Support for @firma 1.5.0

Author: angelborroy-ks

README.md

@@ -30,7 +30,7 @@ Windows
 
 Mac OS 
 * Mozilla Firefox: Applet
-* Apple Safari: Applet
+* Apple Safari: Local application (currently not working)
 * Google Chrome: Local application (currently not working)
 
 Linux Ubuntu
@@ -52,7 +52,7 @@ This module uses a software digital certificate or a cryptographic hardware supp
 The plugin is licensed under the [LGPL v3.0](http://www.gnu.org/licenses/lgpl-3.0.html). 
 
 **State**
-Current addon release 1.3.1 is ***PROD***
+Current addon release 1.5.0 is ***PROD***
 
 **Compatibility**
 The current version has been developed using Alfresco 5.0.d and Alfresco SDK 2.1.1, although it runs in Alfresco 5.1.x
@@ -69,8 +69,8 @@ Downloading the ready-to-deploy-plugin
 --------------------------------------
 The binary distribution is made of two amp files:
 
-* [repo AMP](https://github.com/keensoft/alfresco-esign-cert/releases/download/1.3.1/esign-cert-repo.amp)
-* [share AMP](https://github.com/keensoft/alfresco-esign-cert/releases/download/1.3.1/esign-cert-share.amp)
+* [repo AMP](https://github.com/keensoft/alfresco-esign-cert/releases/download/1.5.0/esign-cert-repo.amp)
+* [share AMP](https://github.com/keensoft/alfresco-esign-cert/releases/download/1.5.0/esign-cert-share.amp)
 
 You can install them by using standard [Alfresco deployment tools](http://docs.alfresco.com/community/tasks/dev-extensions-tutorials-simple-module-install-amp.html)
 
@@ -87,12 +87,12 @@ Signing the applet
 ------------------
 You can download plain applet from http://forja-ctt.administracionelectronica.gob.es/web/clienteafirma
 
-Oracle [jarsigner](http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html) can be used to perform a signature on [miniapplet-full_1_4.jar](https://github.com/keensoft/alfresco-esign-cert/raw/master/esign-cert-share/src/main/amp/web/sign/miniapplet-full_1_4.jar). To deploy this change, just replace current JAR for your signed JAR and rebuild the artifacts.
+Oracle [jarsigner](http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html) can be used to perform a signature on [miniapplet-full_1_4.jar](https://github.com/keensoft/alfresco-esign-cert/raw/master/esign-cert-share/src/main/amp/web/sign/miniapplet-full_1_5.jar). To deploy this change, just replace current JAR for your signed JAR and rebuild the artifacts.
 
 Below a sample `jarsigner` invocation is provided
 
 ```
-$ jarsigner -storetype pkcs12 -keystore keensoft_sign_code_valid-until_20170811.pfx miniapplet-full_1_4.jar -tsa http://tss.accv.es:8318/tsa te-9b5d5438-2bb6-435f-8542-6d711bc9784f
+$ jarsigner -storetype pkcs12 -keystore keensoft_sign_code_valid-until_20170811.pfx miniapplet-full_1_5.jar -tsa http://tss.accv.es:8318/tsa te-9b5d5438-2bb6-435f-8542-6d711bc9784f
 ```
 
 

esign-cert-repo/pom.xml

@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>es.keensoft.alfresco</groupId>
     <artifactId>esign-cert-repo</artifactId>
-    <version>1.3.1</version>
+    <version>1.5.0</version>
     <name>esign-cert-repo Repository AMP project</name>
     <packaging>amp</packaging>
     <description>Manages the lifecycle of the esign-cert-repo Repository AMP (Alfresco Module Package)</description>

esign-cert-repo/src/test/java/es/keensoft/test/PAdESLTV.java

@@ -0,0 +1,70 @@
+package es.keensoft.test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.alfresco.service.namespace.QName;
+
+import com.itextpdf.text.pdf.AcroFields;
+import com.itextpdf.text.pdf.PdfPKCS7;
+import com.itextpdf.text.pdf.PdfReader;
+
+import es.keensoft.alfresco.model.SignModel;
+
+public class PAdESLTV {
+	
+	public static void main(String... args) throws Exception {
+		
+		
+		ClassLoader classLoader = PAdESLTV.class.getClassLoader();
+		File file = new File(classLoader.getResource("PADESLTV.pdf").getFile());
+		
+		Provider provider = null;
+        try {
+            Class c =
+            Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
+            java.security.Security.insertProviderAt((java.security.Provider)c.newInstance(), 2000);
+            //provider = "BC";
+            provider = (Provider)c.newInstance();
+            
+        } catch(Exception e) {
+            provider = null;
+               // provider is not available }
+        }		
+		
+		InputStream is = new FileInputStream(file);
+		
+		PdfReader reader = new PdfReader(is);
+        AcroFields af = reader.getAcroFields();
+        ArrayList<String> names = af.getSignatureNames();
+        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+        ks.load(null, null);
+        ArrayList<Map<QName, Serializable>> aspects = new ArrayList<Map<QName, Serializable>>();
+        for (String name : names) {
+            PdfPKCS7 pk = af.verifySignature(name);
+            X509Certificate certificate = pk.getSigningCertificate();
+            
+            //Set aspect properties for each signature
+            Map<QName, Serializable> aspectSignatureProperties = new HashMap<QName, Serializable>(); 
+            if (pk.getSignDate() != null) aspectSignatureProperties.put(SignModel.PROP_DATE, pk.getSignDate().getTime());
+    		aspectSignatureProperties.put(SignModel.PROP_CERTIFICATE_PRINCIPAL, certificate.getSubjectX500Principal().toString());
+    	    aspectSignatureProperties.put(SignModel.PROP_CERTIFICATE_SERIAL_NUMBER, certificate.getSerialNumber().toString());
+    	    aspectSignatureProperties.put(SignModel.PROP_CERTIFICATE_NOT_AFTER, certificate.getNotAfter());
+    	    aspectSignatureProperties.put(SignModel.PROP_CERTIFICATE_ISSUER, certificate.getIssuerX500Principal().toString());   
+    	    aspects.add(aspectSignatureProperties);
+        }
+        
+        System.out.println(aspects);
+		
+		
+	}
+
+}

esign-cert-repo/src/test/resources/PADESLTV.pdf

@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>es.keensoft.alfresco</groupId>
     <artifactId>esign-cert-share</artifactId>
-    <version>1.3.1</version>
+    <version>1.5.0</version>
     <name>esign-cert-share AMP project</name>
     <packaging>amp</packaging>
     <description>Manages the lifecycle of the esign-cert-share AMP (Alfresco Module Package)</description>
@@ -113,4 +113,4 @@
             </dependencies>
         </profile>
     </profiles>
-</project>
+</project>

esign-cert-share/pom.xml

@@ -0,0 +1,14 @@
+
+// Este fichero sirve unicamente para la ejecucion de las paginas de pruebas. No es necesario su uso en
+// el despliegue de las aplicaciones de produccion.
+var Constants = {
+		
+	// IMPORTANTE: PARA PRUEBAS, USAR SIEMPRE UNA IP O NOMBRE DE DOMINIO, NUNCA 'LOCALHOST' O '127.0.0.1'
+	// SI NO SE HACE ASI, AUTOFIRMA BLOQUEARA LA FIRMA POR SEGURIDAD
+	
+	// URL raiz en la que se encuentra el fichero miniapplet-full_1_5.jar
+	URL_BASE_APPLE : "http://XXX:8080/miniapplet",
+
+	// URL raiz en la que se despliegan los servicios
+	URL_BASE_SERVICES : "http://XXX:8080"
+};