/build.gradle
+++ b/signature-standards/sigs-pcks7detached/build.gradle
@@ -8,13 +8,14 @@ jar {
 }
 
 repositories {
+	mavenLocal()
     mavenCentral()
 }
 
 dependencies {
 	compile project (':pdf-as-lib')
 	compile project (':pdf-as-common')
-	compile group: 'iaik', name: 'iaik_cms', version: '4.1-moa'
+	compile group: 'iaik', name: 'iaik_cms', version: '4.1'
 	compile group: 'eu.europa.ec.joinup.egovlabs.pdf-as.iaik', name: 'iaik_jce_eval_signed', version: '4.0'
 	compile group: 'eu.europa.ec.joinup.egovlabs.pdf-as.iaik', name: 'iaik_ecc_eval_signed', version: '2.19'
     compile group: 'commons-collections', name: 'commons-collections', version: '3.2'
diff --git a/signature-standards/sigs-pcks7detached/src/main/java/META-INF/MANIFEST.MF b/signature-standards/sigs-pcks7detached/src/main/java/META-INF/MANIFEST.MF
new file mode 100644
index 00000000..5e949512
--- /dev/null
+++ b/signature-standards/sigs-pcks7detached/src/main/java/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path: 
+
diff --git a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
index c6b12897..25b42f5f 100644
--- a/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
+++ b/signature-standards/sigs-pcks7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java
@@ -19,8 +19,6 @@ import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
 
-import org.apache.pdfbox.cos.COSName;
-import org.apache.pdfbox.exceptions.SignatureException;
 import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
 
 import at.gv.egiz.pdfas.common.exceptions.PDFIOException;
author	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2013-11-27 10:05:17 +0100
committer	Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>	2013-11-27 10:05:17 +0100
commit	f3476576c50efd922593c82656efda7aec5ae97f (patch)
tree	66107d5c5d3a88af66bd4829d8fcecc5678b749e /signature-standards
parent	7b2e2b640b0f392183f7927f692936950d3fabfc (diff)
download	pdf-as-4-f3476576c50efd922593c82656efda7aec5ae97f.tar.gz pdf-as-4-f3476576c50efd922593c82656efda7aec5ae97f.tar.bz2 pdf-as-4-f3476576c50efd922593c82656efda7aec5ae97f.zip