package at.gv.egiz.pdfas.moa; import iaik.x509.X509Certificate; import java.net.URL; import java.util.ArrayList; import java.util.Date; import java.util.GregorianCalendar; import java.util.List; import javax.xml.bind.JAXBElement; import javax.xml.datatype.DatatypeFactory; import javax.xml.datatype.XMLGregorianCalendar; import javax.xml.ws.BindingProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3._2000._09.xmldsig.KeyInfoType; import org.w3._2000._09.xmldsig.X509DataType; import at.gv.e_government.reference.namespace.moa._20020822.CMSContentBaseType; import at.gv.e_government.reference.namespace.moa._20020822.CMSDataObjectOptionalMetaType; import at.gv.e_government.reference.namespace.moa._20020822.CheckResultType; import at.gv.e_government.reference.namespace.moa._20020822.MetaInfoType; import at.gv.e_government.reference.namespace.moa._20020822.VerifyCMSSignatureRequest; import at.gv.e_government.reference.namespace.moa._20020822.VerifyCMSSignatureResponseType; import at.gv.e_government.reference.namespace.moa._20020822_.SignatureVerificationPortType; import at.gv.e_government.reference.namespace.moa._20020822_.SignatureVerificationService; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.lib.api.Configuration; import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel; import at.gv.egiz.pdfas.lib.api.verify.VerifyResult; import at.gv.egiz.pdfas.lib.impl.verify.IVerifier; import at.gv.egiz.pdfas.lib.impl.verify.SignatureCheckImpl; import at.gv.egiz.pdfas.lib.impl.verify.VerifyResultImpl; public class MOAVerifier implements IVerifier { private static final Logger logger = LoggerFactory .getLogger(MOAVerifier.class); private static final String MOA_VERIFY_URL = "moa.verify.url"; private static final String MOA_VERIFY_TRUSTPROFILE = "moa.verify.TrustProfileID"; private String moaEndpoint; private String moaTrustProfile; public List verify(byte[] signature, byte[] signatureContent, Date verificationTime) throws PdfAsException { List resultList = new ArrayList(); try { logger.info("verification with MOA @ " + this.moaEndpoint); URL moaUrl = new URL(this.moaEndpoint + "?wsdl"); SignatureVerificationService service = new SignatureVerificationService(moaUrl); SignatureVerificationPortType verificationPort = service.getSignatureVerificationPort(); BindingProvider provider = (BindingProvider) verificationPort; provider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, this.moaEndpoint); VerifyCMSSignatureRequest verifyCMSSignatureRequest = new VerifyCMSSignatureRequest(); verifyCMSSignatureRequest.setTrustProfileID(this.moaTrustProfile); verifyCMSSignatureRequest.setCMSSignature(signature); CMSDataObjectOptionalMetaType metaDataType = new CMSDataObjectOptionalMetaType(); MetaInfoType metaInfoType = new MetaInfoType(); metaInfoType.setDescription("PDF Document"); metaInfoType.setMimeType("application/pdf"); metaDataType.setMetaInfo(metaInfoType); CMSContentBaseType contentBase = new CMSContentBaseType(); contentBase.setBase64Content(signatureContent); metaDataType.setContent(contentBase); verifyCMSSignatureRequest.setDataObject(metaDataType); if (verificationTime != null) { GregorianCalendar c = new GregorianCalendar(); c.setTime(verificationTime); XMLGregorianCalendar date2 = DatatypeFactory.newInstance().newXMLGregorianCalendar(c); verifyCMSSignatureRequest.setDateTime(date2); } VerifyCMSSignatureResponseType response = verificationPort .verifyCMSSignature(verifyCMSSignatureRequest); logger.debug("Got Verify Response from MOA"); List> verifySequence = response.getSignerInfoAndSignatureCheckAndCertificateCheck(); VerifyResultImpl result = new VerifyResultImpl(); result.setCertificateCheck(new SignatureCheckImpl(1,"")); result.setValueCheckCode(new SignatureCheckImpl(1,"")); result.setVerificationDone(true); result.setSignatureData(signatureContent); for (int i = 0; i < verifySequence.size(); i++) { // JAXBElement element = verifySequence.get(i); logger.debug(" ---------------------- "); logger.debug("Name: " + element.getName().getLocalPart()); logger.debug("Class: " + element.getValue().getClass().getName()); if(element.getName().getLocalPart().equals("SignerInfo")) { if(!(element.getValue() instanceof KeyInfoType)) { // TODO throw Exception } KeyInfoType keyInfo = (KeyInfoType)element.getValue(); for(Object obj : keyInfo.getContent()) { logger.debug("KeyInfo: " + obj.getClass().toString()); if(obj instanceof JAXBElement) { JAXBElement ele = (JAXBElement)obj; logger.debug("KeyInfo: " + ele.getName().getLocalPart()); logger.debug("KeyInfo: " + ele.getValue().getClass().getName()); if(ele.getName().getLocalPart().equals("X509Data") && ele.getValue() instanceof X509DataType) { X509DataType x509Data = (X509DataType)ele.getValue(); for(Object o : x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName()) { logger.debug("X509 class: " + o.getClass().getName()); if(o instanceof JAXBElement) { JAXBElement e = (JAXBElement)o; logger.debug("X509 class CHILD: " + e.getName().getLocalPart()); logger.debug("X509 class CHILD: " + e.getValue().getClass().getName()); if(e.getName().getLocalPart().equals("X509Certificate")) { if(e.getValue() instanceof byte[]) { X509Certificate signerCertificate = new X509Certificate((byte[])e.getValue()); result.setSignerCertificate(signerCertificate); } } } /*else if(o instanceof ElementNSImpl) { logger.debug("ElementNSImpl name: " + ((ElementNSImpl) o).getNodeValue()); for(int j = 0; j < ((ElementNSImpl) o).getAttributes().getLength(); j++) { //logger.debug("ElementNSImpl name: " + ((ElementNSImpl) o).getAttributes().item(j)..getTextContent()); } }*/ } } } } } else if(element.getName().getLocalPart().equals("SignatureCheck")) { if(!(element.getValue() instanceof CheckResultType)) { // TODO throw Exception } CheckResultType checkResult = (CheckResultType)element.getValue(); result.setValueCheckCode(new SignatureCheckImpl( checkResult.getCode().intValue(), (checkResult.getInfo() != null) ? checkResult.getInfo().toString() : "" )); } else if(element.getName().getLocalPart().equals("CertificateCheck")) { if(!(element.getValue() instanceof CheckResultType)) { // TODO throw Exception } CheckResultType checkResult = (CheckResultType)element.getValue(); result.setCertificateCheck(new SignatureCheckImpl( checkResult.getCode().intValue(), (checkResult.getInfo() != null) ? checkResult.getInfo().toString() : "" )); } logger.debug(" ---------------------- "); } resultList.add(result); } catch (Throwable e) { logger.error("Verification failed", e); throw new PdfAsException("error.pdf.verify.02", e); } return resultList; } public void setConfiguration(Configuration config) { this.moaEndpoint = config.getValue(MOA_VERIFY_URL); this.moaTrustProfile = config.getValue(MOA_VERIFY_TRUSTPROFILE); } @Override public SignatureVerificationLevel getLevel() { return SignatureVerificationLevel.FULL_VERIFICATION; } }