Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AG-103 Časové pečiatky #341

Merged
merged 6 commits into from
Nov 26, 2023
Merged

AG-103 Časové pečiatky #341

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
93b014f
add timestamping without GUI settings
celuchmarek Nov 23, 2023
b40f8cf
revert some ugly intellij formatting
celuchmarek Nov 23, 2023
62c3223
add GUI settings for tsa
celuchmarek Nov 24, 2023
2e8c881
Update src/main/resources/digital/slovensko/autogram/ui/gui/settings-…
celuchmarek Nov 26, 2023
501676b
change wording in tsa settings
celuchmarek Nov 26, 2023
c4823ae
add error handling for TSA server errors
celuchmarek Nov 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion src/main/java/digital/slovensko/autogram/core/AppStarter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ public class AppStarter {
addOption(null, "keystore", true, "Absolute path to a keystore file that can be used for signing.").
addOption(null, "slot-id", true, "Slot ID for PKCS11 driver. If not specified, first available slot is used.").
addOption(null, "pdf-level", true, "PDF signature level. Supported values: PAdES_BASELINE_B (default), XAdES_BASELINE_B, CAdES_BASELINE_B.").
addOption(null, "en319132", false, "Sign according to EN 319 132 or EN 319 122.");
addOption(null, "en319132", false, "Sign according to EN 319 132 or EN 319 122.").
addOption(null, "tsa-server", true, "Url of TimeStamp Authority server that should be used for timestamping in signature level BASELINE_T. If provided, BASELINE_T signatures are made.");
Comment on lines +27 to +28
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pre GUI nevidim asi settings ci zle pozeram?


public static void start(String[] args) {
try {
Expand Down Expand Up @@ -73,6 +74,7 @@ public static void printUsage() {
autogram --cli -s target/directory-example -t target/non-existent-dir/output-example --parents
autogram --cli -s target/directory-example/file-example.pdf -pdfa
autogram --cli -s target/directory-example/file-example.pdf -d eid
autogram --cli -s target/file-example.pdf -d eid --tsa-server http://tsa.izenpe.com
""";
final PrintWriter pw = new PrintWriter(System.out);
formatter.printUsage(pw, 80, syntax);
Expand Down
13 changes: 10 additions & 3 deletions src/main/java/digital/slovensko/autogram/core/Autogram.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import digital.slovensko.autogram.util.PDFUtils;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.pdfa.PDFAStructureValidator;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;

import java.io.File;
import java.util.List;
Expand All @@ -23,16 +24,18 @@ public class Autogram {
private final DriverDetector driverDetector;
private final boolean shouldDisplayVisualizationError;
private final Integer slotId;
private final TSPSource tspSource;

public Autogram(UI ui, boolean shouldDisplayVisualizationError , DriverDetector driverDetector) {
this(ui, shouldDisplayVisualizationError, driverDetector, -1);
public Autogram(UI ui, boolean shouldDisplayVisualizationError , DriverDetector driverDetector, TSPSource tspSource) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tu sa nam to zacina kopit a imho by vlastne mal do Autogramu vliezt nejaky settings. To by potom riesilo aj problem, ze potrebujeme restart.

this(ui, shouldDisplayVisualizationError, driverDetector, -1, tspSource);
}

public Autogram(UI ui, boolean shouldDisplayVisualizationError , DriverDetector driverDetector, Integer slotId) {
public Autogram(UI ui, boolean shouldDisplayVisualizationError , DriverDetector driverDetector, Integer slotId, TSPSource tspSource) {
this.ui = ui;
this.driverDetector = driverDetector;
this.slotId = slotId;
this.shouldDisplayVisualizationError = shouldDisplayVisualizationError;
this.tspSource = tspSource;
}

public void sign(SigningJob job) {
Expand Down Expand Up @@ -234,4 +237,8 @@ public void initializeSignatureValidator(ScheduledExecutorService scheduledExecu
scheduledExecutorService.scheduleAtFixedRate(() -> SignatureValidator.getInstance().refresh(),
480, 480, java.util.concurrent.TimeUnit.MINUTES);
}

public TSPSource getTspSource() {
return tspSource;
}
}
11 changes: 11 additions & 0 deletions src/main/java/digital/slovensko/autogram/core/CliParameters.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
import digital.slovensko.autogram.drivers.TokenDriver;
import eu.europa.esig.dss.enumerations.SignatureLevel;

import eu.europa.esig.dss.service.tsp.OnlineTSPSource;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import org.apache.commons.cli.CommandLine;

import java.io.File;
Expand All @@ -22,6 +24,7 @@ public class CliParameters {
private final boolean makeParentDirectories;
private final SignatureLevel pdfSignatureLevel;
private final boolean en319132;
private final String tsaServer;

public CliParameters(CommandLine cmd) throws SourceDoesNotExistException, TokenDriverDoesNotExistException,
SlotIdIsNotANumberException, PDFSignatureLevelIsNotValidException {
Expand All @@ -35,6 +38,7 @@ public CliParameters(CommandLine cmd) throws SourceDoesNotExistException, TokenD
pdfSignatureLevel = getValidSignatureLevel(
cmd.getOptionValue("pdf-level", SignatureLevel.PAdES_BASELINE_B.name()));
en319132 = cmd.hasOption("en319132");
tsaServer = cmd.getOptionValue("tsa-server", null);
}

private SignatureLevel getValidSignatureLevel(String optionValue) throws PDFSignatureLevelIsNotValidException {
Expand Down Expand Up @@ -118,4 +122,11 @@ public boolean shouldSignAsEn319132() {
public SignatureLevel pdfSignatureLevel() {
return pdfSignatureLevel;
}

public TSPSource getTspSource() {
if (tsaServer == null)
return null;

return new OnlineTSPSource(tsaServer);
}
}
38 changes: 22 additions & 16 deletions src/main/java/digital/slovensko/autogram/core/SigningJob.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package digital.slovensko.autogram.core;

import java.io.File;
import java.io.UnsupportedEncodingException;

import digital.slovensko.autogram.core.eforms.EFormUtils;
import digital.slovensko.autogram.core.eforms.XDCBuilder;
Expand All @@ -10,10 +11,15 @@
import eu.europa.esig.dss.asic.cades.signature.ASiCWithCAdESService;
import eu.europa.esig.dss.asic.xades.signature.ASiCWithXAdESService;
import eu.europa.esig.dss.cades.signature.CAdESService;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.FileDocument;
import eu.europa.esig.dss.pades.signature.PAdESService;
import eu.europa.esig.dss.service.http.commons.TimestampDataLoader;
import eu.europa.esig.dss.service.tsp.OnlineTSPSource;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.validation.CommonCertificateVerifier;
import eu.europa.esig.dss.xades.signature.XAdESService;

Expand Down Expand Up @@ -85,6 +91,9 @@ private DSSDocument signDocumentAsAsiCWithXAdeS(SigningKey key) {
signatureParameters.setCertificateChain(key.getCertificateChain());
signatureParameters.setSignWithExpiredCertificate(true);

if (signatureParameters.getSignatureLevel().equals(SignatureLevel.XAdES_BASELINE_T))
service.setTspSource(getParameters().getTspSource());

var dataToSign = service.getDataToSign(getDocument(), signatureParameters);
var signatureValue = key.sign(dataToSign, getParameters().getDigestAlgorithm());

Expand Down Expand Up @@ -133,6 +142,9 @@ private DSSDocument signDocumentAsPAdeS(SigningKey key) {
signatureParameters.setCertificateChain(key.getCertificateChain());
signatureParameters.setSignWithExpiredCertificate(true);

if (signatureParameters.getSignatureLevel().equals(SignatureLevel.PAdES_BASELINE_T))
service.setTspSource(getParameters().getTspSource());

var dataToSign = service.getDataToSign(getDocument(), signatureParameters);
var signatureValue = key.sign(dataToSign, jobParameters.getDigestAlgorithm());

Expand Down Expand Up @@ -164,44 +176,38 @@ public static SigningJob buildFromRequest(DSSDocument document, SigningParameter
return build(document, params, responder);
}

public static SigningJob buildFromFile(File file, Responder responder, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132) {
var document = createDSSFileDocumentFromFile(file);
var parameters = getParametersForFile(document, checkPDFACompliance, signatureType, isEn319132);
return build(document, parameters, responder);
}

public static SigningJob buildFromFileBatch(File file, Autogram autogram, Responder responder, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132) {
public static SigningJob buildFromFile(File file, Responder responder, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aj tu by voslo settings a tspsource + isEn319132 si nastavis podla settings (aktualnych)

var document = createDSSFileDocumentFromFile(file);
var parameters = getParametersForFile(document, checkPDFACompliance, signatureType, isEn319132);
var parameters = getParametersForFile(document, checkPDFACompliance, signatureType, isEn319132, tspSource);
return build(document, parameters, responder);
}

private static SigningParameters getParametersForFile(FileDocument document, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132) {
private static SigningParameters getParametersForFile(FileDocument document, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource) {
var level = SignatureValidator.getSignedDocumentSignatureLevel(document);
if (level != null) switch (level) {
case PAdES_BASELINE_B:
return SigningParameters.buildForPDF(document.getName(), document, checkPDFACompliance, isEn319132);
return SigningParameters.buildForPDF(document, checkPDFACompliance, isEn319132, tspSource);
case XAdES_BASELINE_B:
return SigningParameters.buildForASiCWithXAdES(document.getName(), document, isEn319132);
return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource);
case CAdES_BASELINE_B:
return SigningParameters.buildForASiCWithCAdES(document.getName(), document, isEn319132);
return SigningParameters.buildForASiCWithCAdES(document, isEn319132, tspSource);
default:
;
}

var filename = document.getName();
if (isPDF(document.getMimeType())) switch (signatureType) {
case PAdES_BASELINE_B:
return SigningParameters.buildForPDF(filename, document, checkPDFACompliance, isEn319132);
return SigningParameters.buildForPDF(document, checkPDFACompliance, isEn319132, tspSource);
case XAdES_BASELINE_B:
return SigningParameters.buildForASiCWithXAdES(filename, document, isEn319132);
return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource);
case CAdES_BASELINE_B:
return SigningParameters.buildForASiCWithCAdES(filename, document, isEn319132);
return SigningParameters.buildForASiCWithCAdES(document, isEn319132, tspSource);
Comment on lines +201 to +205
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ak by sme tu tieto veci vytahovali zo settings, tak nemusime restart?

default:
;
}

return SigningParameters.buildForASiCWithXAdES(filename, document, isEn319132);
return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource);
}

public boolean shouldCheckPDFCompliance() {
Expand Down
57 changes: 31 additions & 26 deletions src/main/java/digital/slovensko/autogram/core/SigningParameters.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import eu.europa.esig.dss.enumerations.SignaturePackaging;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.pades.PAdESSignatureParameters;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.xades.XAdESSignatureParameters;

import static digital.slovensko.autogram.core.AutogramMimeType.*;
Expand All @@ -41,13 +42,14 @@ public class SigningParameters {
private final boolean autoLoadEform;
private final String xsdIdentifier;
private final XsltParams xsltParams;
private final TSPSource tspSource;

private SigningParameters(SignatureLevel level, ASiCContainerType container,
String containerXmlns, SignaturePackaging packaging, DigestAlgorithm digestAlgorithm,
Boolean en319132, String infoCanonicalization, String propertiesCanonicalization,
String keyInfoCanonicalization, String schema, String transformation, String identifier,
boolean checkPDFACompliance, int preferredPreviewWidth, boolean autoLoadEform, String xsdIdentifier,
XsltParams xsltParams) {
XsltParams xsltParams, TSPSource tspSource) {
this.level = level;
this.asicContainer = container;
this.containerXmlns = containerXmlns;
Expand All @@ -65,6 +67,7 @@ private SigningParameters(SignatureLevel level, ASiCContainerType container,
this.autoLoadEform = autoLoadEform;
this.xsdIdentifier = xsdIdentifier;
this.xsltParams = xsltParams;
this.tspSource = tspSource;
}

public ASiCWithXAdESSignatureParameters getASiCWithXAdESSignatureParameters() {
Expand Down Expand Up @@ -186,22 +189,22 @@ public static SigningParameters buildFromRequest(SignatureLevel level, ASiCConta
Boolean en319132, String infoCanonicalization, String propertiesCanonicalization,
String keyInfoCanonicalization, String schema, String transformation, String identifier,
boolean checkPDFACompliance, int preferredPreviewWidth, boolean autoLoadEform, String xsdIdentifier,
String xsltIdentifier, String xsltLanguage, String xsltType, String xsltTarget, DSSDocument document)
throws AutogramException {
String xsltIdentifier, String xsltLanguage, String xsltType, String xsltTarget, DSSDocument document,
TSPSource tspSource) throws AutogramException {

return buildParameters(level, container, containerXmlns, packaging, digestAlgorithm, en319132,
infoCanonicalization, propertiesCanonicalization, keyInfoCanonicalization, schema, transformation,
identifier, checkPDFACompliance, preferredPreviewWidth, autoLoadEform, xsdIdentifier,
new XsltParams(xsltIdentifier, xsltLanguage, xsltType, xsltTarget, null),
document);
document, tspSource);
}

private static SigningParameters buildParameters(SignatureLevel level, ASiCContainerType container,
String containerXmlns, SignaturePackaging packaging, DigestAlgorithm digestAlgorithm,
Boolean en319132, String infoCanonicalization, String propertiesCanonicalization,
String keyInfoCanonicalization, String schema, String transformation, String identifier,
boolean checkPDFACompliance, int preferredPreviewWidth, boolean autoLoadEform, String xsdIdentifier,
XsltParams xsltParams, DSSDocument document)
XsltParams xsltParams, DSSDocument document, TSPSource tspSource)
throws AutogramException {

if (level == null)
Expand Down Expand Up @@ -263,30 +266,32 @@ private static SigningParameters buildParameters(SignatureLevel level, ASiCConta

return new SigningParameters(level, container, containerXmlns, packaging, digestAlgorithm, en319132,
infoCanonicalization, propertiesCanonicalization, keyInfoCanonicalization, schema, transformation,
identifier, checkPDFACompliance, preferredPreviewWidth, autoLoadEform, xsdIdentifier, xsltParams);
identifier, checkPDFACompliance, preferredPreviewWidth, autoLoadEform, xsdIdentifier, xsltParams,
tspSource);
}

public static SigningParameters buildForPDF(String filename, DSSDocument document, boolean checkPDFACompliance, boolean signAsEn319132) throws AutogramException {
public static SigningParameters buildForPDF(DSSDocument document, boolean checkPDFACompliance, boolean signAsEn319132, TSPSource tspSource) throws AutogramException {
return buildParameters(
SignatureLevel.PAdES_BASELINE_B,
null,
null, null,
DigestAlgorithm.SHA256,
signAsEn319132, null,
null, null,
null, null, "", checkPDFACompliance, 640, false, null, null, document);
(tspSource == null) ? SignatureLevel.PAdES_BASELINE_B : SignatureLevel.PAdES_BASELINE_T,
null, null, null, DigestAlgorithm.SHA256, signAsEn319132, null,
null, null, null, null, "",
checkPDFACompliance, 640, false, null, null, document, tspSource);
}

public static SigningParameters buildForASiCWithXAdES(String filename, DSSDocument document, boolean signAsEn319132) throws AutogramException {
return buildParameters(SignatureLevel.XAdES_BASELINE_B, ASiCContainerType.ASiC_E,
null, SignaturePackaging.ENVELOPING, DigestAlgorithm.SHA256, signAsEn319132, null, null,
null, null, null, "", false, 640, true, null, null, document);
public static SigningParameters buildForASiCWithXAdES(DSSDocument document, boolean signAsEn319132, TSPSource tspSource) throws AutogramException {
return buildParameters(
(tspSource == null) ? SignatureLevel.XAdES_BASELINE_B : SignatureLevel.XAdES_BASELINE_T,
ASiCContainerType.ASiC_E, null, SignaturePackaging.ENVELOPING, DigestAlgorithm.SHA256, signAsEn319132, null,
null, null, null, null, "",
false, 640, true, null, null, document, tspSource);
}

public static SigningParameters buildForASiCWithCAdES(String filename, DSSDocument document, boolean signAsEn319132) throws AutogramException {
return buildParameters(SignatureLevel.CAdES_BASELINE_B, ASiCContainerType.ASiC_E,
null, SignaturePackaging.ENVELOPING, DigestAlgorithm.SHA256, signAsEn319132, null, null,
null, null, null, "", false, 640, true, null, null, document);
public static SigningParameters buildForASiCWithCAdES(DSSDocument document, boolean signAsEn319132, TSPSource tspSource) throws AutogramException {
return buildParameters(
SignatureLevel.CAdES_BASELINE_B,
ASiCContainerType.ASiC_E, null, SignaturePackaging.ENVELOPING, DigestAlgorithm.SHA256, signAsEn319132, null,
null, null, null, null, "",
false, 640, true, null, null, document, tspSource);
}

public String getIdentifier() {
Expand All @@ -301,10 +306,6 @@ public int getVisualizationWidth() {
return (visualizationWidth > 0) ? visualizationWidth : 768;
}

public boolean getAutoLoadEform() {
return autoLoadEform;
}

public String getXsltDestinationType() {
return xsltParams.destinationType();
}
Expand All @@ -320,4 +321,8 @@ public boolean shouldCreateXdc() {
public XsltParams getXsltParams() {
return xsltParams;
}

public TSPSource getTspSource() {
return tspSource;
}
}
Loading