From eea96120c311b938429e3af81b792b13062e08e8 Mon Sep 17 00:00:00 2001 From: Emma Kuppart Date: Mon, 22 Apr 2024 08:46:59 +0300 Subject: [PATCH] Implement timemark hashcode validation with Digidoc4j --- .../proxy/HasBdocTimemarkPolicyService.java | 40 +++ .../siva/proxy/HashcodeValidationMapper.java | 51 ++++ .../siva/proxy/HashcodeValidationProxy.java | 81 ++++-- .../HasBdocTimemarkPolicyServiceTest.java | 43 +++ .../proxy/HashcodeValidationProxyTest.java | 254 +++++++++++------- .../test-files/no_timemark_signature.xml | 94 +++++++ .../test/resources/test-files/signatures.xml | 1 + .../test-files/timemark_signature.xml | 81 ++++++ .../HashcodeValidationControllerTest.java | 52 ++-- .../HashcodeGenericValidationService.java | 54 ---- .../HashcodeGenericValidationServiceTest.java | 53 +--- .../TimemarkHashcodeValidationService.java | 71 +++++ .../AsicContainerValidationReportBuilder.java | 36 +-- .../DDOCContainerValidationReportBuilder.java | 18 +- ...emarkContainerValidationReportBuilder.java | 225 ++-------------- ...memarkHashcodeValidationReportBuilder.java | 159 +++++++++++ .../util/SignatureCertificateParser.java | 52 ++++ .../timemark/util/SignatureInfoParser.java | 122 +++++++++ .../timemark/util/SignatureScopeParser.java | 44 +++ .../util/SigningCertificateParser.java | 43 +++ .../timemark/util/ValidationErrorMapper.java | 44 +++ .../test-files/timemark_signature.xml | 81 ++++++ .../siva/validation/util/SubjectDNParser.java | 2 +- 23 files changed, 1226 insertions(+), 475 deletions(-) create mode 100644 siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HasBdocTimemarkPolicyService.java create mode 100644 siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HashcodeValidationMapper.java create mode 100644 siva-parent/siva-validation-proxy/src/test/java/ee/openeid/siva/proxy/HasBdocTimemarkPolicyServiceTest.java create mode 100644 siva-parent/siva-validation-proxy/src/test/resources/test-files/no_timemark_signature.xml create mode 100644 siva-parent/siva-validation-proxy/src/test/resources/test-files/signatures.xml create mode 100755 siva-parent/siva-validation-proxy/src/test/resources/test-files/timemark_signature.xml create mode 100644 validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/TimemarkHashcodeValidationService.java create mode 100644 validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkHashcodeValidationReportBuilder.java create mode 100644 validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureCertificateParser.java create mode 100644 validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureInfoParser.java create mode 100644 validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureScopeParser.java create mode 100644 validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SigningCertificateParser.java create mode 100644 validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/ValidationErrorMapper.java create mode 100755 validation-services-parent/timemark-container-validation-service/src/test/resources/test-files/timemark_signature.xml diff --git a/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HasBdocTimemarkPolicyService.java b/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HasBdocTimemarkPolicyService.java new file mode 100644 index 000000000..c5e2b3e52 --- /dev/null +++ b/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HasBdocTimemarkPolicyService.java @@ -0,0 +1,40 @@ +package ee.openeid.siva.proxy; + +import ee.openeid.siva.validation.document.ValidationDocument; +import eu.europa.esig.dss.utils.Utils; +import eu.europa.esig.dss.xml.common.definition.DSSNamespace; +import eu.europa.esig.dss.xml.utils.DomUtils; +import eu.europa.esig.xades.definition.xades132.XAdES132Element; +import org.digidoc4j.dss.xades.BDocTmSupport; +import org.springframework.stereotype.Service; +import org.w3c.dom.Element; + +import java.util.Optional; + +import static eu.europa.esig.dss.xml.common.definition.AbstractPath.allFromCurrentPosition; + +@Service +public class HasBdocTimemarkPolicyService { + boolean hasBdocTimemarkPolicy(ValidationDocument validationDocument) { + return extractSigPolicyIdElement(validationDocument) + .map(this::extractSigPolicyIdValue) + .map(this::matchesBdocTimemarkPolicyId) + .orElse(false); + } + + private Optional extractSigPolicyIdElement(ValidationDocument validationDocument) { + DomUtils.registerNamespace(new DSSNamespace("http://uri.etsi.org/01903/v1.3.2#", "xades132")); + return Optional.of(validationDocument.getBytes()) + .filter(DomUtils::startsWithXmlPreamble) + .map(DomUtils::buildDOM) + .map(dom -> DomUtils.getElement(dom, allFromCurrentPosition(XAdES132Element.SIG_POLICY_ID))); + } + + private String extractSigPolicyIdValue(Element sigPolicyId) { + return Utils.trim(DomUtils.getValue(sigPolicyId, allFromCurrentPosition(XAdES132Element.IDENTIFIER))); + } + + private boolean matchesBdocTimemarkPolicyId(String sigPolicyIdValue) { + return Utils.areStringsEqualIgnoreCase(BDocTmSupport.BDOC_TM_POLICY_ID, sigPolicyIdValue); + } +} diff --git a/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HashcodeValidationMapper.java b/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HashcodeValidationMapper.java new file mode 100644 index 000000000..c7233b84e --- /dev/null +++ b/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HashcodeValidationMapper.java @@ -0,0 +1,51 @@ +package ee.openeid.siva.proxy; + +import ee.openeid.siva.proxy.document.ProxyHashcodeDataSet; +import ee.openeid.siva.validation.document.SignatureFile; +import ee.openeid.siva.validation.document.ValidationDocument; +import ee.openeid.siva.validation.document.report.Reports; +import ee.openeid.siva.validation.document.report.ValidationConclusion; +import org.springframework.stereotype.Service; + +import java.util.List; + +@Service +public class HashcodeValidationMapper { + public List mapToValidationDocuments(ProxyHashcodeDataSet proxyRequest) { + return proxyRequest.getSignatureFiles() + .stream() + .map(signatureFile -> createValidationDocument(proxyRequest.getSignaturePolicy(), signatureFile)) + .toList(); + } + + private ValidationDocument createValidationDocument(String signaturePolicy, SignatureFile signatureFile) { + ValidationDocument validationDocument = new ValidationDocument(); + validationDocument.setSignaturePolicy(signaturePolicy); + validationDocument.setBytes(signatureFile.getSignature()); + validationDocument.setDatafiles(signatureFile.getDatafiles()); + return validationDocument; + } + + Reports mergeReportsToOne(List reportsList) { + int signaturesCount = 0; + int validSignaturesCount = 0; + Reports response = null; + for (Reports reports : reportsList) { + ValidationConclusion validationConclusion = reports.getSimpleReport().getValidationConclusion(); + if (signaturesCount == 0) { + response = reports; + validSignaturesCount = validationConclusion.getValidSignaturesCount(); + } else { + response.getSimpleReport().getValidationConclusion().getSignatures().addAll(validationConclusion.getSignatures()); + validSignaturesCount = validSignaturesCount + validationConclusion.getValidSignaturesCount(); + } + signaturesCount = signaturesCount + validationConclusion.getSignaturesCount(); + } + if (response != null) { + ValidationConclusion validationConclusion = response.getSimpleReport().getValidationConclusion(); + validationConclusion.setSignaturesCount(signaturesCount); + validationConclusion.setValidSignaturesCount(validSignaturesCount); + } + return response; + } +} diff --git a/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HashcodeValidationProxy.java b/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HashcodeValidationProxy.java index 5ddf98940..80ea092ad 100644 --- a/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HashcodeValidationProxy.java +++ b/siva-parent/siva-validation-proxy/src/main/java/ee/openeid/siva/proxy/HashcodeValidationProxy.java @@ -19,55 +19,92 @@ import ee.openeid.siva.proxy.document.ProxyHashcodeDataSet; import ee.openeid.siva.proxy.document.ReportType; import ee.openeid.siva.statistics.StatisticsService; -import ee.openeid.siva.validation.document.SignatureFile; +import ee.openeid.siva.validation.document.Datafile; import ee.openeid.siva.validation.document.ValidationDocument; import ee.openeid.siva.validation.document.report.Reports; import ee.openeid.siva.validation.document.report.SimpleReport; -import ee.openeid.siva.validation.service.ValidationService; +import ee.openeid.siva.validation.exception.MalformedSignatureFileException; +import ee.openeid.siva.validation.security.SecureSAXParsers; +import ee.openeid.validation.service.generic.SignatureXmlHandler; import ee.openeid.validation.service.generic.HashcodeGenericValidationService; +import ee.openeid.validation.service.timemark.TimemarkHashcodeValidationService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.core.env.Environment; import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; +import javax.xml.parsers.SAXParser; +import java.io.ByteArrayInputStream; import java.util.List; -import java.util.stream.Collectors; +import java.util.Optional; @Service public class HashcodeValidationProxy extends ValidationProxy { - - private static final String HASHCODE_GENERIC_SERVICE = "hashcodeGeneric"; + private final HasBdocTimemarkPolicyService hasBdocTimemarkPolicyService; + private final HashcodeValidationMapper hashcodeValidationMapper; + private final HashcodeGenericValidationService hashcodeGenericValidationService; + private final TimemarkHashcodeValidationService timemarkHashcodeValidationService; @Autowired - public HashcodeValidationProxy(StatisticsService statisticsService, ApplicationContext applicationContext, Environment environment) { + public HashcodeValidationProxy(StatisticsService statisticsService, + ApplicationContext applicationContext, + Environment environment, + HasBdocTimemarkPolicyService hasBdocTimemarkPolicyService, + HashcodeValidationMapper hashcodeValidationMapper, + HashcodeGenericValidationService hashcodeGenericValidationService, + TimemarkHashcodeValidationService timemarkHashcodeValidationService) { super(statisticsService, applicationContext, environment); + this.hasBdocTimemarkPolicyService = hasBdocTimemarkPolicyService; + this.hashcodeValidationMapper = hashcodeValidationMapper; + this.hashcodeGenericValidationService = hashcodeGenericValidationService; + this.timemarkHashcodeValidationService = timemarkHashcodeValidationService; } @Override String constructValidatorName(ProxyRequest proxyRequest) { - return HASHCODE_GENERIC_SERVICE + SERVICE_BEAN_NAME_POSTFIX; + throw new IllegalStateException("Method is unimplemented"); } @Override public SimpleReport validateRequest(ProxyRequest proxyRequest) { - ValidationService validationService = getServiceForType(proxyRequest); - if (validationService instanceof HashcodeGenericValidationService && proxyRequest instanceof ProxyHashcodeDataSet) { - - List validationDocuments = ((ProxyHashcodeDataSet) proxyRequest).getSignatureFiles() - .stream() - .map(signatureFile -> createValidationDocument(proxyRequest.getSignaturePolicy(), signatureFile)) - .collect(Collectors.toList()); - Reports reports = ((HashcodeGenericValidationService) validationService).validate(validationDocuments); - return chooseReport(reports, ReportType.SIMPLE); + if (proxyRequest instanceof ProxyHashcodeDataSet) { + var reports = hashcodeValidationMapper.mapToValidationDocuments((ProxyHashcodeDataSet) proxyRequest) + .stream() + .map(this::validateDocument) + .toList(); + return chooseReport(hashcodeValidationMapper.mergeReportsToOne(reports), ReportType.SIMPLE); } throw new IllegalStateException("Something went wrong with hashcode validation"); } - ValidationDocument createValidationDocument(String signaturePolicy, SignatureFile signatureFile) { - ValidationDocument validationDocument = new ValidationDocument(); - validationDocument.setSignaturePolicy(signaturePolicy); - validationDocument.setBytes(signatureFile.getSignature()); - validationDocument.setDatafiles(signatureFile.getDatafiles()); - return validationDocument; + private Reports validateDocument(ValidationDocument validationDocument) { + Optional.ofNullable(getDataFileInfoIfNeeded(validationDocument)) + .filter(dataFiles -> !dataFiles.isEmpty()) + .ifPresent(validationDocument::setDatafiles); + if (hasBdocTimemarkPolicyService.hasBdocTimemarkPolicy(validationDocument)) { + return timemarkHashcodeValidationService.validateDocument(validationDocument); + } else { + return hashcodeGenericValidationService.validateDocument(validationDocument); + } + } + + private List getDataFileInfoIfNeeded(ValidationDocument validationDocument) { + if (!CollectionUtils.isEmpty(validationDocument.getDatafiles())) { + return null; + } else { + try { + SAXParser saxParser = SecureSAXParsers.createParser(); + SignatureXmlHandler handler = new SignatureXmlHandler(); + saxParser.parse(new ByteArrayInputStream(validationDocument.getBytes()), handler); + return handler.getDatafiles(); + } catch (Exception e) { + throw constructMalformedDocumentException(new RuntimeException(e)); + } + } + } + + private RuntimeException constructMalformedDocumentException(Exception cause) { + return new MalformedSignatureFileException(cause, "Signature file malformed"); } } diff --git a/siva-parent/siva-validation-proxy/src/test/java/ee/openeid/siva/proxy/HasBdocTimemarkPolicyServiceTest.java b/siva-parent/siva-validation-proxy/src/test/java/ee/openeid/siva/proxy/HasBdocTimemarkPolicyServiceTest.java new file mode 100644 index 000000000..95f6f1262 --- /dev/null +++ b/siva-parent/siva-validation-proxy/src/test/java/ee/openeid/siva/proxy/HasBdocTimemarkPolicyServiceTest.java @@ -0,0 +1,43 @@ +package ee.openeid.siva.proxy; + +import ee.openeid.siva.validation.document.ValidationDocument; +import ee.openeid.siva.validation.document.builder.DummyValidationDocumentBuilder; +import lombok.SneakyThrows; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +class HasBdocTimemarkPolicyServiceTest { + private final HasBdocTimemarkPolicyService hasBdocTimemarkPolicyService = new HasBdocTimemarkPolicyService(); + + @Test + void hasBdocTimemarkPolicy_whenInputIsNotXmlFile_shouldReturnFalse() { + assertFalse( + hasBdocTimemarkPolicyService.hasBdocTimemarkPolicy(createValidationDocument("timestamptoken-ddoc.asics")) + ); + } + + @Test + void hasBdocTimemarkPolicy_whenSignatureDoesNotHaveBdocTimemark_shouldReturnFalse() { + assertFalse( + hasBdocTimemarkPolicyService.hasBdocTimemarkPolicy(createValidationDocument("no_timemark_signature.xml")) + ); + } + + @Test + void hasBdocTimemarkPolicy_whenSignatureHasBdocTimemark_shouldReturnTrue() { + assertTrue( + hasBdocTimemarkPolicyService.hasBdocTimemarkPolicy(createValidationDocument("timemark_signature.xml")) + ); + } + + @SneakyThrows + private ValidationDocument createValidationDocument(String file) { + return DummyValidationDocumentBuilder + .aValidationDocument() + .withDocument("test-files/" + file) + .withName(file) + .build(); + } +} diff --git a/siva-parent/siva-validation-proxy/src/test/java/ee/openeid/siva/proxy/HashcodeValidationProxyTest.java b/siva-parent/siva-validation-proxy/src/test/java/ee/openeid/siva/proxy/HashcodeValidationProxyTest.java index 8a1e9df74..f920007e3 100644 --- a/siva-parent/siva-validation-proxy/src/test/java/ee/openeid/siva/proxy/HashcodeValidationProxyTest.java +++ b/siva-parent/siva-validation-proxy/src/test/java/ee/openeid/siva/proxy/HashcodeValidationProxyTest.java @@ -19,104 +19,174 @@ import ee.openeid.siva.proxy.document.ProxyHashcodeDataSet; import ee.openeid.siva.proxy.document.ReportType; -import ee.openeid.siva.proxy.exception.ValidatonServiceNotFoundException; import ee.openeid.siva.statistics.StatisticsService; import ee.openeid.siva.validation.document.Datafile; import ee.openeid.siva.validation.document.SignatureFile; import ee.openeid.siva.validation.document.ValidationDocument; +import ee.openeid.siva.validation.document.builder.DummyValidationDocumentBuilder; +import ee.openeid.siva.validation.document.report.DetailedReport; +import ee.openeid.siva.validation.document.report.DiagnosticReport; import ee.openeid.siva.validation.document.report.Error; -import ee.openeid.siva.validation.document.report.*; +import ee.openeid.siva.validation.document.report.Info; +import ee.openeid.siva.validation.document.report.Policy; +import ee.openeid.siva.validation.document.report.Reports; +import ee.openeid.siva.validation.document.report.SignatureValidationData; +import ee.openeid.siva.validation.document.report.SimpleReport; +import ee.openeid.siva.validation.document.report.ValidatedDocument; +import ee.openeid.siva.validation.document.report.ValidationConclusion; import ee.openeid.validation.service.generic.HashcodeGenericValidationService; +import ee.openeid.validation.service.timemark.TimemarkHashcodeValidationService; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.BDDMockito; -import org.mockito.Mock; -import org.springframework.beans.factory.NoSuchBeanDefinitionException; import org.springframework.context.ApplicationContext; import org.springframework.core.env.Environment; -import org.springframework.test.context.junit.jupiter.SpringExtension; import java.util.Arrays; import java.util.Collections; import java.util.List; +import static org.junit.jupiter.api.Assertions.assertAll; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.mockito.Mockito.*; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verifyNoInteractions; +import static org.mockito.Mockito.when; -@ExtendWith(SpringExtension.class) class HashcodeValidationProxyTest { + private final StatisticsService statisticsService = mock(StatisticsService.class); + private final ApplicationContext applicationContext = mock(ApplicationContext.class); + private final Environment environment = mock(Environment.class); + private final HasBdocTimemarkPolicyService hasBdocTimemarkPolicyService = mock(HasBdocTimemarkPolicyService.class); + private final HashcodeValidationMapper hashcodeValidationMapper = mock(HashcodeValidationMapper.class); + private final HashcodeGenericValidationService hashcodeGenericValidationService = mock(HashcodeGenericValidationService.class); + private final TimemarkHashcodeValidationService timemarkHashcodeValidationService = mock(TimemarkHashcodeValidationService.class); private HashcodeValidationProxy hashcodeValidationProxy; - @Mock - private StatisticsService statisticsService; - - @Mock - private ApplicationContext applicationContext; - - @Mock - private Environment environment; - - private ValidationServiceSpy validationServiceSpy; - @BeforeEach - public void setUp() { - hashcodeValidationProxy = new HashcodeValidationProxy(statisticsService, applicationContext, environment); - - validationServiceSpy = new ValidationServiceSpy(); + void setUp() { + hashcodeValidationProxy = new HashcodeValidationProxy( + statisticsService, + applicationContext, + environment, + hasBdocTimemarkPolicyService, + hashcodeValidationMapper, + hashcodeGenericValidationService, + timemarkHashcodeValidationService + ); } @Test - void applicationContextHasNoBeanWithGivenNameThrowsException() { - BDDMockito.given(applicationContext.getBean(anyString())).willThrow(new NoSuchBeanDefinitionException("Bean not loaded")); - ProxyHashcodeDataSet proxyDocument = mockHashCodeDataSet(); + void constructValidatorName_whenInvoked_shouldThrowException() { + assertThrows(IllegalStateException.class, () -> + hashcodeValidationProxy.constructValidatorName(mockHashCodeDataSet()) + ); + } - ValidatonServiceNotFoundException caughtException = assertThrows( - ValidatonServiceNotFoundException.class, () -> { - hashcodeValidationProxy.validate(proxyDocument); - } + @Test + void validate_givenSignatureDoesNotHaveBdocTimemarkPolicy_shouldUseGenericValidation() { + final Reports reports = createDummyReports(); + when(hashcodeValidationMapper.mapToValidationDocuments(any())).thenReturn(List.of(createDummyValidationDocument())); + when(hasBdocTimemarkPolicyService.hasBdocTimemarkPolicy(any())).thenReturn(false); + when(hashcodeGenericValidationService.validateDocument(any())).thenReturn(reports); + when(hashcodeValidationMapper.mergeReportsToOne(any())).thenReturn(reports); + + SimpleReport report = hashcodeValidationProxy.validate(mockHashCodeDataSet()); + + assertAll( + () -> verifyNoInteractions(timemarkHashcodeValidationService), + () -> assertEquals(reports.getSimpleReport(), report) ); - assertEquals("hashcodeGenericValidationService not found", caughtException.getMessage()); - verify(applicationContext).getBean(anyString()); } @Test - void proxyDocumentShouldReturnValidationReport() { - when(applicationContext.getBean("hashcodeGenericValidationService")).thenReturn(validationServiceSpy); + void validate_givenSignatureHasBdocTimemarkPolicy_shouldUseTimemarkValidation() { + final Reports reports = createDummyReports(); + when(hashcodeValidationMapper.mapToValidationDocuments(any())).thenReturn(List.of(createDummyValidationDocument())); + when(hasBdocTimemarkPolicyService.hasBdocTimemarkPolicy(any())).thenReturn(true); + when(timemarkHashcodeValidationService.validateDocument(any())).thenReturn(reports); + when(hashcodeValidationMapper.mergeReportsToOne(any())).thenReturn(reports); + + SimpleReport report = hashcodeValidationProxy.validate(mockHashCodeDataSet()); + + assertAll( + () -> verifyNoInteractions(hashcodeGenericValidationService), + () -> assertEquals(reports.getSimpleReport(), report) + ); + } - ProxyHashcodeDataSet proxyDocument = mockHashCodeDataSet(); - SimpleReport report = hashcodeValidationProxy.validate(proxyDocument); - assertEquals(validationServiceSpy.reports.getSimpleReport(), report); + @Test + void validate_givenSignaturesWithMixedPolicies_shouldUseDifferentValidations() { + final Reports reports = createDummyReports(); + when(hashcodeValidationMapper.mapToValidationDocuments(any())) + .thenReturn(List.of(createDummyValidationDocument(), createDummyValidationDocument())); + when(hasBdocTimemarkPolicyService.hasBdocTimemarkPolicy(any())) + .thenReturn(true) + .thenReturn(false); + when(timemarkHashcodeValidationService.validateDocument(any())).thenReturn(reports); + when(hashcodeGenericValidationService.validateDocument(any())).thenReturn(reports); + when(hashcodeValidationMapper.mergeReportsToOne(any())).thenReturn(reports); + + SimpleReport report = hashcodeValidationProxy.validate(mockHashCodeDataSet()); + + assertEquals(reports.getSimpleReport(), report); } @Test - void hashcodeValidationAlwaysReturnsSimpleReport() { - when(applicationContext.getBean("hashcodeGenericValidationService")).thenReturn(validationServiceSpy); + void validate_whenHashcodeValidationInvokedWithDifferentReportTypes_shouldReturnSimpleReport() { ProxyHashcodeDataSet proxyDocument = mockHashCodeDataSet(); + Reports reports = createDummyReports(); + reports.setDetailedReport(new DetailedReport()); + reports.setDiagnosticReport(new DiagnosticReport()); for (ReportType reportType : ReportType.values()) { proxyDocument.setReportType(reportType); + when(hashcodeValidationMapper.mapToValidationDocuments(any())) + .thenReturn(List.of(createDummyValidationDocument())); + when(hashcodeValidationMapper.mergeReportsToOne(any())).thenReturn(reports); + SimpleReport report = hashcodeValidationProxy.validate(proxyDocument); + assertTrue(report instanceof SimpleReport); assertFalse(report instanceof DetailedReport); assertFalse(report instanceof DiagnosticReport); } } + @Test + void validDataFromSignatureFile() { + final Reports reports = createDummyReports(); + when(hashcodeValidationMapper.mapToValidationDocuments(any())) + .thenReturn(List.of(DummyValidationDocumentBuilder.aValidationDocument() + .withDocument("test-files/signatures.xml") + .withName("signatures.xml") + .build())); + when(hashcodeValidationMapper.mergeReportsToOne(any())).thenReturn(reports); + + SimpleReport report = hashcodeValidationProxy.validate(mockHashCodeDataSet()); + + assertEquals(reports.getSimpleReport(), report); + } + private ProxyHashcodeDataSet mockHashCodeDataSet() { ProxyHashcodeDataSet proxyHashcodeDataSet = new ProxyHashcodeDataSet(); SignatureFile signatureFile = new SignatureFile(); signatureFile.setSignature("hash".getBytes()); signatureFile.setDatafiles(createDatafiles(createDatafile("test", "test-hash-1", "SHA256"))); proxyHashcodeDataSet.setSignatureFiles(Collections.singletonList(signatureFile)); - return proxyHashcodeDataSet; } + private static ValidationDocument createDummyValidationDocument() { + ValidationDocument validationDocument = new ValidationDocument(); + validationDocument.setBytes(new byte[1]); + validationDocument.setDatafiles(List.of(new Datafile())); + return validationDocument; + } + private List createDatafiles(Datafile... datafiles) { return Arrays.asList(datafiles); } @@ -129,67 +199,55 @@ private Datafile createDatafile(String filename, String hash, String hashAlgo) { return datafile; } - private class ValidationServiceSpy extends HashcodeGenericValidationService { - - Reports reports; - - @Override - public Reports validateDocument(ValidationDocument validationDocument) { - reports = createDummyReports(); - return reports; - } - - private Reports createDummyReports() { - ValidationConclusion validationConclusion = new ValidationConclusion(); - validationConclusion.setValidSignaturesCount(0); - validationConclusion.setSignaturesCount(1); - validationConclusion.setValidationTime("ValidationTime"); - validationConclusion.setValidatedDocument(createDummyValidatedDocument()); - validationConclusion.setPolicy(createDummyPolicy()); - validationConclusion.setSignatures(createDummySignatures()); - SimpleReport simpleReport = new SimpleReport(validationConclusion); - return new Reports(simpleReport, null, null); - } - - private ValidatedDocument createDummyValidatedDocument() { - ValidatedDocument validatedDocument = new ValidatedDocument(); - validatedDocument.setFilename("DocumentName"); - return validatedDocument; - } + private static Reports createDummyReports() { + ValidationConclusion validationConclusion = new ValidationConclusion(); + validationConclusion.setValidSignaturesCount(0); + validationConclusion.setSignaturesCount(1); + validationConclusion.setValidationTime("ValidationTime"); + validationConclusion.setValidatedDocument(createDummyValidatedDocument()); + validationConclusion.setPolicy(createDummyPolicy()); + validationConclusion.setSignatures(createDummySignatures()); + SimpleReport simpleReport = new SimpleReport(validationConclusion); + return new Reports(simpleReport, null, null); + } - private List createDummySignatures() { - SignatureValidationData signature = new SignatureValidationData(); - signature.setSignatureLevel("SignatureLevel"); - signature.setClaimedSigningTime("ClaimedSigningTime"); - signature.setInfo(createDummySignatureInfo()); - signature.setSignatureFormat("SingatureFormat"); - signature.setId("id1"); - signature.setSignedBy("Some Name 123456789"); - signature.setIndication(SignatureValidationData.Indication.TOTAL_FAILED); - signature.setWarnings(Collections.emptyList()); - signature.setErrors(createDummyErrors()); - return Collections.singletonList(signature); - } + private static ValidatedDocument createDummyValidatedDocument() { + ValidatedDocument validatedDocument = new ValidatedDocument(); + validatedDocument.setFilename("DocumentName"); + return validatedDocument; + } - private List createDummyErrors() { - Error error = new Error(); - error.setContent("ErrorContent"); - return Collections.singletonList(error); - } + private static List createDummySignatures() { + SignatureValidationData signature = new SignatureValidationData(); + signature.setSignatureLevel("SignatureLevel"); + signature.setClaimedSigningTime("ClaimedSigningTime"); + signature.setInfo(createDummySignatureInfo()); + signature.setSignatureFormat("SingatureFormat"); + signature.setId("id1"); + signature.setSignedBy("Some Name 123456789"); + signature.setIndication(SignatureValidationData.Indication.TOTAL_FAILED); + signature.setWarnings(Collections.emptyList()); + signature.setErrors(createDummyErrors()); + return Collections.singletonList(signature); + } - private Info createDummySignatureInfo() { - Info info = new Info(); - info.setBestSignatureTime("BestSignatureTime"); - return info; - } + private static List createDummyErrors() { + Error error = new Error(); + error.setContent("ErrorContent"); + return Collections.singletonList(error); + } - private Policy createDummyPolicy() { - Policy policy = new Policy(); - policy.setPolicyDescription("PolicyDescription"); - policy.setPolicyName("PolicyName"); - policy.setPolicyUrl("http://policyUrl.com"); - return policy; - } + private static Info createDummySignatureInfo() { + Info info = new Info(); + info.setBestSignatureTime("BestSignatureTime"); + return info; } + private static Policy createDummyPolicy() { + Policy policy = new Policy(); + policy.setPolicyDescription("PolicyDescription"); + policy.setPolicyName("PolicyName"); + policy.setPolicyUrl("http://policyUrl.com"); + return policy; + } } diff --git a/siva-parent/siva-validation-proxy/src/test/resources/test-files/no_timemark_signature.xml b/siva-parent/siva-validation-proxy/src/test/resources/test-files/no_timemark_signature.xml new file mode 100644 index 000000000..7026b10ca --- /dev/null +++ b/siva-parent/siva-validation-proxy/src/test/resources/test-files/no_timemark_signature.xml @@ -0,0 +1,94 @@ + + + + + + + + + LvhnsrgBZBK9kTQ8asbPtcsjuEhBo9s3QDdCcIxlMmo= + + + + + + + GReY0NHU8hDlLnheTqowfcigLZmWArw4t4qY+UCz7FQ= + + + + RUgxq4Fr9sT9j7kH/sDHpYZ+fhaNRiEQ9q0cLmaHg+pefNShDYtxGKhBCGw7r+RBrnVEoxsBtojnHaQYyyYzIIk8jdUgUcsRPc2lCMp4iP22k+Z15ItPOrPRXhvJnV+1RMoZ+F+Y+iheLoChsXGKUAB7hn1IaL7OQsX3fHb8kls= + + + + + MIIFkjCCBHqgAwIBAgIObV8h37aTlaYAAgAJ1/wwDQYJKoZIhvcNAQEFBQAwgZ0xCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLzAtBgNVBAMTJlZJIFJlZ2lzdHJ1IENlbnRyYXMgUkNTQyAoSXNzdWluZ0NBLUEpMB4XDTE2MTIxMDE1NDgzMFoXDTE4MTIxMDE1NDgzMFowZTELMAkGA1UEBhMCTFQxGjAYBgNVBAMTEVBBVUxJVVMgUE9ET0xTS0lTMRIwEAYDVQQEEwlQT0RPTFNLSVMxEDAOBgNVBCoTB1BBVUxJVVMxFDASBgNVBAUTCzM4NjA1MTcwNTk2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXzG2E+Sc+pqvohM6Beom1A7DHSxTd7ilLFTl5Go3AX62QEYXLhDRPHmSkcrQKbpmEAbao5OcRr/e/dlrftzxVpRchyoaoUTsqLum3Kmzc9A1Gn5udFvuGOub4bPKYWKYi2bSsjeoZVjej0qfYkbMKD/auAYCD88iF0VwuKHCGJwIDAQABo4ICiTCCAoUwHQYDVR0OBBYEFLP89gCOqo/BzUhpfXPjQf87LFsDMB8GA1UdIwQYMBaAFEpKzujSwdeIfCb7qH6cuwhAYs0+MF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jc3AucmNzYy5sdC9jZHAvVkklMjBSZWdpc3RydSUyMENlbnRyYXMlMjBSQ1NDJTIwKElzc3VpbmdDQS1BKSgyKS5jcmwwgZ4GCCsGAQUFBwEBBIGRMIGOMFgGCCsGAQUFBzAChkxodHRwOi8vY3NwLnJjc2MubHQvYWlhL1ZJJTIwUmVnaXN0cnUlMjBDZW50cmFzJTIwUkNTQyUyMChJc3N1aW5nQ0EtQSkoMikuY3J0MDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5yY3NjLmx0L29jc3ByZXNwb25kZXIucmNzYzAvBgNVHREEKDAmoCQGCisGAQQBgjcUAgOgFgwUODkzNzAwMTAxMDAwMTUyNDc5NTcwDgYDVR0PAQH/BAQDAgbAMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIKc7HuEpsAKhOWRDoaTmGOHgtFegWGCq/QvgtnIKAIBZAIBBTAfBgNVHSUEGDAWBgorBgEEAYI3CgMMBggrBgEFBQcDBDBFBgNVHSAEPjA8MDoGCysGAQQBgfE3AQIDMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucmNzYy5sdC9yZXBvc2l0b3J5MCkGCSsGAQQBgjcVCgQcMBowDAYKKwYBBAGCNwoDDDAKBggrBgEFBQcDBDAvBggrBgEFBQcBAwQjMCEwCAYGBACORgEBMAsGBgQAjkYBAwIBCjAIBgYEAI5GAQQwDQYJKoZIhvcNAQEFBQADggEBAAejGnySZuhSPPRVpWIVPFX+xwW4XqdvX8JehkOAv21H7dfLxvxTaYusisrRWIQiEE2MjIDvFLM3ozo8WQ5Xj2RWIan8whxTTAuzyIU8K+fuHy4JiMvqBa+RGvFP0EGDDnWbxeiDE+LfpotPyB5g3fzCWTWNDEpOh6NCfcKoF3pcjkA1alk82i8QY8w0PpmIKL+W6jJtS7Fhi4wCq7lPLOFOEmSOKsvi0D8gRjZsy9/4SVcdBQ4fUTvXPGgprUM8Za1HRkFWXzNizZK3Z51XkdD7PuCsAOCLMjbsGM8WPqBA6lmL+VzTtbu/B/8rejvOkhe4w3Qacs26bTX1xXYuFwQ= + + + + + + + + 2017-06-28T06:30:41Z + + + + + pgVzkk7l4seSU7raauGJeomBYdKbv7+WhsI5e3N6buk= + + + CN=VI Registru Centras RCSC (IssuingCA-A),OU=Registru Centro Sertifikavimo + Centras,O=VI Registru Centras - I.k. 124110246,C=LT + + 2218319805694862221298688051501052 + + + + + Tallinn + Harjumaa + 12345 + Eesti + + + + Direktorius + + + + + + application/pdf + + + + + + + + + MIAGCSqGSIb3DQEHAqCAMIIIGwIBAzEPMA0GCWCGSAFlAwQCAwUAMIHlBgsqhkiG9w0BCRABBKCB1QSB0jCBzwIBAQYGBACPZwEBMDEwDQYJYIZIAWUDBAIBBQAEIBf8So+lfR/lrfzu5i+SZwguJGakhr/W+eHwrAQJ0acJAghoiq8pjS37GxgPMjAxNzA2MjgwNjMwNTdaMAMCAQECBgFc7WVJOqBnpGUwYzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDDAKBgNVBAsMA1RTQTEiMCAGA1UEAwwZU0sgVElNRVNUQU1QSU5HIEFVVEhPUklUWaCCBBEwggQNMIIC9aADAgECAhAkr+zrEmjQAlQX94btbwFZMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwOTE2MDg0MDM4WhcNMTkwOTE2MDg0MDM4WjBjMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMSIwIAYDVQQDDBlTSyBUSU1FU1RBTVBJTkcgQVVUSE9SSVRZMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9r91Ap6ZIoI1LCUxSn1gpBjrNA5+z2+BSdvNNEcJEFF2xptliSfFMjgOpDn4k+rDwxOQO9vqd8NkZ3Xm3ihji0ddegJ9GtsyMn34NX4ztt36+sEjy+LsMEIzn39UCPEEC5n0/tOyDyjwGtWqoH1zR7OVIK0WDxfTHYRPdkG1nj1QBGH9c/Tsjt5GT8O1Ithq7EkM/NdURmZIkIjJtyWjH3e7wXn+jwbJJsPkZgyF984mBea6X9XPt5HR3lLEIy8khGs/tZ+IlhpSMtiovbCMVB7+dSW1wYKfYq2oYLIfu+X5fN595rpeNzx5tOBqfYUnRQfSYe/3yVYAMq5MjZ9dwIDAQABo4GqMIGnMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUsbC99+agaRZsIOVR+1z0MGJzVycwHwYDVR0jBBgwFoAUEvJaPupWHL/NBqzx8SXJqUvUFJkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvZWVjY3JjYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAKilxT3fbBU8Pp5536wMGG3jO36Qw88Ve/WkhfRGBuLNoq8dZTigelEfzNyCj+Cmi1EuUuFlse273iksU3p6emLIc3B6+SZTK+sFbKU41HViHBvh0tLykEYYVHp5F2EbOgoBQXgHh0ihc6PinbqrXJhQsXlmRkfGFAU2Lm7FqT22AIWUa3Ne6aMvmMGa1Z4NMYThhJrfinMNePPxUCM8n2xW46YrYTSDJbFRMtcX1h6+tbNEvNUWrD6p7AFXYjih//qaJk45PbCUD+Z4vvOveGd+jspIlCYw1SNnqWHpEEhW9gjS34D9+lMqJl++LP9efZ7g8LqLnvCYfkSA45q/RQoxggMGMIIDAgIBATCBiTB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlAhAkr+zrEmjQAlQX94btbwFZMA0GCWCGSAFlAwQCAwUAoIIBTTAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTE3MDYyODA2MzA1N1owTwYJKoZIhvcNAQkEMUIEQEfZlzGBaoABQONw3UG7tP5mO5PJ/nLrU5yH5RVQfEs1Q28IHv3FoHm6xlrpvNwzBL9jwcoLjfkk4Vu6LJBgfh8wgb8GCyqGSIb3DQEJEAIMMYGvMIGsMIGpMIGmBBSy0CGC8LluKhxofs4yNAgjmBkwtjCBjTB5pHcwdTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxKDAmBgNVBAMMH0VFIENlcnRpZmljYXRpb24gQ2VudHJlIFJvb3QgQ0ExGDAWBgkqhkiG9w0BCQEWCXBraUBzay5lZQIQJK/s6xJo0AJUF/eG7W8BWTANBgkqhkiG9w0BAQEFAASCAQA8vhLy9xlqEwh3qbXNpwKNQxif1UMER8NXTzou4xZc4ZH3MOBV68skEJ+I87KYrGARXvmAl3XO9N0Ocblad2HUemGuMkqJ3z7lJ/cyK1bwF6kFmFYp4xNFCfCx21ct0QUnXBWEbZAtIm9E05B6+v6JA90jNC9GUSoau29YsNnA47hJEPpdFyma2NBm2bK4S9fLeaqthq0DoReY1OoCvY++OYji0bmF4gOn8aa393NSz3XNx0Rwo3ZGgB8xGYtNfRXEpfSDOsboJiM2eM9o/0QcNY8ZnW4EgqEExVyxEBp6GLHRjqKzg6OeMSdjDaCETySEOpSX5mqEVA2UQeWQABqwAAAAAA== + + + + + MIIF0DCCBLigAwIBAgIObV8h37aTlaYAAgAIUqQwDQYJKoZIhvcNAQEFBQAwgZ0xCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLzAtBgNVBAMTJlZJIFJlZ2lzdHJ1IENlbnRyYXMgUkNTQyAoSXNzdWluZ0NBLUEpMB4XDTE2MDgyNTA1MTAzOFoXDTE4MDgyNTA1MTAzOFowgZ0xCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLzAtBgNVBAMTJlZJIFJlZ2lzdHJ1IENlbnRyYXMgT0NTUCAoSXNzdWluZ0NBLUEpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCrIb7RJULHdem5pfiPGCqsABmW1paWGbGRveWdaGMwoiiGJO/1JTb0Uzv6+A38JJ3pAN7EG/IdibysT0oyGXVne2af/ytpqA6ewQSoCFcV6UhMztT973J+UeSgaVZHc1dQ0EUwOdQ0uncPqTOidmSxU8bQZzpHaVL+1cwtGcextygI/fMl6dNAsG8Bnd+lPTlI1hEuUkZMiDd5GOhb6O74dwKwuASdrSOA01HHZ09wcxS7BpyLIu5WGjFIVQHetuEKd0HHcCjyUJu1Sxh8nZ718loqavbuU0S7wPYhPk4s0WRB870fBbAK2EMjjR8+wi3FiUFDZygnpnzflWjY3ywIDAQABo4ICCjCCAgYwCwYDVR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMEUGA1UdIAQ+MDwwOgYLKwYBBAGB8TcBAQIwKzApBggrBgEFBQcCARYdaHR0cDovL3d3dy5yY3NjLmx0L3JlcG9zaXRvcnkwHQYDVR0OBBYEFMfRoXt0+B6d3a8QCJrGrlwQ/NljMB8GA1UdIwQYMBaAFEpKzujSwdeIfCb7qH6cuwhAYs0+MF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jc3AucmNzYy5sdC9jZHAvVkklMjBSZWdpc3RydSUyMENlbnRyYXMlMjBSQ1NDJTIwKElzc3VpbmdDQS1BKSgyKS5jcmwwgZ4GCCsGAQUFBwEBBIGRMIGOMFgGCCsGAQUFBzAChkxodHRwOi8vY3NwLnJjc2MubHQvYWlhL1ZJJTIwUmVnaXN0cnUlMjBDZW50cmFzJTIwUkNTQyUyMChJc3N1aW5nQ0EtQSkoMikuY3J0MDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5yY3NjLmx0L29jc3ByZXNwb25kZXIucmNzYzA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiCnOx7hKbACoTlkQ6Gk5hjh4LRXoFhhbfNDIfw0S4CAWQCAQowGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOCAQEAkvDEqT3JKr3u0+YcLHbkt9lSsYPSY+bLLIu/tqYsGR911Z7n35Cp5FRA5AnkvKBJooBZvoTIGbEyOOXKt4QZjprJ2YYfQ69VNlDLUhBdGE61MNcfpVyzjAw0F1n6Bv/DyoYjUyx6o4cNAKN92AYddYt0VhqMehAvQFC+rd3wEiZWzp2OS32I8hYlaG5NJvXMYUzEi0rtbBxQiolK9tOqesDvP6ucrKG3jF/gK40sXa09KPsU0ZJzUfpOFuw0ezQo1oS3v/JKnFzTgbqzjvDg27bmij2bLw/lxHRn5hb7O5K1uSsNY8A/H2fJubDex/MkF7kKiWVCL0g2xTQh0FzIkA== + + + MIIF7jCCBNagAwIBAgIOEvrAfT5Zs1YAAwAAABowDQYJKoZIhvcNAQEFBQAwgZoxCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLDAqBgNVBAMTI1ZJIFJlZ2lzdHJ1IENlbnRyYXMgUkNTQyAoUG9saWN5Q0EpMB4XDTE2MDgyNTA0NDgzMloXDTIwMDgyNTA0NDgzMlowgZ0xCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLzAtBgNVBAMTJlZJIFJlZ2lzdHJ1IENlbnRyYXMgUkNTQyAoSXNzdWluZ0NBLUEpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrju/xMZCEHbHFbX4A+75s7SOOZhMxKudvr+H4mLjbKvsxwIeY7bS/XI4YpOHK3rSOj0VjsXV1ayQjbp2YmeEGXxLFvtd1ataco+3S1K6hjldRX4IYbmeQymOEviciw1De1uhd+u7mmxQWp6Jm7+lEdOBKuA5wTG3cx2g2yY50ix6kA/7qjayDZnO/hYI+uOQJmktePbupDZr9wYT1PIo2x2trgIuZsiFsESkxdK5Jdjj3Afeb5aOS4yz0pb6xgErPZIxPOZxviEFx6JYB/rPQfMVnolvGwj+T/7dUXERfTjUz5le8qfu6VmVCA6bH4urmPRX6jeITpVsC+kCeLDoQIDAQABo4ICKzCCAicwDgYDVR0PAQH/BAQDAgEGMC8GCCsGAQUFBwEDBCMwITAIBgYEAI5GAQEwCwYGBACORgEDAgEKMAgGBgQAjkYBBDASBgkrBgEEAYI3FQEEBQIDAgACMCMGCSsGAQQBgjcVAgQWBBT9S1iad8cz3A3gLwWCOHwrTBklAjAdBgNVHQ4EFgQUSkrO6NLB14h8Jvuofpy7CEBizT4wRQYDVR0gBD4wPDA6BgsrBgEEAYHxNwEBATArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3LnJjc2MubHQvcmVwb3NpdG9yeTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFMNxxrwDp5f/HZvUXX/jID9JQixxMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jc3AucmNzYy5sdC9jZHAvVkklMjBSZWdpc3RydSUyMENlbnRyYXMlMjBSQ1NDJTIwKFBvbGljeUNBKSgzKS5jcmwwgZsGCCsGAQUFBwEBBIGOMIGLMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5yY3NjLmx0L29jc3ByZXNwb25kZXIucmNzYzBVBggrBgEFBQcwAoZJaHR0cDovL2NzcC5yY3NjLmx0L2FpYS9WSSUyMFJlZ2lzdHJ1JTIwQ2VudHJhcyUyMFJDU0MlMjAoUG9saWN5Q0EpKDMpLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAL07ALD5jt5N8EEDI6YkcMAtjBf32qMcx2tPPRIC1ds+kvcMCICiN8cOlGEwwwj5qm6074M9bw1ZD9vvqr/jzwqbXJZMMfcsAAQqrFxBZVgTKYN43fxwjCr5OJR7Se0BpzGWfkxaMrhxuuqydjsHuL+YpyTSUWF/icXOpyOavrUEMH5USO7gcrMsn1U9K9Elj5Pltt24hef7QRvK1JfSSSQg+k1IM8hTQbjX7CIFMLkyVT6s1kKzXOA/PZXIHiaHTzCkdmjB5kcX7nD/PBEJwxNEkreECXokAPFIWzTRHQQcDonZMtXXT/4jyckTBarlNm6V4VelS05GpwB9kt1o2wA== + + + + + + MIIHvQoBAKCCB7YwggeyBgkrBgEFBQcwAQEEggejMIIHnzCBrKIWBBTH0aF7dPgend2vEAiaxq5cEPzZYxgPMjAxNzA2MjgwNjMxMDNaMIGAMH4wRTAHBgUrDgMCGgQUiAZi9n976e6Nv4VK5emy0j/6lLUEFEpKzujSwdeIfCb7qH6cuwhAYs0+Ag5tXyHftpOVpgACAAnX/IAAGA8yMDE3MDYyODA2MzAzM1qhIjAgMB4GCSsGAQUFBzABBgQRGA8yMDE2MDYyODA5MzEwM1owDQYJKoZIhvcNAQEFBQADggEBALO5yJSXpOrcMNTZfifxrBY9p7OZyfhq1DBDGYyphx7ZKEfSqlKM0gwrKYLmbzGaSUWv0Z0fiTGw8k7Ui9NtpYB5VqO0zIYq78z/TYv9H7j3lIrxNIJu9iC8DUI1O3k1W0aQYPNABvmrHepvLBHgDLjjpDS6jRLXVoUvA7qlbEHGlPVJIOkcuk8t22GR7CtEVsnRrYWSSh/i5BNxJ0XDdoPivcPExRxtvLkNQ5pcDxIUFCL5ZQCBUv5xu3QFZUMd2JjGLu7mLAAtTpYccTHIgQyVVbgW1wPcS5LhN1Lt0Fu6c+bDCmjgef1N4uPc/xq/ljIOixryx+G3TpDf/EEIUYigggXYMIIF1DCCBdAwggS4oAMCAQICDm1fId+2k5WmAAIACFKkMA0GCSqGSIb3DQEBBQUAMIGdMQswCQYDVQQGEwJMVDEtMCsGA1UEChMkVkkgUmVnaXN0cnUgQ2VudHJhcyAtIEkuay4gMTI0MTEwMjQ2MS4wLAYDVQQLEyVSZWdpc3RydSBDZW50cm8gU2VydGlmaWthdmltbyBDZW50cmFzMS8wLQYDVQQDEyZWSSBSZWdpc3RydSBDZW50cmFzIFJDU0MgKElzc3VpbmdDQS1BKTAeFw0xNjA4MjUwNTEwMzhaFw0xODA4MjUwNTEwMzhaMIGdMQswCQYDVQQGEwJMVDEtMCsGA1UEChMkVkkgUmVnaXN0cnUgQ2VudHJhcyAtIEkuay4gMTI0MTEwMjQ2MS4wLAYDVQQLEyVSZWdpc3RydSBDZW50cm8gU2VydGlmaWthdmltbyBDZW50cmFzMS8wLQYDVQQDEyZWSSBSZWdpc3RydSBDZW50cmFzIE9DU1AgKElzc3VpbmdDQS1BKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALgqyG+0SVCx3XpuaX4jxgqrAAZltaWlhmxkb3lnWhjMKIohiTv9SU29FM7+vgN/CSd6QDexBvyHYm8rE9KMhl1Z3tmn/8raagOnsEEqAhXFelITM7U/e9yflHkoGlWR3NXUNBFMDnUNLp3D6kzonZksVPG0Gc6R2lS/tXMLRnHsbcoCP3zJenTQLBvAZ3fpT05SNYRLlJGTIg3eRjoW+ju+HcCsLgEna0jgNNRx2dPcHMUuwaciyLuVhoxSFUB3rbhCndBx3Ao8lCbtUsYfJ2e9fJaKmr27lNEu8D2IT5OLNFkQfO9HwWwCthDI40fPsItxYlBQ2coJ6Z835Vo2N8sCAwEAAaOCAgowggIGMAsGA1UdDwQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDCTBFBgNVHSAEPjA8MDoGCysGAQQBgfE3AQECMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucmNzYy5sdC9yZXBvc2l0b3J5MB0GA1UdDgQWBBTH0aF7dPgend2vEAiaxq5cEPzZYzAfBgNVHSMEGDAWgBRKSs7o0sHXiHwm+6h+nLsIQGLNPjBdBgNVHR8EVjBUMFKgUKBOhkxodHRwOi8vY3NwLnJjc2MubHQvY2RwL1ZJJTIwUmVnaXN0cnUlMjBDZW50cmFzJTIwUkNTQyUyMChJc3N1aW5nQ0EtQSkoMikuY3JsMIGeBggrBgEFBQcBAQSBkTCBjjBYBggrBgEFBQcwAoZMaHR0cDovL2NzcC5yY3NjLmx0L2FpYS9WSSUyMFJlZ2lzdHJ1JTIwQ2VudHJhcyUyMFJDU0MlMjAoSXNzdWluZ0NBLUEpKDIpLmNydDAyBggrBgEFBQcwAYYmaHR0cDovL29jc3AucmNzYy5sdC9vY3NwcmVzcG9uZGVyLnJjc2MwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIgpzse4SmwAqE5ZEOhpOYY4eC0V6BYYW3zQyH8NEuAgFkAgEKMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAJLwxKk9ySq97tPmHCx25LfZUrGD0mPmyyyLv7amLBkfddWe59+QqeRUQOQJ5LygSaKAWb6EyBmxMjjlyreEGY6aydmGH0OvVTZQy1IQXRhOtTDXH6Vcs4wMNBdZ+gb/w8qGI1MseqOHDQCjfdgGHXWLdFYajHoQL0BQvq3d8BImVs6djkt9iPIWJWhuTSb1zGFMxItK7WwcUIqJSvbTqnrA7z+rnKyht4xf4CuNLF2tPSj7FNGSc1H6ThbsNHs0KNaEt7/ySpxc04G6s47w4Nu25oo9my8P5cR0Z+YW+zuStbkrDWPAPx9nybmw3sfzJBe5CollQi9INsU0IdBcyJA= + + + + + + + + + \ No newline at end of file diff --git a/siva-parent/siva-validation-proxy/src/test/resources/test-files/signatures.xml b/siva-parent/siva-validation-proxy/src/test/resources/test-files/signatures.xml new file mode 100644 index 000000000..cd5ebed4b --- /dev/null +++ b/siva-parent/siva-validation-proxy/src/test/resources/test-files/signatures.xml @@ -0,0 +1 @@ +LvhnsrgBZBK9kTQ8asbPtcsjuEhBo9s3QDdCcIxlMmo=GReY0NHU8hDlLnheTqowfcigLZmWArw4t4qY+UCz7FQ=RUgxq4Fr9sT9j7kH/sDHpYZ+fhaNRiEQ9q0cLmaHg+pefNShDYtxGKhBCGw7r+RBrnVEoxsBtojnHaQYyyYzIIk8jdUgUcsRPc2lCMp4iP22k+Z15ItPOrPRXhvJnV+1RMoZ+F+Y+iheLoChsXGKUAB7hn1IaL7OQsX3fHb8kls=MIIFkjCCBHqgAwIBAgIObV8h37aTlaYAAgAJ1/wwDQYJKoZIhvcNAQEFBQAwgZ0xCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLzAtBgNVBAMTJlZJIFJlZ2lzdHJ1IENlbnRyYXMgUkNTQyAoSXNzdWluZ0NBLUEpMB4XDTE2MTIxMDE1NDgzMFoXDTE4MTIxMDE1NDgzMFowZTELMAkGA1UEBhMCTFQxGjAYBgNVBAMTEVBBVUxJVVMgUE9ET0xTS0lTMRIwEAYDVQQEEwlQT0RPTFNLSVMxEDAOBgNVBCoTB1BBVUxJVVMxFDASBgNVBAUTCzM4NjA1MTcwNTk2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCXzG2E+Sc+pqvohM6Beom1A7DHSxTd7ilLFTl5Go3AX62QEYXLhDRPHmSkcrQKbpmEAbao5OcRr/e/dlrftzxVpRchyoaoUTsqLum3Kmzc9A1Gn5udFvuGOub4bPKYWKYi2bSsjeoZVjej0qfYkbMKD/auAYCD88iF0VwuKHCGJwIDAQABo4ICiTCCAoUwHQYDVR0OBBYEFLP89gCOqo/BzUhpfXPjQf87LFsDMB8GA1UdIwQYMBaAFEpKzujSwdeIfCb7qH6cuwhAYs0+MF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jc3AucmNzYy5sdC9jZHAvVkklMjBSZWdpc3RydSUyMENlbnRyYXMlMjBSQ1NDJTIwKElzc3VpbmdDQS1BKSgyKS5jcmwwgZ4GCCsGAQUFBwEBBIGRMIGOMFgGCCsGAQUFBzAChkxodHRwOi8vY3NwLnJjc2MubHQvYWlhL1ZJJTIwUmVnaXN0cnUlMjBDZW50cmFzJTIwUkNTQyUyMChJc3N1aW5nQ0EtQSkoMikuY3J0MDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5yY3NjLmx0L29jc3ByZXNwb25kZXIucmNzYzAvBgNVHREEKDAmoCQGCisGAQQBgjcUAgOgFgwUODkzNzAwMTAxMDAwMTUyNDc5NTcwDgYDVR0PAQH/BAQDAgbAMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIKc7HuEpsAKhOWRDoaTmGOHgtFegWGCq/QvgtnIKAIBZAIBBTAfBgNVHSUEGDAWBgorBgEEAYI3CgMMBggrBgEFBQcDBDBFBgNVHSAEPjA8MDoGCysGAQQBgfE3AQIDMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucmNzYy5sdC9yZXBvc2l0b3J5MCkGCSsGAQQBgjcVCgQcMBowDAYKKwYBBAGCNwoDDDAKBggrBgEFBQcDBDAvBggrBgEFBQcBAwQjMCEwCAYGBACORgEBMAsGBgQAjkYBAwIBCjAIBgYEAI5GAQQwDQYJKoZIhvcNAQEFBQADggEBAAejGnySZuhSPPRVpWIVPFX+xwW4XqdvX8JehkOAv21H7dfLxvxTaYusisrRWIQiEE2MjIDvFLM3ozo8WQ5Xj2RWIan8whxTTAuzyIU8K+fuHy4JiMvqBa+RGvFP0EGDDnWbxeiDE+LfpotPyB5g3fzCWTWNDEpOh6NCfcKoF3pcjkA1alk82i8QY8w0PpmIKL+W6jJtS7Fhi4wCq7lPLOFOEmSOKsvi0D8gRjZsy9/4SVcdBQ4fUTvXPGgprUM8Za1HRkFWXzNizZK3Z51XkdD7PuCsAOCLMjbsGM8WPqBA6lmL+VzTtbu/B/8rejvOkhe4w3Qacs26bTX1xXYuFwQ=2017-06-28T06:30:41ZpgVzkk7l4seSU7raauGJeomBYdKbv7+WhsI5e3N6buk=CN=VI Registru Centras RCSC (IssuingCA-A),OU=Registru Centro Sertifikavimo Centras,O=VI Registru Centras - I.k. 124110246,C=LT2218319805694862221298688051501052VilniusDirektoriusapplication/pdfMIAGCSqGSIb3DQEHAqCAMIIIGwIBAzEPMA0GCWCGSAFlAwQCAwUAMIHlBgsqhkiG9w0BCRABBKCB1QSB0jCBzwIBAQYGBACPZwEBMDEwDQYJYIZIAWUDBAIBBQAEIBf8So+lfR/lrfzu5i+SZwguJGakhr/W+eHwrAQJ0acJAghoiq8pjS37GxgPMjAxNzA2MjgwNjMwNTdaMAMCAQECBgFc7WVJOqBnpGUwYzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDDAKBgNVBAsMA1RTQTEiMCAGA1UEAwwZU0sgVElNRVNUQU1QSU5HIEFVVEhPUklUWaCCBBEwggQNMIIC9aADAgECAhAkr+zrEmjQAlQX94btbwFZMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwOTE2MDg0MDM4WhcNMTkwOTE2MDg0MDM4WjBjMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMSIwIAYDVQQDDBlTSyBUSU1FU1RBTVBJTkcgQVVUSE9SSVRZMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9r91Ap6ZIoI1LCUxSn1gpBjrNA5+z2+BSdvNNEcJEFF2xptliSfFMjgOpDn4k+rDwxOQO9vqd8NkZ3Xm3ihji0ddegJ9GtsyMn34NX4ztt36+sEjy+LsMEIzn39UCPEEC5n0/tOyDyjwGtWqoH1zR7OVIK0WDxfTHYRPdkG1nj1QBGH9c/Tsjt5GT8O1Ithq7EkM/NdURmZIkIjJtyWjH3e7wXn+jwbJJsPkZgyF984mBea6X9XPt5HR3lLEIy8khGs/tZ+IlhpSMtiovbCMVB7+dSW1wYKfYq2oYLIfu+X5fN595rpeNzx5tOBqfYUnRQfSYe/3yVYAMq5MjZ9dwIDAQABo4GqMIGnMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUsbC99+agaRZsIOVR+1z0MGJzVycwHwYDVR0jBBgwFoAUEvJaPupWHL/NBqzx8SXJqUvUFJkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvZWVjY3JjYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAKilxT3fbBU8Pp5536wMGG3jO36Qw88Ve/WkhfRGBuLNoq8dZTigelEfzNyCj+Cmi1EuUuFlse273iksU3p6emLIc3B6+SZTK+sFbKU41HViHBvh0tLykEYYVHp5F2EbOgoBQXgHh0ihc6PinbqrXJhQsXlmRkfGFAU2Lm7FqT22AIWUa3Ne6aMvmMGa1Z4NMYThhJrfinMNePPxUCM8n2xW46YrYTSDJbFRMtcX1h6+tbNEvNUWrD6p7AFXYjih//qaJk45PbCUD+Z4vvOveGd+jspIlCYw1SNnqWHpEEhW9gjS34D9+lMqJl++LP9efZ7g8LqLnvCYfkSA45q/RQoxggMGMIIDAgIBATCBiTB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlAhAkr+zrEmjQAlQX94btbwFZMA0GCWCGSAFlAwQCAwUAoIIBTTAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTE3MDYyODA2MzA1N1owTwYJKoZIhvcNAQkEMUIEQEfZlzGBaoABQONw3UG7tP5mO5PJ/nLrU5yH5RVQfEs1Q28IHv3FoHm6xlrpvNwzBL9jwcoLjfkk4Vu6LJBgfh8wgb8GCyqGSIb3DQEJEAIMMYGvMIGsMIGpMIGmBBSy0CGC8LluKhxofs4yNAgjmBkwtjCBjTB5pHcwdTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxKDAmBgNVBAMMH0VFIENlcnRpZmljYXRpb24gQ2VudHJlIFJvb3QgQ0ExGDAWBgkqhkiG9w0BCQEWCXBraUBzay5lZQIQJK/s6xJo0AJUF/eG7W8BWTANBgkqhkiG9w0BAQEFAASCAQA8vhLy9xlqEwh3qbXNpwKNQxif1UMER8NXTzou4xZc4ZH3MOBV68skEJ+I87KYrGARXvmAl3XO9N0Ocblad2HUemGuMkqJ3z7lJ/cyK1bwF6kFmFYp4xNFCfCx21ct0QUnXBWEbZAtIm9E05B6+v6JA90jNC9GUSoau29YsNnA47hJEPpdFyma2NBm2bK4S9fLeaqthq0DoReY1OoCvY++OYji0bmF4gOn8aa393NSz3XNx0Rwo3ZGgB8xGYtNfRXEpfSDOsboJiM2eM9o/0QcNY8ZnW4EgqEExVyxEBp6GLHRjqKzg6OeMSdjDaCETySEOpSX5mqEVA2UQeWQABqwAAAAAA==MIIF0DCCBLigAwIBAgIObV8h37aTlaYAAgAIUqQwDQYJKoZIhvcNAQEFBQAwgZ0xCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLzAtBgNVBAMTJlZJIFJlZ2lzdHJ1IENlbnRyYXMgUkNTQyAoSXNzdWluZ0NBLUEpMB4XDTE2MDgyNTA1MTAzOFoXDTE4MDgyNTA1MTAzOFowgZ0xCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLzAtBgNVBAMTJlZJIFJlZ2lzdHJ1IENlbnRyYXMgT0NTUCAoSXNzdWluZ0NBLUEpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCrIb7RJULHdem5pfiPGCqsABmW1paWGbGRveWdaGMwoiiGJO/1JTb0Uzv6+A38JJ3pAN7EG/IdibysT0oyGXVne2af/ytpqA6ewQSoCFcV6UhMztT973J+UeSgaVZHc1dQ0EUwOdQ0uncPqTOidmSxU8bQZzpHaVL+1cwtGcextygI/fMl6dNAsG8Bnd+lPTlI1hEuUkZMiDd5GOhb6O74dwKwuASdrSOA01HHZ09wcxS7BpyLIu5WGjFIVQHetuEKd0HHcCjyUJu1Sxh8nZ718loqavbuU0S7wPYhPk4s0WRB870fBbAK2EMjjR8+wi3FiUFDZygnpnzflWjY3ywIDAQABo4ICCjCCAgYwCwYDVR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMEUGA1UdIAQ+MDwwOgYLKwYBBAGB8TcBAQIwKzApBggrBgEFBQcCARYdaHR0cDovL3d3dy5yY3NjLmx0L3JlcG9zaXRvcnkwHQYDVR0OBBYEFMfRoXt0+B6d3a8QCJrGrlwQ/NljMB8GA1UdIwQYMBaAFEpKzujSwdeIfCb7qH6cuwhAYs0+MF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jc3AucmNzYy5sdC9jZHAvVkklMjBSZWdpc3RydSUyMENlbnRyYXMlMjBSQ1NDJTIwKElzc3VpbmdDQS1BKSgyKS5jcmwwgZ4GCCsGAQUFBwEBBIGRMIGOMFgGCCsGAQUFBzAChkxodHRwOi8vY3NwLnJjc2MubHQvYWlhL1ZJJTIwUmVnaXN0cnUlMjBDZW50cmFzJTIwUkNTQyUyMChJc3N1aW5nQ0EtQSkoMikuY3J0MDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5yY3NjLmx0L29jc3ByZXNwb25kZXIucmNzYzA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiCnOx7hKbACoTlkQ6Gk5hjh4LRXoFhhbfNDIfw0S4CAWQCAQowGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOCAQEAkvDEqT3JKr3u0+YcLHbkt9lSsYPSY+bLLIu/tqYsGR911Z7n35Cp5FRA5AnkvKBJooBZvoTIGbEyOOXKt4QZjprJ2YYfQ69VNlDLUhBdGE61MNcfpVyzjAw0F1n6Bv/DyoYjUyx6o4cNAKN92AYddYt0VhqMehAvQFC+rd3wEiZWzp2OS32I8hYlaG5NJvXMYUzEi0rtbBxQiolK9tOqesDvP6ucrKG3jF/gK40sXa09KPsU0ZJzUfpOFuw0ezQo1oS3v/JKnFzTgbqzjvDg27bmij2bLw/lxHRn5hb7O5K1uSsNY8A/H2fJubDex/MkF7kKiWVCL0g2xTQh0FzIkA==MIIF7jCCBNagAwIBAgIOEvrAfT5Zs1YAAwAAABowDQYJKoZIhvcNAQEFBQAwgZoxCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLDAqBgNVBAMTI1ZJIFJlZ2lzdHJ1IENlbnRyYXMgUkNTQyAoUG9saWN5Q0EpMB4XDTE2MDgyNTA0NDgzMloXDTIwMDgyNTA0NDgzMlowgZ0xCzAJBgNVBAYTAkxUMS0wKwYDVQQKEyRWSSBSZWdpc3RydSBDZW50cmFzIC0gSS5rLiAxMjQxMTAyNDYxLjAsBgNVBAsTJVJlZ2lzdHJ1IENlbnRybyBTZXJ0aWZpa2F2aW1vIENlbnRyYXMxLzAtBgNVBAMTJlZJIFJlZ2lzdHJ1IENlbnRyYXMgUkNTQyAoSXNzdWluZ0NBLUEpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrju/xMZCEHbHFbX4A+75s7SOOZhMxKudvr+H4mLjbKvsxwIeY7bS/XI4YpOHK3rSOj0VjsXV1ayQjbp2YmeEGXxLFvtd1ataco+3S1K6hjldRX4IYbmeQymOEviciw1De1uhd+u7mmxQWp6Jm7+lEdOBKuA5wTG3cx2g2yY50ix6kA/7qjayDZnO/hYI+uOQJmktePbupDZr9wYT1PIo2x2trgIuZsiFsESkxdK5Jdjj3Afeb5aOS4yz0pb6xgErPZIxPOZxviEFx6JYB/rPQfMVnolvGwj+T/7dUXERfTjUz5le8qfu6VmVCA6bH4urmPRX6jeITpVsC+kCeLDoQIDAQABo4ICKzCCAicwDgYDVR0PAQH/BAQDAgEGMC8GCCsGAQUFBwEDBCMwITAIBgYEAI5GAQEwCwYGBACORgEDAgEKMAgGBgQAjkYBBDASBgkrBgEEAYI3FQEEBQIDAgACMCMGCSsGAQQBgjcVAgQWBBT9S1iad8cz3A3gLwWCOHwrTBklAjAdBgNVHQ4EFgQUSkrO6NLB14h8Jvuofpy7CEBizT4wRQYDVR0gBD4wPDA6BgsrBgEEAYHxNwEBATArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3LnJjc2MubHQvcmVwb3NpdG9yeTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFMNxxrwDp5f/HZvUXX/jID9JQixxMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jc3AucmNzYy5sdC9jZHAvVkklMjBSZWdpc3RydSUyMENlbnRyYXMlMjBSQ1NDJTIwKFBvbGljeUNBKSgzKS5jcmwwgZsGCCsGAQUFBwEBBIGOMIGLMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5yY3NjLmx0L29jc3ByZXNwb25kZXIucmNzYzBVBggrBgEFBQcwAoZJaHR0cDovL2NzcC5yY3NjLmx0L2FpYS9WSSUyMFJlZ2lzdHJ1JTIwQ2VudHJhcyUyMFJDU0MlMjAoUG9saWN5Q0EpKDMpLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAL07ALD5jt5N8EEDI6YkcMAtjBf32qMcx2tPPRIC1ds+kvcMCICiN8cOlGEwwwj5qm6074M9bw1ZD9vvqr/jzwqbXJZMMfcsAAQqrFxBZVgTKYN43fxwjCr5OJR7Se0BpzGWfkxaMrhxuuqydjsHuL+YpyTSUWF/icXOpyOavrUEMH5USO7gcrMsn1U9K9Elj5Pltt24hef7QRvK1JfSSSQg+k1IM8hTQbjX7CIFMLkyVT6s1kKzXOA/PZXIHiaHTzCkdmjB5kcX7nD/PBEJwxNEkreECXokAPFIWzTRHQQcDonZMtXXT/4jyckTBarlNm6V4VelS05GpwB9kt1o2wA==MIIHvQoBAKCCB7YwggeyBgkrBgEFBQcwAQEEggejMIIHnzCBrKIWBBTH0aF7dPgend2vEAiaxq5cEPzZYxgPMjAxNzA2MjgwNjMxMDNaMIGAMH4wRTAHBgUrDgMCGgQUiAZi9n976e6Nv4VK5emy0j/6lLUEFEpKzujSwdeIfCb7qH6cuwhAYs0+Ag5tXyHftpOVpgACAAnX/IAAGA8yMDE3MDYyODA2MzAzM1qhIjAgMB4GCSsGAQUFBzABBgQRGA8yMDE2MDYyODA5MzEwM1owDQYJKoZIhvcNAQEFBQADggEBALO5yJSXpOrcMNTZfifxrBY9p7OZyfhq1DBDGYyphx7ZKEfSqlKM0gwrKYLmbzGaSUWv0Z0fiTGw8k7Ui9NtpYB5VqO0zIYq78z/TYv9H7j3lIrxNIJu9iC8DUI1O3k1W0aQYPNABvmrHepvLBHgDLjjpDS6jRLXVoUvA7qlbEHGlPVJIOkcuk8t22GR7CtEVsnRrYWSSh/i5BNxJ0XDdoPivcPExRxtvLkNQ5pcDxIUFCL5ZQCBUv5xu3QFZUMd2JjGLu7mLAAtTpYccTHIgQyVVbgW1wPcS5LhN1Lt0Fu6c+bDCmjgef1N4uPc/xq/ljIOixryx+G3TpDf/EEIUYigggXYMIIF1DCCBdAwggS4oAMCAQICDm1fId+2k5WmAAIACFKkMA0GCSqGSIb3DQEBBQUAMIGdMQswCQYDVQQGEwJMVDEtMCsGA1UEChMkVkkgUmVnaXN0cnUgQ2VudHJhcyAtIEkuay4gMTI0MTEwMjQ2MS4wLAYDVQQLEyVSZWdpc3RydSBDZW50cm8gU2VydGlmaWthdmltbyBDZW50cmFzMS8wLQYDVQQDEyZWSSBSZWdpc3RydSBDZW50cmFzIFJDU0MgKElzc3VpbmdDQS1BKTAeFw0xNjA4MjUwNTEwMzhaFw0xODA4MjUwNTEwMzhaMIGdMQswCQYDVQQGEwJMVDEtMCsGA1UEChMkVkkgUmVnaXN0cnUgQ2VudHJhcyAtIEkuay4gMTI0MTEwMjQ2MS4wLAYDVQQLEyVSZWdpc3RydSBDZW50cm8gU2VydGlmaWthdmltbyBDZW50cmFzMS8wLQYDVQQDEyZWSSBSZWdpc3RydSBDZW50cmFzIE9DU1AgKElzc3VpbmdDQS1BKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALgqyG+0SVCx3XpuaX4jxgqrAAZltaWlhmxkb3lnWhjMKIohiTv9SU29FM7+vgN/CSd6QDexBvyHYm8rE9KMhl1Z3tmn/8raagOnsEEqAhXFelITM7U/e9yflHkoGlWR3NXUNBFMDnUNLp3D6kzonZksVPG0Gc6R2lS/tXMLRnHsbcoCP3zJenTQLBvAZ3fpT05SNYRLlJGTIg3eRjoW+ju+HcCsLgEna0jgNNRx2dPcHMUuwaciyLuVhoxSFUB3rbhCndBx3Ao8lCbtUsYfJ2e9fJaKmr27lNEu8D2IT5OLNFkQfO9HwWwCthDI40fPsItxYlBQ2coJ6Z835Vo2N8sCAwEAAaOCAgowggIGMAsGA1UdDwQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDCTBFBgNVHSAEPjA8MDoGCysGAQQBgfE3AQECMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucmNzYy5sdC9yZXBvc2l0b3J5MB0GA1UdDgQWBBTH0aF7dPgend2vEAiaxq5cEPzZYzAfBgNVHSMEGDAWgBRKSs7o0sHXiHwm+6h+nLsIQGLNPjBdBgNVHR8EVjBUMFKgUKBOhkxodHRwOi8vY3NwLnJjc2MubHQvY2RwL1ZJJTIwUmVnaXN0cnUlMjBDZW50cmFzJTIwUkNTQyUyMChJc3N1aW5nQ0EtQSkoMikuY3JsMIGeBggrBgEFBQcBAQSBkTCBjjBYBggrBgEFBQcwAoZMaHR0cDovL2NzcC5yY3NjLmx0L2FpYS9WSSUyMFJlZ2lzdHJ1JTIwQ2VudHJhcyUyMFJDU0MlMjAoSXNzdWluZ0NBLUEpKDIpLmNydDAyBggrBgEFBQcwAYYmaHR0cDovL29jc3AucmNzYy5sdC9vY3NwcmVzcG9uZGVyLnJjc2MwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIgpzse4SmwAqE5ZEOhpOYY4eC0V6BYYW3zQyH8NEuAgFkAgEKMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAJLwxKk9ySq97tPmHCx25LfZUrGD0mPmyyyLv7amLBkfddWe59+QqeRUQOQJ5LygSaKAWb6EyBmxMjjlyreEGY6aydmGH0OvVTZQy1IQXRhOtTDXH6Vcs4wMNBdZ+gb/w8qGI1MseqOHDQCjfdgGHXWLdFYajHoQL0BQvq3d8BImVs6djkt9iPIWJWhuTSb1zGFMxItK7WwcUIqJSvbTqnrA7z+rnKyht4xf4CuNLF2tPSj7FNGSc1H6ThbsNHs0KNaEt7/ySpxc04G6s47w4Nu25oo9my8P5cR0Z+YW+zuStbkrDWPAPx9nybmw3sfzJBe5CollQi9INsU0IdBcyJA= \ No newline at end of file diff --git a/siva-parent/siva-validation-proxy/src/test/resources/test-files/timemark_signature.xml b/siva-parent/siva-validation-proxy/src/test/resources/test-files/timemark_signature.xml new file mode 100755 index 000000000..77d5acc28 --- /dev/null +++ b/siva-parent/siva-validation-proxy/src/test/resources/test-files/timemark_signature.xml @@ -0,0 +1,81 @@ + + + + + + + + + RnKZobNWVy8u92sDL4S2j1BUzMT5qTgt6hm90TfAGRo= + + + + + + + 5Bk7RHmH+P8bihr1kdd/4apnRVoJfn3yH55123tipQw= + + + pn8r7FZWhBFKnMaLb810NMmMD8PQlLh2w9SCnhZpntENG4XbKCvK+/8rCsTaBR/hrQMFFIkNHahdRGrhN3k3binLhq/2kwIn6hC5NoqixSc/fwyFjE5mv0reHGWDW2E9 + + + MIID6zCCA02gAwIBAgIQT7j6zk6pmVRcyspLo5SqejAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTE5MDUwMjEwNDUzMVoXDTI5MDUwMjEwNDUzMVowfzELMAkGA1UEBhMCRUUxFjAUBgNVBCoMDUpBQUstS1JJU1RKQU4xEDAOBgNVBAQMB0rDlUVPUkcxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASkwENR8GmCpEs6OshDWDfIiKvGuyNMOD2rjIQW321AnZD3oIsqD0svBMNEJJj9Dlvq/47TYDObIa12KAU5IuOBfJs2lrFdSXZjaM+a5TWT3O2JTM36YDH2GcMe/eisepejggGrMIIBpzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGQDBIBgNVHSAEQTA/MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAJBgcEAIvsQAECMB0GA1UdDgQWBBTVX3s48Spy/Es2TcXgkRvwUn2YcjCBigYIKwYBBQUHAQMEfjB8MAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwUQYGBACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRpdGlvbnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBiwAwgYcCQgGBr+Jbo1GeqgWdIwgMo7SA29AP38JxNm2HWq2Qb+kIHpusAK574Co1K5D4+Mk7/ITTuXQaET5WphHoN7tdAciTaQJBAn0zBigYyVPYSTO68HM6hmlwTwi/KlJDdXW/2NsMjSqofFFJXpGvpxk2CTqSRCjcavxLPnkasTbNROYSJcmM8Xc= + + + + + + + 2020-05-21T14:07:04Z + + + + + +pli41INDQEEIMW6dPXct4dXJSk8bIQ5Ny1TcNC35eA= + + + CN=TEST of ESTEID2018,2.5.4.97=#0c0e4e545245452d3130373437303133,O=SK ID Solutions AS,C=EE + 105969481236726016406974448130977999482 + + + + + + + urn:oid:1.3.6.1.4.1.10015.1000.3.2.1 + + + + 7pudpH4eXlguSZY2e/pNbKzGsq+fu//woYL1SZFws1A= + + + + https://www.sk.ee/repository/bdoc-spec21.pdf + + + + + + + + application/octet-stream + + + + + + + MIIEijCCA3KgAwIBAgIQaI8x6BnacYdNdNwlYnn/mzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMyMjQ1WhcNMjQwOTA3MTIyMjQ1WjCBgzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDTALBgNVBAsMBE9DU1AxJzAlBgNVBAMMHlRFU1Qgb2YgU0sgT0NTUCBSRVNQT05ERVIgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cw6Cja17BbYbHi6frwccDI4BIQLk/fiCE8L45os0xhPgEGR+EHE8LPCIqofPgf4gwN1vDE6cQNUlK0Od+Ush39i9Z45esnfpGq+2HsDJaFmFr5+uC1MEz5Kn1TazEvKbRjkGnSQ9BertlGer2BlU/kqOk5qA5RtJfhT0psc1ixKdPipv59wnf+nHx1+T+fPWndXVZLoDg4t3w8lIvIE/KhOSMlErvBIHIAKV7yH1hOxyeGLghqzMiAn3UeTEOgoOS9URv0C/T5C3mH+Y/uakMSxjNuz41PneimCzbEJZJRiEaMIj8qPAubcbL8GtY03MWmfNtX6/wh6u6TMfW8S2wIDAQABo4H+MIH7MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBR9/5CuRokEgGiqSzYuZGYAogl8TzCBoAYDVR0gBIGYMIGVMIGSBgorBgEEAc4fAwEBMIGDMFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LnNrLmVlL2FqYXRlbXBlbC8wHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wDQYJKoZIhvcNAQEFBQADggEBAAbaj7kTruTAPHqToye9ZtBdaJ3FZjiKug9/5RjsMwDpOeqFDqCorLd+DBI4tgdu0g4lhaI3aVnKdRBkGV18kqp84uU97JRFWQEf6H8hpJ9k/LzAACkP3tD+0ym+md532mV+nRz1Jj+RPLAUk9xYMV7KPczZN1xnl2wZDJwBbQpcSVH1DjlZv3tFLHBLIYTS6qOK4SxStcgRq7KdRczfW6mfXzTCRWM3G9nmDei5Q3+XTED41j8szRWglzYf6zOv4djkja64WYraQ5zb4x8Xh7qTCk6UupZ7je+0oRfuz0h/3zyRdjcRPkjloSpQp/NG8Rmrcnr874p8d9fdwCrRI7U= + MIIFLDCCBI2gAwIBAgIQImvqKVwtGyZbh+ecdKPc7zAKBggqhkjOPQQDBDBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwHhcNMTgwODMwMTI0ODI4WhcNMzMwODMwMTI0ODI4WjBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABABZN0DFpEKsj3SzsySoR/bcwAUoLc+S2HrvHY0xIDkFFTtUQXfjxXyexNIx+ALe2IYJZLTl0T79C5by4/mO/5H7UgCxZZCRKtdcKqSGYJOVpT0XoA51yX8eBk8aPVrTcwABcBhU6nTNGEoNXfeS7mrZB6Gs3eFxEVdejIEjNObWVFYMbqOCAuAwggLcMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMDQGA1UdJQEB/wQqMCgGCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMBMB0GA1UdDgQWBBR/DHDY9OWPAXfux20pKbn0yfxqwDAfBgNVHSMEGDAWgBR/DHDY9OWPAXfux20pKbn0yfxqwDCCAiQGA1UdIASCAhswggIXMAgGBgQAj3oBAjAJBgcEAIvsQAECMDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzANBgsrBgEEAYORIQECAjANBgsrBgEEAYORfwECATANBgsrBgEEAYORIQECBTANBgsrBgEEAYORIQECBjANBgsrBgEEAYORIQECBzANBgsrBgEEAYORIQECAzANBgsrBgEEAYORIQECBDANBgsrBgEEAYORIQECCDANBgsrBgEEAYORIQECCTANBgsrBgEEAYORIQECCjANBgsrBgEEAYORIQECCzANBgsrBgEEAYORIQECDDANBgsrBgEEAYORIQECDTANBgsrBgEEAYORIQECDjANBgsrBgEEAYORIQECDzANBgsrBgEEAYORIQECEDANBgsrBgEEAYORIQECETANBgsrBgEEAYORIQECEjANBgsrBgEEAYORIQECEzANBgsrBgEEAYORIQECFDANBgsrBgEEAYORfwECAjANBgsrBgEEAYORfwECAzANBgsrBgEEAYORfwECBDANBgsrBgEEAYORfwECBTANBgsrBgEEAYORfwECBjBVBgorBgEEAYORIQoBMEcwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAiBggrBgEFBQcCAjAWGhRURVNUIG9mIEVFLUdvdkNBMjAxODAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMAoGCCqGSM49BAMEA4GMADCBiAJCAeTjfRrMt+4ecVYozAfdpTjCikf332XcuRkuJ6fbLqqMm7C3v/d5ebyOqvDG6wWAp8Z0GZA5ONIvS2rm8kJ7HR5tAkIAoFn7n5ZW62dXMmPk+LReR1hUyTpxrxC31QjqvMqM2AbM8luw0f/AaC5qsEdwKrKT+p1xvnjSyIVfcMiu6Q3T2EE= + MIIFfDCCBN2gAwIBAgIQNhjzSfd2UEpbkO14EY4ORTAKBggqhkjOPQQDBDBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwHhcNMTgwOTA2MDkwMzUyWhcNMzMwODMwMTI0ODI4WjBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBxYug4cEqwmIj+3TVaUlhfxCV9FQgfuglC2/0Ux1Ieqw11mDjNvnGJhkWxaLbWJi7QtthMG5R104l7Np7lBevrBgBDtfgja9e3MLTQkY+cFS+UQxjt9ZihTUJVsR7lowYlaGEiqqsGbEhlwfu27Xsm8b2rhSiTOvNdjTtG57NnwVAX+ijggMyMIIDLjAfBgNVHSMEGDAWgBR/DHDY9OWPAXfux20pKbn0yfxqwDAdBgNVHQ4EFgQUwISZKcROnzsCNPaZ4QpWAAgpPnswDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwggHNBgNVHSAEggHEMIIBwDAIBgYEAI96AQIwCQYHBACL7EABAjAyBgsrBgEEAYORIQECATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDQYLKwYBBAGDkSEBAgIwDQYLKwYBBAGDkX8BAgEwDQYLKwYBBAGDkSEBAgUwDQYLKwYBBAGDkSEBAgYwDQYLKwYBBAGDkSEBAgcwDQYLKwYBBAGDkSEBAgMwDQYLKwYBBAGDkSEBAgQwDQYLKwYBBAGDkSEBAggwDQYLKwYBBAGDkSEBAgkwDQYLKwYBBAGDkSEBAgowDQYLKwYBBAGDkSEBAgswDQYLKwYBBAGDkSEBAgwwDQYLKwYBBAGDkSEBAg0wDQYLKwYBBAGDkSEBAg4wDQYLKwYBBAGDkSEBAg8wDQYLKwYBBAGDkSEBAhAwDQYLKwYBBAGDkSEBAhEwDQYLKwYBBAGDkSEBAhIwDQYLKwYBBAGDkSEBAhMwDQYLKwYBBAGDkSEBAhQwDQYLKwYBBAGDkX8BAgIwDQYLKwYBBAGDkX8BAgMwDQYLKwYBBAGDkX8BAgQwDQYLKwYBBAGDkX8BAgUwDQYLKwYBBAGDkX8BAgYwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDB3BggrBgEFBQcBAQRrMGkwLgYIKwYBBQUHMAGGImh0dHA6Ly9haWEuZGVtby5zay5lZS9lZS1nb3ZjYTIwMTgwNwYIKwYBBQUHMAKGK2h0dHA6Ly9jLnNrLmVlL1Rlc3Rfb2ZfRUUtR292Q0EyMDE4LmRlci5jcnQwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vYy5zay5lZS9UZXN0X29mX0VFLUdvdkNBMjAxOC5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIBIF+LqytyaV4o5wUSm30VysB8LdWtoOrzNq2QhB6tGv4slg5z+CR58e60eRFqNxT7eccA/HgoPWs0B1Z+L067qtUCQgCB8OP0kHx/j1t7htN2CXjpSjGFZw5TTI4s1eGyTbe0UJRBXEkUKfFbZVmzGPFPprwUdSPi8PpO7+xGBYlFHA4z+Q== + + + + + + + + + + + \ No newline at end of file diff --git a/siva-parent/siva-webapp/src/test/java/ee/openeid/siva/webapp/HashcodeValidationControllerTest.java b/siva-parent/siva-webapp/src/test/java/ee/openeid/siva/webapp/HashcodeValidationControllerTest.java index 1918ddf2c..906a60297 100644 --- a/siva-parent/siva-webapp/src/test/java/ee/openeid/siva/webapp/HashcodeValidationControllerTest.java +++ b/siva-parent/siva-webapp/src/test/java/ee/openeid/siva/webapp/HashcodeValidationControllerTest.java @@ -16,6 +16,8 @@ package ee.openeid.siva.webapp; +import ee.openeid.siva.proxy.HasBdocTimemarkPolicyService; +import ee.openeid.siva.proxy.HashcodeValidationMapper; import ee.openeid.siva.proxy.HashcodeValidationProxy; import ee.openeid.siva.proxy.ProxyRequest; import ee.openeid.siva.proxy.document.ProxyHashcodeDataSet; @@ -25,12 +27,11 @@ import ee.openeid.siva.webapp.request.HashcodeValidationRequest; import ee.openeid.siva.webapp.request.SignatureFile; import ee.openeid.siva.webapp.transformer.HashcodeValidationRequestToProxyDocumentTransformer; +import ee.openeid.validation.service.generic.HashcodeGenericValidationService; +import ee.openeid.validation.service.timemark.TimemarkHashcodeValidationService; import org.json.JSONObject; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.junit.jupiter.MockitoExtension; import org.springframework.context.ApplicationContext; import org.springframework.core.env.Environment; import org.springframework.http.MediaType; @@ -43,30 +44,37 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.mockito.Mockito.mock; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup; -@ExtendWith(MockitoExtension.class) class HashcodeValidationControllerTest { private HashcodeValidationRequestToProxyDocumentTransformerSpy hashRequestTransformerSpy = new HashcodeValidationRequestToProxyDocumentTransformerSpy(); - @Mock - private StatisticsService statisticsService; - - @Mock - private ApplicationContext applicationContext; - - @Mock - private Environment environment; + private final StatisticsService statisticsService = mock(StatisticsService.class); + private final ApplicationContext applicationContext = mock(ApplicationContext.class); + private final Environment environment = mock(Environment.class); + private final HasBdocTimemarkPolicyService hasBdocTimemarkPolicyService = mock(HasBdocTimemarkPolicyService.class); + private final HashcodeValidationMapper hashcodeValidationMapper = mock(HashcodeValidationMapper.class); + private final HashcodeGenericValidationService hashcodeGenericValidationService = mock(HashcodeGenericValidationService.class); + private final TimemarkHashcodeValidationService timemarkHashcodeValidationService = mock(TimemarkHashcodeValidationService.class); private MockMvc mockMvc; @BeforeEach public void setUp() { ValidationController validationController = new ValidationController(); - HashcodeValidationProxySpy validationProxySpy = new HashcodeValidationProxySpy(statisticsService, applicationContext, environment); + HashcodeValidationProxySpy validationProxySpy = new HashcodeValidationProxySpy( + statisticsService, + applicationContext, + environment, + hasBdocTimemarkPolicyService, + hashcodeValidationMapper, + hashcodeGenericValidationService, + timemarkHashcodeValidationService + ); validationController.setHashRequestTransformer(hashRequestTransformerSpy); validationController.setHashcodeValidationProxy(validationProxySpy); mockMvc = standaloneSetup(validationController).build(); @@ -155,8 +163,22 @@ void hashRequestWithNonBase64EncodedHashReturnsErroneousResponse() throws Except private static class HashcodeValidationProxySpy extends HashcodeValidationProxy { - HashcodeValidationProxySpy(StatisticsService statisticsService, ApplicationContext applicationContext, Environment environment) { - super(statisticsService, applicationContext, environment); + HashcodeValidationProxySpy(StatisticsService statisticsService, + ApplicationContext applicationContext, + Environment environment, + HasBdocTimemarkPolicyService hasBdocTimemarkPolicyService, + HashcodeValidationMapper hashcodeValidationMapper, + HashcodeGenericValidationService hashcodeGenericValidationService, + TimemarkHashcodeValidationService timemarkHashcodeValidationService) { + super( + statisticsService, + applicationContext, + environment, + hasBdocTimemarkPolicyService, + hashcodeValidationMapper, + hashcodeGenericValidationService, + timemarkHashcodeValidationService + ); } @Override diff --git a/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/HashcodeGenericValidationService.java b/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/HashcodeGenericValidationService.java index 02b84e63c..9e94a09f4 100644 --- a/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/HashcodeGenericValidationService.java +++ b/validation-services-parent/generic-validation-service/src/main/java/ee/openeid/validation/service/generic/HashcodeGenericValidationService.java @@ -18,10 +18,7 @@ import ee.openeid.siva.validation.document.Datafile; import ee.openeid.siva.validation.document.ValidationDocument; -import ee.openeid.siva.validation.document.report.Reports; -import ee.openeid.siva.validation.document.report.ValidationConclusion; import ee.openeid.siva.validation.exception.MalformedSignatureFileException; -import ee.openeid.siva.validation.security.SecureSAXParsers; import eu.europa.esig.dss.enumerations.DigestAlgorithm; import eu.europa.esig.dss.model.DSSDocument; import eu.europa.esig.dss.model.DigestDocument; @@ -30,46 +27,19 @@ import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; -import javax.xml.parsers.SAXParser; -import java.io.ByteArrayInputStream; import java.util.List; import java.util.stream.Collectors; @Service public class HashcodeGenericValidationService extends GenericValidationService { - - public Reports validate(List validationDocuments) { - List reports = validationDocuments.stream().map(validationDocument -> validateDocument(validationDocument)).collect(Collectors.toList()); - return mergeReportsToOne(reports); - } - @Override protected SignedDocumentValidator createValidatorFromDocument(final ValidationDocument validationDocument) { - List datafiles = getDataFileInfoIfNeeded(validationDocument); - if(!CollectionUtils.isEmpty(datafiles)){ - validationDocument.setDatafiles(datafiles); - } SignedDocumentValidator validator = super.createValidatorFromDocument(validationDocument); List detachedContents = createDetachedContents(validationDocument.getDatafiles()); validator.setDetachedContents(detachedContents); return validator; } - private List getDataFileInfoIfNeeded(ValidationDocument validationDocument) { - if (!CollectionUtils.isEmpty(validationDocument.getDatafiles())) { - return null; - } else { - try { - SAXParser saxParser = SecureSAXParsers.createParser(); - SignatureXmlHandler handler = new SignatureXmlHandler(); - saxParser.parse(new ByteArrayInputStream(validationDocument.getBytes()), handler); - return handler.getDatafiles(); - } catch (Exception e) { - throw constructMalformedDocumentException(new RuntimeException(e)); - } - } - } - @Override protected RuntimeException constructMalformedDocumentException(Exception cause) { return new MalformedSignatureFileException(cause, "Signature file malformed"); @@ -101,28 +71,4 @@ private DigestDocument createDigestDocument(final Datafile datafile) { return digestDocument; } - - private Reports mergeReportsToOne(List reportsList) { - int signaturesCount = 0; - int validSignaturesCount = 0; - Reports response = null; - for (Reports reports : reportsList) { - ValidationConclusion validationConclusion = reports.getSimpleReport().getValidationConclusion(); - if (signaturesCount == 0) { - response = reports; - validSignaturesCount = validationConclusion.getValidSignaturesCount(); - } else { - response.getSimpleReport().getValidationConclusion().getSignatures().addAll(validationConclusion.getSignatures()); - validSignaturesCount = validSignaturesCount + validationConclusion.getValidSignaturesCount(); - } - signaturesCount = signaturesCount + validationConclusion.getSignaturesCount(); - } - if (response != null) { - ValidationConclusion validationConclusion = response.getSimpleReport().getValidationConclusion(); - validationConclusion.setSignaturesCount(signaturesCount); - validationConclusion.setValidSignaturesCount(validSignaturesCount); - } - return response; - } - } diff --git a/validation-services-parent/generic-validation-service/src/test/java/ee/openeid/validation/service/generic/HashcodeGenericValidationServiceTest.java b/validation-services-parent/generic-validation-service/src/test/java/ee/openeid/validation/service/generic/HashcodeGenericValidationServiceTest.java index cc4d33fac..7b0c1a14f 100644 --- a/validation-services-parent/generic-validation-service/src/test/java/ee/openeid/validation/service/generic/HashcodeGenericValidationServiceTest.java +++ b/validation-services-parent/generic-validation-service/src/test/java/ee/openeid/validation/service/generic/HashcodeGenericValidationServiceTest.java @@ -49,7 +49,6 @@ import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -60,8 +59,6 @@ @SpringBootTest(classes = {PDFValidationServiceTest.TestConfiguration.class}) @ExtendWith(SpringExtension.class) class HashcodeGenericValidationServiceTest { - - private HashcodeGenericValidationService validationService; private ConstraintLoadingSignaturePolicyService signaturePolicyService; @Autowired @@ -77,13 +74,12 @@ class HashcodeGenericValidationServiceTest { @BeforeEach public void setUp() { + signaturePolicyService = new ConstraintLoadingSignaturePolicyService(policySettings); + validationService = new HashcodeGenericValidationService(); validationService.setTrustedListsCertificateSource(trustedListsCertificateSource); - - signaturePolicyService = new ConstraintLoadingSignaturePolicyService(policySettings); validationService.setSignaturePolicyService(signaturePolicyService); validationService.setReportConfigurationProperties(new ReportConfigurationProperties(true)); - validationService.setContainerValidatorFactory(containerValidatorFactory); validationService.setRevocationFreshnessValidatorFactory(revocationFreshnessValidatorFactory); validationService.setOcspSourceFactory(ocspSourceFactory); @@ -91,7 +87,7 @@ public void setUp() { @Test void validHashcodeRequest() throws Exception { - Reports response = validationService.validate(getValidationDocumentSingletonList()); + Reports response = validationService.validateDocument(getValidationDocument()); SignatureScope signatureScope = response.getSimpleReport().getValidationConclusion().getSignatures().get(0).getSignatureScopes().get(0); assertEquals("LvhnsrgBZBK9kTQ8asbPtcsjuEhBo9s3QDdCcIxlMmo=", signatureScope.getHash()); assertEquals("SHA256", signatureScope.getHashAlgo()); @@ -100,30 +96,9 @@ void validHashcodeRequest() throws Exception { assertEquals(1L, response.getSimpleReport().getValidationConclusion().getSignatures().size()); } - @Test - void validMultipleSignatures() throws Exception { - List validationDocuments = getValidationDocumentSingletonList(); - validationDocuments.addAll(getValidationDocumentSingletonList()); - Reports response = validationService.validate(validationDocuments); - assertEquals((Integer) 2, response.getSimpleReport().getValidationConclusion().getValidSignaturesCount()); - assertEquals((Integer) 2, response.getSimpleReport().getValidationConclusion().getSignaturesCount()); - assertEquals(2L, response.getSimpleReport().getValidationConclusion().getSignatures().size()); - } - - @Test - void validDataFromSignatureFile() throws Exception { - List validationDocuments = getValidationDocumentSingletonList(); - validationDocuments.get(0).setDatafiles(null); - Reports response = validationService.validate(validationDocuments); - SignatureScope signatureScope = response.getSimpleReport().getValidationConclusion().getSignatures().get(0).getSignatureScopes().get(0); - assertEquals("LvhnsrgBZBK9kTQ8asbPtcsjuEhBo9s3QDdCcIxlMmo=", signatureScope.getHash()); - assertEquals("SHA256", signatureScope.getHashAlgo()); - assertEquals("test.pdf", signatureScope.getName()); - } - @Test void hashcodeValidationCertificateCorrectlyPresent() throws Exception { - Reports response = validationService.validate(getValidationDocumentSingletonList()); + Reports response = validationService.validateDocument(getValidationDocument()); SignatureValidationData signatureValidationData = response.getSimpleReport().getValidationConclusion().getSignatures().get(0); CertificateFactory cf = CertificateFactory.getInstance("X.509"); @@ -149,7 +124,7 @@ void hashcodeValidationCertificateCorrectlyPresent() throws Exception { @Test void hashcodeValidationSubjectDNCorrectlyPresent() throws Exception { - Reports reports = validationService.validate(getValidationDocumentSingletonList()); + Reports reports = validationService.validateDocument(getValidationDocument()); assertSame(1, reports.getSimpleReport().getValidationConclusion().getSignatures().size()); SignatureValidationData signature = reports.getSimpleReport().getValidationConclusion().getSignatures().get(0); @@ -160,7 +135,7 @@ void hashcodeValidationSubjectDNCorrectlyPresent() throws Exception { @Test void populatesSignerRole() throws IOException, URISyntaxException { - Reports reports = validationService.validate(getValidationDocumentSingletonList()); + Reports reports = validationService.validateDocument(getValidationDocument()); List signerRole = reports.getSimpleReport().getValidationConclusion().getSignatures().get(0).getInfo().getSignerRole(); assertEquals(1, signerRole.size()); assertEquals("Direktorius", signerRole.get(0).getClaimedRole()); @@ -168,7 +143,7 @@ void populatesSignerRole() throws IOException, URISyntaxException { @Test void populatesSignatureProductionPlace() throws IOException, URISyntaxException { - Reports reports = validationService.validate(getValidationDocumentSingletonList("test-files/signatures_with_sig_production_place.xml")); + Reports reports = validationService.validateDocument(getValidationDocument("test-files/signatures_with_sig_production_place.xml")); SignatureProductionPlace signatureProductionPlace = reports.getSimpleReport().getValidationConclusion() .getSignatures().get(0).getInfo().getSignatureProductionPlace(); @@ -180,31 +155,29 @@ void populatesSignatureProductionPlace() throws IOException, URISyntaxException @Test void populatesSignatureMethod() throws IOException, URISyntaxException { - Reports reports = validationService.validate(getValidationDocumentSingletonList("test-files/signatures_with_sig_production_place.xml")); + Reports reports = validationService.validateDocument(getValidationDocument("test-files/signatures_with_sig_production_place.xml")); assertEquals("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", reports.getSimpleReport().getValidationConclusion().getSignatures().get(0).getSignatureMethod()); } @Test void populatesTimeAssertionMessageImprint() throws IOException, URISyntaxException { - Reports reports = validationService.validate(getValidationDocumentSingletonList()); + Reports reports = validationService.validateDocument(getValidationDocument()); assertEquals("MDEwDQYJYIZIAWUDBAIBBQAEIBf8So+lfR/lrfzu5i+SZwguJGakhr/W+eHwrAQJ0acJ", reports.getSimpleReport().getValidationConclusion().getSignatures().get(0).getInfo().getTimeAssertionMessageImprint()); } - private List getValidationDocumentSingletonList() throws URISyntaxException, IOException { - return getValidationDocumentSingletonList("test-files/signatures.xml"); + private ValidationDocument getValidationDocument() throws URISyntaxException, IOException { + return getValidationDocument("test-files/signatures.xml"); } - private List getValidationDocumentSingletonList(String signatureTestFile) throws URISyntaxException, IOException { - List validationDocuments = new ArrayList<>(); + private ValidationDocument getValidationDocument(String signatureTestFile) throws URISyntaxException, IOException { ValidationDocument validationDocument = new ValidationDocument(); validationDocument.setDatafiles(Collections.singletonList(getDataFile())); Path documentPath = Paths.get(getClass().getClassLoader().getResource(signatureTestFile).toURI()); validationDocument.setBytes(Files.readAllBytes(documentPath)); validationDocument.setSignaturePolicy("POLv3"); - validationDocuments.add(validationDocument); - return validationDocuments; + return validationDocument; } private Datafile getDataFile() { diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/TimemarkHashcodeValidationService.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/TimemarkHashcodeValidationService.java new file mode 100644 index 000000000..b8745fed9 --- /dev/null +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/TimemarkHashcodeValidationService.java @@ -0,0 +1,71 @@ +package ee.openeid.validation.service.timemark; + +import ee.openeid.siva.validation.configuration.ReportConfigurationProperties; +import ee.openeid.siva.validation.document.Datafile; +import ee.openeid.siva.validation.document.ValidationDocument; +import ee.openeid.siva.validation.document.report.Reports; +import ee.openeid.siva.validation.service.ValidationService; +import ee.openeid.validation.service.timemark.report.TimemarkHashcodeValidationReportBuilder; +import ee.openeid.validation.service.timemark.signature.policy.BDOCConfigurationService; +import ee.openeid.validation.service.timemark.signature.policy.PolicyConfigurationWrapper; +import eu.europa.esig.dss.enumerations.MimeType; +import lombok.SneakyThrows; +import org.digidoc4j.Configuration; +import org.digidoc4j.DetachedXadesSignatureBuilder; +import org.digidoc4j.DigestAlgorithm; +import org.digidoc4j.DigestDataFile; +import org.digidoc4j.Signature; +import org.digidoc4j.ValidationResult; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.util.Base64; + +@Service +public class TimemarkHashcodeValidationService implements ValidationService { + private final BDOCConfigurationService bdocConfigurationService; + private final ReportConfigurationProperties reportConfigurationProperties; + + @Autowired + public TimemarkHashcodeValidationService(BDOCConfigurationService bdocConfigurationService, + ReportConfigurationProperties reportConfigurationProperties) { + this.bdocConfigurationService = bdocConfigurationService; + this.reportConfigurationProperties = reportConfigurationProperties; + } + + @Override + public Reports validateDocument(ValidationDocument validationDocument) { + final PolicyConfigurationWrapper configuration = loadConfiguration(validationDocument); + final Signature signature = createSignature(validationDocument, configuration.getConfiguration()); + final ValidationResult validationResult = signature.validateSignature(); + return new TimemarkHashcodeValidationReportBuilder( + validationResult, + configuration.getPolicy(), + signature, + validationDocument, + reportConfigurationProperties.isReportSignatureEnabled() + ).build(); + } + + private Signature createSignature(ValidationDocument validationDocument, Configuration configuration) { + final DetachedXadesSignatureBuilder signatureBuilder = DetachedXadesSignatureBuilder.withConfiguration(configuration); + addDataFiles(signatureBuilder, validationDocument); + return signatureBuilder.openAdESSignature(validationDocument.getBytes()); + } + + private PolicyConfigurationWrapper loadConfiguration(ValidationDocument validationDocument) { + return bdocConfigurationService.loadPolicyConfiguration(validationDocument.getSignaturePolicy()); + } + + @SneakyThrows + private void addDataFiles(DetachedXadesSignatureBuilder signatureBuilder, ValidationDocument validationDocument) { + for (final Datafile dataFile : validationDocument.getDatafiles()) { + signatureBuilder.withDataFile(new DigestDataFile( + dataFile.getFilename(), + DigestAlgorithm.valueOf(dataFile.getHashAlgo().toUpperCase()), + Base64.getDecoder().decode(dataFile.getHash()), + MimeType.fromFileName(dataFile.getFilename()).getMimeTypeString() + )); + } + } +} diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/AsicContainerValidationReportBuilder.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/AsicContainerValidationReportBuilder.java index 07959a2f1..296da244f 100644 --- a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/AsicContainerValidationReportBuilder.java +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/AsicContainerValidationReportBuilder.java @@ -23,27 +23,24 @@ import ee.openeid.siva.validation.document.report.SignatureValidationData; import ee.openeid.siva.validation.document.report.ValidationConclusion; import ee.openeid.siva.validation.document.report.ValidationWarning; -import ee.openeid.siva.validation.document.report.Warning; import ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils; import ee.openeid.siva.validation.service.signature.policy.properties.ValidationPolicy; import eu.europa.esig.dss.enumerations.SignatureQualification; import eu.europa.esig.dss.enumerations.SubIndication; import org.digidoc4j.Container; -import org.digidoc4j.DataFile; import org.digidoc4j.Signature; import org.digidoc4j.SignatureProfile; import org.digidoc4j.ValidationResult; +import org.digidoc4j.impl.asic.AsicSignature; import org.digidoc4j.impl.asic.asice.AsicESignature; -import java.io.UnsupportedEncodingException; -import java.net.URLDecoder; import java.security.cert.X509Certificate; import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.stream.Collectors; -import static org.digidoc4j.X509Cert.SubjectName.CN; +import static ee.openeid.validation.service.timemark.util.SignatureScopeParser.getAsicSignatureScopes; +import static ee.openeid.validation.service.timemark.util.SignatureCertificateParser.getCertificate; public class AsicContainerValidationReportBuilder extends TimemarkContainerValidationReportBuilder { public AsicContainerValidationReportBuilder(Container container, ValidationDocument validationDocument, ValidationPolicy validationPolicy, ValidationResult validationResult, boolean isReportSignatureEnabled) { @@ -77,7 +74,6 @@ protected String getSubIndication(Signature signature, Map getExtraValidationWarnings() { @Override List getSignatureScopes(Signature signature, List dataFilenames) { - AsicESignature bDocSignature = (AsicESignature) signature; - return bDocSignature.getOrigin().getReferences() - .stream() - .map(r -> decodeUriIfPossible(r.getURI())) - .filter(dataFilenames::contains) //filters out Signed Properties - .map(AsicContainerValidationReportBuilder::createFullSignatureScopeForDataFile) - .collect(Collectors.toList()); + return getAsicSignatureScopes((AsicSignature) signature, dataFilenames); } @Override @@ -120,22 +110,4 @@ String getSignatureForm() { String getSignatureFormat(SignatureProfile profile) { return XADES_FORMAT_PREFIX + profile.toString(); } - - private static SignatureScope createFullSignatureScopeForDataFile(String filename) { - SignatureScope signatureScope = new SignatureScope(); - signatureScope.setName(filename); - signatureScope.setScope(FULL_SIGNATURE_SCOPE); - signatureScope.setContent(FULL_DOCUMENT); - return signatureScope; - } - - private String decodeUriIfPossible(String uri) { - try { - return URLDecoder.decode(uri, "UTF-8"); - } catch (UnsupportedEncodingException e) { - LOGGER.warn("datafile " + uri + " has unsupported encoding", e); - return uri; - } - } - } diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/DDOCContainerValidationReportBuilder.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/DDOCContainerValidationReportBuilder.java index 4654a2ddc..714454188 100644 --- a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/DDOCContainerValidationReportBuilder.java +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/DDOCContainerValidationReportBuilder.java @@ -21,8 +21,8 @@ import ee.openeid.siva.validation.document.report.SignatureValidationData; import ee.openeid.siva.validation.document.report.ValidationConclusion; import ee.openeid.siva.validation.document.report.ValidationWarning; -import ee.openeid.siva.validation.document.report.Warning; import ee.openeid.siva.validation.service.signature.policy.properties.ValidationPolicy; +import ee.openeid.validation.service.timemark.util.SignatureScopeParser; import org.apache.commons.lang3.StringUtils; import org.digidoc4j.Container; import org.digidoc4j.DigestDataFile; @@ -35,7 +35,6 @@ import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.stream.Collectors; public class DDOCContainerValidationReportBuilder extends TimemarkContainerValidationReportBuilder { @@ -79,10 +78,9 @@ List getExtraValidationWarnings() { @Override List getSignatureScopes(Signature signature, List dataFilenames) { - return dataFilenames - .stream() - .map(this::mapDataFile) - .collect(Collectors.toList()); + return dataFilenames.stream() + .map(SignatureScopeParser::createFullSignatureScopeForDataFile) + .toList(); } @Override @@ -96,14 +94,6 @@ String getSignatureFormat(SignatureProfile profile) { return dDocFacade.getFormat().replaceAll("-", "_") + "_" + dDocFacade.getVersion(); } - private SignatureScope mapDataFile(String filename) { - SignatureScope signatureScope = new SignatureScope(); - signatureScope.setName(filename); - signatureScope.setContent(FULL_DOCUMENT); - signatureScope.setScope(FULL_SIGNATURE_SCOPE); - return signatureScope; - } - private String getDigidocXmlSignatureForm() { return DDOC_SIGNATURE_FORM_PREFIX + ((DDocContainer) container).getDDoc4JFacade().getVersion() + getSignatureFormSuffix(); } diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java index df3c5ae76..14bf51c3e 100644 --- a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkContainerValidationReportBuilder.java @@ -17,17 +17,21 @@ package ee.openeid.validation.service.timemark.report; import ee.openeid.siva.validation.document.ValidationDocument; +import ee.openeid.siva.validation.document.report.Certificate; +import ee.openeid.siva.validation.document.report.DetailedReport; +import ee.openeid.siva.validation.document.report.DiagnosticReport; import ee.openeid.siva.validation.document.report.Error; -import ee.openeid.siva.validation.document.report.*; +import ee.openeid.siva.validation.document.report.Reports; +import ee.openeid.siva.validation.document.report.SignatureScope; +import ee.openeid.siva.validation.document.report.SignatureValidationData; +import ee.openeid.siva.validation.document.report.SimpleReport; +import ee.openeid.siva.validation.document.report.ValidationConclusion; +import ee.openeid.siva.validation.document.report.ValidationWarning; +import ee.openeid.siva.validation.document.report.Warning; import ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils; import ee.openeid.siva.validation.service.signature.policy.properties.ValidationPolicy; -import ee.openeid.siva.validation.util.CertUtil; -import ee.openeid.siva.validation.util.DistinguishedNameUtil; -import eu.europa.esig.dss.diagnostic.DiagnosticData; -import eu.europa.esig.dss.diagnostic.SignatureWrapper; -import eu.europa.esig.dss.diagnostic.TimestampWrapper; -import eu.europa.esig.dss.enumerations.TimestampType; -import org.apache.commons.codec.binary.Base64; +import ee.openeid.validation.service.timemark.util.SignatureCertificateParser; +import ee.openeid.validation.service.timemark.util.ValidationErrorMapper; import org.apache.commons.lang3.StringUtils; import org.digidoc4j.Container; import org.digidoc4j.DataFile; @@ -35,33 +39,25 @@ import org.digidoc4j.SignatureProfile; import org.digidoc4j.ValidationResult; import org.digidoc4j.X509Cert; -import org.digidoc4j.exceptions.CertificateNotFoundException; -import org.digidoc4j.exceptions.DigiDoc4JException; import org.digidoc4j.impl.asic.asice.AsicESignature; import org.slf4j.LoggerFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Comparator; -import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.Optional; import java.util.stream.Collectors; import java.util.stream.Stream; -import static ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils.*; -import static org.digidoc4j.X509Cert.SubjectName.CN; +import static ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils.createReportPolicy; +import static ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils.getValidationTime; +import static ee.openeid.validation.service.timemark.util.SignatureInfoParser.getInfo; +import static ee.openeid.validation.service.timemark.util.SigningCertificateParser.parseSignedBy; +import static ee.openeid.validation.service.timemark.util.SigningCertificateParser.parseSubjectDistinguishedName; public abstract class TimemarkContainerValidationReportBuilder { protected static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(TimemarkContainerValidationReportBuilder.class); - protected static final String FULL_SIGNATURE_SCOPE = "FullSignatureScope"; - protected static final String FULL_DOCUMENT = "Digest of the document content"; protected static final String XADES_FORMAT_PREFIX = "XAdES_BASELINE_"; protected static final String REPORT_INDICATION_INDETERMINATE = "INDETERMINATE"; protected static final String BDOC_SIGNATURE_FORM = "ASiC-E"; @@ -86,24 +82,6 @@ protected TimemarkContainerValidationReportBuilder(Container container, Validati this.isReportSignatureEnabled = isReportSignatureEnabled; } - static Warning createWarning(String content) { - Warning warning = new Warning(); - warning.setContent(emptyWhenNull(content)); - return warning; - } - - private static Warning mapDigidoc4JWarning(DigiDoc4JException digiDoc4JException) { - Warning warning = new Warning(); - warning.setContent(emptyWhenNull(digiDoc4JException.getMessage())); - return warning; - } - - private static Error mapDigidoc4JException(DigiDoc4JException digiDoc4JException) { - Error error = new Error(); - error.setContent(emptyWhenNull(digiDoc4JException.getMessage())); - return error; - } - public Reports build() { ValidationConclusion validationConclusion = getValidationConclusion(); processSignatureIndications(validationConclusion, validationPolicy.getName()); @@ -188,147 +166,24 @@ private SignatureValidationData createSignatureValidationData(Signature signatur return signatureValidationData; } - private String parseSignedBy(X509Cert signingCertificate) { - return Optional.ofNullable(signingCertificate) - .flatMap(certificate -> Optional - .ofNullable(certificate.getX509Certificate()) - .map(DistinguishedNameUtil::getSubjectSurnameAndGivenNameAndSerialNumber) - .or(() -> Optional - .ofNullable(certificate.getSubjectName(CN)) - .map(this::removeQuotes)) - ) - .orElseGet(ReportBuilderUtils::valueNotPresent); - } - - private SubjectDistinguishedName parseSubjectDistinguishedName(X509Cert signingCertificate) { - String serialNumber = signingCertificate.getSubjectName(X509Cert.SubjectName.SERIALNUMBER); - String commonName = signingCertificate.getSubjectName(CN); - String givenName = signingCertificate.getSubjectName(X509Cert.SubjectName.GIVENNAME); - String surname = signingCertificate.getSubjectName(X509Cert.SubjectName.SURNAME); - return SubjectDistinguishedName.builder() - .serialNumber(serialNumber != null ? removeQuotes(serialNumber) : null) - .commonName(commonName != null ? removeQuotes(commonName) : null) - .givenName(givenName != null ? removeQuotes(givenName) : null) - .surname(surname != null ? removeQuotes(surname) : null) - .build(); - } - - String removeQuotes(String subjectName) { - return subjectName.replaceAll("(^\")|(\"$)", ""); - } - eu.europa.esig.dss.simplereport.SimpleReport getDssSimpleReport(AsicESignature bDocSignature) { return bDocSignature.getDssValidationReport().getReports().getSimpleReport(); } - private Info getInfo(Signature signature) { - Info info = new Info(); - info.setBestSignatureTime(getBestSignatureTime(signature)); - if (signature.getProfile() == SignatureProfile.LT) { - info.setTimestampCreationTime(getTimestampTime(signature)); - } - info.setOcspResponseCreationTime(getOcspTime(signature)); - info.setTimeAssertionMessageImprint(getTimeAssertionMessageImprint(signature)); - info.setSignerRole(getSignerRole(signature)); - info.setSignatureProductionPlace(getSignatureProductionPlace(signature)); - return info; - } - - private String getOcspTime(Signature signature) { - return formatTime(signature.getOCSPResponseCreationTime()); - } - - private String getTimestampTime(Signature signature) { - return formatTime(signature.getTimeStampCreationTime()); - } - - private String getBestSignatureTime(Signature signature) { - return formatTime(signature.getTrustedSigningTime()); - } - - private String formatTime(Date date) { - return date != null - ? ReportBuilderUtils.getDateFormatterWithGMTZone().format(date) - : null; - } - - private String getTimeAssertionMessageImprint(Signature signature) { - if (signature.getProfile() != SignatureProfile.LT_TM) { - TimestampWrapper timestamp = getBestTimestampWrapper(signature); - try { - return ReportBuilderUtils.parseTimeAssertionMessageImprint(timestamp); - } catch (Exception e) { - LOGGER.warn("Unable to parse time assertion message imprint from timestamp: ", e); - return ""; //parse errors due to corrupted timestamp data should be present in validation errors already - } - } - - try { - return StringUtils.defaultString(Base64.encodeBase64String(signature.getOCSPNonce())); - } catch (DigiDoc4JException e) { - LOGGER.warn("Unable to parse time assertion message imprint from OCSP nonce: ", e); - return ""; //parse errors due to corrupted OCSP data should be present in validation errors already - } - } - - private TimestampWrapper getBestTimestampWrapper(Signature signature) { - DiagnosticData diagnosticData = ((AsicESignature) signature).getDssValidationReport().getReports().getDiagnosticData(); - SignatureWrapper signatureWrapper = diagnosticData.getSignatureById(signature.getUniqueId()); - List timestamps = signatureWrapper.getTimestampListByType(TimestampType.SIGNATURE_TIMESTAMP); - return timestamps.isEmpty() ? null : Collections.min(timestamps, Comparator.comparing(TimestampWrapper::getProductionTime)); - - } - - private List getSignerRole(Signature signature) { - return signature.getSignerRoles().stream() - .filter(StringUtils::isNotEmpty) - .map(this::mapSignerRole) - .collect(Collectors.toList()); - } - - private SignerRole mapSignerRole(String claimedRole) { - SignerRole signerRole = new SignerRole(); - signerRole.setClaimedRole(claimedRole); - return signerRole; - } - - private SignatureProductionPlace getSignatureProductionPlace(Signature signature) { - if (isSignatureProductionPlaceEmpty(signature)) { - return null; - } - - SignatureProductionPlace signatureProductionPlace = new SignatureProductionPlace(); - signatureProductionPlace.setCountryName(StringUtils.defaultString(signature.getCountryName())); - signatureProductionPlace.setStateOrProvince(StringUtils.defaultString(signature.getStateOrProvince())); - signatureProductionPlace.setCity(StringUtils.defaultString(signature.getCity())); - signatureProductionPlace.setPostalCode(StringUtils.defaultString(signature.getPostalCode())); - return signatureProductionPlace; - } - - private boolean isSignatureProductionPlaceEmpty(Signature signature) { - return StringUtils.isAllEmpty( - signature.getCountryName(), - signature.getStateOrProvince(), - signature.getCity(), - signature.getPostalCode()); - } - private List getWarnings(Signature signature) { ValidationResult signatureValidationResult = signatureValidationResults.get(signature.getUniqueId()); - return Stream.of(signatureValidationResult.getWarnings(), this.validationResult.getWarnings()) - .flatMap(Collection::stream) - .distinct() - .map(TimemarkContainerValidationReportBuilder::mapDigidoc4JWarning) - .collect(Collectors.toList()); + return ValidationErrorMapper.getWarnings(Stream.of( + signatureValidationResult.getWarnings(), + this.validationResult.getWarnings() + )); } private List getErrors(Signature signature) { ValidationResult signatureValidationResult = signatureValidationResults.get(signature.getUniqueId()); - return Stream.of(signatureValidationResult.getErrors(), this.validationResult.getErrors()) - .flatMap(Collection::stream) - .distinct() - .map(TimemarkContainerValidationReportBuilder::mapDigidoc4JException) - .collect(Collectors.toList()); + return ValidationErrorMapper.getErrors(Stream.of( + signatureValidationResult.getErrors(), + this.validationResult.getErrors() + )); } private String getCountryCode(Signature signature) { @@ -336,35 +191,7 @@ private String getCountryCode(Signature signature) { } protected List getCertificateList(Signature signature) { - List certificateList = new ArrayList<>(); - - X509Cert ocspCertificate; - try { - ocspCertificate = signature.getOCSPCertificate(); - } catch (CertificateNotFoundException e) { - LOGGER.warn("Failed to acquire OCSP certificate from signature", e); - ocspCertificate = null; - } - if (ocspCertificate != null) { - X509Certificate x509Certificate = ocspCertificate.getX509Certificate(); - certificateList.add(getCertificate(x509Certificate, CertificateType.REVOCATION)); - } - - X509Cert signingCertificate = signature.getSigningCertificate(); - if (signingCertificate != null) { - X509Certificate x509Certificate = signingCertificate.getX509Certificate(); - certificateList.add(getCertificate(x509Certificate, CertificateType.SIGNING)); - } - - return certificateList; - } - - protected Certificate getCertificate(X509Certificate x509Certificate, CertificateType type) { - Certificate certificate = new Certificate(); - certificate.setContent(CertUtil.encodeCertificateToBase64(x509Certificate)); - certificate.setCommonName(CertUtil.getCommonName(x509Certificate)); - certificate.setType(type); - return certificate; + return SignatureCertificateParser.getCertificateList(signature); } abstract void processSignatureIndications(ValidationConclusion validationConclusion, String policyName); diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkHashcodeValidationReportBuilder.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkHashcodeValidationReportBuilder.java new file mode 100644 index 000000000..05a4a1063 --- /dev/null +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/report/TimemarkHashcodeValidationReportBuilder.java @@ -0,0 +1,159 @@ +package ee.openeid.validation.service.timemark.report; + +import ee.openeid.siva.validation.document.Datafile; +import ee.openeid.siva.validation.document.ValidationDocument; +import ee.openeid.siva.validation.document.report.Reports; +import ee.openeid.siva.validation.document.report.SignatureScope; +import ee.openeid.siva.validation.document.report.SignatureValidationData; +import ee.openeid.siva.validation.document.report.SimpleReport; +import ee.openeid.siva.validation.document.report.ValidationConclusion; +import ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils; +import ee.openeid.siva.validation.service.signature.policy.properties.ConstraintDefinedPolicy; +import org.apache.commons.lang3.StringUtils; +import org.digidoc4j.Signature; +import org.digidoc4j.ValidationResult; +import org.digidoc4j.X509Cert; +import org.digidoc4j.impl.asic.AsicSignature; + +import java.util.List; +import java.util.Optional; +import java.util.stream.Stream; + +import static ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils.createReportPolicy; +import static ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils.getValidationTime; +import static ee.openeid.validation.service.timemark.report.TimemarkContainerValidationReportBuilder.REPORT_INDICATION_INDETERMINATE; +import static ee.openeid.validation.service.timemark.util.SignatureScopeParser.getAsicSignatureScopes; +import static ee.openeid.validation.service.timemark.util.SignatureCertificateParser.getCertificateList; +import static ee.openeid.validation.service.timemark.util.SignatureInfoParser.getInfo; +import static ee.openeid.validation.service.timemark.util.SigningCertificateParser.parseSignedBy; +import static ee.openeid.validation.service.timemark.util.SigningCertificateParser.parseSubjectDistinguishedName; +import static ee.openeid.validation.service.timemark.util.ValidationErrorMapper.getErrors; +import static ee.openeid.validation.service.timemark.util.ValidationErrorMapper.getWarnings; +import static java.util.Collections.emptyList; + +public class TimemarkHashcodeValidationReportBuilder { + private final ValidationResult validationResult; + private final ConstraintDefinedPolicy validationPolicy; + private final Signature signature; + private final ValidationDocument validationDocument; + private final boolean isReportSignatureEnabled; + + + public TimemarkHashcodeValidationReportBuilder(ValidationResult validationResult, + ConstraintDefinedPolicy validationPolicy, + Signature signature, + ValidationDocument validationDocument, + boolean isReportSignatureEnabled) { + this.validationResult = validationResult; + this.validationPolicy = validationPolicy; + this.signature = signature; + this.validationDocument = validationDocument; + this.isReportSignatureEnabled = isReportSignatureEnabled; + } + + public Reports build() { + final var validationConclusion = getValidationConclusion(); + final var simpleReport = new SimpleReport(validationConclusion); + return new Reports(simpleReport, null, null); + } + + private ValidationConclusion getValidationConclusion() { + ValidationConclusion validationConclusion = new ValidationConclusion(); + validationConclusion.setPolicy(createReportPolicy(validationPolicy)); + validationConclusion.setValidationTime(getValidationTime()); + validationConclusion.setValidationWarnings(emptyList()); + validationConclusion.setSignatures(List.of(buildSignatureValidationData())); + validationConclusion.setSignaturesCount(validationConclusion.getSignatures().size()); + validationConclusion.setValidatedDocument(ReportBuilderUtils.createValidatedDocument(isReportSignatureEnabled, validationDocument.getName(), validationDocument.getBytes())); + validationConclusion.setValidSignaturesCount((int) validationConclusion.getSignatures() + .stream() + .filter(vd -> StringUtils.equals(vd.getIndication(), SignatureValidationData.Indication.TOTAL_PASSED.toString())).count()); + return validationConclusion; + } + + private SignatureValidationData buildSignatureValidationData() { + SignatureValidationData signatureValidationData = new SignatureValidationData(); + signatureValidationData.setId(signature.getId()); + signatureValidationData.setSignatureFormat(getSignatureFormat()); + signatureValidationData.setSignatureMethod(signature.getSignatureMethod()); + signatureValidationData.setSignatureLevel(getSignatureLevel()); + signatureValidationData.setSignedBy(parseSignedBy(signature.getSigningCertificate())); + signatureValidationData.setSubjectDistinguishedName(parseSubjectDistinguishedName(signature.getSigningCertificate())); + signatureValidationData.setErrors(getErrors(Stream.of(validationResult.getErrors()))); + signatureValidationData.setWarnings(getWarnings(Stream.of(validationResult.getWarnings()))); + signatureValidationData.setSignatureScopes(getSignatureScopes()); + signatureValidationData.setClaimedSigningTime(ReportBuilderUtils.getDateFormatterWithGMTZone().format(signature.getClaimedSigningTime())); + signatureValidationData.setInfo(getInfo(signature)); + signatureValidationData.setIndication(getIndication()); + signatureValidationData.setSubIndication(getSubIndication()); + signatureValidationData.setCountryCode(getCountryCode(signature)); + signatureValidationData.setCertificates(getCertificateList(signature)); + return signatureValidationData; + } + + private String getCountryCode(Signature signature) { + return signature.getSigningCertificate().getSubjectName(X509Cert.SubjectName.C); + } + + private List getDataFileNames() { + return validationDocument.getDatafiles() + .stream() + .map(Datafile::getFilename) + .toList(); + } + + private String getSignatureLevel() { + return getAsicSignatureSimpleReport() + .map(simpleReport -> simpleReport.getSignatureQualification(signature.getUniqueId())) + .map(Enum::name) + .orElse(null); + } + + private String getSignatureFormat() { + return getAsicSignatureSimpleReport() + .map(simpleReport -> simpleReport.getSignatureFormat(signature.getUniqueId())) + .map(Enum::name) + .orElse(null); + } + + private Optional getAsicSignatureSimpleReport() { + return signature instanceof AsicSignature + ? Optional.of(((AsicSignature) signature).getDssValidationReport().getReports().getSimpleReport()) + : Optional.empty(); + } + + private List getSignatureScopes() { + return signature instanceof AsicSignature + ? getAsicSignatureScopes((AsicSignature) signature, getDataFileNames()) + : emptyList(); + } + + private SignatureValidationData.Indication getIndication() { + if (validationResult.isValid() && validationResult.getErrors().isEmpty()) { + return SignatureValidationData.Indication.TOTAL_PASSED; + } + if (isIndeterminate() && validationResult.getErrors().isEmpty()) { + return SignatureValidationData.Indication.INDETERMINATE; + } + return SignatureValidationData.Indication.TOTAL_FAILED; + } + + private boolean isIndeterminate() { + return getAsicSignatureSimpleReport() + .map(simpleReport -> simpleReport.getIndication(signature.getUniqueId())) + .map(Enum::name) + .filter(REPORT_INDICATION_INDETERMINATE::equals) + .isPresent(); + } + + private String getSubIndication() { + if (SignatureValidationData.Indication.TOTAL_PASSED.equals(getIndication())) { + return ""; + } + return getAsicSignatureSimpleReport() + .map(simpleReport -> simpleReport.getSubIndication(signature.getUniqueId())) + .map(Enum::name) + .orElse(""); + + } +} diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureCertificateParser.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureCertificateParser.java new file mode 100644 index 000000000..a193129cd --- /dev/null +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureCertificateParser.java @@ -0,0 +1,52 @@ +package ee.openeid.validation.service.timemark.util; + +import ee.openeid.siva.validation.document.report.Certificate; +import ee.openeid.siva.validation.document.report.CertificateType; +import ee.openeid.siva.validation.util.CertUtil; +import lombok.experimental.UtilityClass; +import org.digidoc4j.Signature; +import org.digidoc4j.X509Cert; +import org.digidoc4j.exceptions.CertificateNotFoundException; +import org.slf4j.LoggerFactory; + +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + + +@UtilityClass +public class SignatureCertificateParser { + private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(SignatureCertificateParser.class); + + public static List getCertificateList(Signature signature) { + List certificateList = new ArrayList<>(); + + X509Cert ocspCertificate; + try { + ocspCertificate = signature.getOCSPCertificate(); + } catch (CertificateNotFoundException e) { + LOGGER.warn("Failed to acquire OCSP certificate from signature", e); + ocspCertificate = null; + } + if (ocspCertificate != null) { + X509Certificate x509Certificate = ocspCertificate.getX509Certificate(); + certificateList.add(getCertificate(x509Certificate, CertificateType.REVOCATION)); + } + + X509Cert signingCertificate = signature.getSigningCertificate(); + if (signingCertificate != null) { + X509Certificate x509Certificate = signingCertificate.getX509Certificate(); + certificateList.add(getCertificate(x509Certificate, CertificateType.SIGNING)); + } + + return certificateList; + } + + public static Certificate getCertificate(X509Certificate x509Certificate, CertificateType type) { + Certificate certificate = new Certificate(); + certificate.setContent(CertUtil.encodeCertificateToBase64(x509Certificate)); + certificate.setCommonName(CertUtil.getCommonName(x509Certificate)); + certificate.setType(type); + return certificate; + } +} diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureInfoParser.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureInfoParser.java new file mode 100644 index 000000000..e32ed818c --- /dev/null +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureInfoParser.java @@ -0,0 +1,122 @@ +package ee.openeid.validation.service.timemark.util; + +import ee.openeid.siva.validation.document.report.Info; +import ee.openeid.siva.validation.document.report.SignatureProductionPlace; +import ee.openeid.siva.validation.document.report.SignerRole; +import ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils; +import eu.europa.esig.dss.diagnostic.DiagnosticData; +import eu.europa.esig.dss.diagnostic.SignatureWrapper; +import eu.europa.esig.dss.diagnostic.TimestampWrapper; +import eu.europa.esig.dss.enumerations.TimestampType; +import lombok.experimental.UtilityClass; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.lang3.StringUtils; +import org.digidoc4j.Signature; +import org.digidoc4j.SignatureProfile; +import org.digidoc4j.exceptions.DigiDoc4JException; +import org.digidoc4j.impl.asic.asice.AsicESignature; +import org.slf4j.LoggerFactory; + +import java.util.Collections; +import java.util.Comparator; +import java.util.Date; +import java.util.List; +import java.util.Optional; +import java.util.stream.Collectors; + +@UtilityClass +public class SignatureInfoParser { + private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(SignatureInfoParser.class); + + public static Info getInfo(Signature signature) { + Info info = new Info(); + info.setBestSignatureTime(getBestSignatureTime(signature)); + if (signature.getProfile() == SignatureProfile.LT) { + info.setTimestampCreationTime(getTimestampTime(signature)); + } + info.setOcspResponseCreationTime(getOcspTime(signature)); + info.setTimeAssertionMessageImprint(getTimeAssertionMessageImprint(signature)); + info.setSignerRole(getSignerRole(signature)); + info.setSignatureProductionPlace(getSignatureProductionPlace(signature)); + return info; + } + + private static String getTimeAssertionMessageImprint(Signature signature) { + if (signature.getProfile() != SignatureProfile.LT_TM) { + TimestampWrapper timestamp = getBestTimestampWrapper(signature); + try { + return ReportBuilderUtils.parseTimeAssertionMessageImprint(timestamp); + } catch (Exception e) { + LOGGER.warn("Unable to parse time assertion message imprint from timestamp: ", e); + return ""; //parse errors due to corrupted timestamp data should be present in validation errors already + } + } + + try { + return StringUtils.defaultString(Base64.encodeBase64String(signature.getOCSPNonce())); + } catch (DigiDoc4JException e) { + LOGGER.warn("Unable to parse time assertion message imprint from OCSP nonce: ", e); + return ""; //parse errors due to corrupted OCSP data should be present in validation errors already + } + } + + private static TimestampWrapper getBestTimestampWrapper(Signature signature) { + DiagnosticData diagnosticData = ((AsicESignature) signature).getDssValidationReport().getReports().getDiagnosticData(); + SignatureWrapper signatureWrapper = diagnosticData.getSignatureById(signature.getUniqueId()); + List timestamps = signatureWrapper.getTimestampListByType(TimestampType.SIGNATURE_TIMESTAMP); + return timestamps.isEmpty() ? null : Collections.min(timestamps, Comparator.comparing(TimestampWrapper::getProductionTime)); + } + + private static SignatureProductionPlace getSignatureProductionPlace(Signature signature) { + if (isSignatureProductionPlaceEmpty(signature)) { + return null; + } + + SignatureProductionPlace signatureProductionPlace = new SignatureProductionPlace(); + signatureProductionPlace.setCountryName(StringUtils.defaultString(signature.getCountryName())); + signatureProductionPlace.setStateOrProvince(StringUtils.defaultString(signature.getStateOrProvince())); + signatureProductionPlace.setCity(StringUtils.defaultString(signature.getCity())); + signatureProductionPlace.setPostalCode(StringUtils.defaultString(signature.getPostalCode())); + return signatureProductionPlace; + } + + private static boolean isSignatureProductionPlaceEmpty(Signature signature) { + return StringUtils.isAllEmpty( + signature.getCountryName(), + signature.getStateOrProvince(), + signature.getCity(), + signature.getPostalCode() + ); + } + + private static String getBestSignatureTime(Signature signature) { + return formatTime(signature.getTrustedSigningTime()); + } + + private static String getOcspTime(Signature signature) { + return formatTime(signature.getOCSPResponseCreationTime()); + } + + private static String getTimestampTime(Signature signature) { + return formatTime(signature.getTimeStampCreationTime()); + } + + private static String formatTime(Date date) { + return Optional.ofNullable(date) + .map(d -> ReportBuilderUtils.getDateFormatterWithGMTZone().format(d)) + .orElse(null); + } + + private static List getSignerRole(Signature signature) { + return signature.getSignerRoles().stream() + .filter(StringUtils::isNotEmpty) + .map(SignatureInfoParser::mapSignerRole) + .collect(Collectors.toList()); + } + + private static SignerRole mapSignerRole(String claimedRole) { + SignerRole signerRole = new SignerRole(); + signerRole.setClaimedRole(claimedRole); + return signerRole; + } +} diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureScopeParser.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureScopeParser.java new file mode 100644 index 000000000..26f40c0b8 --- /dev/null +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SignatureScopeParser.java @@ -0,0 +1,44 @@ +package ee.openeid.validation.service.timemark.util; + +import ee.openeid.siva.validation.document.report.SignatureScope; +import lombok.experimental.UtilityClass; +import org.digidoc4j.impl.asic.AsicSignature; +import org.slf4j.LoggerFactory; + +import java.io.UnsupportedEncodingException; +import java.net.URLDecoder; +import java.util.List; +import java.util.stream.Collectors; + +@UtilityClass +public class SignatureScopeParser { + private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(SignatureScopeParser.class); + private static final String FULL_SIGNATURE_SCOPE = "FullSignatureScope"; + private static final String FULL_DOCUMENT = "Digest of the document content"; + + public static List getAsicSignatureScopes(AsicSignature signature, List dataFilenames) { + return signature.getOrigin().getReferences() + .stream() + .map(r -> decodeUriIfPossible(r.getURI())) + .filter(dataFilenames::contains) //filters out Signed Properties + .map(SignatureScopeParser::createFullSignatureScopeForDataFile) + .collect(Collectors.toList()); + } + + private static String decodeUriIfPossible(String uri) { + try { + return URLDecoder.decode(uri, "UTF-8"); + } catch (UnsupportedEncodingException e) { + LOGGER.warn("datafile " + uri + " has unsupported encoding", e); + return uri; + } + } + + public static SignatureScope createFullSignatureScopeForDataFile(String filename) { + SignatureScope signatureScope = new SignatureScope(); + signatureScope.setName(filename); + signatureScope.setScope(FULL_SIGNATURE_SCOPE); + signatureScope.setContent(FULL_DOCUMENT); + return signatureScope; + } +} diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SigningCertificateParser.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SigningCertificateParser.java new file mode 100644 index 000000000..c3e99f691 --- /dev/null +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/SigningCertificateParser.java @@ -0,0 +1,43 @@ +package ee.openeid.validation.service.timemark.util; + +import ee.openeid.siva.validation.document.report.SubjectDistinguishedName; +import ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils; +import ee.openeid.siva.validation.util.DistinguishedNameUtil; +import ee.openeid.siva.validation.util.SubjectDNParser; +import lombok.experimental.UtilityClass; +import org.digidoc4j.X509Cert; + +import java.util.Optional; + +import static org.digidoc4j.X509Cert.SubjectName.CN; + +@UtilityClass +public class SigningCertificateParser { + public static SubjectDistinguishedName parseSubjectDistinguishedName(X509Cert signingCertificate) { + return SubjectDistinguishedName.builder() + .serialNumber(getSubjectName(signingCertificate, X509Cert.SubjectName.SERIALNUMBER)) + .commonName(getSubjectName(signingCertificate, X509Cert.SubjectName.CN)) + .givenName(getSubjectName(signingCertificate, X509Cert.SubjectName.GIVENNAME)) + .surname(getSubjectName(signingCertificate, X509Cert.SubjectName.SURNAME)) + .build(); + } + + private static String getSubjectName(X509Cert signingCertificate, X509Cert.SubjectName subjectName) { + return Optional.ofNullable(signingCertificate) + .map(cert -> cert.getSubjectName(subjectName)) + .map(SubjectDNParser::removeQuotes) + .orElse(null); + } + + public static String parseSignedBy(X509Cert signingCertificate) { + return Optional.ofNullable(signingCertificate) + .flatMap(certificate -> Optional + .ofNullable(certificate.getX509Certificate()) + .map(DistinguishedNameUtil::getSubjectSurnameAndGivenNameAndSerialNumber) + .or(() -> Optional + .ofNullable(certificate.getSubjectName(CN)) + .map(SubjectDNParser::removeQuotes)) + ) + .orElseGet(ReportBuilderUtils::valueNotPresent); + } +} diff --git a/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/ValidationErrorMapper.java b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/ValidationErrorMapper.java new file mode 100644 index 000000000..f881ea1c8 --- /dev/null +++ b/validation-services-parent/timemark-container-validation-service/src/main/java/ee/openeid/validation/service/timemark/util/ValidationErrorMapper.java @@ -0,0 +1,44 @@ +package ee.openeid.validation.service.timemark.util; + +import ee.openeid.siva.validation.document.report.Error; +import ee.openeid.siva.validation.document.report.Warning; +import lombok.experimental.UtilityClass; +import org.digidoc4j.exceptions.DigiDoc4JException; + +import java.util.Collection; +import java.util.List; +import java.util.function.Function; +import java.util.stream.Stream; + +import static ee.openeid.siva.validation.document.report.builder.ReportBuilderUtils.emptyWhenNull; + +@UtilityClass +public class ValidationErrorMapper { + public static List getWarnings(Stream> warnings) { + return mapExceptions(warnings, ValidationErrorMapper::mapDigidoc4JWarning); + } + + public static List getErrors(Stream> errors) { + return mapExceptions(errors, ValidationErrorMapper::mapDigidoc4JException); + } + + private static List mapExceptions(Stream> exceptions, + Function mapper) { + return exceptions.flatMap(Collection::stream) + .distinct() + .map(mapper) + .toList(); + } + + private static Warning mapDigidoc4JWarning(DigiDoc4JException digiDoc4JException) { + Warning warning = new Warning(); + warning.setContent(emptyWhenNull(digiDoc4JException.getMessage())); + return warning; + } + + private static Error mapDigidoc4JException(DigiDoc4JException digiDoc4JException) { + Error error = new Error(); + error.setContent(emptyWhenNull(digiDoc4JException.getMessage())); + return error; + } +} diff --git a/validation-services-parent/timemark-container-validation-service/src/test/resources/test-files/timemark_signature.xml b/validation-services-parent/timemark-container-validation-service/src/test/resources/test-files/timemark_signature.xml new file mode 100755 index 000000000..77d5acc28 --- /dev/null +++ b/validation-services-parent/timemark-container-validation-service/src/test/resources/test-files/timemark_signature.xml @@ -0,0 +1,81 @@ + + + + + + + + + RnKZobNWVy8u92sDL4S2j1BUzMT5qTgt6hm90TfAGRo= + + + + + + + 5Bk7RHmH+P8bihr1kdd/4apnRVoJfn3yH55123tipQw= + + + pn8r7FZWhBFKnMaLb810NMmMD8PQlLh2w9SCnhZpntENG4XbKCvK+/8rCsTaBR/hrQMFFIkNHahdRGrhN3k3binLhq/2kwIn6hC5NoqixSc/fwyFjE5mv0reHGWDW2E9 + + + MIID6zCCA02gAwIBAgIQT7j6zk6pmVRcyspLo5SqejAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTE5MDUwMjEwNDUzMVoXDTI5MDUwMjEwNDUzMVowfzELMAkGA1UEBhMCRUUxFjAUBgNVBCoMDUpBQUstS1JJU1RKQU4xEDAOBgNVBAQMB0rDlUVPUkcxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASkwENR8GmCpEs6OshDWDfIiKvGuyNMOD2rjIQW321AnZD3oIsqD0svBMNEJJj9Dlvq/47TYDObIa12KAU5IuOBfJs2lrFdSXZjaM+a5TWT3O2JTM36YDH2GcMe/eisepejggGrMIIBpzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGQDBIBgNVHSAEQTA/MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAJBgcEAIvsQAECMB0GA1UdDgQWBBTVX3s48Spy/Es2TcXgkRvwUn2YcjCBigYIKwYBBQUHAQMEfjB8MAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwUQYGBACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRpdGlvbnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBiwAwgYcCQgGBr+Jbo1GeqgWdIwgMo7SA29AP38JxNm2HWq2Qb+kIHpusAK574Co1K5D4+Mk7/ITTuXQaET5WphHoN7tdAciTaQJBAn0zBigYyVPYSTO68HM6hmlwTwi/KlJDdXW/2NsMjSqofFFJXpGvpxk2CTqSRCjcavxLPnkasTbNROYSJcmM8Xc= + + + + + + + 2020-05-21T14:07:04Z + + + + + +pli41INDQEEIMW6dPXct4dXJSk8bIQ5Ny1TcNC35eA= + + + CN=TEST of ESTEID2018,2.5.4.97=#0c0e4e545245452d3130373437303133,O=SK ID Solutions AS,C=EE + 105969481236726016406974448130977999482 + + + + + + + urn:oid:1.3.6.1.4.1.10015.1000.3.2.1 + + + + 7pudpH4eXlguSZY2e/pNbKzGsq+fu//woYL1SZFws1A= + + + + https://www.sk.ee/repository/bdoc-spec21.pdf + + + + + + + + application/octet-stream + + + + + + + MIIEijCCA3KgAwIBAgIQaI8x6BnacYdNdNwlYnn/mzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMyMjQ1WhcNMjQwOTA3MTIyMjQ1WjCBgzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDTALBgNVBAsMBE9DU1AxJzAlBgNVBAMMHlRFU1Qgb2YgU0sgT0NTUCBSRVNQT05ERVIgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cw6Cja17BbYbHi6frwccDI4BIQLk/fiCE8L45os0xhPgEGR+EHE8LPCIqofPgf4gwN1vDE6cQNUlK0Od+Ush39i9Z45esnfpGq+2HsDJaFmFr5+uC1MEz5Kn1TazEvKbRjkGnSQ9BertlGer2BlU/kqOk5qA5RtJfhT0psc1ixKdPipv59wnf+nHx1+T+fPWndXVZLoDg4t3w8lIvIE/KhOSMlErvBIHIAKV7yH1hOxyeGLghqzMiAn3UeTEOgoOS9URv0C/T5C3mH+Y/uakMSxjNuz41PneimCzbEJZJRiEaMIj8qPAubcbL8GtY03MWmfNtX6/wh6u6TMfW8S2wIDAQABo4H+MIH7MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBR9/5CuRokEgGiqSzYuZGYAogl8TzCBoAYDVR0gBIGYMIGVMIGSBgorBgEEAc4fAwEBMIGDMFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LnNrLmVlL2FqYXRlbXBlbC8wHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wDQYJKoZIhvcNAQEFBQADggEBAAbaj7kTruTAPHqToye9ZtBdaJ3FZjiKug9/5RjsMwDpOeqFDqCorLd+DBI4tgdu0g4lhaI3aVnKdRBkGV18kqp84uU97JRFWQEf6H8hpJ9k/LzAACkP3tD+0ym+md532mV+nRz1Jj+RPLAUk9xYMV7KPczZN1xnl2wZDJwBbQpcSVH1DjlZv3tFLHBLIYTS6qOK4SxStcgRq7KdRczfW6mfXzTCRWM3G9nmDei5Q3+XTED41j8szRWglzYf6zOv4djkja64WYraQ5zb4x8Xh7qTCk6UupZ7je+0oRfuz0h/3zyRdjcRPkjloSpQp/NG8Rmrcnr874p8d9fdwCrRI7U= + MIIFLDCCBI2gAwIBAgIQImvqKVwtGyZbh+ecdKPc7zAKBggqhkjOPQQDBDBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwHhcNMTgwODMwMTI0ODI4WhcNMzMwODMwMTI0ODI4WjBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABABZN0DFpEKsj3SzsySoR/bcwAUoLc+S2HrvHY0xIDkFFTtUQXfjxXyexNIx+ALe2IYJZLTl0T79C5by4/mO/5H7UgCxZZCRKtdcKqSGYJOVpT0XoA51yX8eBk8aPVrTcwABcBhU6nTNGEoNXfeS7mrZB6Gs3eFxEVdejIEjNObWVFYMbqOCAuAwggLcMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMDQGA1UdJQEB/wQqMCgGCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMBMB0GA1UdDgQWBBR/DHDY9OWPAXfux20pKbn0yfxqwDAfBgNVHSMEGDAWgBR/DHDY9OWPAXfux20pKbn0yfxqwDCCAiQGA1UdIASCAhswggIXMAgGBgQAj3oBAjAJBgcEAIvsQAECMDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzANBgsrBgEEAYORIQECAjANBgsrBgEEAYORfwECATANBgsrBgEEAYORIQECBTANBgsrBgEEAYORIQECBjANBgsrBgEEAYORIQECBzANBgsrBgEEAYORIQECAzANBgsrBgEEAYORIQECBDANBgsrBgEEAYORIQECCDANBgsrBgEEAYORIQECCTANBgsrBgEEAYORIQECCjANBgsrBgEEAYORIQECCzANBgsrBgEEAYORIQECDDANBgsrBgEEAYORIQECDTANBgsrBgEEAYORIQECDjANBgsrBgEEAYORIQECDzANBgsrBgEEAYORIQECEDANBgsrBgEEAYORIQECETANBgsrBgEEAYORIQECEjANBgsrBgEEAYORIQECEzANBgsrBgEEAYORIQECFDANBgsrBgEEAYORfwECAjANBgsrBgEEAYORfwECAzANBgsrBgEEAYORfwECBDANBgsrBgEEAYORfwECBTANBgsrBgEEAYORfwECBjBVBgorBgEEAYORIQoBMEcwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAiBggrBgEFBQcCAjAWGhRURVNUIG9mIEVFLUdvdkNBMjAxODAYBggrBgEFBQcBAwQMMAowCAYGBACORgEBMAoGCCqGSM49BAMEA4GMADCBiAJCAeTjfRrMt+4ecVYozAfdpTjCikf332XcuRkuJ6fbLqqMm7C3v/d5ebyOqvDG6wWAp8Z0GZA5ONIvS2rm8kJ7HR5tAkIAoFn7n5ZW62dXMmPk+LReR1hUyTpxrxC31QjqvMqM2AbM8luw0f/AaC5qsEdwKrKT+p1xvnjSyIVfcMiu6Q3T2EE= + MIIFfDCCBN2gAwIBAgIQNhjzSfd2UEpbkO14EY4ORTAKBggqhkjOPQQDBDBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwHhcNMTgwOTA2MDkwMzUyWhcNMzMwODMwMTI0ODI4WjBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBxYug4cEqwmIj+3TVaUlhfxCV9FQgfuglC2/0Ux1Ieqw11mDjNvnGJhkWxaLbWJi7QtthMG5R104l7Np7lBevrBgBDtfgja9e3MLTQkY+cFS+UQxjt9ZihTUJVsR7lowYlaGEiqqsGbEhlwfu27Xsm8b2rhSiTOvNdjTtG57NnwVAX+ijggMyMIIDLjAfBgNVHSMEGDAWgBR/DHDY9OWPAXfux20pKbn0yfxqwDAdBgNVHQ4EFgQUwISZKcROnzsCNPaZ4QpWAAgpPnswDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwggHNBgNVHSAEggHEMIIBwDAIBgYEAI96AQIwCQYHBACL7EABAjAyBgsrBgEEAYORIQECATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDQYLKwYBBAGDkSEBAgIwDQYLKwYBBAGDkX8BAgEwDQYLKwYBBAGDkSEBAgUwDQYLKwYBBAGDkSEBAgYwDQYLKwYBBAGDkSEBAgcwDQYLKwYBBAGDkSEBAgMwDQYLKwYBBAGDkSEBAgQwDQYLKwYBBAGDkSEBAggwDQYLKwYBBAGDkSEBAgkwDQYLKwYBBAGDkSEBAgowDQYLKwYBBAGDkSEBAgswDQYLKwYBBAGDkSEBAgwwDQYLKwYBBAGDkSEBAg0wDQYLKwYBBAGDkSEBAg4wDQYLKwYBBAGDkSEBAg8wDQYLKwYBBAGDkSEBAhAwDQYLKwYBBAGDkSEBAhEwDQYLKwYBBAGDkSEBAhIwDQYLKwYBBAGDkSEBAhMwDQYLKwYBBAGDkSEBAhQwDQYLKwYBBAGDkX8BAgIwDQYLKwYBBAGDkX8BAgMwDQYLKwYBBAGDkX8BAgQwDQYLKwYBBAGDkX8BAgUwDQYLKwYBBAGDkX8BAgYwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDB3BggrBgEFBQcBAQRrMGkwLgYIKwYBBQUHMAGGImh0dHA6Ly9haWEuZGVtby5zay5lZS9lZS1nb3ZjYTIwMTgwNwYIKwYBBQUHMAKGK2h0dHA6Ly9jLnNrLmVlL1Rlc3Rfb2ZfRUUtR292Q0EyMDE4LmRlci5jcnQwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vYy5zay5lZS9UZXN0X29mX0VFLUdvdkNBMjAxOC5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIBIF+LqytyaV4o5wUSm30VysB8LdWtoOrzNq2QhB6tGv4slg5z+CR58e60eRFqNxT7eccA/HgoPWs0B1Z+L067qtUCQgCB8OP0kHx/j1t7htN2CXjpSjGFZw5TTI4s1eGyTbe0UJRBXEkUKfFbZVmzGPFPprwUdSPi8PpO7+xGBYlFHA4z+Q== + + + + + + + + + + + \ No newline at end of file diff --git a/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/SubjectDNParser.java b/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/SubjectDNParser.java index d32e96ce6..01e163f0e 100644 --- a/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/SubjectDNParser.java +++ b/validation-services-parent/validation-commons/src/main/java/ee/openeid/siva/validation/util/SubjectDNParser.java @@ -48,7 +48,7 @@ public static String parse(String subjectDistinguishedName, RDN relativeDistingu return null; } - private static String removeQuotes(String value) { + public static String removeQuotes(String value) { return value.replaceAll("(^\")|(\"$)", ""); }