aboutsummaryrefslogtreecommitdiff
path: root/signature-standards/sigs-pades/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'signature-standards/sigs-pades/src/main/java/at/gv')
-rw-r--r--signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java51
-rw-r--r--signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java149
2 files changed, 159 insertions, 41 deletions
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java
index 91237d98..7fc0081b 100644
--- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSigner.java
@@ -2,63 +2,32 @@ package at.gv.egiz.pdfas.sigs.pades;
import iaik.x509.X509Certificate;
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Iterator;
-
-import org.apache.pdfbox.exceptions.SignatureException;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
-import at.gv.egiz.sl.CreateCMSSignatureRequestType;
-import at.gv.egiz.sl.CreateCMSSignatureResponseType;
-import at.gv.egiz.sl.InfoboxAssocArrayPairType;
-import at.gv.egiz.sl.InfoboxReadRequestType;
-import at.gv.egiz.sl.InfoboxReadResponseType;
-import at.gv.egiz.sl.util.BKUSLConnector;
+import at.gv.egiz.sl.util.ISignatureConnector;
+import at.gv.egiz.sl.util.ISignatureConnectorSLWrapper;
import at.gv.egiz.sl.util.ISLConnector;
-import at.gv.egiz.sl.util.BaseSLConnector;
public class PAdESSigner implements IPlainSigner {
- private ISLConnector connector;
+ private ISignatureConnector plainSigner;
public PAdESSigner(ISLConnector connector) {
- this.connector = connector;
+ this.plainSigner = new ISignatureConnectorSLWrapper(connector);
+ }
+
+ public PAdESSigner(ISignatureConnector signer) {
+ this.plainSigner = signer;
}
public X509Certificate getCertificate() throws PdfAsException {
- X509Certificate certificate = null;
- try {
- InfoboxReadRequestType request = connector
- .createInfoboxReadRequest();
- InfoboxReadResponseType response = connector
- .sendInfoboxReadRequest(request);
-
- Iterator<InfoboxAssocArrayPairType> iterator = response
- .getAssocArrayData().getPair().iterator();
-
- while (iterator.hasNext()) {
- InfoboxAssocArrayPairType pair = iterator.next();
- if (pair.getKey().equals("SecureSignatureKeypair")) {
- byte[] certData = pair.getBase64Content();
- certificate = new X509Certificate(certData);
- break;
- }
- }
- } catch (CertificateException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- return certificate;
+ return this.plainSigner.getCertificate();
}
public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException {
- CreateCMSSignatureRequestType request = connector.createCMSRequest(input, byteRange);
- CreateCMSSignatureResponseType response = connector.sendCMSRequest(request);
-
- return response.getCMSSignature();
+ return this.plainSigner.sign(input, byteRange);
}
public String getPDFSubFilter() {
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
new file mode 100644
index 00000000..71b24213
--- /dev/null
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java
@@ -0,0 +1,149 @@
+package at.gv.egiz.pdfas.sigs.pades;
+
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+import iaik.x509.X509Certificate;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.activation.DataHandler;
+import javax.xml.bind.JAXBElement;
+
+import org.apache.axis2.databinding.types.Token;
+import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
+
+import at.gv.egiz.dsig.X509DataType;
+import at.gv.egiz.dsig.util.DsigMarschaller;
+import at.gv.egiz.moa.ByteArrayDataSource;
+import at.gv.egiz.moa.SignatureVerificationServiceStub;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.CMSContentBaseType;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.CMSDataObjectOptionalMetaType;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.KeyInfoTypeChoice;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureRequest;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponse;
+import at.gv.egiz.moa.SignatureVerificationServiceStub.VerifyCMSSignatureResponseTypeSequence;
+import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
+import at.gv.egiz.pdfas.lib.api.Configuration;
+import at.gv.egiz.pdfas.lib.api.verify.SignatureCheck;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
+import at.gv.egiz.pdfas.lib.impl.verify.FilterEntry;
+import at.gv.egiz.pdfas.lib.impl.verify.IVerifyFilter;
+import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl;
+import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl;
+
+public class PAdESVerifier implements IVerifyFilter {
+
+ private static final String MOA_VERIFY_URL = "moa.verify.url";
+ private static final String MOA_VERIFY_TRUSTPROFILE = "moa.verify.TrustProfileID";
+
+ private String moaEndpoint;
+ private String moaTrustProfile;
+
+ public PAdESVerifier(Configuration config) {
+ IAIK.getInstance();
+ ECCProvider.addAsProvider();
+ this.moaEndpoint = config.getValue(MOA_VERIFY_URL);
+ this.moaTrustProfile = config.getValue(MOA_VERIFY_TRUSTPROFILE);
+ }
+
+ @SuppressWarnings("rawtypes")
+ public List<VerifyResult> verify(byte[] contentData, byte[] signatureContent)
+ throws PdfAsException {
+
+ List<VerifyResult> resultList = new ArrayList<VerifyResult>();
+ try {
+ SignatureVerificationServiceStub service = new SignatureVerificationServiceStub(
+ this.moaEndpoint);
+ VerifyCMSSignatureRequest verifyCMSSignatureRequest = new VerifyCMSSignatureRequest();
+ Token token = new Token();
+ token.setValue(this.moaTrustProfile);
+ verifyCMSSignatureRequest.setTrustProfileID(token);
+
+ byte[] data = contentData;
+ byte[] signature = signatureContent;
+
+ CMSDataObjectOptionalMetaType cmsDataObjectOptionalMetaType = new CMSDataObjectOptionalMetaType();
+ CMSContentBaseType cmsDataContent = new CMSContentBaseType();
+ cmsDataContent.setBase64Content(new DataHandler(
+ new ByteArrayDataSource(data, "application/pdf")));
+ DataHandler cmsSignature = new DataHandler(new ByteArrayDataSource(
+ signature, "application/pdf"));
+ cmsDataObjectOptionalMetaType.setContent(cmsDataContent);
+ verifyCMSSignatureRequest.setCMSSignature(cmsSignature);
+ verifyCMSSignatureRequest
+ .setDataObject(cmsDataObjectOptionalMetaType);
+
+ // cmsDataObjectOptionalMetaType.
+ VerifyCMSSignatureResponse response = service
+ .verifyCMSSignature(verifyCMSSignatureRequest);
+
+ VerifyCMSSignatureResponseTypeSequence[] verifySequence = response.getVerifyCMSSignatureResponse().getVerifyCMSSignatureResponseTypeSequence();
+ for(int i = 0 ; i < verifySequence.length; i++) {
+ VerifyResultImpl result = new VerifyResultImpl();
+
+ SignatureCheck certificateCheck;
+
+ verifySequence[i].getSignerInfo().getKeyInfoTypeChoice()[0].getExtraElement();
+ if(verifySequence[i].getCertificateCheck() != null) {
+ certificateCheck = new SignatureCheckImpl(
+ verifySequence[i].getCertificateCheck().getCode().intValue(),
+ verifySequence[i].getCertificateCheck().isInfoSpecified() ?
+ verifySequence[i].getCertificateCheck().getInfo().toString() :
+ "");
+ } else {
+ certificateCheck = new SignatureCheckImpl(
+ 1,
+ "Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden.");
+ }
+
+
+ SignatureCheck signatureCheck = new SignatureCheckImpl(
+ verifySequence[i].getSignatureCheck().getCode().intValue(),
+ verifySequence[i].getSignatureCheck().isInfoSpecified() ?
+ verifySequence[i].getSignatureCheck().getInfo().toString() :
+ "");
+
+ result.setCertificateCheck(certificateCheck);
+ result.setValueCheckCode(signatureCheck);
+ result.setVerificationDone(true);
+
+ KeyInfoTypeChoice[] keyInfo = verifySequence[i].getSignerInfo().getKeyInfoTypeChoice();
+ String xmldisg = keyInfo[0].getExtraElement().toString();
+ JAXBElement jaxbElement = (JAXBElement) DsigMarschaller.unmarshalFromString(xmldisg);
+ result.setSignatureData(signatureContent);
+ if(jaxbElement.getValue() instanceof X509DataType) {
+ X509DataType x509Data = (X509DataType)jaxbElement.getValue();
+ List<Object> dsigElements = x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName();
+ for(int j = 0; j < dsigElements.size(); j++) {
+ Object jaxElement = dsigElements.get(j);
+ if(jaxElement instanceof JAXBElement) {
+ JAXBElement jaxbElementMember = (JAXBElement)jaxElement;
+ if(jaxbElementMember.getName().equals(
+ DsigMarschaller.X509DataTypeX509Certificate_QNAME)) {
+ if(jaxbElementMember.getValue() instanceof byte[]) {
+ byte[] certData = (byte[])jaxbElementMember.getValue();
+ X509Certificate certificate = new X509Certificate(certData);
+ result.setSignerCertificate(certificate);
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ resultList.add(result);
+ }
+ } catch (Throwable e) {
+ e.printStackTrace();
+ }
+ return resultList;
+ }
+
+ public List<FilterEntry> getFiters() {
+ List<FilterEntry> result = new ArrayList<FilterEntry>();
+ result.add(new FilterEntry(PDSignature.FILTER_ADOBE_PPKLITE, PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED));
+ return result;
+ }
+
+}