diff options
7 files changed, 195 insertions, 91 deletions
diff --git a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java index a513ccf7..7c1255cf 100644 --- a/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java +++ b/pdf-as-cli/src/main/java/at/gv/egiz/pdfas/cli/Main.java @@ -88,7 +88,7 @@ public class Main { public static final String CLI_ARG_VERIFY_WHICH_SHORT = "vw"; public static final String CLI_ARG_VERIFY_WHICH = "verify_which"; - + public static final String CLI_ARG_VERIFY_LEVEL_SHORT = "vl"; public static final String CLI_ARG_VERIFY_LEVEL = "verify_level"; public static final String CLI_ARG_VERIFY_LEVEL_OPTION_FULL = "full"; @@ -115,7 +115,7 @@ public class Main { public static final String STANDARD_POSITION_STRING = "x:auto;y:auto;w:auto;p:auto;f:0"; private static final Logger logger = LoggerFactory.getLogger(Main.class); - + private static Options createOptions() { Options cliOptions = new Options(); @@ -182,12 +182,15 @@ public class Main { true, "[optional] zero based number of the signature to be verified. If omitted, all signatures are verified."); cliOptions.addOption(verifywhichOption); - + Option verifyLevelOption = new Option( CLI_ARG_VERIFY_LEVEL_SHORT, CLI_ARG_VERIFY_LEVEL, true, - "[optional] Verification Level Full certificate verification, or only integrity Verification (" + CLI_ARG_VERIFY_LEVEL_OPTION_FULL + " | " + CLI_ARG_VERIFY_LEVEL_OPTION_INT_ONLY + ")"); + "[optional] Verification Level Full certificate verification, or only integrity Verification (" + + CLI_ARG_VERIFY_LEVEL_OPTION_FULL + + " | " + + CLI_ARG_VERIFY_LEVEL_OPTION_INT_ONLY + ")"); cliOptions.addOption(verifyLevelOption); Option outputOption = new Option(CLI_ARG_OUTPUT_SHORT, CLI_ARG_OUTPUT, @@ -204,8 +207,7 @@ public class Main { public static void main(String[] args) { // create the command line parser - - + CommandLineParser parser = new GnuParser(); ModeOfOperation mode = ModeOfOperation.INVALID; try { @@ -214,7 +216,8 @@ public class Main { if (cli.hasOption(CLI_ARG_DEPLOY_SHORT)) { PdfAsFactory.deployDefaultConfiguration(new File( STANDARD_CONFIG_LOCATION)); - System.out.println("Configuration was deployed to: " + STANDARD_CONFIG_LOCATION); + System.out.println("Configuration was deployed to: " + + STANDARD_CONFIG_LOCATION); } if (cli.hasOption(CLI_ARG_MODE_SHORT)) { @@ -247,7 +250,16 @@ public class Main { usage(); System.exit(-1); } catch (PDFASError e) { - System.err.println("PDF-AS Error: [" + e.getCode() + "]" + e.getMessage()); + System.err.println("PDF-AS Error: [" + e.getCode() + "]" + + e.getMessage()); + Iterator<Entry<String, String>> infoIt = e.getProcessInformations() + .entrySet().iterator(); + + while (infoIt.hasNext()) { + Entry<String, String> infoEntry = infoIt.next(); + logger.debug("Process Information: {} = {}", + infoEntry.getKey(), infoEntry.getValue()); + } e.printStackTrace(System.err); System.exit(-1); } catch (Throwable e) { @@ -345,7 +357,7 @@ public class Main { String id = UUID.randomUUID().toString(); signParameter.setTransactionId(id); System.out.println("Transaction: " + id); - + IPlainSigner slConnector = null; if (connector != null) { @@ -419,17 +431,23 @@ public class Main { signParameter.setSignatureProfileId(profilID); System.out.println("Starting signature for " + pdfFile); System.out.println("Selected signature Profile " + profilID); - - @SuppressWarnings("unused") - SignResult result = pdfAs.sign(signParameter); - - Iterator<Entry<String, String>> infoIt = result.getProcessInformations().entrySet().iterator(); - - while(infoIt.hasNext()) { - Entry<String, String> infoEntry = infoIt.next(); - logger.debug("Process Information: {} = {}", infoEntry.getKey(), infoEntry.getValue()); + + SignResult result = null; + try { + result = pdfAs.sign(signParameter); + } finally { + if (result != null) { + Iterator<Entry<String, String>> infoIt = result + .getProcessInformations().entrySet().iterator(); + + while (infoIt.hasNext()) { + Entry<String, String> infoEntry = infoIt.next(); + logger.debug("Process Information: {} = {}", + infoEntry.getKey(), infoEntry.getValue()); + } + } } - + fos.close(); System.out.println("Signed document " + outputFile); } @@ -451,29 +469,32 @@ public class Main { String whichValue = cli.getOptionValue(CLI_ARG_VERIFY_WHICH_SHORT); which = Integer.parseInt(whichValue); } - + SignatureVerificationLevel lvl = SignatureVerificationLevel.FULL_VERIFICATION; - + if (cli.hasOption(CLI_ARG_VERIFY_LEVEL_SHORT)) { String levelValue = cli.getOptionValue(CLI_ARG_VERIFY_LEVEL_SHORT); - if(levelValue.equals(CLI_ARG_VERIFY_LEVEL_OPTION_FULL)) { + if (levelValue.equals(CLI_ARG_VERIFY_LEVEL_OPTION_FULL)) { lvl = SignatureVerificationLevel.FULL_VERIFICATION; - } else if(levelValue.equals(CLI_ARG_VERIFY_LEVEL_OPTION_INT_ONLY)) { + } else if (levelValue.equals(CLI_ARG_VERIFY_LEVEL_OPTION_INT_ONLY)) { lvl = SignatureVerificationLevel.INTEGRITY_ONLY_VERIFICATION; } else { - System.out.println("Invalid value for verification Level: " + levelValue); - System.out.println("Allowed values are: " + CLI_ARG_VERIFY_LEVEL_OPTION_FULL - + ", " + CLI_ARG_VERIFY_LEVEL_OPTION_INT_ONLY); - throw new Exception("Invalid value for verification Level: " + levelValue); + System.out.println("Invalid value for verification Level: " + + levelValue); + System.out.println("Allowed values are: " + + CLI_ARG_VERIFY_LEVEL_OPTION_FULL + ", " + + CLI_ARG_VERIFY_LEVEL_OPTION_INT_ONLY); + throw new Exception("Invalid value for verification Level: " + + levelValue); } } String confOutputFile = null; - + if (cli.hasOption(CLI_ARG_OUTPUT_SHORT)) { confOutputFile = cli.getOptionValue(CLI_ARG_OUTPUT_SHORT); } - + String pdfFile = null; pdfFile = cli.getArgs()[cli.getArgs().length - 1]; diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/BKUHeaderHolder.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/BKUHeaderHolder.java new file mode 100644 index 00000000..f66f0c11 --- /dev/null +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/BKUHeaderHolder.java @@ -0,0 +1,9 @@ +package at.gv.egiz.pdfas.lib.impl; + +import java.util.List; + +import at.gv.egiz.sl.util.BKUHeader; + +public interface BKUHeaderHolder { + public List<BKUHeader> getProcessInfo(); +} diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java index aa524cc9..8e86364b 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/PdfAsImpl.java @@ -61,6 +61,7 @@ import at.gv.egiz.pdfas.lib.impl.signing.PDFASSignatureExtractor; import at.gv.egiz.pdfas.lib.impl.status.OperationStatus; import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature; import at.gv.egiz.pdfas.lib.util.SignatureUtils; +import at.gv.egiz.sl.util.BKUHeader; public class PdfAsImpl implements PdfAs, IConfigurationConstants, ErrorConstants { @@ -160,9 +161,34 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants, status.setRequestedSignature(requestedSignature); + try { requestedSignature.setCertificate(status.getSignParamter() .getPlainSigner().getCertificate(parameter)); - + } finally { + if (parameter instanceof BKUHeaderHolder) { + BKUHeaderHolder holder = (BKUHeaderHolder) parameter; + + Iterator<BKUHeader> bkuHeaderIt = holder.getProcessInfo() + .iterator(); + + while (bkuHeaderIt.hasNext()) { + BKUHeader header = bkuHeaderIt.next(); + if ("Server".equalsIgnoreCase(header.getName())) { + requestedSignature + .getStatus() + .getMetaInformations() + .put(ErrorConstants.STATUS_INFO_SIGDEVICEVERSION, + header.getValue()); + } else if (ErrorConstants.STATUS_INFO_SIGDEVICE.equalsIgnoreCase(header.getName())) { + requestedSignature + .getStatus() + .getMetaInformations() + .put(ErrorConstants.STATUS_INFO_SIGDEVICE, + header.getValue()); + } + } + } + } // Only use this profileID because validation was done in // RequestedSignature String signatureProfileID = requestedSignature @@ -177,11 +203,35 @@ public class PdfAsImpl implements PdfAs, IConfigurationConstants, // this.stampPdf(status); // Create signature - - signer.signPDF(status.getPdfObject(), requestedSignature, signer + try { + signer.signPDF(status.getPdfObject(), requestedSignature, signer .buildSignaturInterface(status.getSignParamter() .getPlainSigner(), parameter, requestedSignature)); - + } finally { + if (parameter instanceof BKUHeaderHolder) { + BKUHeaderHolder holder = (BKUHeaderHolder) parameter; + + Iterator<BKUHeader> bkuHeaderIt = holder.getProcessInfo() + .iterator(); + + while (bkuHeaderIt.hasNext()) { + BKUHeader header = bkuHeaderIt.next(); + if ("Server".equalsIgnoreCase(header.getName())) { + requestedSignature + .getStatus() + .getMetaInformations() + .put(ErrorConstants.STATUS_INFO_SIGDEVICEVERSION, + header.getValue()); + } else if (ErrorConstants.STATUS_INFO_SIGDEVICE.equalsIgnoreCase(header.getName())) { + requestedSignature + .getStatus() + .getMetaInformations() + .put(ErrorConstants.STATUS_INFO_SIGDEVICE, + header.getValue()); + } + } + } + } // ================================================================ // Create SignResult SignResult result = createSignResult(status); diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/SignParameterImpl.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/SignParameterImpl.java index 9584e1bf..d2786f53 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/SignParameterImpl.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/SignParameterImpl.java @@ -24,19 +24,25 @@ package at.gv.egiz.pdfas.lib.impl; import java.io.OutputStream; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; import javax.activation.DataSource; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; import at.gv.egiz.pdfas.lib.api.sign.SignParameter; +import at.gv.egiz.sl.util.BKUHeader; -public class SignParameterImpl extends PdfAsParameterImpl implements SignParameter { +public class SignParameterImpl extends PdfAsParameterImpl implements SignParameter, BKUHeaderHolder { protected String signatureProfileId = null; protected String signaturePosition = null; protected DataSource output = null; protected IPlainSigner signer = null; protected OutputStream outputStream = null; + protected List<BKUHeader> processInfo = new ArrayList<BKUHeader>(); public SignParameterImpl(Configuration configuration, DataSource dataSource, OutputStream outputStream) { @@ -74,5 +80,8 @@ public class SignParameterImpl extends PdfAsParameterImpl implements SignParamet public OutputStream getSignatureResult() { return outputStream; } - + + public List<BKUHeader> getProcessInfo() { + return processInfo; + } } diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java index e1c7bf40..15d2fb38 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/BKUSLConnector.java @@ -42,6 +42,7 @@ import org.apache.http.impl.client.HttpClientBuilder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.pdfas.common.exceptions.ErrorConstants; import at.gv.egiz.pdfas.common.exceptions.PDFIOException; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.common.exceptions.PdfAsWrappedIOException; @@ -49,6 +50,7 @@ import at.gv.egiz.pdfas.common.exceptions.SLPdfAsException; import at.gv.egiz.pdfas.common.utils.PDFUtils; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.sign.SignParameter; +import at.gv.egiz.pdfas.lib.impl.BKUHeaderHolder; import at.gv.egiz.sl.schema.CreateCMSSignatureResponseType; import at.gv.egiz.sl.schema.ErrorResponseType; import at.gv.egiz.sl.schema.InfoboxReadRequestType; @@ -59,6 +61,8 @@ public class BKUSLConnector extends BaseSLConnector { private static final Logger logger = LoggerFactory .getLogger(BKUSLConnector.class); + public static final String SIGNATURE_DEVICE = "BKU"; + private String bkuUrl; public BKUSLConnector(Configuration config) { @@ -102,17 +106,23 @@ public class BKUSLConnector extends BaseSLConnector { logger.debug("Response Code : " + response.getStatusLine().getStatusCode()); - if(pack != null) { - Header[] headers = response.getAllHeaders(); - - if (headers != null) { - for (int i = 0; i < headers.length; i++) { - BKUHeader hdr = new BKUHeader(headers[i].getName(), headers[i].getValue()); - logger.debug("Response Header : {}", - hdr.toString()); - pack.getHeaders().add(hdr); + if (parameter instanceof BKUHeaderHolder) { + BKUHeaderHolder holder = (BKUHeaderHolder) parameter; + Header[] headers = response.getAllHeaders(); + + if (headers != null) { + for (int i = 0; i < headers.length; i++) { + BKUHeader hdr = new BKUHeader(headers[i].getName(), + headers[i].getValue()); + logger.debug("Response Header : {}", hdr.toString()); + holder.getProcessInfo().add(hdr); + } } - } + + BKUHeader hdr = new BKUHeader(ErrorConstants.STATUS_INFO_SIGDEVICE, + SIGNATURE_DEVICE); + logger.debug("Response Header : {}", hdr.toString()); + holder.getProcessInfo().add(hdr); } BufferedReader rd = new BufferedReader(new InputStreamReader( diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java index 0b6b1fff..96877828 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java @@ -42,6 +42,7 @@ import at.gv.egiz.pdfas.common.utils.StreamUtils; import at.gv.egiz.pdfas.lib.api.IConfigurationConstants; import at.gv.egiz.pdfas.lib.api.sign.SignParameter; import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; +import at.gv.egiz.pdfas.lib.impl.BKUHeaderHolder; import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature; import at.gv.egiz.pdfas.lib.util.SignatureUtils; import at.gv.egiz.sl.schema.CreateCMSSignatureResponseType; @@ -53,8 +54,6 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { public static final String SL_USE_BASE64 = ""; - public static final String SIGNATURE_DEVICE = "BKU"; - private static final Logger logger = LoggerFactory .getLogger(ISignatureConnectorSLWrapper.class); @@ -86,7 +85,7 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { } } catch (CertificateException e) { throw new PdfAsSignatureException("error.pdf.sig.01", e); - } + } return certificate; } @@ -94,49 +93,62 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { RequestedSignature requestedSignature) throws PdfAsException { RequestPackage pack = connector.createCMSRequest(input, byteRange, parameter); - CreateCMSSignatureResponseType response = connector.sendCMSRequest( - pack, parameter); + try { + CreateCMSSignatureResponseType response = connector.sendCMSRequest( + pack, parameter); + + VerifyResult verifyResult; + try { + verifyResult = SignatureUtils.verifySignature( + response.getCMSSignature(), input); + if (SettingsUtils.getBooleanValue(requestedSignature + .getStatus().getSettings(), + IConfigurationConstants.KEEP_INVALID_SIGNATURE, false)) { + Base64 b64 = new Base64(); + requestedSignature + .getStatus() + .getMetaInformations() + .put(ErrorConstants.STATUS_INFO_INVALIDSIG, + b64.encodeToString(response + .getCMSSignature())); + } + } catch (PDFASError e) { + throw new PdfAsErrorCarrier(e); + } - Iterator<BKUHeader> bkuHeaderIt = pack.getHeaders().iterator(); + if (!StreamUtils.dataCompare(requestedSignature.getCertificate() + .getFingerprintSHA(), ((X509Certificate) verifyResult + .getSignerCertificate()).getFingerprintSHA())) { + throw new PdfAsSignatureException("Certificates missmatch!"); + } - requestedSignature.getStatus().getMetaInformations() - .put(ErrorConstants.STATUS_INFO_SIGDEVICE, SIGNATURE_DEVICE); - while (bkuHeaderIt.hasNext()) { - BKUHeader header = bkuHeaderIt.next(); - if ("Server".equalsIgnoreCase(header.getName())) { - requestedSignature + return response.getCMSSignature(); + } finally { + if (parameter instanceof BKUHeaderHolder) { + BKUHeaderHolder holder = (BKUHeaderHolder) parameter; + + Iterator<BKUHeader> bkuHeaderIt = holder.getProcessInfo() + .iterator(); + + while (bkuHeaderIt.hasNext()) { + BKUHeader header = bkuHeaderIt.next(); + if ("Server".equalsIgnoreCase(header.getName())) { + requestedSignature + .getStatus() + .getMetaInformations() + .put(ErrorConstants.STATUS_INFO_SIGDEVICEVERSION, + header.getValue()); + } else if (ErrorConstants.STATUS_INFO_SIGDEVICE.equalsIgnoreCase(header.getName())) { + requestedSignature .getStatus() .getMetaInformations() - .put(ErrorConstants.STATUS_INFO_SIGDEVICEVERSION, + .put(ErrorConstants.STATUS_INFO_SIGDEVICE, header.getValue()); - break; - } - } - - VerifyResult verifyResult; - try { - verifyResult = SignatureUtils.verifySignature( - response.getCMSSignature(), input); - if(SettingsUtils.getBooleanValue(requestedSignature.getStatus().getSettings(), - IConfigurationConstants.KEEP_INVALID_SIGNATURE, false)) { - Base64 b64 = new Base64(); - requestedSignature - .getStatus() - .getMetaInformations() - .put(ErrorConstants.STATUS_INFO_INVALIDSIG, - b64.encodeToString(response.getCMSSignature())); + } + } } - } catch (PDFASError e) { - throw new PdfAsErrorCarrier(e); - } - - if (!StreamUtils.dataCompare(requestedSignature.getCertificate() - .getFingerprintSHA(), ((X509Certificate) verifyResult - .getSignerCertificate()).getFingerprintSHA())) { - throw new PdfAsSignatureException("Certificates missmatch!"); } - return response.getCMSSignature(); } } diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/RequestPackage.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/RequestPackage.java index f08184d2..c7c778bb 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/RequestPackage.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/RequestPackage.java @@ -23,17 +23,13 @@ ******************************************************************************/ package at.gv.egiz.sl.util; -import java.util.ArrayList; -import java.util.List; - import at.gv.egiz.sl.schema.CreateCMSSignatureRequestType; public class RequestPackage { private CreateCMSSignatureRequestType requestType; private byte[] signatureData; private int[] byteRange; - private List<BKUHeader> headers = new ArrayList<BKUHeader>(); - + public CreateCMSSignatureRequestType getRequestType() { return requestType; } @@ -52,7 +48,4 @@ public class RequestPackage { public void setByteRange(int[] byteRange) { this.byteRange = byteRange; } - public List<BKUHeader> getHeaders() { - return headers; - } } |