Merged changes from DSS-5.0, version is now 5.0.d4j.1

Signed-off-by: Indrek Jentson <indrek.jentson@cgi.com>
open-eid · Jul 21, 2017 · 349c1c9 · 349c1c9
2 parents cc99d0a + b8749e5
commit 349c1c9
Show file tree

Hide file tree

Showing 1,376 changed files with 40,720 additions and 33,716 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,12 +1,6 @@
-dss-demo-webapp/etc/
-pom.xml.versionsBackup
-dependency-reduced-pom.xml
-.*
 *.iml
 .idea
 .svn
 target
-dss-demo-webapp/dss-debug.log
-dss-demo-webapp/log.out
 log.out
 pom.xml.asc
diff --git a/LICENSE b/LICENSE
diff --git a/README.md b/README.md
@@ -2,14 +2,8 @@
 
 This is a Digital Signature Service project used by DigiDoc4j. This fork contains mainly BDoc-TM specific changes.
 
-DigiDoc4j is locaded at https://github.com/open-eid/digidoc4j
-
 This is a forked repository from the original DSS project located at https://github.com/esig/dss and https://joinup.ec.europa.eu/asset/sd-dss/description. 
 
 # Issue Tracker
 
 Please, use Pivotal on https://www.pivotaltracker.com/n/projects/1110130
-
-# Maven repository
-
-The modules needed by DigiDoc4j are published to the Maven Central (http://mvnrepository.com/artifact/org.digidoc4j.dss)
diff --git a/dss-asic-cades/pom.xml b/dss-asic-cades/pom.xml
@@ -0,0 +1,35 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.digidoc4j.dss</groupId>
+		<artifactId>sd-dss</artifactId>
+		<version>5.0.d4j.1</version>
+	</parent>
+
+	<artifactId>dss-asic-cades</artifactId>
+	<name>DSS ASiC with CAdES signature(s)</name>
+	<description>DSS ASiC with CAdES contains the code for the creation and validation of ASiC containers with CAdES signature(s).</description>
+
+	<dependencies>
+		<dependency>
+			<groupId>${project.groupId}</groupId>
+			<artifactId>dss-asic-common</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>${project.groupId}</groupId>
+			<artifactId>dss-cades</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>${project.groupId}</groupId>
+			<artifactId>dss-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>${project.groupId}</groupId>
+			<artifactId>dss-document</artifactId>
+			<type>test-jar</type>
+			<scope>test</scope>
+		</dependency>
+	</dependencies>
+</project>
diff --git a/dss-asic-cades/src/main/java/eu/europa/esig/dss/asic/ASiCWithCAdESContainerExtractor.java b/dss-asic-cades/src/main/java/eu/europa/esig/dss/asic/ASiCWithCAdESContainerExtractor.java
@@ -0,0 +1,21 @@
+package eu.europa.esig.dss.asic;
+
+import eu.europa.esig.dss.DSSDocument;
+
+public class ASiCWithCAdESContainerExtractor extends AbstractASiCContainerExtractor {
+
+	public ASiCWithCAdESContainerExtractor(DSSDocument archive) {
+		super(archive);
+	}
+
+	@Override
+	boolean isAllowedManifest(String entryName) {
+		return entryName.startsWith(META_INF_FOLDER + "ASiCManifest") && entryName.endsWith(".xml");
+	}
+
+	@Override
+	boolean isAllowedSignature(String entryName) {
+		return ASiCUtils.isCAdES(entryName);
+	}
+
+}
diff --git a/dss-asic-cades/src/main/java/eu/europa/esig/dss/asic/ASiCWithCAdESSignatureParameters.java b/dss-asic-cades/src/main/java/eu/europa/esig/dss/asic/ASiCWithCAdESSignatureParameters.java
@@ -0,0 +1,28 @@
+package eu.europa.esig.dss.asic;
+
+import eu.europa.esig.dss.SignatureForm;
+import eu.europa.esig.dss.SignatureLevel;
+import eu.europa.esig.dss.cades.CAdESSignatureParameters;
+
+public class ASiCWithCAdESSignatureParameters extends CAdESSignatureParameters {
+
+	private static final long serialVersionUID = -830012801924753709L;
+
+	/**
+	 * The object representing the parameters related to ASiC from of the signature.
+	 */
+	private ASiCParameters aSiCParams = new ASiCParameters();
+
+	public ASiCParameters aSiC() {
+		return aSiCParams;
+	}
+
+	@Override
+	public void setSignatureLevel(SignatureLevel signatureLevel) {
+		if (signatureLevel == null || SignatureForm.CAdES != signatureLevel.getSignatureForm()) {
+			throw new IllegalArgumentException("Only CAdES form is allowed !");
+		}
+		super.setSignatureLevel(signatureLevel);
+	}
+
+}
diff --git a/...src/main/java/eu/europa/esig/dss/asic/signature/ASiCWithCAdESDataToSignHelperBuilder.java b/...src/main/java/eu/europa/esig/dss/asic/signature/ASiCWithCAdESDataToSignHelperBuilder.java
@@ -0,0 +1,50 @@
+package eu.europa.esig.dss.asic.signature;
+
+import java.util.List;
+
+import eu.europa.esig.dss.BLevelParameters;
+import eu.europa.esig.dss.DSSDocument;
+import eu.europa.esig.dss.asic.ASiCExtractResult;
+import eu.europa.esig.dss.asic.ASiCUtils;
+import eu.europa.esig.dss.asic.ASiCWithCAdESContainerExtractor;
+import eu.europa.esig.dss.asic.ASiCWithCAdESSignatureParameters;
+import eu.europa.esig.dss.asic.signature.asice.DataToSignASiCEWithCAdESFromArchive;
+import eu.europa.esig.dss.asic.signature.asice.DataToSignASiCEWithCAdESFromFiles;
+import eu.europa.esig.dss.asic.signature.asics.DataToSignASiCSWithCAdESFromArchive;
+import eu.europa.esig.dss.asic.signature.asics.DataToSignASiCSWithCAdESFromFiles;
+
+public class ASiCWithCAdESDataToSignHelperBuilder {
+
+	private ASiCWithCAdESDataToSignHelperBuilder() {
+	}
+
+	public static GetDataToSignASiCWithCAdESHelper getGetDataToSignHelper(List<DSSDocument> documents, ASiCWithCAdESSignatureParameters parameters) {
+
+		BLevelParameters bLevel = parameters.bLevel();
+		boolean asice = ASiCUtils.isASiCE(parameters.aSiC());
+		boolean archive = ASiCUtils.isArchive(documents);
+
+		if (archive) {
+			DSSDocument archiveDoc = documents.get(0);
+			if (!ASiCUtils.isArchiveContainsCorrectSignatureExtension(archiveDoc, ".p7s")) {
+				throw new UnsupportedOperationException("Container type doesn't match");
+			}
+
+			ASiCWithCAdESContainerExtractor extractor = new ASiCWithCAdESContainerExtractor(archiveDoc);
+			ASiCExtractResult extract = extractor.extract();
+			if (asice) {
+				return new DataToSignASiCEWithCAdESFromArchive(extract.getSignedDocuments(), extract.getSignatureDocuments(), extract.getManifestDocuments(),
+						parameters);
+			} else {
+				return new DataToSignASiCSWithCAdESFromArchive(extract.getSignatureDocuments(), extract.getSignedDocuments(), parameters.aSiC());
+			}
+		} else {
+			if (asice) {
+				return new DataToSignASiCEWithCAdESFromFiles(documents, parameters);
+			} else {
+				return new DataToSignASiCSWithCAdESFromFiles(documents, bLevel.getSigningDate(), parameters.aSiC());
+			}
+		}
+	}
+
+}
diff --git a/dss-asic-cades/src/main/java/eu/europa/esig/dss/asic/signature/ASiCWithCAdESService.java b/dss-asic-cades/src/main/java/eu/europa/esig/dss/asic/signature/ASiCWithCAdESService.java
@@ -0,0 +1,204 @@
+package eu.europa.esig.dss.asic.signature;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipOutputStream;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import eu.europa.esig.dss.ASiCContainerType;
+import eu.europa.esig.dss.DSSDocument;
+import eu.europa.esig.dss.DSSException;
+import eu.europa.esig.dss.DSSUtils;
+import eu.europa.esig.dss.InMemoryDocument;
+import eu.europa.esig.dss.SignaturePackaging;
+import eu.europa.esig.dss.SignatureValue;
+import eu.europa.esig.dss.SigningOperation;
+import eu.europa.esig.dss.ToBeSigned;
+import eu.europa.esig.dss.asic.ASiCParameters;
+import eu.europa.esig.dss.asic.ASiCUtils;
+import eu.europa.esig.dss.asic.ASiCWithCAdESContainerExtractor;
+import eu.europa.esig.dss.asic.ASiCWithCAdESSignatureParameters;
+import eu.europa.esig.dss.asic.AbstractASiCContainerExtractor;
+import eu.europa.esig.dss.asic.validation.ASiCEWithCAdESManifestValidator;
+import eu.europa.esig.dss.cades.CAdESSignatureParameters;
+import eu.europa.esig.dss.cades.signature.CAdESService;
+import eu.europa.esig.dss.utils.Utils;
+import eu.europa.esig.dss.validation.CertificateVerifier;
+
+public class ASiCWithCAdESService extends AbstractASiCSignatureService<ASiCWithCAdESSignatureParameters> {
+
+	private static final Logger LOG = LoggerFactory.getLogger(ASiCWithCAdESService.class);
+
+	public ASiCWithCAdESService(CertificateVerifier certificateVerifier) {
+		super(certificateVerifier);
+		LOG.debug("+ ASiCService with CAdES created");
+	}
+
+	@Override
+	public ToBeSigned getDataToSign(List<DSSDocument> toSignDocuments, ASiCWithCAdESSignatureParameters parameters) throws DSSException {
+		final ASiCParameters asicParameters = parameters.aSiC();
+		assertCanBeSign(toSignDocuments, asicParameters);
+
+		GetDataToSignASiCWithCAdESHelper dataToSignHelper = ASiCWithCAdESDataToSignHelperBuilder.getGetDataToSignHelper(toSignDocuments, parameters);
+
+		CAdESSignatureParameters cadesParameters = getCAdESParameters(parameters);
+		cadesParameters.setDetachedContents(dataToSignHelper.getDetachedContents());
+		return getCAdESService().getDataToSign(dataToSignHelper.getToBeSigned(), cadesParameters);
+	}
+
+	@Override
+	public DSSDocument signDocument(List<DSSDocument> toSignDocuments, ASiCWithCAdESSignatureParameters parameters, SignatureValue signatureValue)
+			throws DSSException {
+
+		final ASiCParameters asicParameters = parameters.aSiC();
+		assertCanBeSign(toSignDocuments, asicParameters);
+		assertSigningDateInCertificateValidityRange(parameters);
+
+		GetDataToSignASiCWithCAdESHelper dataToSignHelper = ASiCWithCAdESDataToSignHelperBuilder.getGetDataToSignHelper(toSignDocuments, parameters);
+
+		List<DSSDocument> signatures = dataToSignHelper.getSignatures();
+		List<DSSDocument> manifests = dataToSignHelper.getManifestFiles();
+
+		CAdESSignatureParameters cadesParameters = getCAdESParameters(parameters);
+		cadesParameters.setDetachedContents(dataToSignHelper.getDetachedContents());
+		final DSSDocument signature = getCAdESService().signDocument(dataToSignHelper.getToBeSigned(), cadesParameters, signatureValue);
+		String newSignatureFileName = dataToSignHelper.getSignatureFilename();
+		signature.setName(dataToSignHelper.getSignatureFilename());
+
+		if (ASiCUtils.isASiCS(asicParameters)) {
+			Iterator<DSSDocument> iterator = signatures.iterator();
+			while (iterator.hasNext()) {
+				if (Utils.areStringsEqual(newSignatureFileName, iterator.next().getName())) {
+					// remove existing file to be replaced
+					iterator.remove();
+				}
+			}
+		}
+		signatures.add(signature);
+
+		final DSSDocument asicSignature = buildASiCContainer(dataToSignHelper.getSignedDocuments(), signatures, manifests, asicParameters);
+		asicSignature
+				.setName(DSSUtils.getFinalFileName(asicSignature, SigningOperation.SIGN, parameters.getSignatureLevel(), parameters.aSiC().getContainerType()));
+		parameters.reinitDeterministicId();
+		return asicSignature;
+	}
+
+	@Override
+	public DSSDocument extendDocument(DSSDocument toExtendDocument, ASiCWithCAdESSignatureParameters parameters) throws DSSException {
+		if (!ASiCUtils.isASiCContainer(toExtendDocument) || !ASiCUtils.isArchiveContainsCorrectSignatureExtension(toExtendDocument, ".p7s")) {
+			throw new DSSException("Unsupported file type");
+		}
+
+		extractCurrentArchive(toExtendDocument);
+		List<DSSDocument> signatureDocuments = getEmbeddedSignatures();
+		List<DSSDocument> manifests = getEmbeddedManifests();
+		List<DSSDocument> signedDocuments = getEmbeddedSignedDocuments();
+		DSSDocument mimetype = getEmbeddedMimetype();
+
+		ASiCContainerType containerType = ASiCUtils.getContainerType(toExtendDocument, mimetype, null, signedDocuments);
+		if (containerType == null) {
+			throw new DSSException("Unable to determine container type");
+		}
+
+		List<DSSDocument> extendedDocuments = new ArrayList<DSSDocument>();
+
+		for (DSSDocument signature : signatureDocuments) {
+
+			if (ASiCContainerType.ASiC_E == containerType) {
+
+				ASiCEWithCAdESManifestValidator manifestValidator = new ASiCEWithCAdESManifestValidator(signature, manifests, signedDocuments);
+				DSSDocument linkedManifest = manifestValidator.getLinkedManifest();
+
+				if (linkedManifest != null) {
+					String originalName = signature.getName();
+					CAdESSignatureParameters cadesParameters = getCAdESParameters(parameters);
+					cadesParameters.setDetachedContents(Arrays.asList(linkedManifest));
+
+					DSSDocument extendDocument = getCAdESService().extendDocument(signature, cadesParameters);
+					extendDocument.setName(originalName);
+					extendedDocuments.add(extendDocument);
+				} else {
+					LOG.warn("Manifest not found for signature file '{}' -> NOT EXTENDED !!!", signature.getName());
+					extendedDocuments.add(signature);
+				}
+			} else {
+				String originalName = signature.getName();
+				CAdESSignatureParameters cadesParameters = getCAdESParameters(parameters);
+				cadesParameters.setDetachedContents(signedDocuments);
+
+				DSSDocument extendDocument = getCAdESService().extendDocument(signature, cadesParameters);
+				extendDocument.setName(originalName);
+				extendedDocuments.add(extendDocument);
+			}
+		}
+
+		ByteArrayOutputStream baos = null;
+		try {
+			baos = new ByteArrayOutputStream();
+			copyExistingArchiveWithSignatureList(toExtendDocument, extendedDocuments, baos);
+		} finally {
+			Utils.closeQuietly(baos);
+		}
+
+		DSSDocument asicSignature = new InMemoryDocument(baos.toByteArray(), null, toExtendDocument.getMimeType());
+		asicSignature.setName(
+				DSSUtils.getFinalFileName(toExtendDocument, SigningOperation.EXTEND, parameters.getSignatureLevel(), parameters.aSiC().getContainerType()));
+		return asicSignature;
+	}
+
+	@Override
+	void storeSignatures(List<DSSDocument> signatures, ZipOutputStream zos) throws IOException {
+		for (DSSDocument signature : signatures) {
+			final ZipEntry entrySignature = new ZipEntry(signature.getName());
+			zos.putNextEntry(entrySignature);
+			signature.writeTo(zos);
+		}
+	}
+
+	@Override
+	boolean isSignatureFilename(String name) {
+		return ASiCUtils.isCAdES(name);
+	}
+
+	@Override
+	AbstractASiCContainerExtractor getArchiveExtractor(DSSDocument archive) {
+		return new ASiCWithCAdESContainerExtractor(archive);
+	}
+
+	private CAdESService getCAdESService() {
+		CAdESService cadesService = new CAdESService(certificateVerifier);
+		cadesService.setTspSource(tspSource);
+		return cadesService;
+	}
+
+	private CAdESSignatureParameters getCAdESParameters(ASiCWithCAdESSignatureParameters parameters) {
+		CAdESSignatureParameters cadesParameters = parameters;
+		cadesParameters.setSignaturePackaging(SignaturePackaging.DETACHED);
+		cadesParameters.setDetachedContents(null);
+		return cadesParameters;
+	}
+
+	@Override
+	boolean canBeSigned(List<DSSDocument> toSignDocuments, ASiCParameters asicParameters) {
+		boolean isMimetypeCorrect = true;
+		boolean isSignatureTypeCorrect = true;
+		if (ASiCUtils.isArchive(toSignDocuments)) {
+			DSSDocument archiveDoc = toSignDocuments.get(0);
+			String expectedMimeType = archiveDoc.getMimeType().getMimeTypeString();
+			String mimeTypeFromParameter = ASiCUtils.getMimeTypeString(asicParameters);
+			isMimetypeCorrect = Utils.areStringsEqualIgnoreCase(expectedMimeType, mimeTypeFromParameter);
+			if (isMimetypeCorrect) {
+				isSignatureTypeCorrect = ASiCUtils.isArchiveContainsCorrectSignatureExtension(archiveDoc, ".p7s");
+			}
+		}
+		return isMimetypeCorrect && isSignatureTypeCorrect;
+	}
+
+}
diff --git a/...des/src/main/java/eu/europa/esig/dss/asic/signature/GetDataToSignASiCWithCAdESHelper.java b/...des/src/main/java/eu/europa/esig/dss/asic/signature/GetDataToSignASiCWithCAdESHelper.java
@@ -0,0 +1,15 @@
+package eu.europa.esig.dss.asic.signature;
+
+import java.util.List;
+
+import eu.europa.esig.dss.DSSDocument;
+
+public interface GetDataToSignASiCWithCAdESHelper extends GetDataToSignHelper {
+
+	/* In CMS/CAdES, we only can sign on file */
+	DSSDocument getToBeSigned();
+
+	/* In case of parallel ASiC-S signature, we need the detached content */
+	List<DSSDocument> getDetachedContents();
+
+}