diff options
7 files changed, 79 insertions, 16 deletions
diff --git a/build.gradle b/build.gradle index 7c4bf510..c3c2ae2d 100644 --- a/build.gradle +++ b/build.gradle @@ -16,7 +16,7 @@ task wrapper(type: Wrapper) { allprojects { apply plugin: 'com.github.ben-manes.versions' repositories { mavenCentral() } - version = '4.1.4-Snapshot' + version = '4.2.0-Snapshot' } configurations { diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java index a82771bd..3088a564 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/SL20Connector.java @@ -62,7 +62,9 @@ public class SL20Connector extends BaseSLConnector { HttpResponse httpResp = httpClient.execute(httpReq); log.debug("Response from VDA received "); - return SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); + JsonObject sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); + log.trace("SL20 command: " + sl20Resp.toString()); + return sl20Resp; } catch (URISyntaxException | IOException e) { log.warn("Can NOT build SL20 http requst. Reason:" + e.getMessage(), e); diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java index 59c3079d..fdefa1d9 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20Constants.java @@ -160,6 +160,8 @@ public class SL20Constants { //createCAdES Signture public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL = "contentUrl"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE = "contentMode"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange"; @@ -176,7 +178,8 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L"; public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A"; - + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED = "detached"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_ENVELOPING = "enveloping"; //create binding key command public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID"; diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java index efbc2890..7cbb7800 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl20/utils/SL20JSONBuilderUtils.java @@ -2,13 +2,10 @@ package at.gv.egiz.sl20.utils; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; -import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import org.apache.commons.codec.binary.Base64; -import org.bouncycastle.util.encoders.Base64Encoder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -182,14 +179,37 @@ public class SL20JSONBuilderUtils { } public static JsonObject createCreateCAdESCommandParameters(String keyId, - String pdfUrl, String mimeType, boolean padesCompatiblem, List<String> byteRanges, String cadesLevel, + byte[] content, String contentUrl, String contentMode, String mimeType, boolean padesCompatiblem, List<JsonElement> byteRanges, String cadesLevel, String dataUrl, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException { JsonObject params = new JsonObject(); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID, keyId, true); - addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, pdfUrl, true); + + if (content != null && contentUrl != null) { + log.warn(SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT + " and " + + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL + " can not SET TWICE"); + throw new SLCommandoBuildException(); + + } + + if (content != null) + addSingleByteElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT, content, true); + + else if (contentUrl != null ) + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL, contentUrl, true); + + else { + log.warn(SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT + " and " + + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTURL + " is NULL"); + throw new SLCommandoBuildException(); + + } + + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE, contentMode, true); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE, mimeType, true); addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY, padesCompatiblem, false); - addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges); + + //addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges); + addArrayOfElements(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE, byteRanges); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL, cadesLevel, false); addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL, dataUrl, true); addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC, x5cEnc, false); @@ -452,6 +472,18 @@ public class SL20JSONBuilderUtils { } } + private static void addArrayOfElements(JsonObject parent, String keyId, List<JsonElement> values) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + if (values != null) { + JsonArray callReqParamsArray = new JsonArray(); + parent.add(keyId, callReqParamsArray ); + for(JsonElement el : values) + callReqParamsArray.add(el); + + } + + } + private static void addArrayOfStrings(JsonObject parent, String keyId, List<String> values) throws SLCommandoBuildException { validateParentAndKey(parent, keyId); if (values != null) { diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java index bd904aae..4b69e5a8 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java @@ -60,6 +60,8 @@ import org.apache.http.entity.ContentType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; import com.google.gson.JsonObject; import at.gv.egiz.pdfas.api.ws.PDFASSignParameters; @@ -67,6 +69,7 @@ import at.gv.egiz.pdfas.api.ws.PDFASSignParameters.Connector; import at.gv.egiz.pdfas.api.ws.PDFASSignResponse; import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse; import at.gv.egiz.pdfas.common.exceptions.PDFASError; +import at.gv.egiz.pdfas.common.utils.PDFUtils; import at.gv.egiz.pdfas.lib.api.ByteArrayDataSource; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.IConfigurationConstants; @@ -1143,7 +1146,6 @@ public class PdfAsHelper { command, signedCommand); //store requestId - request.getSession(false).setAttribute(PDF_SESSION_PREFIX + SL20Constants.SL20_REQID, reqId); //forward SL2.0 command @@ -1192,9 +1194,24 @@ public class PdfAsHelper { } else if (slConnector instanceof SL20Connector) { //convert byte range - List<String> byteRanges = new ArrayList<String>(); - for (int el : statusRequest.getSignatureDataByteRange()) - byteRanges.add(String.valueOf(el)); + + int[] exclude_range = PDFUtils.buildExcludeRange(statusRequest.getSignatureDataByteRange()); + logger.info("Exclude Byte Range: " + exclude_range[0] + " " + exclude_range[1]); + + List<JsonElement> byteRanges = new ArrayList<JsonElement>(); + if (statusRequest.getSignatureDataByteRange().length % 2 != 0) { + logger.warn("ByteRange is not a set of pairs. Something is maybe suspect"); + + } + + for (int i=0; i<exclude_range.length/2; i++) { + JsonArray el = new JsonArray(); + el.add(exclude_range[2*i]); + el.add(exclude_range[2*i + 1]); + byteRanges.add(el); + + } + java.security.cert.X509Certificate x5cEnc = null; if (WebConfiguration.isSL20EncryptionEnabled() && joseTools != null) @@ -1205,11 +1222,15 @@ public class PdfAsHelper { if (pack.getRequestType().getPAdESFlag() != null) padesCompatibel = pack.getRequestType().getPAdESFlag(); + byte[] data = PDFUtils.blackOutSignature(statusRequest.getSignatureData(), + statusRequest.getSignatureDataByteRange()); + JsonObject createCAdESSigParams = SL20JSONBuilderUtils.createCreateCAdESCommandParameters( pack.getRequestType().getKeyboxIdentifier(), //statusRequest.getSignatureData(), generateNSPdfURL(request,response), + SL20Constants.SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENTMODE_DETACHED, pack.getRequestType().getDataObject().getMetaInfo().getMimeType(), padesCompatibel , byteRanges, @@ -1226,7 +1247,7 @@ public class PdfAsHelper { } else { JsonObject getCertCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES, createCAdESSigParams); - sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(UUID.randomUUID().toString(), null, getCertCommand, null); + sl20CreateCAdES = SL20JSONBuilderUtils.createGenericRequest(reqId, null, getCertCommand, null); } @@ -1791,6 +1812,8 @@ public class PdfAsHelper { redirectTwoCommand, null); + logger.trace("SL2.0 command: " + respContainer.toString()); + //workaround for A-Trust if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE) diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java index 7ddf0a55..31f5a2ef 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.java @@ -93,7 +93,7 @@ public class SLDataURLServlet extends HttpServlet { } - logger.trace("Received SL2.0 result: " + sl20Result); + logger.trace("Received SL2.0 command: " + sl20Result); //parse SL2.0 command/result into JSON try { @@ -144,6 +144,8 @@ public class SLDataURLServlet extends HttpServlet { //extract payloaf JsonObject payLoad = payLoadContainer.getPayload(); + logger.trace("SL2.0 payLoad on DataURL: " + payLoad.toString()); + //check response type if (SL20JSONExtractorUtils.getStringValue( payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) @@ -175,7 +177,7 @@ public class SLDataURLServlet extends HttpServlet { List<X509Certificate> sortedCerts = X509Utils.sortCertificates(certs); logger.debug("Sorting of certificate completed. Select end-user certificate ... "); - PdfAsHelper.injectCertificate(request, response, Base64.getDecoder().decode(sortedCerts.get(0).getEncoded()), getServletContext()); + PdfAsHelper.injectCertificate(request, response, sortedCerts.get(0).getEncoded(), getServletContext()); } diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java index f5d6ff55..e43ebfcf 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/sl20/SL20HttpBindingUtils.java @@ -21,6 +21,7 @@ public class SL20HttpBindingUtils { public static void writeIntoResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20Forward, String redirectURL) throws IOException, URISyntaxException { //forward SL2.0 command + log.trace("SL20 command: " + sl20Forward.toString()); if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { log.debug("Client request containts 'native client' header ... "); |