diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 98284da..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,50 +0,0 @@ - -pipeline { - agent none - options { - checkoutToSubdirectory('gr.grnet.eseal') - newContainerPerStage() - } - environment { - PROJECT_DIR='gr.grnet.eseal' - } - stages { - stage('Library Testing & Packaging') { - agent { - docker { - image 'argo.registry:5000/epel-7-java18' - args '-u jenkins:jenkins' - } - } - steps { - echo 'Eseal library Packaging & Testing' - sh """ - mvn clean package cobertura:cobertura -Dcobertura.report.format=xml -f ${PROJECT_DIR}/eseal/pom.xml - """ - junit '**/target/surefire-reports/*.xml' - cobertura coberturaReportFile: '**/target/site/cobertura/coverage.xml' - } - post { - always { - cleanWs() - } - } - } - } - post { - success { - script{ - if ( env.BRANCH_NAME == 'master' || env.BRANCH_NAME == 'devel' ) { - slackSend( message: ":rocket: New version for <$BUILD_URL|$PROJECT_DIR>:$BRANCH_NAME Job: $JOB_NAME !") - } - } - } - failure { - script{ - if ( env.BRANCH_NAME == 'master' || env.BRANCH_NAME == 'devel' ) { - slackSend( message: ":rain_cloud: Build Failed for <$BUILD_URL|$PROJECT_DIR>:$BRANCH_NAME Job: $JOB_NAME") - } - } - } - } -} \ No newline at end of file diff --git a/README.md b/README.md index d2a77b8..204d37b 100644 --- a/README.md +++ b/README.md @@ -1,112 +1,2 @@ # gr.grnet.eseal E-signature library - -### PDF Validation using an X509 certificate - -```java -import gr.grnet.eseal.PDFValidator; -import gr.grnet.eseal.ValidationLevel; -import gr.grnet.eseal.ValidationReport; -import gr.grnet.eseal.X509CertificateTrustSource; - -public class Example -{ - public static void main( String[] args ) { - - // Initialise the pdf validator from a file source - PDFValidator pdf = new PDFValidator("/path/to/pdf/file"); - - - try { - - // Initialise the x509 trust source from a file source - X509CertificateTrustSource x509CertificateTrustSource = new X509CertificateTrustSource("/path/to/cert"); - - // Validate the document based on the provided trust source(x509 cert) and the validation severity - ValidationReport r = pdf.validate(ValidationLevel.BASIC_SIGNATURES, x509CertificateTrustSource); - - // get the result of the validation process - System.out.println(r.getValidationResult()); - - } catch (Exception e) { - System.out.println(e.getMessage()); - } - } -} -``` - -### PDF Validation using a Java trustore - -```java -import gr.grnet.eseal.KeyStoreType; -import gr.grnet.eseal.KeystoreTrustSource; -import gr.grnet.eseal.PDFValidator; -import gr.grnet.eseal.ValidationReport; -import gr.grnet.eseal.ValidationLevel; - -public class Example2 -{ - public static void main( String[] args ) { - - // Initialise the pdf validator from a file source - PDFValidator pdf = new PDFValidator("/path/to/pdf"); - - - try { - - String keystorePath = "/path/to/trustore"; - String password = "eseal12345"; - - // Initialise the trustore trust source from a file source - KeystoreTrustSource keystoreTrustSource = new KeystoreTrustSource(keystorePath, password, KeyStoreType.JKS); - - // Validate the document based on the provided trust source(trustore) and the validation severity - ValidationReport r = pdf.validate(ValidationLevel.BASIC_SIGNATURES, keystoreTrustSource); - - // get the result of the validation process - System.out.println(r.getValidationResult()); - - } catch (Exception e) { - System.out.println(e.getMessage()); - } - } -} - -``` - -### PDF Validation using a Trusted List - -```java -import gr.grnet.eseal.PDFValidator; -import gr.grnet.eseal.TLTrustSource; -import gr.grnet.eseal.ValidationLevel; -import gr.grnet.eseal.ValidationReport; -import gr.grnet.eseal.TrustedListURL; - -public class Example3 { - - public static void main( String[] args ) { - - // Initialise the pdf validator from a file source - PDFValidator pdf = new PDFValidator("/path/to/pdf"); - - - try { - - // Initialise the trusted list source with the greek trusted list( https://www.eett.gr/tsl/EL-TSL.xml) - TLTrustSource tlTrustSource = new TLTrustSource(TrustedListURL.GREECE); - - // Validate the document based on the provided trust source(trusted list) and the validation severity - ValidationReport r = pdf.validate(ValidationLevel.BASIC_SIGNATURES, tlTrustSource); - - // get the result of the validation process - System.out.println(r.getValidationResult()); - - } catch (Exception e) { - System.out.println(e.getMessage()); - } - } -} - -``` - diff --git a/eseal/.gitignore b/eseal/.gitignore deleted file mode 100644 index 2658748..0000000 --- a/eseal/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.iml -/target/ -dependency-reduced-pom.xml -.idea diff --git a/eseal/pom.xml b/eseal/pom.xml deleted file mode 100644 index 998a6d7..0000000 --- a/eseal/pom.xml +++ /dev/null @@ -1,108 +0,0 @@ - - 4.0.0 - gr.grnet.eseal - eseal - jar - 0.1 - eseal - A wrapper library for the DSS framework - http://maven.apache.org - - - - UTF-8 - 1.8 - 1.8 - - - - - - - junit - junit - 4.13 - test - - - org.hamcrest - hamcrest-all - 1.3 - test - - - eu.europa.ec.joinup.sd-dss - dss-tsl-validation - 5.7 - - - eu.europa.ec.joinup.sd-dss - dss-pades - 5.7 - - - eu.europa.ec.joinup.sd-dss - dss-pades-pdfbox - 5.7 - - - eu.europa.ec.joinup.sd-dss - dss-utils-apache-commons - 5.7 - - - eu.europa.ec.joinup.sd-dss - dss-model - 5.7 - - - eu.europa.ec.joinup.sd-dss - dss-service - 5.7 - - - - - - cefdigital - cefdigital - https://ec.europa.eu/cefdigital/artifact/content/repositories/esignaturedss/ - - - - - - - - org.apache.maven.plugins - maven-shade-plugin - 3.2.0 - - - - package - - shade - - - - - - *:* - - META-INF/*.SF - META-INF/*.DSA - META-INF/*.RSA - META-INF/*.DES - - - - - - - - - - diff --git a/eseal/src/main/java/gr/grnet/eseal/KeyStoreType.java b/eseal/src/main/java/gr/grnet/eseal/KeyStoreType.java deleted file mode 100644 index b10e122..0000000 --- a/eseal/src/main/java/gr/grnet/eseal/KeyStoreType.java +++ /dev/null @@ -1,9 +0,0 @@ -package gr.grnet.eseal; - -public enum KeyStoreType { - JKS, - PKCS12; - - private KeyStoreType() { - } -} \ No newline at end of file diff --git a/eseal/src/main/java/gr/grnet/eseal/KeystoreTrustSource.java b/eseal/src/main/java/gr/grnet/eseal/KeystoreTrustSource.java deleted file mode 100644 index 0fd35b0..0000000 --- a/eseal/src/main/java/gr/grnet/eseal/KeystoreTrustSource.java +++ /dev/null @@ -1,54 +0,0 @@ -package gr.grnet.eseal; - -import eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource; -import eu.europa.esig.dss.spi.x509.KeyStoreCertificateSource; -import java.io.File; -import java.io.IOException; - -/** - *

- * Trust source that will be supplied to the pdf validation process based on a Java keystore. - *

- */ -public class KeystoreTrustSource { - - private KeyStoreCertificateSource truststore; - private CommonTrustedCertificateSource commonTrustedCertificateSource; - - /** Creates a keystore trust source validator from the given keystore(path to keystore). - * @param filepath path to the keystore file. - * @param password password for the keystore - * @param type of the keystore - */ - public KeystoreTrustSource(String filepath, String password, KeyStoreType type) throws IOException{ - this.truststore = new KeyStoreCertificateSource(filepath, type.name(), password); - this.buildSource(); - } - - /** Creates a keystore trust source validator from the given keystore(path to keystore). - * @param file representing the keystore file. - * @param password password for the keystore - * @param type of the keystore - */ - public KeystoreTrustSource(File file, String password, KeyStoreType type) throws IOException{ - this.truststore = new KeyStoreCertificateSource(file, type.name(), password); - this.buildSource(); - } - - /** - * Builds the dss common trusted certificate source with the present keystore - */ - private void buildSource() { - this.commonTrustedCertificateSource = new CommonTrustedCertificateSource(); - this.commonTrustedCertificateSource.importAsTrusted(this.truststore); - } - - public CommonTrustedCertificateSource getCommonTrustedCertificateSource() { - return commonTrustedCertificateSource; - } - - public KeyStoreCertificateSource getTruststore() { - return truststore; - } -} - diff --git a/eseal/src/main/java/gr/grnet/eseal/PDFValidator.java b/eseal/src/main/java/gr/grnet/eseal/PDFValidator.java deleted file mode 100644 index bf5709a..0000000 --- a/eseal/src/main/java/gr/grnet/eseal/PDFValidator.java +++ /dev/null @@ -1,153 +0,0 @@ -package gr.grnet.eseal; - -import eu.europa.esig.dss.model.FileDocument; -import eu.europa.esig.dss.pades.validation.PDFDocumentValidator; -import eu.europa.esig.dss.service.crl.OnlineCRLSource; -import eu.europa.esig.dss.service.http.commons.CommonsDataLoader; -import eu.europa.esig.dss.service.ocsp.OnlineOCSPSource; -import eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource; -import eu.europa.esig.dss.validation.CertificateVerifier; -import eu.europa.esig.dss.validation.CommonCertificateVerifier; -import eu.europa.esig.dss.validation.reports.Reports; -import java.io.File; - -/** - *

- * PDFValidator is the main building block of the validation process. - *

- */ -public class PDFValidator { - - private FileDocument pdfDocument; - - /** Creates a pdf validator from the given pdf(path to pdf). - * @param filepath path to the file. - */ - public PDFValidator(String filepath) { - this.pdfDocument = new FileDocument(filepath); - } - - /** Creates a pdf validator from the given pdf(File object). - * @param file java.io.File object representing the pdf document. - */ - public PDFValidator(File file) { - this.pdfDocument = new FileDocument(file); - } - - /** Gets the pdf document. - * @return A FileDocument representing the pdf of the validation - */ - public FileDocument getPdfDocument() { - return this.pdfDocument; - } - - /** - * Performs the validation process with the given trust source - * @param validationLevel the level of validation severity - * @param x509CertificateTrustSource the trust source that will be used to validate the document - * @return ValidationReport that contains information regarding the validation process - */ - public ValidationReport validate(ValidationLevel validationLevel, X509CertificateTrustSource x509CertificateTrustSource) { - - // build the certificate verifier for the pdf validator - CertificateVerifier cv = new CommonCertificateVerifier(); - CommonsDataLoader commonsDataLoader = new CommonsDataLoader(); - cv.setCrlSource(new OnlineCRLSource()); - cv.setOcspSource(new OnlineOCSPSource()); - cv.setDataLoader(commonsDataLoader); - cv.setTrustedCertSources(x509CertificateTrustSource.getCommonTrustedCertificateSource()); - - // initialize the dss validator - PDFDocumentValidator dssValidator = new PDFDocumentValidator(this.pdfDocument); - dssValidator.setValidationLevel(determineLevel(validationLevel)); - dssValidator.setCertificateVerifier(cv); - - Reports r = dssValidator.validateDocument(); - - return new ValidationReport(r); - } - - /** - * Performs the validation process with the given trust source - * @param validationLevel the level of validation severity - * @param tlTrustSource the trust source that will be used to validate the document - * @return ValidationReport that contains information regarding the validation process - */ - public ValidationReport validate(ValidationLevel validationLevel, TLTrustSource tlTrustSource) { - - TrustedListsCertificateSource trustedListsCertificateSource = new TrustedListsCertificateSource(); - - // build the certificate verifier for the pdf validator - CertificateVerifier cv = new CommonCertificateVerifier(); - CommonsDataLoader commonsDataLoader = new CommonsDataLoader(); - cv.setCrlSource(new OnlineCRLSource()); - cv.setOcspSource(new OnlineOCSPSource()); - cv.setDataLoader(commonsDataLoader); - cv.setTrustedCertSources(trustedListsCertificateSource); - - tlTrustSource.getJob().setTrustedListCertificateSource(trustedListsCertificateSource); - tlTrustSource.getJob().onlineRefresh(); - - // initialize the dss validator - PDFDocumentValidator dssValidator = new PDFDocumentValidator(this.pdfDocument); - dssValidator.setValidationLevel(determineLevel(validationLevel)); - dssValidator.setCertificateVerifier(cv); - - Reports r = dssValidator.validateDocument(); - - return new ValidationReport(r); - } - - /** - * Performs the validation process with the given trust source - * @param validationLevel the level of validation severity - * @param keystoreTrustSource the trust source that will be used to validate the document - * @return ValidationReport that contains information regarding the validation process - */ - public ValidationReport validate(ValidationLevel validationLevel, KeystoreTrustSource keystoreTrustSource) { - - // build the certificate verifier for the pdf validator - CertificateVerifier cv = new CommonCertificateVerifier(); - CommonsDataLoader commonsDataLoader = new CommonsDataLoader(); - cv.setCrlSource(new OnlineCRLSource()); - cv.setOcspSource(new OnlineOCSPSource()); - cv.setDataLoader(commonsDataLoader); - cv.setTrustedCertSources(keystoreTrustSource.getCommonTrustedCertificateSource()); - - // initialize the dss validator - PDFDocumentValidator dssValidator = new PDFDocumentValidator(this.pdfDocument); - dssValidator.setValidationLevel(determineLevel(validationLevel)); - dssValidator.setCertificateVerifier(cv); - - Reports r = dssValidator.validateDocument(); - - return new ValidationReport(r); - } - - /** - * Maps the library's validation level to the proper dss one - * @param validationLevel validation level to be mapped - * @return eu.europa.esig.dss.validation.executor.ValidationLevel dss validation level - */ - public eu.europa.esig.dss.validation.executor.ValidationLevel determineLevel(ValidationLevel validationLevel) { - - eu.europa.esig.dss.validation.executor.ValidationLevel vl = eu.europa.esig.dss.validation.executor.ValidationLevel.BASIC_SIGNATURES; - - switch ( validationLevel) { - case BASIC_SIGNATURES: - return vl; - case TIMESTAMPS: - vl = eu.europa.esig.dss.validation.executor.ValidationLevel.TIMESTAMPS; - return vl; - case LONG_TERM_DATA: - vl = eu.europa.esig.dss.validation.executor.ValidationLevel.LONG_TERM_DATA; - return vl; - case ARCHIVAL_DATA: - vl = eu.europa.esig.dss.validation.executor.ValidationLevel.ARCHIVAL_DATA; - return vl; - } - - return vl; - } - -} diff --git a/eseal/src/main/java/gr/grnet/eseal/TLTrustSource.java b/eseal/src/main/java/gr/grnet/eseal/TLTrustSource.java deleted file mode 100644 index 762da26..0000000 --- a/eseal/src/main/java/gr/grnet/eseal/TLTrustSource.java +++ /dev/null @@ -1,113 +0,0 @@ -package gr.grnet.eseal; - -import eu.europa.esig.dss.service.http.commons.CommonsDataLoader; -import eu.europa.esig.dss.service.http.commons.FileCacheDataLoader; -import eu.europa.esig.dss.spi.client.http.DSSFileLoader; -import eu.europa.esig.dss.spi.client.http.IgnoreDataLoader; -import eu.europa.esig.dss.spi.tsl.TrustedListsCertificateSource; -import eu.europa.esig.dss.spi.x509.CommonCertificateSource; -import eu.europa.esig.dss.tsl.alerts.TLAlert; -import eu.europa.esig.dss.tsl.alerts.detections.TLExpirationDetection; -import eu.europa.esig.dss.tsl.alerts.detections.TLSignatureErrorDetection; -import eu.europa.esig.dss.tsl.alerts.handlers.log.LogTLExpirationAlertHandler; -import eu.europa.esig.dss.tsl.alerts.handlers.log.LogTLSignatureErrorAlertHandler; -import eu.europa.esig.dss.tsl.cache.CacheCleaner; -import eu.europa.esig.dss.tsl.job.TLValidationJob; -import eu.europa.esig.dss.tsl.source.TLSource; -import eu.europa.esig.dss.tsl.sync.AcceptAllStrategy; -import java.io.File; -import java.util.Arrays; - -/** - *

- * Trust source that will be supplied to the pdf validation process based on a trusted list. - *

- */ -public class TLTrustSource { - - private TLValidationJob job; - - /** Creates a trusted list trust source. - */ - public TLTrustSource(TrustedListURL trustedListURL) { - this(trustedListURL.toString()); - } - - /** Creates a trusted list trust source from the provided trusted list. - * @param url for the trusted list. - */ - - public TLTrustSource(String url) { - this.job = this.buildSource(url); - } - - public TLValidationJob getJob() { - return job; - } - - private TLValidationJob buildSource(String url) { - TLValidationJob job = new TLValidationJob(); - job.setOfflineDataLoader(offlineLoader()); - job.setOnlineDataLoader(onlineLoader()); - job.setTrustedListCertificateSource(new TrustedListsCertificateSource()); - job.setSynchronizationStrategy(new AcceptAllStrategy()); - job.setCacheCleaner(cacheCleaner()); - - TLSource tlSource = new TLSource(); - tlSource.setUrl(url); - tlSource.setCertificateSource(new CommonCertificateSource()); - job.setTrustedListSources(tlSource); - job.setTLAlerts(Arrays.asList(tlSigningAlert(), tlExpirationDetection())); - - return job; - } - - - private static DSSFileLoader onlineLoader() { - FileCacheDataLoader onlineFileLoader = new FileCacheDataLoader(); - onlineFileLoader.setCacheExpirationTime(100); - onlineFileLoader.setDataLoader(new CommonsDataLoader()); - onlineFileLoader.setFileCacheDirectory(tlCacheDirectory()); - - return onlineFileLoader; - } - - private static File tlCacheDirectory() { - File rootFolder = new File(System.getProperty("java.io.tmpdir")); - File tslCache = new File(rootFolder, "dss-tsl-loader2"); - if (tslCache.mkdirs()) { - System.out.println(tslCache.getAbsolutePath()); - } - return tslCache; - } - - private static TLAlert tlSigningAlert() { - TLSignatureErrorDetection signingDetection = new TLSignatureErrorDetection(); - LogTLSignatureErrorAlertHandler handler = new LogTLSignatureErrorAlertHandler(); - return new TLAlert(signingDetection, handler); - } - - private static TLAlert tlExpirationDetection() { - TLExpirationDetection expirationDetection = new TLExpirationDetection(); - LogTLExpirationAlertHandler handler = new LogTLExpirationAlertHandler(); - return new TLAlert(expirationDetection, handler); - } - - private static CacheCleaner cacheCleaner() { - CacheCleaner cacheCleaner = new CacheCleaner(); - cacheCleaner.setCleanFileSystem(true); - cacheCleaner.setCleanMemory(true); - cacheCleaner.setDSSFileLoader(offlineLoader()); - return cacheCleaner; - } - - private static DSSFileLoader offlineLoader() { - FileCacheDataLoader offlineFileLoader = new FileCacheDataLoader(); - offlineFileLoader.setDataLoader(new IgnoreDataLoader()); - offlineFileLoader.setCacheExpirationTime(100); - offlineFileLoader.setFileCacheDirectory(tlCacheDirectory()); - return offlineFileLoader; - } - -} - diff --git a/eseal/src/main/java/gr/grnet/eseal/TrustedListURL.java b/eseal/src/main/java/gr/grnet/eseal/TrustedListURL.java deleted file mode 100644 index cb3bd6f..0000000 --- a/eseal/src/main/java/gr/grnet/eseal/TrustedListURL.java +++ /dev/null @@ -1,24 +0,0 @@ -package gr.grnet.eseal; - -/** - * Enum that contains available trusted lists. - * - *

- * For example, {@link #GREECE} contains the greek trusted list. - *

- */ -public enum TrustedListURL { - - GREECE("https://www.eett.gr/tsl/EL-TSL.xml"); - - private final String name; - - private TrustedListURL(String s) { - name = s; - } - - public String toString() { - return this.name; - } - -} diff --git a/eseal/src/main/java/gr/grnet/eseal/ValidationLevel.java b/eseal/src/main/java/gr/grnet/eseal/ValidationLevel.java deleted file mode 100644 index a7f5e25..0000000 --- a/eseal/src/main/java/gr/grnet/eseal/ValidationLevel.java +++ /dev/null @@ -1,16 +0,0 @@ -package gr.grnet.eseal; - -/** - *

- * Validation level dictates the severity of the validation process. - *

- */ -public enum ValidationLevel { - BASIC_SIGNATURES, - TIMESTAMPS, - LONG_TERM_DATA, - ARCHIVAL_DATA; - - private ValidationLevel() { - } -} \ No newline at end of file diff --git a/eseal/src/main/java/gr/grnet/eseal/ValidationReport.java b/eseal/src/main/java/gr/grnet/eseal/ValidationReport.java deleted file mode 100644 index eb751ea..0000000 --- a/eseal/src/main/java/gr/grnet/eseal/ValidationReport.java +++ /dev/null @@ -1,82 +0,0 @@ -package gr.grnet.eseal; - -import eu.europa.esig.dss.validation.reports.Reports; - -/** - *

- * ValidationReport holds information regarding the result of the validation process. - *

- * - */ -public class ValidationReport { - - private Reports rawDDSReport; - private ValidationResult validationResult ; - private String xmlSimpleReport; - private String xmlDetailedReport; - private String[] errors ; - private String[] warnings ; - - - /** Creates a validation report based on the result of a dss validator. - * @param ddsReport The dss report after the validation process. - */ - public ValidationReport(Reports ddsReport) { - this.rawDDSReport = ddsReport; - this.errors = new String[0]; - this.warnings = new String[0]; - this.xmlDetailedReport = ddsReport.getXmlDetailedReport(); - this.xmlSimpleReport = ddsReport.getXmlSimpleReport(); - - String signatureId = ddsReport.getDetailedReport().getFirstSignatureId(); - if (signatureId == null) { - this.validationResult = ValidationResult.NO_SIGNATURE; - } else { - String indication = ddsReport.getSimpleReport().getIndication(signatureId).name(); - - this.errors = new String[ddsReport.getDetailedReport().getErrors(signatureId).size()]; - ddsReport.getDetailedReport().getErrors(signatureId).toArray(this.errors); - - this.warnings = new String[ddsReport.getDetailedReport().getWarnings(signatureId).size()]; - ddsReport.getDetailedReport().getWarnings(signatureId).toArray(this.warnings); - - switch (indication) { - case "TOTAL_FAIL": - this.validationResult = ValidationResult.TOTAL_FAIL; - break; - case "INDETERMINATE": - this.validationResult = ValidationResult.INDETERMINATE; - break; - case "TOTAL_PASSED": - this.validationResult = ValidationResult.TOTAL_PASSED; - break; - } - } - } - - public Reports getRawDDSReport() { - return rawDDSReport; - } - - public ValidationResult getValidationResult() { - return validationResult; - } - - - public String getXmlSimpleReport() { - return xmlSimpleReport; - } - - - public String getXmlDetailedReport() { - return xmlDetailedReport; - } - - public String[] getErrors() { - return errors; - } - - public String[] getWarnings() { - return warnings; - } -} diff --git a/eseal/src/main/java/gr/grnet/eseal/ValidationResult.java b/eseal/src/main/java/gr/grnet/eseal/ValidationResult.java deleted file mode 100644 index 07459be..0000000 --- a/eseal/src/main/java/gr/grnet/eseal/ValidationResult.java +++ /dev/null @@ -1,38 +0,0 @@ -package gr.grnet.eseal; - -/** - *

- * Validation Results that can be used to determine the outcome of a pdf validation process. - *

- * - *

- * Generally and following ETSI standard, the validation process of an electronic signature - * must provide one of these three following statuses: TOTAL-FAILED, TOTAL-PASSED or INDETERMINATE. - *

- * - *

- * A {@link #TOTAL_PASSED} response indicates that the signature has passed verification and it complies with the signature validation policy. - *

- * - *

- * A {@link #TOTAL_FAIL} response indicates that either the signature format is incorrect or that the digital signature value fails the verification. - *

- * - *

- * An {@link #INDETERMINATE} validation response indicates that the format and digital signature verifications have not failed - * but there is an insufficient information to determine if the electronic signature is valid. - *

- * - * *

- * An {@link #NO_SIGNATURE} validation response indicates that the document contained no signatures - *

- */ -public enum ValidationResult { - TOTAL_PASSED, - TOTAL_FAIL, - INDETERMINATE, - NO_SIGNATURE; - - private ValidationResult() { - } -} \ No newline at end of file diff --git a/eseal/src/main/java/gr/grnet/eseal/X509CertificateTrustSource.java b/eseal/src/main/java/gr/grnet/eseal/X509CertificateTrustSource.java deleted file mode 100644 index d0e5cad..0000000 --- a/eseal/src/main/java/gr/grnet/eseal/X509CertificateTrustSource.java +++ /dev/null @@ -1,55 +0,0 @@ -package gr.grnet.eseal; - -import eu.europa.esig.dss.model.x509.CertificateToken; -import eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource; - -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.InputStream; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; - -/** - *

- * Trust source that will be supplied to the pdf validation process based on a x509 certificate source. - *

- */ -public class X509CertificateTrustSource { - - private X509Certificate cert; - private CommonTrustedCertificateSource commonTrustedCertificateSource; - - /** Creates an x509 certificate trust source validator from the given certificate(path to certificate). - * @param filepath path to the cert file. - */ - public X509CertificateTrustSource(String filepath) throws FileNotFoundException, CertificateException { - InputStream inStream = new FileInputStream(filepath); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - this.cert = (X509Certificate)cf.generateCertificate(inStream); - this.buildSource(); - } - - /** Creates an x509 certificate trust source validator from the given certificate. - * @param cert X509 certificate - */ - public X509CertificateTrustSource(X509Certificate cert) { - this.cert = cert; - this.buildSource(); - } - - public CommonTrustedCertificateSource getCommonTrustedCertificateSource() { - return commonTrustedCertificateSource; - } - - /** - * Builds the dss common trusted certificate source with the present x509 cert - */ - private void buildSource() { - CommonTrustedCertificateSource ctsf = new CommonTrustedCertificateSource(); - CertificateToken certificateToken = new CertificateToken(this.cert); - ctsf.addCertificate(certificateToken); - this.commonTrustedCertificateSource = ctsf; - } - -} diff --git a/eseal/src/test/java/gr/grnet/eseal/TestKeystoreTrustSource.java b/eseal/src/test/java/gr/grnet/eseal/TestKeystoreTrustSource.java deleted file mode 100644 index f00eda1..0000000 --- a/eseal/src/test/java/gr/grnet/eseal/TestKeystoreTrustSource.java +++ /dev/null @@ -1,64 +0,0 @@ -package gr.grnet.eseal; - -import eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource; -import org.junit.Test; - -import java.io.File; -import java.io.IOException; - -import static org.junit.Assert.assertEquals; - -public class TestKeystoreTrustSource { - - @Test - public void testX509CertificateTrustSourceFilePath() { - try { - KeystoreTrustSource keystoreTrustSource = - new KeystoreTrustSource( - TestX509CertificateTrustSource.class.getResource( - "/trustsource/eseal.truststore.jks").getFile(), - "eseal12345", - KeyStoreType.JKS); - - CommonTrustedCertificateSource commonTrustedCertificateSource = keystoreTrustSource.getCommonTrustedCertificateSource(); - assertEquals("Number of added certificates" , 1 ,commonTrustedCertificateSource.getNumberOfCertificates()); - assertEquals("Certificate info", - "C=GR,L=Athens,O=Ministry of Digital Governance,2.5.4.97=VATGR-997001671,OU=Class B - Private Key created and stored in software CSP,CN=Ministry of Digital Governance\\, Hellenic Republic,E=sec@mindigital.gr", - commonTrustedCertificateSource.getCertificates().get(0).getCertificate().getSubjectDN().getName()); - - } catch (Exception e) { - System.out.println(e.getMessage()); - } - } - - @Test - public void testX509CertificateTrustSourceFile() { - try { - KeystoreTrustSource keystoreTrustSource = - new KeystoreTrustSource( - new File(TestX509CertificateTrustSource.class.getResource( - "/trustsource/eseal.truststore.jks").getFile()), - "eseal12345", - KeyStoreType.JKS); - - CommonTrustedCertificateSource commonTrustedCertificateSource = keystoreTrustSource.getCommonTrustedCertificateSource(); - assertEquals("Number of added certificates" , 1 ,commonTrustedCertificateSource.getNumberOfCertificates()); - assertEquals("Certificate info", - "C=GR,L=Athens,O=Ministry of Digital Governance,2.5.4.97=VATGR-997001671,OU=Class B - Private Key created and stored in software CSP,CN=Ministry of Digital Governance\\, Hellenic Republic,E=sec@mindigital.gr", - commonTrustedCertificateSource.getCertificates().get(0).getCertificate().getSubjectDN().getName()); - - } catch (Exception e) { - System.out.println(e.getMessage()); - } - } - - @Test(expected = IOException.class) - public void testX509CertificateTrustSourceFileNotFound() throws IOException { - KeystoreTrustSource keystoreTrustSource = - new KeystoreTrustSource( - "/not/found", - "eseal12345", - KeyStoreType.JKS); - - } -} diff --git a/eseal/src/test/java/gr/grnet/eseal/TestPDFValidator.java b/eseal/src/test/java/gr/grnet/eseal/TestPDFValidator.java deleted file mode 100644 index 375cbce..0000000 --- a/eseal/src/test/java/gr/grnet/eseal/TestPDFValidator.java +++ /dev/null @@ -1,195 +0,0 @@ -package gr.grnet.eseal; - -import eu.europa.esig.dss.validation.executor.ValidationLevel; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Rule; -import org.junit.Test; -import java.io.File; -import java.io.FileInputStream; -import java.io.InputStream; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import eu.europa.esig.dss.model.DSSException; -import org.junit.rules.ExpectedException; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; - - -public class TestPDFValidator { - - static final String testPDFpath = "/declaration.pdf"; - - @Rule - public ExpectedException exceptionRule = ExpectedException.none(); - - @BeforeClass - public static void setUpBeforeClass() { - // Assert that files are present - assertNotNull("PDF file declaration.pdf is missing", TestPDFValidator.class.getResource(testPDFpath)); - } - - @Test - public void testPdfLoadFromPath() { - // check that the pdf validator loads a file from a path - PDFValidator pdfValidator = new PDFValidator(TestPDFValidator.class.getResource(testPDFpath).getFile()); - assertNotNull("Loading of the pdf document from path", pdfValidator.getPdfDocument()); - } - - @Test - public void testPDFLoadFromFile() { - // check that the pdf validator loads a file from a File object - File pdfFile = new File(TestPDFValidator.class.getResource(testPDFpath).getFile()); - PDFValidator pdfValidator = new PDFValidator(pdfFile); - assertNotNull("Loading of the pdf document from file", pdfValidator.getPdfDocument()); - } - - @Test(expected = DSSException.class) - public void testPDFLoadInvalidPath() { - try { - // error when the pdf path is not valid - PDFValidator pdfValidator = new PDFValidator("/unknown/path"); - assertNotNull("Loading of the pdf document from file", pdfValidator.getPdfDocument()); - } catch (DSSException dsse) { - assertEquals("File not found exception", "File Not Found: /unknown/path", dsse.getMessage()); - throw dsse; - } - } - - @Test - public void testDetermineLevel() { - PDFValidator pdfValidator = new PDFValidator(TestPDFValidator.class.getResource(testPDFpath).getFile()); - assertEquals("Test BASIC_SIGNATURES mapping", ValidationLevel.BASIC_SIGNATURES, pdfValidator.determineLevel(gr.grnet.eseal.ValidationLevel.BASIC_SIGNATURES)); - assertEquals("Test TIMESTAMPS mapping",ValidationLevel.TIMESTAMPS, pdfValidator.determineLevel(gr.grnet.eseal.ValidationLevel.TIMESTAMPS)); - assertEquals("TEST LONG_TERM_DATA mapping",ValidationLevel.LONG_TERM_DATA, pdfValidator.determineLevel(gr.grnet.eseal.ValidationLevel.LONG_TERM_DATA)); - assertEquals("TEST ARCHIVAL_DATA mapping",ValidationLevel.ARCHIVAL_DATA, pdfValidator.determineLevel(gr.grnet.eseal.ValidationLevel.ARCHIVAL_DATA)); - } - - @Test - public void testValidateWithX509CertificateTrustSourceTotalPASS() { - - PDFValidator pdfValidator = new PDFValidator(TestPDFValidator.class.getResource(testPDFpath).getFile()); - X509Certificate cert = null ; - - try { - InputStream inStream = new FileInputStream(TestPDFValidator.class.getResource("/x509source/x509CA.cer").getFile()); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - cert = (X509Certificate) cf.generateCertificate(inStream); - } catch (Exception e) { - System.out.println(e.getMessage()); - } - - X509CertificateTrustSource x509source = new X509CertificateTrustSource(cert); - - ValidationReport vr = pdfValidator.validate(gr.grnet.eseal.ValidationLevel.BASIC_SIGNATURES, x509source); - String[] errors = new String[]{"Unable to build a certificate chain until a trusted list!"}; - assertEquals(ValidationResult.TOTAL_PASSED, vr.getValidationResult()); - Assert.assertArrayEquals("Expected detailed warnings", new String[0], vr.getWarnings()); - Assert.assertArrayEquals("Expected detailed errors", errors, vr.getErrors()); - } - - @Test - public void testValidateWithX509CertificateTrustSourceINDETERMINATEandTIMESTAMPS() { - - PDFValidator pdfValidator = new PDFValidator(TestPDFValidator.class.getResource(testPDFpath).getFile()); - X509Certificate cert = null ; - - try { - InputStream inStream = new FileInputStream(TestPDFValidator.class.getResource("/x509source/unknownCA.pem").getFile()); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - cert = (X509Certificate) cf.generateCertificate(inStream); - } catch (Exception e) { - System.out.println(e.getMessage()); - } - - X509CertificateTrustSource x509source = new X509CertificateTrustSource(cert); - - ValidationReport vr = pdfValidator.validate(gr.grnet.eseal.ValidationLevel.TIMESTAMPS, x509source); - - String[] warnings = new String[]{ - "The signature/seal is an INDETERMINATE AdES digital signature!", - "The signed attribute: 'signing-certificate' is present more than once!" - }; - - String[] errors = new String[]{ - "Unable to build a certificate chain until a trusted list!", - "The result of the Basic validation process is not conclusive!", - "The certificate chain for signature is not trusted, it does not contain a trust anchor.", - "The result of the timestamps validation process is not conclusive!", - "The certificate chain for timestamp is not trusted, it does not contain a trust anchor.", - }; - - assertEquals(ValidationResult.INDETERMINATE, vr.getValidationResult()); - Assert.assertArrayEquals("Expected detailed warnings", warnings, vr.getWarnings()); - Assert.assertArrayEquals("Expected detailed errors", errors, vr.getErrors()); - assertEquals(ValidationResult.INDETERMINATE, vr.getValidationResult()); - } - - @Test - public void testValidateWithX509CertificateTrustSourceNoSign() { - - PDFValidator pdfValidator = new PDFValidator(TestPDFValidator.class.getResource("/simple-no-sign.pdf").getFile()); - X509Certificate cert = null ; - - try { - InputStream inStream = new FileInputStream(TestPDFValidator.class.getResource("/x509source/x509CA.cer").getFile()); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - cert = (X509Certificate) cf.generateCertificate(inStream); - } catch (Exception e) { - System.out.println(e.getMessage()); - } - - X509CertificateTrustSource x509source = new X509CertificateTrustSource(cert); - - ValidationReport vr = pdfValidator.validate(gr.grnet.eseal.ValidationLevel.BASIC_SIGNATURES, x509source); - assertEquals(ValidationResult.NO_SIGNATURE, vr.getValidationResult()); - Assert.assertArrayEquals("Expected detailed warnings", new String[0], vr.getWarnings()); - Assert.assertArrayEquals("Expected detailed errors", new String[0], vr.getErrors()); - } - - @Test - public void testValidateWithKeystoreTrustSourceTotalPASS() { - - PDFValidator pdfValidator = new PDFValidator(TestPDFValidator.class.getResource(testPDFpath).getFile()); - KeystoreTrustSource keystoreTrustSource = null ; - - try { - keystoreTrustSource = - new KeystoreTrustSource( - new File(TestX509CertificateTrustSource.class.getResource( - "/trustsource/eseal.truststore.jks").getFile()), - "eseal12345", - KeyStoreType.JKS); - } catch (Exception e) { - System.out.println(e.getMessage()); - } - - ValidationReport vr = pdfValidator.validate(gr.grnet.eseal.ValidationLevel.BASIC_SIGNATURES, keystoreTrustSource); - String[] errors = new String[]{"Unable to build a certificate chain until a trusted list!"}; - assertEquals(ValidationResult.TOTAL_PASSED, vr.getValidationResult()); - Assert.assertArrayEquals("Expected detailed warnings", new String[0], vr.getWarnings()); - Assert.assertArrayEquals("Expected detailed errors", errors, vr.getErrors()); - } - - @Test - public void testValidateWithTLTrustSourceTotalPASS() { - - PDFValidator pdfValidator = new PDFValidator(TestPDFValidator.class.getResource(testPDFpath).getFile()); - - TLTrustSource tlTrustSource = new TLTrustSource(TrustedListURL.GREECE); - - ValidationReport vr = pdfValidator.validate(gr.grnet.eseal.ValidationLevel.BASIC_SIGNATURES, tlTrustSource); - String[] errors = new String[]{}; - String[] warnings = new String[]{ - "The certificate is not for eSig at issuance time!", - "The private key does not reside in a QSCD at issuance time!", - "The certificate is not for eSig at (best) signing time!", - "The private key does not reside in a QSCD at (best) signing time!", - "The trusted list is not well signed!", - "The signer's certificate does not have an expected key-usage!" - }; - assertEquals(ValidationResult.TOTAL_PASSED, vr.getValidationResult()); - Assert.assertArrayEquals("Expected detailed warnings", warnings, vr.getWarnings()); - Assert.assertArrayEquals("Expected detailed errors", errors, vr.getErrors()); - } -} diff --git a/eseal/src/test/java/gr/grnet/eseal/TestX509CertificateTrustSource.java b/eseal/src/test/java/gr/grnet/eseal/TestX509CertificateTrustSource.java deleted file mode 100644 index c0bb085..0000000 --- a/eseal/src/test/java/gr/grnet/eseal/TestX509CertificateTrustSource.java +++ /dev/null @@ -1,71 +0,0 @@ -package gr.grnet.eseal; - -import eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource; -import org.junit.Test; -import static org.junit.Assert.assertEquals; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.InputStream; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; - -public class TestX509CertificateTrustSource { - - @Test - public void testX509CertificateTrustSourceFile() { - try { - X509CertificateTrustSource x509CertificateTrustSource = - new X509CertificateTrustSource(TestX509CertificateTrustSource.class.getResource("/x509source/x509CA.cer").getFile()); - - CommonTrustedCertificateSource commonTrustedCertificateSource = x509CertificateTrustSource.getCommonTrustedCertificateSource(); - assertEquals("Number of added certificates" , 1 ,commonTrustedCertificateSource.getNumberOfCertificates()); - assertEquals("Certificate info", - "EMAILADDRESS=sec@mindigital.gr, CN=\"Ministry of Digital Governance, Hellenic Republic\", OU=Class B - Private Key created and stored in software CSP, OID.2.5.4.97=VATGR-997001671, O=Ministry of Digital Governance, L=Athens, C=GR", - commonTrustedCertificateSource.getCertificates().get(0).getCertificate().getSubjectDN().getName()); - - } catch (Exception e) { - System.out.println(e.getMessage()); - } - } - - @Test - public void testX509CertificateTrustSourceCERTObj() { - - X509Certificate cert = null; - - try { - InputStream inStream = new FileInputStream(TestX509CertificateTrustSource.class.getResource("/x509source/x509CA.cer").getFile()); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - cert = (X509Certificate) cf.generateCertificate(inStream); - } catch (Exception e) { - System.out.println(e.getMessage()); - } - - X509CertificateTrustSource x509CertificateTrustSource = new X509CertificateTrustSource(cert); - - CommonTrustedCertificateSource commonTrustedCertificateSource = x509CertificateTrustSource.getCommonTrustedCertificateSource(); - assertEquals("Number of added certificates", 1, commonTrustedCertificateSource.getNumberOfCertificates()); - assertEquals("Certificate info", - "EMAILADDRESS=sec@mindigital.gr, CN=\"Ministry of Digital Governance, Hellenic Republic\", OU=Class B - Private Key created and stored in software CSP, OID.2.5.4.97=VATGR-997001671, O=Ministry of Digital Governance, L=Athens, C=GR", - commonTrustedCertificateSource.getCertificates().get(0).getCertificate().getSubjectDN().getName()); - } - - @Test(expected = FileNotFoundException.class) - public void testX509CertificateTrustSourceNotFound() throws Exception{ - try { - X509CertificateTrustSource x509CertificateTrustSource = new X509CertificateTrustSource("/not/found"); - } catch (Exception e) { - throw e; - } - } - - @Test(expected = CertificateException.class) - public void testX509CertificateTrustSourceNoCert() throws Exception{ - try { - X509CertificateTrustSource x509CertificateTrustSource = new X509CertificateTrustSource(TestX509CertificateTrustSource.class.getResource("/declaration.pdf").getFile()); - } catch (Exception e) { - throw e; - } - } -} diff --git a/eseal/src/test/resources/declaration.pdf b/eseal/src/test/resources/declaration.pdf deleted file mode 100644 index f769a33..0000000 Binary files a/eseal/src/test/resources/declaration.pdf and /dev/null differ diff --git a/eseal/src/test/resources/simple-no-sign.pdf b/eseal/src/test/resources/simple-no-sign.pdf deleted file mode 100644 index dbf091d..0000000 Binary files a/eseal/src/test/resources/simple-no-sign.pdf and /dev/null differ diff --git a/eseal/src/test/resources/trustsource/eseal.truststore.jks b/eseal/src/test/resources/trustsource/eseal.truststore.jks deleted file mode 100644 index bfd4768..0000000 Binary files a/eseal/src/test/resources/trustsource/eseal.truststore.jks and /dev/null differ diff --git a/eseal/src/test/resources/x509source/unknownCA.pem b/eseal/src/test/resources/x509source/unknownCA.pem deleted file mode 100644 index 81ef9a6..0000000 --- a/eseal/src/test/resources/x509source/unknownCA.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEzTCCAzWgAwIBAgIQaMurbevAmTVsNpiUsvE0ITANBgkqhkiG9w0BAQsFADB/ -MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExKjAoBgNVBAsMIWFnZWxv -c0BBbmdlbG9zcy1NYWNCb29rLVByby5sb2NhbDExMC8GA1UEAwwobWtjZXJ0IGFn -ZWxvc0BBbmdlbG9zcy1NYWNCb29rLVByby5sb2NhbDAeFw0xODEyMTkxOTE2NDJa -Fw0yODEyMTkxOTE2NDJaMH8xHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBD -QTEqMCgGA1UECwwhYWdlbG9zQEFuZ2Vsb3NzLU1hY0Jvb2stUHJvLmxvY2FsMTEw -LwYDVQQDDChta2NlcnQgYWdlbG9zQEFuZ2Vsb3NzLU1hY0Jvb2stUHJvLmxvY2Fs -MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAy5l/JqCnGKZ7hidVlAYX -6LGVEmuuOkBFEdcmj/im3/PX5a30VUXFY9HAyK+PWXvfA3rz+OLAiGnE0ZUCR8Xu -b0UN+UhzshVL4qtXi9CyMcrqct1zvGB4rlHX75PThH2scO/Uzv30F8Lx2TyjkPWk -CJIBI7JQyrtTY1puFB/LmyysjOMZ6XXRMba0a9PdwUVwC182j6JUcHD9gp4FMjBW -g5jddqrJmYBh1hC0fG7thC+fEwDWkaHS9p/fcHhLcDiJssK738GfMaspbCClCetH -zwhFfqY2Q0IE7Wj9QERoX+WnhFrgIs4bIc6KO5FLyqUGv4k14YMJmB4Ivp7eEwdA -45/3/DM+pJj72vBZUrPfo8sPUnThBUuL05toVmJtHYzM/HrdWn/usgz9tufgbd9/ -KTzxs++ZI1bK4kGcAETNjckWHJg9nDMyAf8u+nwdkq9K+t+hWSGstEvahGr6Sneg -Jgw9Jp+V5zHxDMZBT7IMo1oAO4shum4hoH59Nzp7UcgbAgMBAAGjRTBDMA4GA1Ud -DwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBRABUeAfGZ1 -/6tsMYeSuWSNBQoFDzANBgkqhkiG9w0BAQsFAAOCAYEADs72GyWsaSvJFC/y4BmX -16+B3+PxKjx94778wuXoDAG359cwoQOaCMbVuIqFnHRLf1Mvla4InFHuDAZj1fbQ -TeATv8f3zMvvSNLswG/Neuc3ibqsgjcrQbNcwJgimaFP13Z9GUyp7oMbdc44vYsN -OrGmkOHM3JEFrFC2nrpS6jx3bBeQe2lbQehtH2ixABwICulV83IsQvDTCi0clWv/ -0jSRIKSC0Zz+5PM/Hi7M7o/ed7+8se1UZyuGk2PpWR1GlwMNDCfLD7mfOPz1yhW/ -UTIE0CFvYFjmI2+PYXiJNyrX1KfnJWpNmzsRi6Ef1SlXblDlA4AQoq7K4GzNwd0y -e20/7Z+BvUEks/rRXitjasKUtc7/YYOxjykHTkbgE2FOJiqk0S8G7fZqdH3DP7xs -YeBqLtiuGPYK+bQPJt6kYEd9R4B8lnjDHWFgOhjHazo/5PpS52x0RieMLvzZd/2o -klaGnnQ9P4srwQ73Usyi2/31mAX9InDyij7nDYP/gAhZ ------END CERTIFICATE----- diff --git a/eseal/src/test/resources/x509source/x509CA.cer b/eseal/src/test/resources/x509source/x509CA.cer deleted file mode 100644 index 82569d9..0000000 Binary files a/eseal/src/test/resources/x509source/x509CA.cer and /dev/null differ