aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/FullVerifier.java
diff options
context:
space:
mode:
Diffstat (limited to 'pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/FullVerifier.java')
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/FullVerifier.java211
1 files changed, 211 insertions, 0 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/FullVerifier.java b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/FullVerifier.java
new file mode 100644
index 00000000..7b40707c
--- /dev/null
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/pdfas/lib/impl/verify/FullVerifier.java
@@ -0,0 +1,211 @@
+package at.gv.egiz.pdfas.lib.impl.verify;
+
+import iaik.x509.X509Certificate;
+
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.List;
+
+import javax.activation.DataHandler;
+import javax.xml.bind.JAXBElement;
+
+import org.apache.axis2.databinding.types.Token;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.dsig.X509DataType;
+import at.gv.egiz.dsig.util.DsigMarschaller;
+import at.gv.egiz.moa.ByteArrayDataSource;
+import at.gv.egiz.moa.SignatureVerificationServiceStub;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.CMSContentBaseType;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.CMSDataObjectOptionalMetaType;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.KeyInfoTypeChoice;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureRequest;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponse;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponseTypeSequence;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.X509DataTypeSequence;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.common.messages.CodesResolver;
+import at.gv.egiz.pdfas.common.utils.StreamUtils;
+import at.gv.egiz.pdfas.lib.api.Configuration;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+
+public class FullVerifier implements IVerifier {
+
+ private static final Logger logger = LoggerFactory
+ .getLogger(FullVerifier.class);
+
+ private static final String MOA_VERIFY_URL = "moa.verify.url";
+ private static final String MOA_VERIFY_TRUSTPROFILE = "moa.verify.TrustProfileID";
+
+ private String moaEndpoint;
+ private String moaTrustProfile;
+
+
+ public List<VerifyResult> verify(byte[] signature, byte[] signatureContent,
+ Date verificationTime) throws PdfAsException {
+ List<VerifyResult> resultList = new ArrayList<VerifyResult>();
+ try {
+ logger.info("verification with MOA @ " + this.moaEndpoint);
+
+ SignatureVerificationServiceStub service = new SignatureVerificationServiceStub(
+ this.moaEndpoint);
+ VerifyCMSSignatureRequest verifyCMSSignatureRequest = new VerifyCMSSignatureRequest();
+ Token token = new Token();
+ token.setValue(this.moaTrustProfile);
+ verifyCMSSignatureRequest.setTrustProfileID(token);
+
+ CMSDataObjectOptionalMetaType cmsDataObjectOptionalMetaType = new CMSDataObjectOptionalMetaType();
+ CMSContentBaseType cmsDataContent = new CMSContentBaseType();
+ cmsDataContent.setBase64Content(new DataHandler(
+ new ByteArrayDataSource(signatureContent, "application/pdf")));
+ DataHandler cmsSignature = new DataHandler(new ByteArrayDataSource(
+ signature, "application/pdf"));
+ cmsDataObjectOptionalMetaType.setContent(cmsDataContent);
+ verifyCMSSignatureRequest.setCMSSignature(cmsSignature);
+ verifyCMSSignatureRequest
+ .setDataObject(cmsDataObjectOptionalMetaType);
+ if (verificationTime != null) {
+ Calendar cal = Calendar.getInstance();
+ cal.setTime(verificationTime);
+ verifyCMSSignatureRequest.setDateTime(cal);
+ }
+ // cmsDataObjectOptionalMetaType.
+ VerifyCMSSignatureResponse response = service
+ .verifyCMSSignature(verifyCMSSignatureRequest);
+
+ logger.debug("Got Verify Response from MOA");
+
+ VerifyCMSSignatureResponseTypeSequence[] verifySequence = response
+ .getVerifyCMSSignatureResponse()
+ .getVerifyCMSSignatureResponseTypeSequence();
+ for (int i = 0; i < verifySequence.length; i++) {
+ VerifyResultImpl result = new VerifyResultImpl();
+ logger.debug(" ---------------------- ");
+ logger.debug("Signature: " + i);
+
+ SignatureCheckImpl certificateCheck;
+
+ verifySequence[i].getSignerInfo().getKeyInfoTypeChoice()[0]
+ .getExtraElement();
+ if (verifySequence[i].getCertificateCheck() != null) {
+ certificateCheck = new SignatureCheckImpl(verifySequence[i]
+ .getCertificateCheck().getCode().intValue(),
+ verifySequence[i].getCertificateCheck()
+ .isInfoSpecified() ? verifySequence[i]
+ .getCertificateCheck().getInfo().toString()
+ : "");
+ } else {
+ certificateCheck = new SignatureCheckImpl(
+ 1,
+ "");
+ }
+
+ if(certificateCheck.getMessage() == null || certificateCheck.getMessage().trim().length() == 0) {
+ String resourceString = "verify.cert." + certificateCheck.getCode();
+ String message = CodesResolver.resolveMessage(resourceString);
+ certificateCheck.setMessage(message);
+ }
+
+ logger.debug("Certificate Check: " + certificateCheck.getCode() + " [" + certificateCheck.getMessage() + "]");
+
+ SignatureCheckImpl signatureCheck = new SignatureCheckImpl(
+ verifySequence[i].getSignatureCheck().getCode()
+ .intValue(),
+ verifySequence[i].getSignatureCheck().isInfoSpecified() ? verifySequence[i]
+ .getSignatureCheck().getInfo().toString()
+ : "");
+
+ if(signatureCheck.getMessage() == null || signatureCheck.getMessage().trim().length() == 0) {
+ String resourceString = "verify.value." + signatureCheck.getCode();
+ String message = CodesResolver.resolveMessage(resourceString);
+ signatureCheck.setMessage(message);
+ }
+
+ logger.debug("Signature Check: " + signatureCheck.getCode() + " [" + signatureCheck.getMessage() + "]");
+
+ result.setCertificateCheck(certificateCheck);
+ result.setValueCheckCode(signatureCheck);
+ result.setVerificationDone(true);
+
+ KeyInfoTypeChoice[] keyInfo = verifySequence[i].getSignerInfo()
+ .getKeyInfoTypeChoice();
+ KeyInfoTypeChoice choice = keyInfo[0];
+
+ // extract certificate
+ if (choice.isX509DataSpecified()) {
+ byte[] certData = null;
+ X509DataTypeSequence[] x509Sequence = choice.getX509Data()
+ .getX509DataTypeSequence();
+ for (int k = 0; k < x509Sequence.length; k++) {
+ X509DataTypeSequence x509Data = x509Sequence[k];
+ if (x509Data.getX509DataTypeChoice_type0()
+ .isX509CertificateSpecified()) {
+ DataHandler handler = x509Data
+ .getX509DataTypeChoice_type0()
+ .getX509Certificate();
+ certData = StreamUtils
+ .inputStreamToByteArray(handler
+ .getInputStream());
+ } else if (x509Data.getX509DataTypeChoice_type0()
+ .isExtraElementSpecified()) {
+ if (x509Data
+ .getX509DataTypeChoice_type0()
+ .getExtraElement()
+ .getLocalName()
+ .equals(SignatureVerificationServiceStub.QualifiedCertificate.MY_QNAME
+ .getLocalPart())) {
+ result.setQualifiedCertificate(true);
+ }
+ }
+ }
+ X509Certificate certificate = new X509Certificate(certData);
+ result.setSignerCertificate(certificate);
+ } else if (choice.isExtraElementSpecified()) {
+ String xmldisg = choice.getExtraElement().toString();
+ JAXBElement jaxbElement = (JAXBElement) DsigMarschaller
+ .unmarshalFromString(xmldisg);
+ if (jaxbElement.getValue() instanceof X509DataType) {
+ X509DataType x509Data = (X509DataType) jaxbElement
+ .getValue();
+ List<Object> dsigElements = x509Data
+ .getX509IssuerSerialOrX509SKIOrX509SubjectName();
+ for (int j = 0; j < dsigElements.size(); j++) {
+ Object jaxElement = dsigElements.get(j);
+ if (jaxElement instanceof JAXBElement) {
+ JAXBElement jaxbElementMember = (JAXBElement) jaxElement;
+ if (jaxbElementMember
+ .getName()
+ .equals(DsigMarschaller.X509DataTypeX509Certificate_QNAME)) {
+ if (jaxbElementMember.getValue() instanceof byte[]) {
+ byte[] certData = (byte[]) jaxbElementMember
+ .getValue();
+ X509Certificate certificate = new X509Certificate(
+ certData);
+ result.setSignerCertificate(certificate);
+ break;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ resultList.add(result);
+
+ logger.debug(" ---------------------- ");
+ }
+ } catch (Throwable e) {
+ logger.error("Verification failed", e);
+ throw new PdfAsException("error.pdf.verify.02", e);
+ }
+ return resultList;
+ }
+
+ public void setConfiguration(Configuration config) {
+ this.moaEndpoint = config.getValue(MOA_VERIFY_URL);
+ this.moaTrustProfile = config.getValue(MOA_VERIFY_TRUSTPROFILE);
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 18:27:25 +0000