From 05bb51dd0190c56f7ec59f6f0c759e00f1d72edc Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 11 Dec 2013 12:04:19 +0100 Subject: Signature profile implementations --- .../egiz/sl/util/ISignatureConnectorSLWrapper.java | 38 +++-- .../main/java/at/gv/egiz/sl/util/MOAConnector.java | 179 +++++++++++++++++---- 2 files changed, 170 insertions(+), 47 deletions(-) (limited to 'pdf-as-lib/src/main/java/at/gv/egiz/sl') diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java index cf7333b4..409b984f 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/ISignatureConnectorSLWrapper.java @@ -1,7 +1,12 @@ package at.gv.egiz.sl.util; +import iaik.cms.CMSException; +import iaik.cms.SignedData; +import iaik.cms.SignerInfo; +import iaik.x509.X509Certificate; + import java.io.ByteArrayInputStream; -import java.security.MessageDigest; +import java.io.IOException; import java.security.SignatureException; import java.security.cert.CertificateException; import java.util.Iterator; @@ -9,12 +14,8 @@ import java.util.Iterator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import iaik.cms.SignedData; -import iaik.cms.SignerInfo; -import iaik.x509.X509Certificate; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; -import at.gv.egiz.pdfas.common.utils.StringUtils; -import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; +import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; import at.gv.egiz.sl.CreateCMSSignatureRequestType; import at.gv.egiz.sl.CreateCMSSignatureResponseType; @@ -72,11 +73,16 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { // get the signer infos SignerInfo[] signerInfos = signedData.getSignerInfos(); + if (signerInfos.length == 0) { + throw new PdfAsSignatureException("Invalid Signature (no signer info created!)", null); + } // verify the signatures for (int i = 0; i < signerInfos.length; i++) { VerifyResultImpl verifyResult = new VerifyResultImpl(); try { - + logger.info("Signature Algo: {}, Digest {}", signedData + .getSignerInfos()[i].getSignatureAlgorithm(), + signedData.getSignerInfos()[i].getDigestAlgorithm()); // verify the signature for SignerInfo at index i X509Certificate signer_cert = signedData.verify(i); // if the signature is OK the certificate of the @@ -84,21 +90,27 @@ public class ISignatureConnectorSLWrapper implements ISignatureConnector { logger.info("Signature OK from signer: " + signer_cert.getSubjectDN()); verifyResult.setSignerCertificate(signer_cert); + } catch (SignatureException ex) { // if the signature is not OK a SignatureException // is thrown - logger.info("Signature ERROR from signer: " - + signedData.getCertificate( - signerInfos[i].getSignerIdentifier()) - .getSubjectDN()); + logger.error( + "Signature ERROR from signer: " + + signedData.getCertificate( + signerInfos[i] + .getSignerIdentifier()) + .getSubjectDN(), ex); verifyResult.setSignerCertificate(signedData .getCertificate(signerInfos[i] .getSignerIdentifier())); + throw new PdfAsSignatureException("Invalid Signature", ex); } } - } catch (Exception e) { - logger.error("ERROR", e); + } catch (CMSException e) { + throw new PdfAsSignatureException("Invalid Signature", e); + } catch (IOException e) { + throw new PdfAsSignatureException("Invalid Signature", e); } return response.getCMSSignature(); diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java index d75aa66e..d46f34a3 100644 --- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java +++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/MOAConnector.java @@ -2,41 +2,78 @@ package at.gv.egiz.sl.util; import iaik.x509.X509Certificate; +import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.io.InputStreamReader; import java.security.cert.CertificateException; import javax.activation.DataHandler; +import org.apache.axis2.databinding.types.Token; +import org.apache.commons.codec.binary.Base64; +import org.apache.http.HttpResponse; +import org.apache.http.client.entity.EntityBuilder; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.entity.ContentType; +import org.apache.http.entity.mime.MultipartEntityBuilder; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.moa.ByteArrayDataSource; import at.gv.egiz.moa.SignatureCreationServiceStub; import at.gv.egiz.moa.SignatureCreationServiceStub.CMSContentBaseType; import at.gv.egiz.moa.SignatureCreationServiceStub.CreateCMSSignatureRequest; import at.gv.egiz.moa.SignatureCreationServiceStub.CreateCMSSignatureResponse; +import at.gv.egiz.moa.SignatureCreationServiceStub.CreateSignatureInfo_type0; import at.gv.egiz.moa.SignatureCreationServiceStub.DataObjectInfo_type1; import at.gv.egiz.moa.SignatureCreationServiceStub.DataObject_type1; import at.gv.egiz.moa.SignatureCreationServiceStub.KeyIdentifierType; +import at.gv.egiz.moa.SignatureCreationServiceStub.MetaInfoType; +import at.gv.egiz.moa.SignatureCreationServiceStub.MimeTypeType; import at.gv.egiz.moa.SignatureCreationServiceStub.SingleSignatureInfo_type1; +import at.gv.egiz.moa.SignatureCreationServiceStub.Structure_type1; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.common.utils.StreamUtils; import at.gv.egiz.pdfas.lib.api.Configuration; public class MOAConnector implements ISignatureConnector { + private static final Logger logger = LoggerFactory + .getLogger(MOAConnector.class); + public static final String MOA_SIGN_URL = "moa.sign.url"; public static final String MOA_SIGN_KEY_ID = "moa.sign.KeyIdentifier"; public static final String MOA_SIGN_CERTIFICATE = "moa.sign.Certificate"; - + + public static final String KEY_ID_PATTERN = "##KEYID##"; + public static final String CONTENT_PATTERN = "##CONTENT##"; + + public static final String CMS_REQUEST = "" + + "" + + KEY_ID_PATTERN + + "" + + "" + + "application/pdf" + + "" + + CONTENT_PATTERN + + "" + + "" + + ""; + private X509Certificate certificate; private String moaEndpoint; private String keyIdentifier; - public MOAConnector(Configuration config) - throws CertificateException, FileNotFoundException, IOException { - this.certificate = new X509Certificate(new FileInputStream(new File(config.getValue(MOA_SIGN_CERTIFICATE)))); + public MOAConnector(Configuration config) throws CertificateException, + FileNotFoundException, IOException { + this.certificate = new X509Certificate(new FileInputStream(new File( + config.getValue(MOA_SIGN_CERTIFICATE)))); this.moaEndpoint = config.getValue(MOA_SIGN_URL); this.keyIdentifier = config.getValue(MOA_SIGN_KEY_ID); } @@ -45,40 +82,114 @@ public class MOAConnector implements ISignatureConnector { return this.certificate; } + private CloseableHttpClient buildHttpClient() { + HttpClientBuilder builder = HttpClientBuilder.create(); + return builder.build(); + } + public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { + CloseableHttpClient client = null; try { - SignatureCreationServiceStub signatureCreationService = new SignatureCreationServiceStub( - this.moaEndpoint); - - CreateCMSSignatureRequest createCMSSignatureRequest = new CreateCMSSignatureRequest(); - SingleSignatureInfo_type1 singleSignature = new SingleSignatureInfo_type1(); - DataObjectInfo_type1 dataObjectType = new DataObjectInfo_type1(); - singleSignature.setDataObjectInfo(dataObjectType); - DataObject_type1 dataObject = new DataObject_type1(); - dataObjectType.setDataObject(dataObject); - CMSContentBaseType cmsContent = new CMSContentBaseType(); - cmsContent.setBase64Content(new DataHandler( - new ByteArrayDataSource(input, "application/pdf"))); - dataObject.setContent(cmsContent); - - createCMSSignatureRequest - .setSingleSignatureInfo(new SingleSignatureInfo_type1[] { singleSignature }); - KeyIdentifierType keyId = new KeyIdentifierType(); - keyId.setKeyIdentifierType(this.keyIdentifier); - createCMSSignatureRequest.setKeyIdentifier(keyId); - - CreateCMSSignatureResponse response = signatureCreationService - .createCMSSignature(createCMSSignatureRequest); - - InputStream is = response.getCreateCMSSignatureResponse() - .getCreateCMSSignatureResponseTypeChoice()[0] - .getCMSSignature().getInputStream(); + client = buildHttpClient(); + HttpPost post = new HttpPost(this.moaEndpoint); + + logger.info("signature with MOA [" + this.keyIdentifier + "] @ " + + this.moaEndpoint); + + Base64 base64 = new Base64(); + String content = base64.encodeAsString(input); + + String request = CMS_REQUEST; + request = request.replace(CONTENT_PATTERN, content.trim()); + request = request + .replace(KEY_ID_PATTERN, this.keyIdentifier.trim()); + + //SOAPAction: "urn:CreateCMSSignatureAction" + post.setHeader("SOAPAction", "urn:CreateCMSSignatureAction"); - byte[] signature = StreamUtils.inputStreamToByteArray(is); + EntityBuilder entityBuilder = EntityBuilder.create(); - return signature; - } catch (Exception e) { - throw new PdfAsException(e.getMessage()); + entityBuilder.setContentType(ContentType.TEXT_XML); + entityBuilder.setContentEncoding("UTF-8"); + entityBuilder.setText(request); + + post.setEntity(entityBuilder.build()); + + HttpResponse response = client.execute(post); + logger.debug("Response Code : " + + response.getStatusLine().getStatusCode()); + + BufferedReader rd = new BufferedReader(new InputStreamReader( + response.getEntity().getContent())); + + StringBuffer result = new StringBuffer(); + String line = ""; + while ((line = rd.readLine()) != null) { + result.append(line); + } + + logger.trace(result.toString()); + return new byte[] {}; + } catch (IllegalStateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } finally { + if (client != null) { + try { + client.close(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } } + return new byte[] {}; } + + /* + * public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { + * try { + * + * SignatureCreationServiceStub signatureCreationService = new + * SignatureCreationServiceStub( this.moaEndpoint); + * + * CreateCMSSignatureRequest createCMSSignatureRequest = new + * CreateCMSSignatureRequest(); KeyIdentifierType keyId = new + * KeyIdentifierType(); keyId.setKeyIdentifierType(keyIdentifier); + * createCMSSignatureRequest.setKeyIdentifier(keyId); + * + * SingleSignatureInfo_type1 singleSignature = new + * SingleSignatureInfo_type1(); DataObjectInfo_type1 dataObjectType = new + * DataObjectInfo_type1(); + * + * dataObjectType.setStructure(Structure_type1.detached); + * singleSignature.setDataObjectInfo(dataObjectType); DataObject_type1 + * dataObject = new DataObject_type1(); MetaInfoType metaInfoType = new + * MetaInfoType(); MimeTypeType mimeTypeType = new MimeTypeType(); + * mimeTypeType.setMimeTypeType(new Token("application/pdf")); + * metaInfoType.setMimeType(mimeTypeType); + * dataObject.setMetaInfo(metaInfoType); + * dataObjectType.setDataObject(dataObject); CMSContentBaseType cmsContent = + * new CMSContentBaseType(); cmsContent.setBase64Content(new DataHandler( + * new ByteArrayDataSource(input, "application/pdf"))); + * + * dataObject.setContent(cmsContent); + * + * createCMSSignatureRequest.addSingleSignatureInfo(singleSignature); + * + * CreateCMSSignatureResponse response = signatureCreationService + * .createCMSSignature(createCMSSignatureRequest); + * + * InputStream is = response.getCreateCMSSignatureResponse() + * .getCreateCMSSignatureResponseTypeChoice()[0] + * .getCMSSignature().getInputStream(); + * + * byte[] signature = StreamUtils.inputStreamToByteArray(is); + * + * return signature; } catch (Exception e) { throw new + * PdfAsException(e.getMessage()); } } + */ } -- cgit v1.2.3