Skip to content

Commit

Permalink
[SELC-5507] feat: namirial implementation in onboarding-crypto sdk (#500
Browse files Browse the repository at this point in the history 
)
  • Loading branch information
@giulia-tremolada
giulia-tremolada authored Sep 26, 2024
1 parent e5e6e2d commit 06f4e97
Show file tree
Hide file tree
Showing 22 changed files with 341 additions and 44 deletions.
22 changes: 11 additions & 11 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,16 +44,16 @@ trustworthy incremental builds, can only build java code natively, is recursive
struggles with partial repo checkouts) but can be made good use of with some tricks
and usage of a couple of lesser known command line switches.

| Action | in working directory | with Maven |
|:---------------------------------------------------------------------------------------------------|:----------------------:|:-----------------------------------------------------------------------------------|
| Build the world | `.` | `mvn clean package -DskipTests` |
| Run `onboarding-ms` | `.` | `java -jar apps/onboarding-ms/target/onboarding-ms-1.0.0-SNAPSHOT.jar` |
| Build and test the world | `.` | `mvn clean package` |
| Build the world | `./apps/onboarding-ms` | `mvn --file ../.. clean package -DskipTests` |
| Build `onboarding-ms` and its dependencies | `.` | `mvn --projects :onboarding-ms --also-make clean package -DskipTests` |
| Build `onboarding-ms` and its dependencies | `./apps/onboarding-ms` | `mvn --file ../.. --projects :onboarding-ms --also-make clean package -DskipTests` |
| Build `onboarding-sdk` and its dependents (aka. reverse dependencies or *rdeps* in Bazel parlance) | `.` | `mvn --projects :onboarding-sdk-pom --also-make-dependents clean package -DskipTests` |
| Print dependencies of `onboarding-sdk` | `./apps/onboarding-ms` | `mvn dependency:list` |
| Change version of `onboarding-sdk` | `.` | `mvn versions:set -DnewVersion=0.1.2 --projects :onboarding-sdk-pom ` |
| Action | in working directory | with Maven |
|:---------------------------------------------------------------------------------------------------|:----------------------:|:--------------------------------------------------------------------------------------|
| Build the world | `.` | `mvn clean package -DskipTests` |
| Run `onboarding-ms` | `.` | `java -jar apps/onboarding-ms/target/onboarding-ms-1.0.0-SNAPSHOT.jar` |
| Build and test the world | `.` | `mvn clean package` |
| Build the world | `./apps/onboarding-ms` | `mvn --file ../.. clean package -DskipTests` |
| Build `onboarding-ms` and its dependencies | `.` | `mvn --projects :onboarding-ms --also-make clean package -DskipTests` |
| Build `onboarding-ms` and its dependencies | `./apps/onboarding-ms` | `mvn --file ../.. --projects :onboarding-ms --also-make clean package -DskipTests` |
| Build `onboarding-sdk` and its dependents (aka. reverse dependencies or *rdeps* in Bazel parlance) | `.` | `mvn --projects :onboarding-sdk-pom --also-make-dependents clean package -DskipTests` |
| Print dependencies of `onboarding-sdk` | `./apps/onboarding-ms` | `mvn dependency:list` |
| Change version of `onboarding-sdk` | `.` | `mvn versions:set -DnewVersion=0.2.2 --projects :onboarding-sdk-pom ` |
| Persist version of `onboarding-sdk` | `.` | `mvn versions:commit ` |

6 changes: 3 additions & 3 deletions apps/onboarding-functions/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,17 +193,17 @@
<dependency>
<groupId>it.pagopa.selfcare</groupId>
<artifactId>onboarding-sdk-crypto</artifactId>
<version>0.2.1</version>
<version>0.2.2</version>
</dependency>
<dependency>
<groupId>it.pagopa.selfcare</groupId>
<artifactId>onboarding-sdk-azure-storage</artifactId>
<version>0.2.1</version>
<version>0.2.2</version>
</dependency>
<dependency>
<groupId>it.pagopa.selfcare</groupId>
<artifactId>onboarding-sdk-product</artifactId>
<version>0.2.1</version>
<version>0.2.2</version>
</dependency>
</dependencies>
<build>
Expand Down
5 changes: 5 additions & 0 deletions ...unctions/src/main/java/it/pagopa/selfcare/onboarding/config/OnboardingFunctionConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,11 @@ public Pkcs7HashSignService arubaPkcs7HashSignService(){
public Pkcs7HashSignService disabledPkcs7HashSignService(){
log.info("Signature will be performed using Pkcs7HashSignService");
return new Pkcs7HashSignService(){
@Override
public boolean returnsFullPdf() {
return false;
}

@Override
public byte[] sign(InputStream inputStream) {
log.info("Signature source is disabled, skipping signing input file");
Expand Down
4 changes: 2 additions & 2 deletions apps/onboarding-ms/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,12 +237,12 @@
<dependency>
<groupId>it.pagopa.selfcare</groupId>
<artifactId>onboarding-sdk-azure-storage</artifactId>
<version>0.2.1</version>
<version>0.2.2</version>
</dependency>
<dependency>
<groupId>it.pagopa.selfcare</groupId>
<artifactId>onboarding-sdk-product</artifactId>
<version>0.2.1</version>
<version>0.2.2</version>
</dependency>

</dependencies>
Expand Down
2 changes: 1 addition & 1 deletion apps/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
<dependency>
<groupId>it.pagopa.selfcare</groupId>
<artifactId>onboarding-sdk-common</artifactId>
<version>0.2.1</version>
<version>0.2.2</version>
</dependency>
</dependencies>

Expand Down
2 changes: 1 addition & 1 deletion libs/onboarding-sdk-azure-storage/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<parent>
<groupId>it.pagopa.selfcare</groupId>
<artifactId>onboarding-sdk-pom</artifactId>
<version>0.2.1</version>
<version>0.2.2</version>
<relativePath>../onboarding-sdk-pom</relativePath>
</parent>

Expand Down
2 changes: 1 addition & 1 deletion libs/onboarding-sdk-common/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<parent>
<groupId>it.pagopa.selfcare</groupId>
<artifactId>onboarding-sdk-pom</artifactId>
<version>0.2.1</version>
<version>0.2.2</version>
<relativePath>../onboarding-sdk-pom</relativePath>
</parent>
<artifactId>onboarding-sdk-common</artifactId>
Expand Down
24 changes: 23 additions & 1 deletion libs/onboarding-sdk-crypto/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,15 @@
<parent>
<groupId>it.pagopa.selfcare</groupId>
<artifactId>onboarding-sdk-pom</artifactId>
<version>0.2.1</version>
<version>0.2.2</version>
<relativePath>../onboarding-sdk-pom</relativePath>
</parent>
<artifactId>onboarding-sdk-crypto</artifactId>
<name>onboarding-sdk-crypto</name>
<url>http://maven.apache.org</url>
<properties>
<google-http-client.version>1.45.0</google-http-client.version>
</properties>

<dependencies>

Expand Down Expand Up @@ -75,6 +78,25 @@
<version>2.1.3</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client</artifactId>
<version>${google-http-client.version}</version>
</dependency>
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-apache-v2</artifactId>
<version>${google-http-client.version}</version>
</dependency>
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
<version>${google-http-client.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
</dependencies>

<build>
Expand Down
5 changes: 5 additions & 0 deletions ...pto/src/main/java/it/pagopa/selfcare/onboarding/crypto/ArubaPkcs7HashSignServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,9 @@ public ArubaPkcs7HashSignServiceImpl(ArubaSignService arubaSignService) {
public byte[] sign(InputStream is) throws IOException {
return arubaSignService.pkcs7Signhash(is);
}

@Override
public boolean returnsFullPdf() {
return false;
}
}
50 changes: 50 additions & 0 deletions ...sdk-crypto/src/main/java/it/pagopa/selfcare/onboarding/crypto/NamiralSignServiceImpl.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package it.pagopa.selfcare.onboarding.crypto;

import it.pagopa.selfcare.onboarding.crypto.client.NamirialHttpClient;
import it.pagopa.selfcare.onboarding.crypto.entity.Credentials;
import it.pagopa.selfcare.onboarding.crypto.entity.Preferences;
import it.pagopa.selfcare.onboarding.crypto.entity.SignRequest;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;


public class NamiralSignServiceImpl implements NamirialSignService {

private final NamirialHttpClient namirialHttpClient;
private final String username;
private final String password;

// Constructor for manual dependency injection
public NamiralSignServiceImpl(String username,
String password
) {
this.namirialHttpClient = new NamirialHttpClient();
this.username = username;
this.password = password;
}

@Override
public byte[] pkcs7Signhash(InputStream is) {
try {

Path tempFilePath = Files.createTempFile("tempfile", ".pdf");
File tempFile = tempFilePath.toFile();

// Copy InputStream data to the temporary file
Files.copy(is, tempFilePath, StandardCopyOption.REPLACE_EXISTING);

Credentials credentials = new Credentials(username, password);
Preferences preferences = new Preferences("SHA256");
SignRequest request = new SignRequest(tempFile, credentials, preferences);

return namirialHttpClient.signDocument(request);
} catch (IOException e) {
throw new IllegalStateException("Something gone wrong when invoking Namirial in order to calculate pkcs7 hash sign request", e);
}
}
}
24 changes: 24 additions & 0 deletions .../src/main/java/it/pagopa/selfcare/onboarding/crypto/NamirialPkcs7HashSignServiceImpl.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package it.pagopa.selfcare.onboarding.crypto;

import java.io.InputStream;

public class NamirialPkcs7HashSignServiceImpl implements Pkcs7HashSignService {

private final NamirialSignService namirialSignService;

public NamirialPkcs7HashSignServiceImpl(NamirialSignService namirialSignService) {
this.namirialSignService = namirialSignService;
}


@Override
public byte[] sign(InputStream is) {
return namirialSignService.pkcs7Signhash(is);
}


@Override
public boolean returnsFullPdf() {
return true;
}
}
8 changes: 8 additions & 0 deletions ...ng-sdk-crypto/src/main/java/it/pagopa/selfcare/onboarding/crypto/NamirialSignService.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
package it.pagopa.selfcare.onboarding.crypto;


import java.io.InputStream;

public interface NamirialSignService {
byte[] pkcs7Signhash(InputStream is);
}
45 changes: 30 additions & 15 deletions ...g-sdk-crypto/src/main/java/it/pagopa/selfcare/onboarding/crypto/PadesSignServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureOptions;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.util.Calendar;

public class PadesSignServiceImpl implements PadesSignService {
Expand All @@ -20,21 +22,34 @@ public PadesSignServiceImpl(Pkcs7HashSignService pkcs7Signature) {
public void padesSign(File pdfFile, File signedPdfFile, SignatureInformation signInfo) {
CryptoUtils.createParentDirectoryIfNotExists(signedPdfFile);

try (FileOutputStream fos = new FileOutputStream(signedPdfFile);
PDDocument doc = PDDocument.load(pdfFile)){

PDSignature signature = new PDSignature();
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
signature.setName(signInfo.getName());
signature.setLocation(signInfo.getLocation());
signature.setReason(signInfo.getReason());
signature.setSignDate(Calendar.getInstance());
SignatureOptions signatureOptions = new SignatureOptions();
signatureOptions.setPreferredSignatureSize(35944);
doc.addSignature(signature, this.pkcs7Signature, signatureOptions);
doc.saveIncremental(fos);

try (FileOutputStream fos = new FileOutputStream(signedPdfFile)){

/**
* The following condition ensures that the method handles both types of services correctly: those that return full PDFs
* and those that return just the signature:
* - If the service provides a complete, signed PDF, the method simply writes the returned PDF bytes to the output file.
* - If the service returns only the PKCS7 signature, the PDFBox library is used to attach the signature to the PDF before saving it to the output.
*/
if(this.pkcs7Signature.returnsFullPdf()){
try(InputStream pdfInput = new FileInputStream(pdfFile)){
byte[] signedPdfBytes = this.pkcs7Signature.sign(pdfInput);
fos.write(signedPdfBytes);
}
} else {
try (PDDocument doc = PDDocument.load(pdfFile)) {
PDSignature signature = new PDSignature();
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
signature.setName(signInfo.getName());
signature.setLocation(signInfo.getLocation());
signature.setReason(signInfo.getReason());
signature.setSignDate(Calendar.getInstance());
SignatureOptions signatureOptions = new SignatureOptions();
signatureOptions.setPreferredSignatureSize(35944);
doc.addSignature(signature, this.pkcs7Signature, signatureOptions);
doc.saveIncremental(fos);
}
}
} catch (Exception var12) {
throw new IllegalStateException(String.format("Something gone wrong while signing input pdf %s and storing it into %s", pdfFile.getAbsolutePath(), signedPdfFile.getAbsolutePath()), var12);
}
Expand Down
7 changes: 7 additions & 0 deletions ...g-sdk-crypto/src/main/java/it/pagopa/selfcare/onboarding/crypto/Pkcs7HashSignService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,11 @@
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureInterface;

public interface Pkcs7HashSignService extends SignatureInterface {

/**
* Determines whether the signing service returns a fully signed PDF.
* - If the service returns the entire PDF signed, this method should return true.
* - If the service returns only the PKCS7 signature, this method should return false.
*/
boolean returnsFullPdf();
}
11 changes: 9 additions & 2 deletions ...k-crypto/src/main/java/it/pagopa/selfcare/onboarding/crypto/Pkcs7HashSignServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@
import it.pagopa.selfcare.onboarding.crypto.utils.CMSTypedDataInputStream;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.*;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
Expand All @@ -15,7 +17,8 @@
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;

import java.io.*;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateEncodingException;
import java.util.Collections;

Expand Down Expand Up @@ -54,4 +57,8 @@ public byte[] sign(InputStream is) throws IOException {
}
}

@Override
public boolean returnsFullPdf() {
return false;
}
}
Loading

0 comments on commit 06f4e97

Please sign in to comment.