33import ch .swisscom .mid .client .SignatureValidator ;
44import ch .swisscom .mid .client .config .ConfigurationException ;
55import ch .swisscom .mid .client .config .SignatureValidationConfiguration ;
6+ import ch .swisscom .mid .client .model .DataToBeSignedTXN ;
67import ch .swisscom .mid .client .model .SignatureValidationFailureReason ;
78import ch .swisscom .mid .client .model .SignatureValidationResult ;
89import ch .swisscom .mid .client .model .Traceable ;
10+ import com .fasterxml .jackson .core .JsonProcessingException ;
11+ import com .fasterxml .jackson .databind .DeserializationFeature ;
12+ import com .fasterxml .jackson .databind .ObjectMapper ;
913import org .bouncycastle .cert .X509CertificateHolder ;
1014import org .bouncycastle .cert .jcajce .JcaX509CertificateConverter ;
1115import org .bouncycastle .cms .CMSException ;
3236import java .util .regex .Pattern ;
3337
3438import static ch .swisscom .mid .client .utils .Utils .*;
39+ import static org .apache .commons .text .StringEscapeUtils .unescapeJava ;
3540
3641/**
3742 * Default implementation of {@link SignatureValidator}.
@@ -43,15 +48,22 @@ public class SignatureValidatorImpl implements SignatureValidator {
4348 private static final Logger log = LoggerFactory .getLogger (Loggers .SIGNATURE_VALIDATOR );
4449
4550 private final KeyStore validationTrustStore ;
51+ private ObjectMapper jacksonMapper ;
4652
4753 public SignatureValidatorImpl (SignatureValidationConfiguration config ) {
4854 Security .addProvider (new BouncyCastleProvider ());
4955 this .validationTrustStore = loadValidationTruststore (config );
56+
57+ jacksonMapper = new ObjectMapper ();
58+ jacksonMapper .configure (DeserializationFeature .FAIL_ON_UNKNOWN_PROPERTIES , false );
5059 }
5160
5261 public SignatureValidatorImpl (KeyStore validationTrustStore ) {
5362 Security .addProvider (new BouncyCastleProvider ());
5463 this .validationTrustStore = validationTrustStore ;
64+
65+ jacksonMapper = new ObjectMapper ();
66+ jacksonMapper .configure (DeserializationFeature .FAIL_ON_UNKNOWN_PROPERTIES , false );
5567 }
5668
5769 @ Override
@@ -143,14 +155,45 @@ public SignatureValidationResult validateSignature(String base64SignatureContent
143155 }
144156 } catch (OperatorCreationException | CMSException e ) {
145157 log .warn ("Failed to validate the signature against the signer info " +
146- "during the signature CMS content validation{}" , printTrace (trace ), e );
158+ "during the signature CMS content validation{}" , printTrace (trace ), e );
147159 result .setValidationException (e );
148160 result .setValidationFailureReason (SignatureValidationFailureReason .SIGNATURE_VALIDATION_FAILED );
149161 return result ;
150162 }
151163
152164 // verify the DTBS from the request vs the one from the response
153- if (requestedDtbs .equals (result .getSignedDtbs ())) {
165+ if (result .getSignedDtbs () == null ) {
166+ log .info ("Failed to match the DTBS texts, requested=[{}] vs signed=[{}]{}" , requestedDtbs , result .getSignedDtbs (), printTrace (trace ));
167+ result .setValidationFailureReason (SignatureValidationFailureReason .DATA_TO_BE_SIGNED_NOT_MATCHING );
168+ return result ;
169+ }
170+ if (requestedDtbs .startsWith ("{" )) {
171+ result .setDtbsMatching (false );
172+ try {
173+ // parse item
174+ String [] dtbsArray = requestedDtbs .split ("\" dtbd\" :" );
175+ String reqDtbsValueStr = "" ;
176+ if (dtbsArray .length > 0 ) {
177+ String reqDtbsValueRaw = dtbsArray [1 ];
178+ reqDtbsValueStr = reqDtbsValueRaw .substring (0 , reqDtbsValueRaw .length () - 1 );
179+ }
180+ // fix response DTBS string
181+ String escResultDtbs = unescapeJava (result .getSignedDtbs ()
182+ .replace ("\" format_version\" " , "\\ \" format_version\\ \" " )
183+ .replace ("\" content_string\" " , "\\ \" content_string\\ \" " )
184+ .replace ("\" [" , "[" )
185+ .replace ("]\" " , "]" ));
186+
187+ DataToBeSignedTXN resDtbs = jacksonMapper .readValue (escResultDtbs , DataToBeSignedTXN .class );
188+ String finalResDtbs = jacksonMapper .writeValueAsString (resDtbs .getDtbd ());
189+ result .setDtbsMatching (reqDtbsValueStr .equals (finalResDtbs ));
190+ } catch (JsonProcessingException e ) {
191+ log .info ("Failed to match the DTBS texts, requested=[{}] vs signed=[{}]{}" , requestedDtbs , result .getSignedDtbs (), printTrace (trace ));
192+ result .setValidationFailureReason (SignatureValidationFailureReason .DATA_TO_BE_SIGNED_NOT_MATCHING );
193+ }
194+ return result ;
195+
196+ } else if (requestedDtbs .equals (result .getSignedDtbs ())) {
154197 result .setDtbsMatching (true );
155198 } else {
156199 log .info ("Failed to match the DTBS texts, requested=[{}] vs signed=[{}]{}" , requestedDtbs , result .getSignedDtbs (), printTrace (trace ));
@@ -225,23 +268,23 @@ private KeyStore loadValidationTruststore(SignatureValidationConfiguration confi
225268 if (config .getTrustStoreFile () != null ) {
226269 try (InputStream is = new FileInputStream (config .getTrustStoreFile ())) {
227270 trustStore .load (is , config .getTrustStorePassword () == null ?
228- null : config .getTrustStorePassword ().toCharArray ());
271+ null : config .getTrustStorePassword ().toCharArray ());
229272 }
230273 } else if (config .getTrustStoreClasspathFile () != null ) {
231274 try (InputStream is = this .getClass ().getResourceAsStream (config .getTrustStoreClasspathFile ())) {
232275 trustStore .load (is , config .getTrustStorePassword () == null ?
233- null : config .getTrustStorePassword ().toCharArray ());
276+ null : config .getTrustStorePassword ().toCharArray ());
234277 }
235278 } else {
236279 try (InputStream is = new ByteArrayInputStream (config .getTrustStoreBytes ())) {
237280 trustStore .load (is , config .getTrustStorePassword () == null ?
238- null : config .getTrustStorePassword ().toCharArray ());
281+ null : config .getTrustStorePassword ().toCharArray ());
239282 }
240283 }
241284 return trustStore ;
242285 } catch (Exception e ) {
243286 throw new ConfigurationException ("Failed to initialize the digital signature validation truststore " +
244- "(Mobile ID CMS signature validator)" , e );
287+ "(Mobile ID CMS signature validator)" , e );
245288 }
246289 }
247290}
0 commit comments