aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-lib/src/main/java/at/gv/egiz/sl
diff options
context:
space:
mode:
Diffstat (limited to 'pdf-as-lib/src/main/java/at/gv/egiz/sl')
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java38
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java179
2 files changed, 170 insertions, 47 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
index cf7333b4..409b984f 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java
@@ -1,7 +1,12 @@
package at.gv.egiz.sl.util;
+import iaik.cms.CMSException;
+import iaik.cms.SignedData;
+import iaik.cms.SignerInfo;
+import iaik.x509.X509Certificate;
+
import java.io.ByteArrayInputStream;
-import java.security.MessageDigest;
+import java.io.IOException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Iterator;
@@ -9,12 +14,8 @@ import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import iaik.cms.SignedData;
-import iaik.cms.SignerInfo;
-import iaik.x509.X509Certificate;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
-import at.gv.egiz.pdfas.common.utils.StringUtils;
-import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
import at.gv.egiz.sl.CreateCMSSignatureRequestType;
import at.gv.egiz.sl.CreateCMSSignatureResponseType;
@@ -72,11 +73,16 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector {
// get the signer infos
SignerInfo[] signerInfos = signedData.getSignerInfos();
+ if (signerInfos.length == 0) {
+ throw new PdfAsSignatureException("Invalid Signature (no signer info created!)", null);
+ }
// verify the signatures
for (int i = 0; i < signerInfos.length; i++) {
VerifyResultImpl verifyResult = new VerifyResultImpl();
try {
-
+ logger.info("Signature Algo: {}, Digest {}", signedData
+ .getSignerInfos()[i].getSignatureAlgorithm(),
+ signedData.getSignerInfos()[i].getDigestAlgorithm());
// verify the signature for SignerInfo at index i
X509Certificate signer_cert = signedData.verify(i);
// if the signature is OK the certificate of the
@@ -84,21 +90,27 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector {
logger.info("Signature OK from signer: "
+ signer_cert.getSubjectDN());
verifyResult.setSignerCertificate(signer_cert);
+
} catch (SignatureException ex) {
// if the signature is not OK a SignatureException
// is thrown
- logger.info("Signature ERROR from signer: "
- + signedData.getCertificate(
- signerInfos[i].getSignerIdentifier())
- .getSubjectDN());
+ logger.error(
+ "Signature ERROR from signer: "
+ + signedData.getCertificate(
+ signerInfos[i]
+ .getSignerIdentifier())
+ .getSubjectDN(), ex);
verifyResult.setSignerCertificate(signedData
.getCertificate(signerInfos[i]
.getSignerIdentifier()));
+ throw new PdfAsSignatureException("Invalid Signature", ex);
}
}
- } catch (Exception e) {
- logger.error("ERROR", e);
+ } catch (CMSException e) {
+ throw new PdfAsSignatureException("Invalid Signature", e);
+ } catch (IOException e) {
+ throw new PdfAsSignatureException("Invalid Signature", e);
}
return response.getCMSSignature();
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
index d75aa66e..d46f34a3 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java
@@ -2,41 +2,78 @@ package at.gv.egiz.sl.util;
import iaik.x509.X509Certificate;
+import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.io.InputStreamReader;
import java.security.cert.CertificateException;
import javax.activation.DataHandler;
+import org.apache.axis2.databinding.types.Token;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.entity.EntityBuilder;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.mime.MultipartEntityBuilder;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import at.gv.egiz.moa.ByteArrayDataSource;
import at.gv.egiz.moa.SignatureCreationServiceStub;
import at.gv.egiz.moa.SignatureCreationServiceStub.CMSContentBaseType;
import at.gv.egiz.moa.SignatureCreationServiceStub.CreateCMSSignatureRequest;
import at.gv.egiz.moa.SignatureCreationServiceStub.CreateCMSSignatureResponse;
+import at.gv.egiz.moa.SignatureCreationServiceStub.CreateSignatureInfo_type0;
import at.gv.egiz.moa.SignatureCreationServiceStub.DataObjectInfo_type1;
import at.gv.egiz.moa.SignatureCreationServiceStub.DataObject_type1;
import at.gv.egiz.moa.SignatureCreationServiceStub.KeyIdentifierType;
+import at.gv.egiz.moa.SignatureCreationServiceStub.MetaInfoType;
+import at.gv.egiz.moa.SignatureCreationServiceStub.MimeTypeType;
import at.gv.egiz.moa.SignatureCreationServiceStub.SingleSignatureInfo_type1;
+import at.gv.egiz.moa.SignatureCreationServiceStub.Structure_type1;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.utils.StreamUtils;
import at.gv.egiz.pdfas.lib.api.Configuration;
public class MOAConnector implements ISignatureConnector {
+ private static final Logger logger = LoggerFactory
+ .getLogger(MOAConnector.class);
+
public static final String MOA_SIGN_URL = "moa.sign.url";
public static final String MOA_SIGN_KEY_ID = "moa.sign.KeyIdentifier";
public static final String MOA_SIGN_CERTIFICATE = "moa.sign.Certificate";
-
+
+ public static final String KEY_ID_PATTERN = "##KEYID##";
+ public static final String CONTENT_PATTERN = "##CONTENT##";
+
+ public static final String CMS_REQUEST = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">"
+ + "<soapenv:Header/><soapenv:Body><ns:CreateCMSSignatureRequest><ns:KeyIdentifier>"
+ + KEY_ID_PATTERN
+ + "</ns:KeyIdentifier>"
+ + "<ns:SingleSignatureInfo SecurityLayerConformity=\"true\"><ns:DataObjectInfo Structure=\"detached\"><ns:DataObject>"
+ + "<ns:MetaInfo><ns:MimeType>application/pdf</ns:MimeType></ns:MetaInfo><ns:Content>"
+ + "<ns:Base64Content>"
+ + CONTENT_PATTERN
+ + "</ns:Base64Content>"
+ + "</ns:Content></ns:DataObject></ns:DataObjectInfo></ns:SingleSignatureInfo>"
+ + "</ns:CreateCMSSignatureRequest></soapenv:Body></soapenv:Envelope>";
+
private X509Certificate certificate;
private String moaEndpoint;
private String keyIdentifier;
- public MOAConnector(Configuration config)
- throws CertificateException, FileNotFoundException, IOException {
- this.certificate = new X509Certificate(new FileInputStream(new File(config.getValue(MOA_SIGN_CERTIFICATE))));
+ public MOAConnector(Configuration config) throws CertificateException,
+ FileNotFoundException, IOException {
+ this.certificate = new X509Certificate(new FileInputStream(new File(
+ config.getValue(MOA_SIGN_CERTIFICATE))));
this.moaEndpoint = config.getValue(MOA_SIGN_URL);
this.keyIdentifier = config.getValue(MOA_SIGN_KEY_ID);
}
@@ -45,40 +82,114 @@ public class MOAConnector implements ISignatureConnector {
return this.certificate;
}
+ private CloseableHttpClient buildHttpClient() {
+ HttpClientBuilder builder = HttpClientBuilder.create();
+ return builder.build();
+ }
+
public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
+ CloseableHttpClient client = null;
try {
- SignatureCreationServiceStub signatureCreationService = new SignatureCreationServiceStub(
- this.moaEndpoint);
-
- CreateCMSSignatureRequest createCMSSignatureRequest = new CreateCMSSignatureRequest();
- SingleSignatureInfo_type1 singleSignature = new SingleSignatureInfo_type1();
- DataObjectInfo_type1 dataObjectType = new DataObjectInfo_type1();
- singleSignature.setDataObjectInfo(dataObjectType);
- DataObject_type1 dataObject = new DataObject_type1();
- dataObjectType.setDataObject(dataObject);
- CMSContentBaseType cmsContent = new CMSContentBaseType();
- cmsContent.setBase64Content(new DataHandler(
- new ByteArrayDataSource(input, "application/pdf")));
- dataObject.setContent(cmsContent);
-
- createCMSSignatureRequest
- .setSingleSignatureInfo(new SingleSignatureInfo_type1[] { singleSignature });
- KeyIdentifierType keyId = new KeyIdentifierType();
- keyId.setKeyIdentifierType(this.keyIdentifier);
- createCMSSignatureRequest.setKeyIdentifier(keyId);
-
- CreateCMSSignatureResponse response = signatureCreationService
- .createCMSSignature(createCMSSignatureRequest);
-
- InputStream is = response.getCreateCMSSignatureResponse()
- .getCreateCMSSignatureResponseTypeChoice()[0]
- .getCMSSignature().getInputStream();
+ client = buildHttpClient();
+ HttpPost post = new HttpPost(this.moaEndpoint);
+
+ logger.info("signature with MOA [" + this.keyIdentifier + "] @ "
+ + this.moaEndpoint);
+
+ Base64 base64 = new Base64();
+ String content = base64.encodeAsString(input);
+
+ String request = CMS_REQUEST;
+ request = request.replace(CONTENT_PATTERN, content.trim());
+ request = request
+ .replace(KEY_ID_PATTERN, this.keyIdentifier.trim());
+
+ //SOAPAction: "urn:CreateCMSSignatureAction"
+ post.setHeader("SOAPAction", "urn:CreateCMSSignatureAction");
- byte[] signature = StreamUtils.inputStreamToByteArray(is);
+ EntityBuilder entityBuilder = EntityBuilder.create();
- return signature;
- } catch (Exception e) {
- throw new PdfAsException(e.getMessage());
+ entityBuilder.setContentType(ContentType.TEXT_XML);
+ entityBuilder.setContentEncoding("UTF-8");
+ entityBuilder.setText(request);
+
+ post.setEntity(entityBuilder.build());
+
+ HttpResponse response = client.execute(post);
+ logger.debug("Response Code : "
+ + response.getStatusLine().getStatusCode());
+
+ BufferedReader rd = new BufferedReader(new InputStreamReader(
+ response.getEntity().getContent()));
+
+ StringBuffer result = new StringBuffer();
+ String line = "";
+ while ((line = rd.readLine()) != null) {
+ result.append(line);
+ }
+
+ logger.trace(result.toString());
+ return new byte[] {};
+ } catch (IllegalStateException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } finally {
+ if (client != null) {
+ try {
+ client.close();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
}
+ return new byte[] {};
}
+
+ /*
+ * public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
+ * try {
+ *
+ * SignatureCreationServiceStub signatureCreationService = new
+ * SignatureCreationServiceStub( this.moaEndpoint);
+ *
+ * CreateCMSSignatureRequest createCMSSignatureRequest = new
+ * CreateCMSSignatureRequest(); KeyIdentifierType keyId = new
+ * KeyIdentifierType(); keyId.setKeyIdentifierType(keyIdentifier);
+ * createCMSSignatureRequest.setKeyIdentifier(keyId);
+ *
+ * SingleSignatureInfo_type1 singleSignature = new
+ * SingleSignatureInfo_type1(); DataObjectInfo_type1 dataObjectType = new
+ * DataObjectInfo_type1();
+ *
+ * dataObjectType.setStructure(Structure_type1.detached);
+ * singleSignature.setDataObjectInfo(dataObjectType); DataObject_type1
+ * dataObject = new DataObject_type1(); MetaInfoType metaInfoType = new
+ * MetaInfoType(); MimeTypeType mimeTypeType = new MimeTypeType();
+ * mimeTypeType.setMimeTypeType(new Token("application/pdf"));
+ * metaInfoType.setMimeType(mimeTypeType);
+ * dataObject.setMetaInfo(metaInfoType);
+ * dataObjectType.setDataObject(dataObject); CMSContentBaseType cmsContent =
+ * new CMSContentBaseType(); cmsContent.setBase64Content(new DataHandler(
+ * new ByteArrayDataSource(input, "application/pdf")));
+ *
+ * dataObject.setContent(cmsContent);
+ *
+ * createCMSSignatureRequest.addSingleSignatureInfo(singleSignature);
+ *
+ * CreateCMSSignatureResponse response = signatureCreationService
+ * .createCMSSignature(createCMSSignatureRequest);
+ *
+ * InputStream is = response.getCreateCMSSignatureResponse()
+ * .getCreateCMSSignatureResponseTypeChoice()[0]
+ * .getCMSSignature().getInputStream();
+ *
+ * byte[] signature = StreamUtils.inputStreamToByteArray(is);
+ *
+ * return signature; } catch (Exception e) { throw new
+ * PdfAsException(e.getMessage()); } }
+ */
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-12 08:18:51 +0000