search

open-eid / digidoc4j

DigiDoc for Java. Javadoc:
http://open-eid.github.io/digidoc4j
GNU Lesser General Public License v2.1
72 stars 40 forks source link

DataToSign deserialization doesn't work for library releases started from 2.x #56

Closed vadimkim closed 5 years ago

vadimkim commented 5 years ago

Summary When DataToSign object is de-serialized ConfigurationSingeltonHolder creates new default configuration from YAML file. If system property "digidoc4j.mode" is not set-up than it is "PROD" by default. This leads to corrupted initial container configuration and there is no way to restore container configuration settings that DataToSign was initially created with.

BDocSerializationTest (twoStepSigningWithSerialization()) doesn't show this error due to global variable set-up at AbstractTest: this.setGlobalMode(Configuration.Mode.TEST); It loads default TEST configuration all the time and there is no check of modified configuration parameters.

Impact

Scope Latest release and 2.1.0 were tested and both are affected. Probably entire 2.x branch is affected. 1.0.7.2 release is not affected.

Test code

@Test
public void twoStepSigningWithVanillaConf()  throws ClassNotFoundException, Base64DecodingException, ParseException, IOException, CertificateException {
    String signCertificate = " ...... put any X509 PEM encoded cert here......"
    Configuration configuration = new Configuration(Configuration.Mode.TEST);
    configuration.setOcspSource("http://aia.demo.sk.ee/esteid2018");

    Container container = ContainerBuilder
        .aContainer()
        .withConfiguration(configuration)
        .withDataFile(new ByteArrayInputStream("funny_rabbit".getBytes()), "test.txt", "text/plain")
        .build();

    X509Certificate sigCert =
        (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signCertificate.getBytes()));

    DataToSign dataToSign = SignatureBuilder.aSignature(container)
        .withSigningCertificate(sigCert).buildDataToSign();

    String serialized = serializeObjectToString(dataToSign);

    // Here comes configuration reset and new default configuration is created. 
    // Any configuration settings like OCSP source above are lost
    dataToSign = (DataToSign) deserializeObjectFromString(serialized);
    System.out.println(dataToSign.getSignatureParameters().getSignatureId());
  }

 private String serializeObjectToString(Object object) throws IOException {
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    ObjectOutputStream oos = new ObjectOutputStream(bos);
    oos.writeObject(object);
    oos.close();
    bos.close();
    byte[] output = bos.toByteArray();
    return Base64.encode(output);
  }

  private Object deserializeObjectFromString(String object)
      throws IOException, ClassNotFoundException, ParseException, Base64DecodingException {
    ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(Base64.decode(object)));
    return ois.readObject();
  }

Debug output (some lines are stripped-out)

06.12.2018 16:11:15.843 DEBUG [main] [org.digidoc4j.Configuration.<init>:216] - ------------------------ <MODE: TEST> ------------------------
06.12.2018 16:11:15.860 DEBUG [main] [org.digidoc4j.Configuration.loadConfiguration:336] - Loading configuration from file <digidoc4j.yaml>
06.12.2018 16:11:15.861 DEBUG [main] [org.digidoc4j.Configuration.loadConfiguration:342] - Configuration file <digidoc4j.yaml> not found. Trying to search from jar file
06.12.2018 16:11:15.987 DEBUG [main] [org.digidoc4j.Configuration.mapToJDigiDocConfiguration:1399] - loading JDigiDoc configuration
06.12.2018 16:11:15.987 DEBUG [main] [org.digidoc4j.Configuration.loadInitialConfigurationValues:1174] - ------------------------ LOADING INITIAL CONFIGURATION ------------------------
06.12.2018 16:11:15.987 DEBUG [main] [org.digidoc4j.Configuration.defaultIfNull:1277] - Parameter: DIGIDOC_SECURITY_PROVIDER
06.12.2018 16:11:15.988 DEBUG [main] [org.digidoc4j.Configuration.defaultIfNull:1277] - Parameter: DIGIDOC_SECURITY_PROVIDER_NAME
...
...
06.12.2018 16:11:15.998 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TspsCount> to <0>
06.12.2018 16:11:15.998 DEBUG [main] [org.digidoc4j.Configuration.getConfigurationParameter:1561] - Requested parameter <AllowASN1UnsafeInteger> not found
06.12.2018 16:11:15.998 DEBUG [main] [org.digidoc4j.Configuration.initDefaultValues:1131] - ------------------------ DEFAULTS ------------------------
06.12.2018 16:11:16.001 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <ConnectionTimeoutInMillis> to <1000>
06.12.2018 16:11:16.001 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <SocketTimeoutInMillis> to <1000>
06.12.2018 16:11:16.001 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TslKeyStorePassword> to <digidoc4j-password>
06.12.2018 16:11:16.001 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <RevocationAndTimestampDeltaInMinutes> to <1440>
06.12.2018 16:11:16.001 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TslCacheExpirationTimeInMillis> to <86400000>
06.12.2018 16:11:16.001 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <AllowedTimestampAndOCSPResponseDeltaInMinutes> to <15>
06.12.2018 16:11:16.002 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <SignatureProfile> to <LT>
06.12.2018 16:11:16.002 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <SignatureDigestAlgorithm> to <SHA256>
06.12.2018 16:11:16.002 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <IsFullSimpleReportNeeded> to <false>
06.12.2018 16:11:16.002 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TspSource> to <http://demo.sk.ee/tsa>
06.12.2018 16:11:16.002 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TslLocation> to <https://open-eid.github.io/test-TL/tl-mp-test-EE.xml>
06.12.2018 16:11:16.002 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TslKeyStoreLocation> to <keystore/test-keystore.jks>
...
...
06.12.2018 16:11:16.008 DEBUG [main] [org.digidoc4j.Configuration.getConfigurationParameter:1561] - Requested parameter <AllowASN1UnsafeInteger> not found
06.12.2018 16:11:16.008 DEBUG [main] [org.digidoc4j.Configuration.<init>:220] - ------------------------ </MODE: TEST> ------------------------
06.12.2018 16:11:16.009 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <OcspSource> to <http://aia.demo.sk.ee/esteid2018>
...
...
06.12.2018 16:11:17.138 DEBUG [main] [o.d.i.a.xades.XadesSigningDssFacade.getDataToSign:92] - Got data to sign from DSS
06.12.2018 16:11:17.139 DEBUG [main] [org.digidoc4j.SignatureParameters.setSignatureId:122] - Set signature id to id-d3a6673547a8c679879c4b4ddd1904b5
....... Here comes deserialization....
06.12.2018 16:14:49.144 DEBUG [main] [org.digidoc4j.ConfigurationRegistry.readObject:68] - Seal <a9884f8a698b315d45b1d326057b4f0f> found
06.12.2018 16:14:49.145 INFO  [main] [o.d.i.ConfigurationSingeltonHolder.getInstance:33] - Creating a new configuration instance
06.12.2018 16:14:49.146 DEBUG [main] [org.digidoc4j.Configuration.<init>:216] - ------------------------ <MODE: PROD> ------------------------
06.12.2018 16:14:49.146 DEBUG [main] [org.digidoc4j.Configuration.loadConfiguration:336] - Loading configuration from file <digidoc4j.yaml>
06.12.2018 16:14:49.147 DEBUG [main] [org.digidoc4j.Configuration.loadConfiguration:342] - Configuration file <digidoc4j.yaml> not found. Trying to search from jar file
06.12.2018 16:14:49.290 DEBUG [main] [org.digidoc4j.Configuration.mapToJDigiDocConfiguration:1399] - loading JDigiDoc configuration
06.12.2018 16:14:49.290 DEBUG [main] [org.digidoc4j.Configuration.loadInitialConfigurationValues:1174] - ------------------------ LOADING INITIAL CONFIGURATION ------------------------
06.12.2018 16:14:49.290 DEBUG [main] [org.digidoc4j.Configuration.defaultIfNull:1277] - Parameter: DIGIDOC_SECURITY_PROVIDER
06.12.2018 16:14:49.291 DEBUG [main] [org.digidoc4j.Configuration.defaultIfNull:1277] - Parameter: DIGIDOC_SECURITY_PROVIDER_NAME
...
...
06.12.2018 16:14:49.301 DEBUG [main] [org.digidoc4j.Configuration.getConfigurationParameter:1561] - Requested parameter <AllowASN1UnsafeInteger> not found
06.12.2018 16:14:49.302 DEBUG [main] [org.digidoc4j.Configuration.initDefaultValues:1131] - ------------------------ DEFAULTS ------------------------
06.12.2018 16:14:49.302 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <ConnectionTimeoutInMillis> to <1000>
06.12.2018 16:14:49.303 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <SocketTimeoutInMillis> to <1000>
06.12.2018 16:14:49.303 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TslKeyStorePassword> to <digidoc4j-password>
06.12.2018 16:14:49.304 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <RevocationAndTimestampDeltaInMinutes> to <1440>
06.12.2018 16:14:49.304 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TslCacheExpirationTimeInMillis> to <86400000>
06.12.2018 16:14:49.304 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <AllowedTimestampAndOCSPResponseDeltaInMinutes> to <15>
06.12.2018 16:14:49.305 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <SignatureProfile> to <LT>
06.12.2018 16:14:49.305 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <SignatureDigestAlgorithm> to <SHA256>
06.12.2018 16:14:49.305 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <IsFullSimpleReportNeeded> to <false>
06.12.2018 16:14:49.306 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TspSource> to <http://tsa.sk.ee>
06.12.2018 16:14:49.306 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TslLocation> to <https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml>
06.12.2018 16:14:49.306 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TslKeyStoreLocation> to <keystore/keystore.jks>
06.12.2018 16:14:49.307 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <ValidationPolicy> to <conf/constraint.xml>
06.12.2018 16:14:49.307 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <OcspSource> to <http://ocsp.sk.ee/>
...
...
06.12.2018 16:14:49.321 DEBUG [main] [org.digidoc4j.Configuration.setConfigurationParameter:1540] - Setting parameter <TspsCount> to <0>
06.12.2018 16:14:49.322 DEBUG [main] [org.digidoc4j.Configuration.getConfigurationParameter:1561] - Requested parameter <AllowASN1UnsafeInteger> not found
06.12.2018 16:14:49.322 DEBUG [main] [org.digidoc4j.Configuration.<init>:220] - ------------------------ </MODE: PROD> ------------------------
06.12.2018 16:14:49.326 DEBUG [main] [org.digidoc4j.ConfigurationRegistry.checkCurrentConfiguration:86] - Seal a9884f8a698b315d45b1d326057b4f0f != 72dfc42a1a123e5e8cbeeb5a8edae4e4
06.12.2018 16:14:49.327 INFO  [main] [org.digidoc4j.ConfigurationRegistry.checkCurrentConfiguration:89] - Overwriting deserialized registry with current one
naare commented 5 years ago

This is known issue. Will be fixed in next release 3.0.0.

sander85 commented 5 years ago

What's the planned release date for 3.0.0?

naare commented 5 years ago

Version 3.0.0 has been released. Please retest and give feedback.