Skip to content

ASiC-S LTA extending support #650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

ASiC-S LTA extending support #650

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2dcc2c7
ASiC-S TimeStamp creation support
metsma Sep 30, 2024
8954350
Extend XAdES LTA signatures
metsma Sep 3, 2024
8f34452
Validate ASiC-S manifest containers
metsma Dec 16, 2024
a99f64d
ASiC-S LTA extending support
metsma Dec 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions examples/DigiDocCSharp/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,11 @@ private static void Verify(string file)
Console.WriteLine("Time: " + s.trustedSigningTime());
Console.WriteLine("Cert: " + s.signingCertificate().Subject);
Console.WriteLine("TimeStamp: " + s.TimeStampCertificate().Subject);
foreach (TSAInfo tsaInfo in s.ArchiveTimeStamps())
{
Console.WriteLine("Archive Time: " + tsaInfo.time);
Console.WriteLine("Archive Cert: " + tsaInfo.cert.Subject);
}

s.validate();
Console.WriteLine("Signature is valid");
Expand Down
4 changes: 4 additions & 0 deletions examples/java/src/main/java/ee/ria/libdigidocpp/libdigidocpp.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,10 @@ static void verify(String file) {
System.out.println("Time: " + signature.trustedSigningTime());
System.out.println("Cert: " + signature.signingCertificate().getSubjectDN().toString());
System.out.println("TimeStamp Cert: " + signature.TimeStampCertificate().getSubjectDN().toString());
for(TSAInfo tsaInfo : signature.ArchiveTimeStamps()) {
System.out.println("Archive Time: " + tsaInfo.getTime());
System.out.println("Archive Cert: " + tsaInfo.getCert().getSubjectDN().toString());
}

try
{
Expand Down
28 changes: 23 additions & 5 deletions libdigidocpp.i
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,15 +96,17 @@ static std::vector<unsigned char>* SWIG_JavaArrayToVectorUnsignedChar(JNIEnv *je
%{ $1 = SWIG_JavaArrayToVectorUnsignedChar(jenv, $input); %}
%typemap(out, fragment="SWIG_VectorUnsignedCharToJavaArray") std::vector<unsigned char>, digidoc::X509Cert
%{ $result = SWIG_VectorUnsignedCharToJavaArray(jenv, $1); %}
%typemap(jtype) std::vector<unsigned char>, digidoc::X509Cert "byte[]"
%typemap(out, fragment="SWIG_VectorUnsignedCharToJavaArray") digidoc::X509Cert *
%{ $result = SWIG_VectorUnsignedCharToJavaArray(jenv, *$1); %}
%typemap(jtype) std::vector<unsigned char>, digidoc::X509Cert, digidoc::X509Cert * "byte[]"
%typemap(jstype) std::vector<unsigned char> "byte[]"
%typemap(jstype) digidoc::X509Cert "java.security.cert.X509Certificate"
%typemap(jni) std::vector<unsigned char>, digidoc::X509Cert "jbyteArray"
%typemap(jstype) digidoc::X509Cert, digidoc::X509Cert* "java.security.cert.X509Certificate"
%typemap(jni) std::vector<unsigned char>, digidoc::X509Cert, digidoc::X509Cert * "jbyteArray"
%typemap(javain) std::vector<unsigned char>, digidoc::X509Cert "$javainput"
%typemap(javaout) std::vector<unsigned char> {
return $jnicall;
}
%typemap(javaout, throws="java.security.cert.CertificateException, java.io.IOException") digidoc::X509Cert {
%typemap(javaout, throws="java.security.cert.CertificateException, java.io.IOException") digidoc::X509Cert, digidoc::X509Cert * {
byte[] der = $jnicall;
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X509");
try (java.io.ByteArrayInputStream is = new java.io.ByteArrayInputStream(der)) {
Expand All @@ -114,7 +116,7 @@ static std::vector<unsigned char>* SWIG_JavaArrayToVectorUnsignedChar(JNIEnv *je

#elif defined(SWIGCSHARP)
%typemap(cstype) std::vector<unsigned char> "byte[]"
%typemap(cstype) digidoc::X509Cert "System.Security.Cryptography.X509Certificates.X509Certificate2"
%typemap(cstype) digidoc::X509Cert, digidoc::X509Cert* "System.Security.Cryptography.X509Certificates.X509Certificate2"
%typemap(csin, pre= " global::System.IntPtr cPtr$csinput = digidocPINVOKE.ByteVector_to($csinput, $csinput.Length);
var handleRef$csinput = new global::System.Runtime.InteropServices.HandleRef(this, cPtr$csinput);"
) std::vector<unsigned char> "handleRef$csinput"
Expand All @@ -132,6 +134,14 @@ static std::vector<unsigned char>* SWIG_JavaArrayToVectorUnsignedChar(JNIEnv *je
$modulePINVOKE.ByteVector_free(cPtr);
return new System.Security.Cryptography.X509Certificates.X509Certificate2(der);
}
%typemap(csvarout, excode=SWIGEXCODE2) digidoc::X509Cert * %{
get {
global::System.IntPtr cPtr = $imcall;$excode
byte[] der = new byte[$modulePINVOKE.ByteVector_size(cPtr)];
global::System.Runtime.InteropServices.Marshal.Copy($modulePINVOKE.ByteVector_data(cPtr), der, 0, der.Length);
$modulePINVOKE.ByteVector_free(cPtr);
return new System.Security.Cryptography.X509Certificates.X509Certificate2(der);
} %}
%typemap(out) std::vector<unsigned char> %{ $result = new std::vector<unsigned char>(std::move($1)); %}
%typemap(out) digidoc::X509Cert %{ $result = new std::vector<unsigned char>($1); %}

Expand All @@ -154,6 +164,10 @@ static std::vector<unsigned char>* SWIG_JavaArrayToVectorUnsignedChar(JNIEnv *je
std::vector<unsigned char> temp = $1;
$result = PyBytes_FromStringAndSize((const char*)temp.data(), temp.size());
}
%typemap(out) digidoc::X509Cert * {
std::vector<unsigned char> temp = *$1;
$result = PyBytes_FromStringAndSize((const char*)temp.data(), temp.size());
}
#endif
%typemap(freearg) std::vector<unsigned char>
%{ delete $1; %}
Expand Down Expand Up @@ -205,6 +219,9 @@ static std::vector<unsigned char>* SWIG_JavaArrayToVectorUnsignedChar(JNIEnv *je
%newobject digidoc::Container::open;
%newobject digidoc::Container::create;

%immutable digidoc::TSAInfo::cert;
%immutable digidoc::TSAInfo::time;

%feature("director") digidoc::ContainerOpenCB;

%typemap(javacode) digidoc::Conf %{
Expand Down Expand Up @@ -262,6 +279,7 @@ def transfer(self):
%template(StringMap) std::map<std::string,std::string>;
%template(DataFiles) std::vector<digidoc::DataFile*>;
%template(Signatures) std::vector<digidoc::Signature*>;
%template(TSAInfos) std::vector<digidoc::TSAInfo>;

%extend digidoc::Container {
static digidoc::Container* open(const std::string &path, digidoc::ContainerOpenCB *cb)
Expand Down
50 changes: 36 additions & 14 deletions src/ASiC_S.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,11 @@

#include "SignatureTST.h"
#include "SignatureXAdES_LTA.h"
#include "crypto/Signer.h"
#include "util/algorithm.h"
#include "util/File.h"
#include "util/log.h"

#include <algorithm>
#include <sstream>

using namespace digidoc;
Expand All @@ -45,19 +46,20 @@ ASiC_S::ASiC_S(const string &path)
: ASiContainer(MIMETYPE_ASIC_S)
{
auto z = load(path, false, {mediaType()});
auto starts_with = [](string_view str, string_view needle) constexpr {
return str.size() >= needle.size() && str.compare(0, needle.size(), needle) == 0;
};

bool foundManifest = false;
bool foundTimestamp = false;
for(const string &file: z.list())
{
if(file == "mimetype")
continue;
if(file == "META-INF/timestamp.tst")
foundTimestamp = true;
if(file == "META-INF/ASiCArchiveManifest.xml")
{
if(!signatures().empty())
THROW("Can not add signature to ASiC-S container which already contains a signature.");
addSignature(make_unique<SignatureTST>(z.extract<stringstream>(file).str(), this));
addSignature(make_unique<SignatureTST>(true, z, this));
foundManifest = true;
}
else if(file == "META-INF/signatures.xml")
{
Expand All @@ -68,8 +70,6 @@ ASiC_S::ASiC_S(const string &path)
for(auto s = signatures->signature(); s; s++)
addSignature(make_unique<SignatureXAdES_LTA>(signatures, s, this));
}
else if(file == "META-INF/ASiCArchiveManifest.xml")
THROW("ASiCArchiveManifest are not supported.");
else if(starts_with(file, "META-INF/"))
continue;
else if(const auto directory = File::directory(file);
Expand All @@ -80,16 +80,34 @@ ASiC_S::ASiC_S(const string &path)
else
addDataFile(dataStream(file, z), file, "application/octet-stream");
}
if(!foundManifest && foundTimestamp)
{
if(!signatures().empty())
THROW("Can not add signature to ASiC-S container which already contains a signature.");
addSignature(make_unique<SignatureTST>(false, z, this));
}

if(dataFiles().empty())
THROW("ASiC-S container does not contain any data objects.");
if(signatures().empty())
THROW("ASiC-S container does not contain any signatures.");
}

unique_ptr<Container> ASiC_S::createInternal(const string & /*path*/)
void ASiC_S::addDataFileChecks(const string &fileName, const string &mediaType)
{
ASiContainer::addDataFileChecks(fileName, mediaType);
if(!dataFiles().empty())
THROW("Can not add document to ASiC-S container which already contains a document.");
}

unique_ptr<Container> ASiC_S::createInternal(const string &path)
{
return {};
if(!util::File::fileExtension(path, {"asics", "scs"}))
return {};
DEBUG("ASiC_S::createInternal(%s)", path.c_str());
auto doc = unique_ptr<ASiC_S>(new ASiC_S());
doc->zpath(path);
return doc;
}

void ASiC_S::addAdESSignature(istream & /*signature*/)
Expand Down Expand Up @@ -120,13 +138,17 @@ void ASiC_S::save(const ZipSerialize &s)
{
if(zproperty("META-INF/manifest.xml").size && !createManifest().save(s.addFile("META-INF/manifest.xml", zproperty("META-INF/manifest.xml")), true))
THROW("Failed to create manifest XML");
if(auto list = signatures(); !list.empty())
s.addFile("META-INF/timestamp.tst", zproperty("META-INF/timestamp.tst"))(static_cast<SignatureTST*>(list.front())->save());
for(Signature *sig: signatures())
static_cast<SignatureTST*>(sig)->save(s);
}

Signature *ASiC_S::sign(Signer * /*signer*/)
Signature *ASiC_S::sign(Signer *signer)
{
THROW("Not implemented.");
if(signer->profile() != ASIC_TST_PROFILE)
THROW("ASiC-S container supports only TimeStampToken signing.");
if(!signatures().empty())
THROW("ASiC-S container supports only one TimeStampToken signature.");
return addSignature(make_unique<SignatureTST>(this, signer));
}

/**
Expand Down
2 changes: 2 additions & 0 deletions src/ASiC_S.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,11 @@ namespace digidoc
ASiC_S(const std::string &path);
DISABLE_COPY(ASiC_S);

void addDataFileChecks(const std::string &path, const std::string &mediaType) override;
void canSave() final;
void save(const ZipSerialize &s) final;

static bool isContainerSimpleFormat(const std::string &path);
friend class SignatureTST;
};
}
1 change: 1 addition & 0 deletions src/ASiContainer.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ namespace digidoc
//https://signa.mitsoft.lt/static/signa-web/webResources/docs/ADOC_specification_approved20090907_EN.pdf
static constexpr std::string_view MIMETYPE_ADOC = "application/vnd.lt.archyvai.adoc-2008";
static constexpr std::string_view MANIFEST_NS = "urn:oasis:names:tc:opendocument:xmlns:manifest:1.0";
static constexpr std::string_view ASIC_NS = "http://uri.etsi.org/02918/v1.2.1#";

~ASiContainer() override;
std::string mediaType() const override;
Expand Down
5 changes: 5 additions & 0 deletions src/Signature.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,11 @@ X509Cert Signature::ArchiveTimeStampCertificate() const { return X509Cert(); }
*/
string Signature::ArchiveTimeStampTime() const { return {}; }

/**
* Returns signature Archive TimeStampTokens.
*/
vector<TSAInfo> Signature::ArchiveTimeStamps() const { return {}; }

struct Signature::Validator::Private
{
Status result = Valid;
Expand Down
22 changes: 15 additions & 7 deletions src/Signature.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,18 @@

#include "Exception.h"

#include <string>
#include <vector>
#include "crypto/X509Cert.h"

namespace digidoc
{
class Signer;
class X509Cert;

struct TSAInfo {
X509Cert cert;
std::string time;
};

class DIGIDOCPP_EXPORT Signature
{
public:
Expand Down Expand Up @@ -86,18 +91,18 @@ namespace digidoc
virtual std::string countryName() const;
virtual std::vector<std::string> signerRoles() const;

//TM profile properties
// TM profile properties
virtual std::string OCSPProducedAt() const;
virtual X509Cert OCSPCertificate() const;
DIGIDOCPP_DEPRECATED virtual std::vector<unsigned char> OCSPNonce() const;

//TS profile properties
// TS profile properties
virtual X509Cert TimeStampCertificate() const;
virtual std::string TimeStampTime() const;

//TSA profile properties
virtual X509Cert ArchiveTimeStampCertificate() const;
virtual std::string ArchiveTimeStampTime() const;
// TSA profile properties
DIGIDOCPP_DEPRECATED virtual X509Cert ArchiveTimeStampCertificate() const;
DIGIDOCPP_DEPRECATED virtual std::string ArchiveTimeStampTime() const;

// Xades properties
virtual std::string streetAddress() const;
Expand All @@ -114,6 +119,9 @@ namespace digidoc
// DSig properties
virtual void extendSignatureProfile(Signer *signer);

//TSA profile properties
virtual std::vector<TSAInfo> ArchiveTimeStamps() const;

protected:
Signature();

Expand Down
Loading
Loading