Skip to content

Commit f2be20a

Browse files
committed
Introduced impl. for new dtbd format, fix in isDefined in GeofencingAdditionalServices
1 parent 77fe123 commit f2be20a

11 files changed

Lines changed: 156 additions & 48 deletions

File tree

mid-java-client-core/pom.xml

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
<parent>
77
<groupId>ch.mobileid.mid-java-client</groupId>
88
<artifactId>mid-java-client-parent</artifactId>
9-
<version>1.5.6</version>
9+
<version>1.5.7</version>
1010
</parent>
1111

1212
<artifactId>mid-java-client-core</artifactId>
@@ -31,6 +31,15 @@
3131
<groupId>org.bouncycastle</groupId>
3232
<artifactId>bcpkix-jdk18on</artifactId>
3333
</dependency>
34+
<dependency>
35+
<groupId>com.fasterxml.jackson.core</groupId>
36+
<artifactId>jackson-databind</artifactId>
37+
</dependency>
38+
<dependency>
39+
<groupId>org.apache.commons</groupId>
40+
<artifactId>commons-text</artifactId>
41+
<version>1.12.0</version>
42+
</dependency>
3443
</dependencies>
3544

3645
</project>

mid-java-client-core/src/main/java/ch/swisscom/mid/client/impl/SignatureValidatorImpl.java

Lines changed: 49 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,13 @@
33
import ch.swisscom.mid.client.SignatureValidator;
44
import ch.swisscom.mid.client.config.ConfigurationException;
55
import ch.swisscom.mid.client.config.SignatureValidationConfiguration;
6+
import ch.swisscom.mid.client.model.DataToBeSignedTXN;
67
import ch.swisscom.mid.client.model.SignatureValidationFailureReason;
78
import ch.swisscom.mid.client.model.SignatureValidationResult;
89
import ch.swisscom.mid.client.model.Traceable;
10+
import com.fasterxml.jackson.core.JsonProcessingException;
11+
import com.fasterxml.jackson.databind.DeserializationFeature;
12+
import com.fasterxml.jackson.databind.ObjectMapper;
913
import org.bouncycastle.cert.X509CertificateHolder;
1014
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
1115
import org.bouncycastle.cms.CMSException;
@@ -32,6 +36,7 @@
3236
import java.util.regex.Pattern;
3337

3438
import static ch.swisscom.mid.client.utils.Utils.*;
39+
import static org.apache.commons.text.StringEscapeUtils.unescapeJava;
3540

3641
/**
3742
* Default implementation of {@link SignatureValidator}.
@@ -43,15 +48,22 @@ public class SignatureValidatorImpl implements SignatureValidator {
4348
private static final Logger log = LoggerFactory.getLogger(Loggers.SIGNATURE_VALIDATOR);
4449

4550
private final KeyStore validationTrustStore;
51+
private ObjectMapper jacksonMapper;
4652

4753
public SignatureValidatorImpl(SignatureValidationConfiguration config) {
4854
Security.addProvider(new BouncyCastleProvider());
4955
this.validationTrustStore = loadValidationTruststore(config);
56+
57+
jacksonMapper = new ObjectMapper();
58+
jacksonMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
5059
}
5160

5261
public SignatureValidatorImpl(KeyStore validationTrustStore) {
5362
Security.addProvider(new BouncyCastleProvider());
5463
this.validationTrustStore = validationTrustStore;
64+
65+
jacksonMapper = new ObjectMapper();
66+
jacksonMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
5567
}
5668

5769
@Override
@@ -143,14 +155,45 @@ public SignatureValidationResult validateSignature(String base64SignatureContent
143155
}
144156
} catch (OperatorCreationException | CMSException e) {
145157
log.warn("Failed to validate the signature against the signer info " +
146-
"during the signature CMS content validation{}", printTrace(trace), e);
158+
"during the signature CMS content validation{}", printTrace(trace), e);
147159
result.setValidationException(e);
148160
result.setValidationFailureReason(SignatureValidationFailureReason.SIGNATURE_VALIDATION_FAILED);
149161
return result;
150162
}
151163

152164
// verify the DTBS from the request vs the one from the response
153-
if (requestedDtbs.equals(result.getSignedDtbs())) {
165+
if (result.getSignedDtbs() == null) {
166+
log.info("Failed to match the DTBS texts, requested=[{}] vs signed=[{}]{}", requestedDtbs, result.getSignedDtbs(), printTrace(trace));
167+
result.setValidationFailureReason(SignatureValidationFailureReason.DATA_TO_BE_SIGNED_NOT_MATCHING);
168+
return result;
169+
}
170+
if (requestedDtbs.startsWith("{")) {
171+
result.setDtbsMatching(false);
172+
try {
173+
// parse item
174+
String[] dtbsArray = requestedDtbs.split("\"dtbd\":");
175+
String reqDtbsValueStr = "";
176+
if (dtbsArray.length > 0) {
177+
String reqDtbsValueRaw = dtbsArray[1];
178+
reqDtbsValueStr = reqDtbsValueRaw.substring(0, reqDtbsValueRaw.length() - 1);
179+
}
180+
// fix response DTBS string
181+
String escResultDtbs = unescapeJava(result.getSignedDtbs()
182+
.replace("\"format_version\"", "\\\"format_version\\\"")
183+
.replace("\"content_string\"", "\\\"content_string\\\"")
184+
.replace("\"[", "[")
185+
.replace("]\"", "]"));
186+
187+
DataToBeSignedTXN resDtbs = jacksonMapper.readValue(escResultDtbs, DataToBeSignedTXN.class);
188+
String finalResDtbs = jacksonMapper.writeValueAsString(resDtbs.getDtbd());
189+
result.setDtbsMatching(reqDtbsValueStr.equals(finalResDtbs));
190+
} catch (JsonProcessingException e) {
191+
log.info("Failed to match the DTBS texts, requested=[{}] vs signed=[{}]{}", requestedDtbs, result.getSignedDtbs(), printTrace(trace));
192+
result.setValidationFailureReason(SignatureValidationFailureReason.DATA_TO_BE_SIGNED_NOT_MATCHING);
193+
}
194+
return result;
195+
196+
} else if (requestedDtbs.equals(result.getSignedDtbs())) {
154197
result.setDtbsMatching(true);
155198
} else {
156199
log.info("Failed to match the DTBS texts, requested=[{}] vs signed=[{}]{}", requestedDtbs, result.getSignedDtbs(), printTrace(trace));
@@ -225,23 +268,23 @@ private KeyStore loadValidationTruststore(SignatureValidationConfiguration confi
225268
if (config.getTrustStoreFile() != null) {
226269
try (InputStream is = new FileInputStream(config.getTrustStoreFile())) {
227270
trustStore.load(is, config.getTrustStorePassword() == null ?
228-
null : config.getTrustStorePassword().toCharArray());
271+
null : config.getTrustStorePassword().toCharArray());
229272
}
230273
} else if (config.getTrustStoreClasspathFile() != null) {
231274
try (InputStream is = this.getClass().getResourceAsStream(config.getTrustStoreClasspathFile())) {
232275
trustStore.load(is, config.getTrustStorePassword() == null ?
233-
null : config.getTrustStorePassword().toCharArray());
276+
null : config.getTrustStorePassword().toCharArray());
234277
}
235278
} else {
236279
try (InputStream is = new ByteArrayInputStream(config.getTrustStoreBytes())) {
237280
trustStore.load(is, config.getTrustStorePassword() == null ?
238-
null : config.getTrustStorePassword().toCharArray());
281+
null : config.getTrustStorePassword().toCharArray());
239282
}
240283
}
241284
return trustStore;
242285
} catch (Exception e) {
243286
throw new ConfigurationException("Failed to initialize the digital signature validation truststore " +
244-
"(Mobile ID CMS signature validator)", e);
287+
"(Mobile ID CMS signature validator)", e);
245288
}
246289
}
247290
}
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
package ch.swisscom.mid.client.model;
2+
3+
import com.fasterxml.jackson.annotation.JsonProperty;
4+
5+
import java.util.ArrayList;
6+
import java.util.List;
7+
import java.util.Map;
8+
9+
10+
public class DataToBeSignedTXN {
11+
@JsonProperty("format_version")
12+
private String formatVersion;
13+
14+
@JsonProperty("content_string")
15+
private List<Map<String, String>> dtbd = new ArrayList<>();
16+
17+
public DataToBeSignedTXN() {
18+
}
19+
20+
public DataToBeSignedTXN(String formatVersion, List<Map<String, String>> dtbd) {
21+
this.formatVersion = formatVersion;
22+
this.dtbd = dtbd;
23+
}
24+
25+
public String getFormatVersion() {
26+
return formatVersion;
27+
}
28+
29+
public void setFormatVersion(String formatVersion) {
30+
this.formatVersion = formatVersion;
31+
}
32+
33+
public List<Map<String, String>> getDtbd() {
34+
return dtbd;
35+
}
36+
37+
public void setDtbd(List<Map<String, String>> dtbd) {
38+
this.dtbd = dtbd;
39+
}
40+
41+
@Override
42+
public String toString() {
43+
return "DataToBeSignedTXN{" +
44+
"formatVersion='" + formatVersion + '\'' +
45+
", content_string=" + dtbd +
46+
'}';
47+
}
48+
}

mid-java-client-core/src/main/java/ch/swisscom/mid/client/model/GeofencingAdditionalService.java

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2021 Swisscom (Schweiz) AG
2+
* Copyright 2021-2025 Swisscom (Schweiz) AG
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -88,10 +88,12 @@ public void setMaxAccuracyMeters(String maxAccuracyMeters) {
8888

8989

9090
public boolean isDefined() {
91-
if(countryWhiteList!=null && !countryBlackList.isEmpty()) return true;
92-
if(countryBlackList!=null && !countryBlackList.isEmpty()) return true;
93-
if (minDeviceConfidence != null && !minDeviceConfidence.isEmpty() && !minDeviceConfidence.equalsIgnoreCase("0")) return true;
94-
if (minLocationConfidence != null && !minLocationConfidence.isEmpty() && !minLocationConfidence.equalsIgnoreCase("0")) return true;
91+
if (countryWhiteList != null && !countryWhiteList.isEmpty()) return true;
92+
if (countryBlackList != null && !countryBlackList.isEmpty()) return true;
93+
if (minDeviceConfidence != null && !minDeviceConfidence.isEmpty() && !minDeviceConfidence.equalsIgnoreCase("0"))
94+
return true;
95+
if (minLocationConfidence != null && !minLocationConfidence.isEmpty() && !minLocationConfidence.equalsIgnoreCase("0"))
96+
return true;
9597
if (maxAccuracyMeters != null && !maxAccuracyMeters.isEmpty()) return true;
9698
if (maxTimestampMinutes != null && !maxTimestampMinutes.isEmpty()) return true;
9799
return false;

mid-java-client-core/src/main/java/ch/swisscom/mid/client/model/StatusCode.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,8 @@ public enum StatusCode implements DocumentedEnum {
5454
+ "Please try again later."),
5555
NO_CERT_FOUND(422, true, "The Mobile ID user exists but is not in an active state. "
5656
+ "The user must activate the account on the Mobile ID selfcare portal."),
57+
GEOFENCING_POLICY_VIOLATION(450, true, "Geo policy for referenced AP ID was violated. "
58+
+ "Please try again later or contact Swisscom Support, if the problem persists."),
5759
SIGNATURE(500, false, "The MSS Signature transaction was successful."),
5860
REVOKED_CERTIFICATE(501, false, "The Mobile ID user’s509 certificate has been revoked. "
5961
+ "The user must re-activate the account on the Mobile ID selfcare portal."),

mid-java-client-core/src/main/java/ch/swisscom/mid/client/utils/Utils.java

Lines changed: 21 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,36 @@
11
/*
2-
* Copyright 2021 Swisscom (Schweiz) AG
32
*
4-
* Licensed under the Apache License, Version 2.0 (the "License");
5-
* you may not use this file except in compliance with the License.
6-
* You may obtain a copy of the License at
3+
* * Copyright 2021-2025 Swisscom (Schweiz) AG
4+
* *
5+
* * Licensed under the Apache License, Version 2.0 (the "License");
6+
* * you may not use this file except in compliance with the License.
7+
* * You may obtain a copy of the License at
8+
* *
9+
* * http://www.apache.org/licenses/LICENSE-2.0
10+
* *
11+
* * Unless required by applicable law or agreed to in writing, software
12+
* * distributed under the License is distributed on an "AS IS" BASIS,
13+
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
* * See the License for the specific language governing permissions and
15+
* * limitations under the License.
716
*
8-
* http://www.apache.org/licenses/LICENSE-2.0
9-
*
10-
* Unless required by applicable law or agreed to in writing, software
11-
* distributed under the License is distributed on an "AS IS" BASIS,
12-
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13-
* See the License for the specific language governing permissions and
14-
* limitations under the License.
1517
*/
18+
1619
package ch.swisscom.mid.client.utils;
1720

21+
import ch.swisscom.mid.client.config.ConfigurationException;
22+
import ch.swisscom.mid.client.model.DataAssemblyException;
23+
import ch.swisscom.mid.client.model.Traceable;
24+
25+
import javax.xml.datatype.DatatypeConfigurationException;
26+
import javax.xml.datatype.DatatypeFactory;
27+
import javax.xml.datatype.XMLGregorianCalendar;
1828
import java.nio.charset.StandardCharsets;
1929
import java.util.Base64;
2030
import java.util.GregorianCalendar;
2131
import java.util.List;
2232
import java.util.UUID;
2333

24-
import javax.xml.datatype.DatatypeConfigurationException;
25-
import javax.xml.datatype.DatatypeFactory;
26-
import javax.xml.datatype.XMLGregorianCalendar;
27-
28-
import ch.swisscom.mid.client.config.ConfigurationException;
29-
import ch.swisscom.mid.client.model.DataAssemblyException;
30-
import ch.swisscom.mid.client.model.Traceable;
31-
3234
public class Utils {
3335

3436
public static void configNotNull(Object target, String errorMessage) throws ConfigurationException {

mid-java-client-rest/pom.xml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
<parent>
77
<groupId>ch.mobileid.mid-java-client</groupId>
88
<artifactId>mid-java-client-parent</artifactId>
9-
<version>1.5.6</version>
9+
<version>1.5.7</version>
1010
</parent>
1111

1212
<artifactId>mid-java-client-rest</artifactId>
@@ -77,7 +77,5 @@
7777
<version>1.18.30</version>
7878
<scope>provided</scope>
7979
</dependency>
80-
8180
</dependencies>
82-
8381
</project>

mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/FaultProcessor.java

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -15,20 +15,18 @@
1515
*/
1616
package ch.swisscom.mid.client.rest;
1717

18-
import org.apache.hc.client5.http.HttpHostConnectException;
19-
20-
import java.io.IOException;
21-
import java.net.ConnectException;
22-
import java.net.SocketTimeoutException;
23-
24-
import javax.net.ssl.SSLException;
25-
2618
import ch.swisscom.mid.client.model.FailureReason;
2719
import ch.swisscom.mid.client.model.Fault;
2820
import ch.swisscom.mid.client.model.StatusCode;
2921
import ch.swisscom.mid.client.rest.model.fault.Code;
3022
import ch.swisscom.mid.client.rest.model.fault.MSSFault;
3123
import ch.swisscom.mid.client.rest.model.fault.SubCode;
24+
import org.apache.hc.client5.http.HttpHostConnectException;
25+
26+
import javax.net.ssl.SSLException;
27+
import java.io.IOException;
28+
import java.net.ConnectException;
29+
import java.net.SocketTimeoutException;
3230

3331
public class FaultProcessor {
3432

mid-java-client-soap/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
<parent>
77
<groupId>ch.mobileid.mid-java-client</groupId>
88
<artifactId>mid-java-client-parent</artifactId>
9-
<version>1.5.6</version>
9+
<version>1.5.7</version>
1010
</parent>
1111

1212
<artifactId>mid-java-client-soap</artifactId>

mid-java-client-usage/pom.xml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
<parent>
77
<groupId>ch.mobileid.mid-java-client</groupId>
88
<artifactId>mid-java-client-parent</artifactId>
9-
<version>1.5.6</version>
9+
<version>1.5.7</version>
1010
</parent>
1111

1212
<artifactId>mid-java-client-usage</artifactId>
@@ -125,7 +125,8 @@
125125
<goal>assemble</goal>
126126
</goals>
127127
<configuration>
128-
<assembleDirectory>${project.build.directory}/release/mid-client-${project.version}</assembleDirectory>
128+
<assembleDirectory>${project.build.directory}/release/mid-client-${project.version}
129+
</assembleDirectory>
129130
<programs>
130131
<program>
131132
<mainClass>ch.swisscom.mid.client.cli.Cli</mainClass>

0 commit comments

Comments
 (0)