Merge branch 'master' of gitlab.ext.cyber.ee:cdoc2/cdoc2-java-ref-impl

Author: jann0k

cdoc2-example-app/README.md

@@ -11,26 +11,51 @@ Requirements:
 Configure cdoc2 maven dependencies: https://github.com/open-eid/cdoc2-java-ref-impl/tree/master?tab=readme-ov-file#maven-dependencies
 
 ```bash
-mvnw install
+mvn install
 ```
 
 ## Run
 
-Convert CDOC1 -> CDOC2 with password:
+
+Install cdoc2-cli:
 ```bash
-java -jar target/cdoc2-converter-1.0-SNAPSHOT.jar --cdoc=src/test/resources/cdoc/valid_cdoc11_ECC.cdoc2 -p12=src/test/resources/ecc/ecc.p12:test --cdoc2=out.cdoc2
+mvn dependency:copy -Dartifact=ee.cyber.cdoc2:cdoc2-cli:1.6.0 -DoutputDirectory=./target
 ```
 
-Install cdoc2-cli:
+Convert CDOC1 -> CDOC2 with password:
 ```bash
-mvn dependency:copy -Dartifact=ee.cyber.cdoc2:cdoc2-cli:1.2.0 -DoutputDirectory=./target
+java -jar target/cdoc2-example-app-1.1-SNAPSHOT.jar cdoc-convert --cdoc=src/test/resources/cdoc/valid_cdoc11_ECC.cdoc -p12=src/test/resources/ecc/ecc.p12:test --cdoc2=out.cdoc2
 ```
 
 Decrypt `out.cdoc2`:
 ```bash
-java -jar target/cdoc2-cli-1.2.0.jar decrypt --file=out.cdoc2 -pw
+java -jar target/cdoc2-cli-1.6.0.jar decrypt --file=out.cdoc2 -pw
 ```
 
+Create ASICE file:
+```bash
+java -jar target/cdoc2-example-app-1.1-SNAPSHOT.jar asic -f digidoc4j.asice README.md pom.xml
+```
+
+#### `.asic` container encryption
+
+* Files from unsigned `.asic` container are extracted before encryption, then encrypted/decrypted.
+* Signed `.asic` container is encrypted and decrypted without files extraction from it.
+  `.asic` container opening and signature verification is a very extensive process and will take 
+  few minutes to print log messages in about 78MB. Read explanation [here](https://github.com/open-eid/digidoc4j/wiki/Questions-&-Answers#why-is-the-library-that-slow).
+  Create signed container example `signed.asice` and test the encryption:
+
+Encrypt signed ASICE -> CDOC2 with password:
+```bash
+java -jar target/cdoc2-example-app-1.1-SNAPSHOT.jar asic-convert --asic=src/test/resources/asic/signed.asice --cdoc2=signedAsic.cdoc2
+```
+
+Encrypt non-signed ASICE -> CDOC2 with password:
+```bash
+java -jar target/cdoc2-example-app-1.1-SNAPSHOT.jar asic-convert --asic=src/test/resources/asic/no-signature.asice --cdoc2=extractedFiles.cdoc2 --tmp=/tmp 
+```
+
+
 ## Code Walkthrough
 
 * `ee.cyber.cdoc2.converter.util.Util#reEncrypt` demonstrates howto decrypt CDOC1 file and create CDOC2

cdoc2-example-app/pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>ee.cyber.cdoc2.converter</groupId>
     <artifactId>cdoc2-example-app</artifactId>
-    <version>1.0-SNAPSHOT</version>
+    <version>1.1-SNAPSHOT</version>
     <description>Example application for cdoc2 usage. Converts cdoc to cdoc2</description>
 
     <properties>
@@ -35,7 +35,7 @@
         <dependency>
             <groupId>ee.cyber.cdoc2</groupId>
             <artifactId>cdoc2-lib</artifactId>
-            <version>2.0.0</version>
+            <version>3.0.0</version>
         </dependency>
         <dependency>
             <groupId>org.open-eid.cdoc4j</groupId>
@@ -67,6 +67,11 @@
             <artifactId>picocli</artifactId>
             <version>4.7.6</version>
         </dependency>
+        <dependency>
+            <groupId>org.digidoc4j</groupId>
+            <artifactId>digidoc4j</artifactId>
+            <version>6.0.0</version>
+        </dependency>
     </dependencies>
 
     <build>
@@ -94,7 +99,7 @@
                     <transformers>
                         <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
                             <manifestEntries>
-                                <Main-Class>ee.cyber.cdoc2.converter.ConverterCmd</Main-Class>
+                                <Main-Class>ee.cyber.cdoc2.converter.CDocConverterCli</Main-Class>
                             </manifestEntries>
                         </transformer>
                     </transformers>

cdoc2-example-app/src/main/java/ee/cyber/cdoc2/converter/AsicConverterCmd.java

@@ -0,0 +1,103 @@
+package ee.cyber.cdoc2.converter;
+
+import ee.cyber.cdoc2.converter.util.CommonService;
+import ee.cyber.cdoc2.converter.util.Util;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.digidoc4j.Container;
+import org.digidoc4j.ContainerOpener;
+import org.digidoc4j.ContainerValidationResult;
+import org.digidoc4j.DataFile;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Option;
+
+import java.io.File;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.Callable;
+
+@Command(name = "asic-convert")
+@SuppressWarnings("squid:S106")
+public class AsicConverterCmd implements Callable<Void> {
+
+    private static final Logger log = LoggerFactory.getLogger(AsicConverterCmd.class);
+
+    @Option(names = {"-f", "-a", "--asic" }, required = true,
+        paramLabel = "ASIC", description = "the ASIC file")
+    File asicFile;
+
+    @Option(names = {"-o", "--out", "--cdoc2"}, required = false,
+        paramLabel = "CDOC2", description = "the CDOC2 file")
+    File cdoc2FileOption;
+
+    @Option(names = { "--tmp"}, required = false,
+        paramLabel = "DIR",
+        description = "temp directory used for temporary files extracted from ASIC container")
+    Path tempDir = null;
+
+    @Option(names= {"--label"}, required = false,
+        paramLabel = "label", description = "cdoc2 recipient label")
+    String labelOption;
+
+    @Option(names = { "-h", "--help" }, usageHelp = false, description = "display a help message")
+    private boolean helpRequested = false;
+
+    @Override
+    public Void call() throws Exception {
+
+        char[] password = CommonService.askPassword();
+        String label = CommonService.getLabel(labelOption);
+
+        File cdoc2File = CommonService.getCdoc2File(cdoc2FileOption, asicFile);
+
+        if (!asicFile.getPath().contains(".asic")) {
+            throw new CommandLine.TypeConversionException(
+                "Missing required file extension .asice for conversion"
+            );
+        }
+
+        encrypt(cdoc2File, asicFile, label, password);
+        System.out.println("Created cdoc2 " + cdoc2File.getAbsolutePath());
+
+        return null;
+    }
+
+    private void encrypt(File cdoc2OutFile, File incomingFile, String label, char[] password)
+        throws Exception{
+
+        Container container = ContainerOpener.open(incomingFile.getPath());
+        ContainerValidationResult result = container.validate();
+
+        boolean isContainerValid = result.isValid();
+        if (!isContainerValid) {
+            Util.encrypt(cdoc2OutFile, List.of(incomingFile), label, password);
+            return;
+        }
+
+        List<File> extractedFiles = checkSignatureOrExtractFiles(container, incomingFile);
+        Util.encrypt(cdoc2OutFile, extractedFiles, label, password);
+    }
+
+    private List<File> checkSignatureOrExtractFiles(
+        Container container,
+        File incomingFile
+    ) {
+        if (!container.getSignatures().isEmpty()) {
+            return List.of(incomingFile);
+        } else {
+            List<DataFile> dataFiles = container.getDataFiles();
+            List<File> extractedFiles = new ArrayList<>();
+            for (DataFile dataFile : dataFiles) {
+                String incomingFilePath = incomingFile.getPath();
+                String outFilePath =
+                    incomingFilePath.substring(0, incomingFilePath.lastIndexOf("/") + 1);
+                String extractedFile = outFilePath + "/" + dataFile.getName();
+                dataFile.saveAs(extractedFile);
+                extractedFiles.add(new File(extractedFile));
+            }
+            return extractedFiles;
+        }
+    }
+}

cdoc2-example-app/src/main/java/ee/cyber/cdoc2/converter/CDocConverterCli.java

@@ -0,0 +1,41 @@
+package ee.cyber.cdoc2.converter;
+
+import ee.cyber.cdoc2.converter.AsicConverterCmd;
+import ee.cyber.cdoc2.converter.CdocConverterCmd;
+import ee.cyber.cdoc2.converter.CreateAsicContainerCmd;
+
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Option;
+
+import java.util.concurrent.Callable;
+
+@SuppressWarnings("java:S106")
+@Command(
+        version = {"cdoc2-cli version: 1.6.0", "cdoc2-lib version: 3.0.0"},
+        name = "cdoc2-example-app",
+        header = "\r\ncdoc2-example-app is a command line interface for converting cdoc or asic "
+            + "documents to cdoc2\r\n",
+        customSynopsis = { "cdoc [cdoc-convert] <arguments>",
+                "cdoc [asic] <arguments>", "cdoc [asic-convert] <arguments>"},
+        subcommands = {CdocConverterCmd.class, CreateAsicContainerCmd.class, AsicConverterCmd.class}
+)
+public class CDocConverterCli implements Callable<Void> {
+
+    public static void main(String... args) {
+        if (args.length == 0) {
+            CommandLine.usage(new CDocConverterCli(), System.out);
+            CommandLine.usage(new CdocConverterCmd(), System.out);
+            CommandLine.usage(new CreateAsicContainerCmd(), System.out);
+            CommandLine.usage(new AsicConverterCmd(), System.out);
+        }
+        int exitCode = new CommandLine(new CDocConverterCli()).execute(args);
+
+        System.exit(exitCode);
+    }
+
+    @Override
+    public Void call() {
+        return null;
+    }
+}

cdoc2-example-app/src/main/java/ee/cyber/cdoc2/converter/CdocConverterCmd.java

@@ -0,0 +1,67 @@
+package ee.cyber.cdoc2.converter;
+
+import ee.cyber.cdoc2.converter.util.CommonService;
+import ee.cyber.cdoc2.converter.util.Util;
+import org.openeid.cdoc4j.token.Token;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Option;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.nio.file.Path;
+import java.util.Objects;
+import java.util.concurrent.Callable;
+
+@Command(name = "cdoc-convert")
+@SuppressWarnings("squid:S106")
+public class CdocConverterCmd implements Callable<Void> {
+
+    private static final Logger log = LoggerFactory.getLogger(CdocConverterCmd.class);
+
+    @Option(names = {"-p12"}, required = true, paramLabel = "FILE.p12",
+        description = "Load private key for decryption from .p12 file (FILE.p12:password)")
+    String p12;
+
+    @Option(names = {"-f", "-c", "--cdoc" }, required = true,
+        paramLabel = "CDOC", description = "the CDOC file")
+    File cdocFile;
+
+    @Option(names = {"-o", "--out", "--cdoc2"}, required = false,
+        paramLabel = "CDOC2", description = "the CDOC2 file")
+    File cdoc2FileOption;
+
+    @Option(names = { "--tmp"}, required = false,
+        paramLabel = "DIR", description = "temp directory used for temporary files extracted from CDOC")
+    Path tempDir = null;
+
+    @Option(names= {"--label"}, required = false,
+        paramLabel = "label", description = "cdoc2 recipient label")
+    String labelOption;
+
+    @Option(names = { "-h", "--help" }, usageHelp = false, description = "display a help message")
+    private boolean helpRequested = false;
+
+    @Override
+    public Void call() throws Exception {
+
+        char[] password = CommonService.askPassword();
+        String label = CommonService.getLabel(labelOption);
+
+        File cdoc2File = CommonService.getCdoc2File(cdoc2FileOption, cdocFile);
+
+        Objects.requireNonNull(p12);
+        Token token = Util.readPkcs12Token(p12);
+
+        try (InputStream cdocIs = new FileInputStream(cdocFile)) {
+            Util.reEncrypt(cdocIs, token, cdoc2File, label, password, tempDir);
+        }
+
+        System.out.println("Created cdoc2 " + cdoc2File.getAbsolutePath());
+
+        return null;
+    }
+}