Skip to content

Commit

Permalink
Merge branch 'main' into issue201/port-je-obsadeny-dialog
Browse files Browse the repository at this point in the history
  • Loading branch information
@celuchmarek
celuchmarek committed Nov 15, 2024
2 parents 4f68927 + 412b886 commit 5754efe
Show file tree
Hide file tree
Showing 81 changed files with 8,011 additions and 1,047 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/package.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
steps:
- name: Setup dependencies
run: |
dnf -q install -y java-17-openjdk maven rpm-build git
dnf -q install -y java-17-openjdk maven-openjdk17 rpm-build git
- uses: actions/checkout@v4

Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ name: Tests

on:
push:
branches:
- 'main'
pull_request:


Expand Down
25 changes: 25 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,31 @@ Momentálne podporujeme na Slovensku bežne používané karty a ich ovládače:

Doplniť ďalšie je pomerne ľahké pokiaľ používajú PKCS#11.

## Štátne elektronické formuláre

### slovensko.sk

Autogram dokáže v stand-alone režime otvárať a podpisovať všetky formuláre zverejnenené v [statickom úložisku](https://www.slovensko.sk/static/eForm/dataset/) na slovensko.sk. Pri integrácii cez API je možné nastaviť v body `parameters.autoLoadEform: true`. Vtedy sa potrebné XSD, XSLT a ďalšie metadáta stiahnu automaticky podľa typu podpisovaného formulára.

### Obchodný register SR

Navonok rovnako ako formuláre zo slovensko.sk fungujú aj ORSR formuláre. Autogram deteguje typ formulára automaticky a pri API je potrebné nastaviť spomínaný parameter. Technicky sa potom ORSR formuláre odlišujú v tom, že používajú embedované schémy v datacontainer-i oproti referencovaným schémam v iných formulároch.

Ak je pri podpise cez API zapnutý parameter `autoLoadEform` a formulár je z ORSR, automaticky sa nastaví vytváranie podpisu s embedovanou schémou. Pri poskytnutí XSD a XSLT v parametroch bez `autoLoadEform` je potrebné ešte nastaviť v body `parameters.embedUsedSchemas: true`, aby boli schémy embedované.

### Finančná správa SR

Podpísané formuláre v `.asice` kontajneroch dokáže Autogram rovanko automaticky detegovať v stand-alone režime a cez API pri použití `autoLoadEform`.

Avšak, pri podpisovaní je potrebné Autogramu explicitne určiť typ formuláru. V stand-alone režime je potrebné, aby názov súbor obsahoval: `_fs<identifikator>` a mal príponu: `.xml`. Napríklad:
```
moj-dokument_fs792_772.xml
dalsi-dokument_fs792_772_test.xml
nazov-firmy_fs2682_712_nieco-dalsie.xml
```

Pri podpisovaní cez API je potrebné nastaviť v body `parameters.fsFormId: "<identifikator>"`. Identifikátory formulárov finančnej správy je možné získať z [nášho zoznamu](https://forms-slovensko-digital.s3.eu-central-1.amazonaws.com/fs/forms.xml) ako atribút `sdIdentifier`.

## Vývoj

### Predpoklady
Expand Down
80 changes: 18 additions & 62 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,16 @@
<main.class>digital.slovensko.autogram.Main</main.class>
<java.version>17</java.version>
<dss.version>6.0</dss.version>
<gson.version>2.10.1</gson.version>
<gson.version>2.11.0</gson.version>
<apache.httpcomponents.version>4.5.14</apache.httpcomponents.version>
<pdfjs.version>2.10.377</pdfjs.version>
<saxon.version>12.4</saxon.version>
<pdfbox.version>2.0.30</pdfbox.version>
<saxon.version>12.5</saxon.version>
<xerces.version>2.12.1</xerces.version>
<slf4j.version>2.0.13</slf4j.version>
<junit.version>5.10.2</junit.version>
<mockito.version>5.11.0</mockito.version>
<commons-cli.version>1.6.0</commons-cli.version>
<xmlunit.version>2.9.1</xmlunit.version>
<junit.version>5.11.3</junit.version>
<mockito.version>5.12.0</mockito.version>
<commons-cli.version>1.9.0</commons-cli.version>
<xmlunit.version>2.10.0</xmlunit.version>
<snakeyml.version>2.2</snakeyml.version>
<jimfs.version>1.3.0</jimfs.version>
<testExcludedGroups>HttpSmokeTest</testExcludedGroups>
Expand Down Expand Up @@ -97,6 +97,11 @@
<artifactId>httpclient</artifactId>
<version>${apache.httpcomponents.version}</version>
</dependency>
<dependency>
<groupId>org.apache.pdfbox</groupId>
<artifactId>pdfbox</artifactId>
<version>${pdfbox.version}</version>
</dependency>
<dependency>
<groupId>net.sf.saxon</groupId>
<artifactId>Saxon-HE</artifactId>
Expand Down Expand Up @@ -176,7 +181,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.2.5</version>
<version>3.3.0</version>
<configuration>
<jvm>${jlink.jdk.path}${file.separator}bin${file.separator}java</jvm>
<!-- done this way because you can't override excludedGroups in a profile
Expand Down Expand Up @@ -258,13 +263,13 @@
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.16.2</version>
<version>2.18.0</version>
</plugin>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.4.1</version>
<version>3.4.2</version>
<configuration>
<archive>
<manifest>
Expand All @@ -280,7 +285,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.6.1</version>
<version>3.7.1</version>
<executions>
<execution>
<id>copy-dependencies</id>
Expand All @@ -297,55 +302,6 @@
</executions>
</plugin>

<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>wagon-maven-plugin</artifactId>
<version>2.0.2</version>
<executions>
<execution>
<id>download-pdfjs-main</id>
<phase>initialize</phase>
<goals>
<goal>download-single</goal>
</goals>
<configuration>
<url>
https://cdn.jsdelivr.net/npm/pdfjs-dist@${pdfjs.version}/build/pdf.min.js</url>
<toDir>
${project.resources[0].directory}/digital/slovensko/autogram/ui/gui/vendor/pdfjs</toDir>
<skipIfExists>true</skipIfExists>
</configuration>
</execution>
<execution>
<id>download-pdfjs-worker</id>
<phase>initialize</phase>
<goals>
<goal>download-single</goal>
</goals>
<configuration>
<url>
https://cdn.jsdelivr.net/npm/pdfjs-dist@${pdfjs.version}/build/pdf.worker.min.js</url>
<toDir>
${project.resources[0].directory}/digital/slovensko/autogram/ui/gui/vendor/pdfjs</toDir>
<skipIfExists>true</skipIfExists>
</configuration>
</execution>
<execution>
<id>download-pdfjs-cmaps</id>
<phase>initialize</phase>
<goals>
<goal>download</goal>
</goals>
<configuration>
<url>https://cdn.jsdelivr.net/npm/pdfjs-dist@${pdfjs.version}</url>
<fromDir>cmaps</fromDir>
<toDir>
${project.resources[0].directory}/digital/slovensko/autogram/ui/gui/vendor/pdfjs/cmaps</toDir>
</configuration>
</execution>
</executions>
</plugin>

<plugin>
<groupId>com.igormaznitsa</groupId>
<artifactId>mvn-jlink-wrapper</artifactId>
Expand Down Expand Up @@ -462,7 +418,7 @@
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>3.2.0</version>
<version>3.3.0</version>
<configuration>
<executable>bash</executable>
<workingDirectory>
Expand Down Expand Up @@ -555,7 +511,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.2.5</version>
<version>3.3.0</version>
<configuration>
<jvm>${jlink.jdk.path}${file.separator}bin${file.separator}java</jvm>
<groups>HttpSmokeTest</groups>
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/digital/slovensko/autogram/core/AppStarter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,8 @@ public static void printUsage() {
autogram --cli -s target/directory-example -t target/non-existent-dir/output-example --parents
autogram --cli -s target/directory-example/file-example.pdf -pdfa
autogram --cli -s target/directory-example/file-example.pdf -d eid
autogram --cli -s target/file-example.pdf -d eid --tsa-server http://tsa.izenpe.com
autogram --cli -s target/file-example.pdf -d eid --tsa-server http://tsa.belgium.be/connect
autogram --cli -s target/file-example.pdf -d eid --tsa-server "http://tsa.belgium.be/connect,http://ts.quovadisglobal.com/eu,http://tsa.sep.bg"
""";
final PrintWriter pw = new PrintWriter(System.out);
formatter.printUsage(pw, 80, syntax);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/digital/slovensko/autogram/core/Autogram.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ public void startVisualization(SigningJob job) {
}

try {
var visualization = DocumentVisualizationBuilder.fromJob(job);
var visualization = DocumentVisualizationBuilder.fromJob(job, settings);
ui.onUIThreadDo(() -> ui.showVisualization(visualization, this));
} catch (AutogramException e) {
ui.onUIThreadDo(() -> ui.showError(e));
Expand Down
12 changes: 11 additions & 1 deletion src/main/java/digital/slovensko/autogram/core/AutogramMimeType.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ public record AutogramMimeType(
String extension
) implements MimeType {
public static final AutogramMimeType XML_DATACONTAINER = new AutogramMimeType("application/vnd.gov.sk.xmldatacontainer+xml", null);
public static final AutogramMimeType XML_DATACONTAINER_WITH_CHARSET = new AutogramMimeType("application/vnd.gov.sk.xmldatacontainer+xml; charset=UTF-8", null);
public static final AutogramMimeType TEXT_WITH_CHARSET = new AutogramMimeType("text/plain; charset=UTF-8", null);
public static final AutogramMimeType APPLICATION_XML = new AutogramMimeType("application/xml", null);

@Override
Expand Down Expand Up @@ -41,10 +43,18 @@ public static boolean isXML(MimeType mimeType) {
}

public static boolean isXDC(MimeType mimeType) {
return mimeType.equals(XML_DATACONTAINER);
return mimeType.equals(XML_DATACONTAINER) || mimeType.equals(XML_DATACONTAINER_WITH_CHARSET);
}

public static boolean isPDF(MimeType mimeType) {
return mimeType.equals(MimeTypeEnum.PDF);
}

public static boolean isTxt(MimeType mimeType) {
return mimeType.equals(MimeTypeEnum.TEXT) || mimeType.equals(TEXT_WITH_CHARSET);
}

public static boolean isImage(MimeType mimeType) {
return mimeType.equals(MimeTypeEnum.PNG) || mimeType.equals(MimeTypeEnum.JPEG);
}
}
11 changes: 10 additions & 1 deletion src/main/java/digital/slovensko/autogram/core/SignatureValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;

import eu.europa.esig.dss.enumerations.ASiCContainerType;
import eu.europa.esig.dss.simplereport.SimpleReport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.InputSource;
Expand Down Expand Up @@ -165,7 +167,7 @@ public static ValidationReports getSignatureCheckReport(SigningJob job) {
return new ValidationReports(validator.validateDocument(), job);
}

public static SignatureLevel getSignedDocumentSignatureLevel(DSSDocument document) {
public static SimpleReport getSignedDocumentSimpleReport(DSSDocument document) {
var validator = createDocumentValidator(document);
if (validator == null)
return null;
Expand All @@ -175,6 +177,13 @@ public static SignatureLevel getSignedDocumentSignatureLevel(DSSDocument documen
if (report.getSignatureIdList().size() == 0)
return null;

return report;
}

public static SignatureLevel getSignedDocumentSignatureLevel(SimpleReport report) {
if (report == null)
return null;

return report.getSignatureFormat(report.getSignatureIdList().get(0));
}

Expand Down
49 changes: 27 additions & 22 deletions src/main/java/digital/slovensko/autogram/core/SigningJob.java
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,26 @@
package digital.slovensko.autogram.core;

import java.io.File;
import java.io.UnsupportedEncodingException;

import digital.slovensko.autogram.core.eforms.EFormUtils;
import digital.slovensko.autogram.core.eforms.XDCBuilder;
import digital.slovensko.autogram.core.eforms.XDCValidator;
import digital.slovensko.autogram.core.eforms.xdc.XDCBuilder;
import digital.slovensko.autogram.core.eforms.xdc.XDCValidator;
import digital.slovensko.autogram.core.errors.AutogramException;
import digital.slovensko.autogram.util.Logging;
import eu.europa.esig.dss.asic.cades.signature.ASiCWithCAdESService;
import eu.europa.esig.dss.asic.xades.signature.ASiCWithXAdESService;
import eu.europa.esig.dss.cades.signature.CAdESService;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.MimeTypeEnum;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.FileDocument;
import eu.europa.esig.dss.pades.signature.PAdESService;
import eu.europa.esig.dss.service.http.commons.TimestampDataLoader;
import eu.europa.esig.dss.service.tsp.OnlineTSPSource;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.validation.CommonCertificateVerifier;
import eu.europa.esig.dss.xades.signature.XAdESService;

import static digital.slovensko.autogram.core.AutogramMimeType.*;
import static digital.slovensko.autogram.util.DSSUtils.getXdcfFilename;

public class SigningJob {
private final Responder responder;
Expand Down Expand Up @@ -159,19 +156,28 @@ private DSSDocument signDocumentAsPAdeS(SigningKey key) {
public static FileDocument createDSSFileDocumentFromFile(File file) {
var fileDocument = new FileDocument(file);

if (isXDC(fileDocument.getMimeType()) || isXML(fileDocument.getMimeType()) && XDCValidator.isXDCContent(fileDocument))
fileDocument.setMimeType(AutogramMimeType.XML_DATACONTAINER);
if (fileDocument.getName().endsWith(".xdcf"))
fileDocument.setMimeType(XML_DATACONTAINER_WITH_CHARSET);

else if (isXDC(fileDocument.getMimeType()) || isXML(fileDocument.getMimeType()) && XDCValidator.isXDCContent(fileDocument))
fileDocument.setMimeType(AutogramMimeType.XML_DATACONTAINER_WITH_CHARSET);

else if (isTxt(fileDocument.getMimeType()))
fileDocument.setMimeType(AutogramMimeType.TEXT_WITH_CHARSET);

return fileDocument;
}

private static SigningJob build(DSSDocument document, SigningParameters params, Responder responder) {
if (params.shouldCreateXdc()) {
var mimeType = document.getMimeType();
if (!isXDC(mimeType) && !isAsice(mimeType)) {
document = XDCBuilder.transform(params, document.getName(), EFormUtils.getXmlFromDocument(document));
document.setMimeType(AutogramMimeType.XML_DATACONTAINER);
}
if (params.shouldCreateXdc() && !isXDC(document.getMimeType()) && !isAsice(document.getMimeType()))
document = XDCBuilder.transform(params, document.getName(), EFormUtils.getXmlFromDocument(document));

if (isTxt(document.getMimeType()))
document.setMimeType(AutogramMimeType.TEXT_WITH_CHARSET);

if (isXDC(document.getMimeType())) {
document.setMimeType(AutogramMimeType.XML_DATACONTAINER_WITH_CHARSET);
document.setName(getXdcfFilename(document.getName()));
}

return new SigningJob(document, params, responder);
Expand All @@ -188,31 +194,30 @@ public static SigningJob buildFromFile(File file, Responder responder, boolean c
}

private static SigningParameters getParametersForFile(FileDocument document, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource, boolean plainXmlEnabled) {
var level = SignatureValidator.getSignedDocumentSignatureLevel(document);
var level = SignatureValidator.getSignedDocumentSignatureLevel(SignatureValidator.getSignedDocumentSimpleReport(document));
if (level != null) switch (level.getSignatureForm()) {
case PAdES:
return SigningParameters.buildForPDF(document, checkPDFACompliance, isEn319132, tspSource);
case XAdES:
return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource, plainXmlEnabled);
return SigningParameters.buildForASiCWithXAdES(document, checkPDFACompliance, isEn319132, tspSource, plainXmlEnabled);
case CAdES:
return SigningParameters.buildForASiCWithCAdES(document, isEn319132, tspSource, plainXmlEnabled);
return SigningParameters.buildForASiCWithCAdES(document, checkPDFACompliance, isEn319132, tspSource, plainXmlEnabled);
default:
;
}

var filename = document.getName();
if (isPDF(document.getMimeType())) switch (signatureType) {
case PAdES_BASELINE_B:
return SigningParameters.buildForPDF(document, checkPDFACompliance, isEn319132, tspSource);
case XAdES_BASELINE_B:
return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource, plainXmlEnabled);
return SigningParameters.buildForASiCWithXAdES(document, checkPDFACompliance, isEn319132, tspSource, plainXmlEnabled);
case CAdES_BASELINE_B:
return SigningParameters.buildForASiCWithCAdES(document, isEn319132, tspSource, plainXmlEnabled);
return SigningParameters.buildForASiCWithCAdES(document, checkPDFACompliance, isEn319132, tspSource, plainXmlEnabled);
default:
;
}

return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource, plainXmlEnabled);
return SigningParameters.buildForASiCWithXAdES(document, checkPDFACompliance, isEn319132, tspSource, plainXmlEnabled);
}

public boolean shouldCheckPDFCompliance() {
Expand Down
Loading

0 comments on commit 5754efe

Please sign in to comment.