Merge pull request #388 from slovensko-digital/add-xml-setting

Blokovanie podpisu neznámeho XML

src/main/java/digital/slovensko/autogram/core/AppStarter.java

@@ -25,7 +25,8 @@ public class AppStarter {
         addOption(null, "slot-id", true, "Slot ID for PKCS11 driver. If not specified, first available slot is used.").
         addOption(null, "pdf-level", true, "PDF signature level. Supported values: PAdES_BASELINE_B (default), XAdES_BASELINE_B, CAdES_BASELINE_B.").
         addOption(null, "en319132", false, "Sign according to EN 319 132 or EN 319 122.").
-        addOption(null, "tsa-server", true, "Url of TimeStamp Authority server that should be used for timestamping in signature level BASELINE_T. If provided, BASELINE_T signatures are made.");
+        addOption(null, "tsa-server", true, "Url of TimeStamp Authority server that should be used for timestamping in signature level BASELINE_T. If provided, BASELINE_T signatures are made.").
+        addOption(null, "plain-xml", false, "Enable signing plain (non-slovak-eform) XML files.");
 
     public static void start(String[] args) {
         try {

src/main/java/digital/slovensko/autogram/core/Autogram.java

@@ -262,4 +262,8 @@ public void initializeSignatureValidator(ScheduledExecutorService scheduledExecu
     public TSPSource getTspSource() {
         return settings.getTspSource();
     }
+
+    public boolean isPlainXmlEnabled() {
+        return settings.isPlainXmlEnabled();
+    }
 }

src/main/java/digital/slovensko/autogram/core/SigningJob.java

@@ -179,21 +179,21 @@ public static SigningJob buildFromRequest(DSSDocument document, SigningParameter
         return build(document, params, responder);
     }
 
-    public static SigningJob buildFromFile(File file, Responder responder, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource) {
+    public static SigningJob buildFromFile(File file, Responder responder, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource, boolean plainXmlEnabled) {
         var document = createDSSFileDocumentFromFile(file);
-        var parameters = getParametersForFile(document, checkPDFACompliance, signatureType, isEn319132, tspSource);
+        var parameters = getParametersForFile(document, checkPDFACompliance, signatureType, isEn319132, tspSource, plainXmlEnabled);
         return build(document, parameters, responder);
     }
 
-    private static SigningParameters getParametersForFile(FileDocument document, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource) {
+    private static SigningParameters getParametersForFile(FileDocument document, boolean checkPDFACompliance, SignatureLevel signatureType, boolean isEn319132, TSPSource tspSource, boolean plainXmlEnabled) {
         var level = SignatureValidator.getSignedDocumentSignatureLevel(document);
         if (level != null) switch (level) {
             case PAdES_BASELINE_B:
                 return SigningParameters.buildForPDF(document, checkPDFACompliance, isEn319132, tspSource);
             case XAdES_BASELINE_B:
-                return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource);
+                return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource, plainXmlEnabled);
             case CAdES_BASELINE_B:
-                return SigningParameters.buildForASiCWithCAdES(document, isEn319132, tspSource);
+                return SigningParameters.buildForASiCWithCAdES(document, isEn319132, tspSource, plainXmlEnabled);
             default:
                 ;
         }
@@ -203,14 +203,14 @@ private static SigningParameters getParametersForFile(FileDocument document, boo
             case PAdES_BASELINE_B:
                 return SigningParameters.buildForPDF(document, checkPDFACompliance, isEn319132, tspSource);
             case XAdES_BASELINE_B:
-                return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource);
+                return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource, plainXmlEnabled);
             case CAdES_BASELINE_B:
-                return SigningParameters.buildForASiCWithCAdES(document, isEn319132, tspSource);
+                return SigningParameters.buildForASiCWithCAdES(document, isEn319132, tspSource, plainXmlEnabled);
             default:
                 ;
         }
 
-        return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource);
+        return SigningParameters.buildForASiCWithXAdES(document, isEn319132, tspSource, plainXmlEnabled);
     }
 
     public boolean shouldCheckPDFCompliance() {

src/main/java/digital/slovensko/autogram/core/SigningParameters.java

@@ -5,6 +5,7 @@
 import digital.slovensko.autogram.core.eforms.EFormAttributes;
 import digital.slovensko.autogram.core.errors.AutogramException;
 import digital.slovensko.autogram.core.errors.SigningParametersException;
+import digital.slovensko.autogram.core.errors.UnknownEformException;
 import digital.slovensko.autogram.util.AsicContainerUtils;
 import digital.slovensko.autogram.core.eforms.EFormResources;
 import digital.slovensko.autogram.core.eforms.EFormUtils;
@@ -193,22 +194,22 @@ public static SigningParameters buildFromRequest(SignatureLevel level, ASiCConta
             String keyInfoCanonicalization, String schema, String transformation, String identifier,
             boolean checkPDFACompliance, int preferredPreviewWidth, boolean autoLoadEform, boolean embedUsedSchemas,
             String xsdIdentifier, String xsltIdentifier, String xsltLanguage, String xsltType, String xsltTarget,
-            DSSDocument document, TSPSource tspSource) throws AutogramException {
+            DSSDocument document, TSPSource tspSource, boolean plainXmlEnabled) throws AutogramException {
 
         return buildParameters(level, container, containerXmlns, packaging, digestAlgorithm, en319132,
                 infoCanonicalization, propertiesCanonicalization, keyInfoCanonicalization, schema, transformation,
                 identifier, checkPDFACompliance, preferredPreviewWidth, autoLoadEform, embedUsedSchemas, xsdIdentifier,
                 new XsltParams(xsltIdentifier, xsltLanguage, xsltType, xsltTarget, null),
-                document, tspSource);
+                document, tspSource, plainXmlEnabled);
     }
 
     private static SigningParameters buildParameters(SignatureLevel level, ASiCContainerType container,
             String containerXmlns, SignaturePackaging packaging, DigestAlgorithm digestAlgorithm,
             Boolean en319132, String infoCanonicalization, String propertiesCanonicalization,
             String keyInfoCanonicalization, String schema, String transformation, String identifier,
             boolean checkPDFACompliance, int preferredPreviewWidth, boolean autoLoadEform, boolean embedUsedSchemas,
-            String xsdIdentifier, XsltParams xsltParams, DSSDocument document, TSPSource tspSource)
-            throws AutogramException {
+            String xsdIdentifier, XsltParams xsltParams, DSSDocument document, TSPSource tspSource,
+            boolean plainXmlEnabled) throws AutogramException {
 
         if (level == null)
             throw new SigningParametersException("Nebol zadaný typ podpisu", "Typ/level podpisu je povinný atribút");
@@ -274,6 +275,9 @@ private static SigningParameters buildParameters(SignatureLevel level, ASiCConta
                 throw new SigningParametersException("Nesprávny typ dokumentu", "Zadaný dokument nemožno podpísať ako elektronický formulár v XML Datacontaineri");
         }
 
+        if (!plainXmlEnabled && (isXML(extractedDocumentMimeType) || isXDC(extractedDocumentMimeType)) && (transformation == null))
+            throw new UnknownEformException();
+
         return new SigningParameters(level, container, containerXmlns, packaging, digestAlgorithm, en319132,
                 infoCanonicalization, propertiesCanonicalization, keyInfoCanonicalization, schema, transformation,
                 identifier, checkPDFACompliance, preferredPreviewWidth, autoLoadEform, embedUsedSchemas, xsdIdentifier,
@@ -285,23 +289,23 @@ public static SigningParameters buildForPDF(DSSDocument document, boolean checkP
                 (tspSource == null) ? SignatureLevel.PAdES_BASELINE_B : SignatureLevel.PAdES_BASELINE_T,
                 null, null, null, DigestAlgorithm.SHA256, signAsEn319132, null,
                 null, null, null, null, "",
-                checkPDFACompliance, 640, false, false, null, null, document, tspSource);
+                checkPDFACompliance, 640, false, false, null, null, document, tspSource, true);
     }
 
-    public static SigningParameters buildForASiCWithXAdES(DSSDocument document, boolean signAsEn319132, TSPSource tspSource) throws AutogramException {
+    public static SigningParameters buildForASiCWithXAdES(DSSDocument document, boolean signAsEn319132, TSPSource tspSource, boolean plainXmlEnabled) throws AutogramException {
         return buildParameters(
                 (tspSource == null) ? SignatureLevel.XAdES_BASELINE_B : SignatureLevel.XAdES_BASELINE_T,
                 ASiCContainerType.ASiC_E, null, SignaturePackaging.ENVELOPING, DigestAlgorithm.SHA256, signAsEn319132, null,
                 null, null, null, null, "",
-                false, 640, true, false, null, null, document, tspSource);
+                false, 640, true, false, null, null, document, tspSource, plainXmlEnabled);
     }
 
-    public static SigningParameters buildForASiCWithCAdES(DSSDocument document, boolean signAsEn319132, TSPSource tspSource) throws AutogramException {
+    public static SigningParameters buildForASiCWithCAdES(DSSDocument document, boolean signAsEn319132, TSPSource tspSource, boolean plainXmlEnabled) throws AutogramException {
         return buildParameters(
                 (tspSource == null) ? SignatureLevel.CAdES_BASELINE_B : SignatureLevel.CAdES_BASELINE_T,
                 ASiCContainerType.ASiC_E, null, SignaturePackaging.ENVELOPING, DigestAlgorithm.SHA256, signAsEn319132, null,
                 null, null, null, null, "",
-                false, 640, true, false, null, null, document, tspSource);
+                false, 640, true, false, null, null, document, tspSource, plainXmlEnabled);
     }
 
     public String getIdentifier() {

src/main/java/digital/slovensko/autogram/core/UserSettings.java

@@ -15,6 +15,7 @@ public class UserSettings implements PasswordManagerSettings, SignatureTokenSett
     private String driver;
     private int slotIndex;
     private boolean en319132;
+    private boolean plainXmlEnabled;
     private boolean signIndividually;
     private boolean correctDocumentDisplay;
     private boolean signaturesValidity;
@@ -38,6 +39,7 @@ public static UserSettings load() {
         settings.setSlotIndex(prefs.getInt("SLOT_INDEX", -1));
         settings.setEn319132(prefs.getBoolean("EN319132", false));
         settings.setBulkEnabled(prefs.getBoolean("BULK_ENABLED", false));
+        settings.setPlainXmlEnabled(prefs.getBoolean("PLAIN_XML_ENABLED", false));
         settings.setSignIndividually(prefs.getBoolean("SIGN_INDIVIDUALLY", true));
         settings.setCorrectDocumentDisplay(prefs.getBoolean("CORRECT_DOCUMENT_DISPLAY", true));
         settings.setSignaturesValidity(prefs.getBoolean("SIGNATURES_VALIDITY", true));
@@ -61,6 +63,7 @@ public void save() {
         prefs.putInt("SLOT_INDEX", slotIndex);
         prefs.putBoolean("EN319132", en319132);
         prefs.putBoolean("BULK_ENABLED", bulkEnabled);
+        prefs.putBoolean("PLAIN_XML_ENABLED", plainXmlEnabled);
         prefs.putBoolean("SIGN_INDIVIDUALLY", signIndividually);
         prefs.putBoolean("CORRECT_DOCUMENT_DISPLAY", correctDocumentDisplay);
         prefs.putBoolean("SIGNATURES_VALIDITY", signaturesValidity);
@@ -110,6 +113,14 @@ public void setDriver(String driver) {
         this.driver = driver;
     }
 
+    public boolean isPlainXmlEnabled() {
+        return plainXmlEnabled;
+    }
+
+    public void setPlainXmlEnabled(boolean value) {
+        this.plainXmlEnabled = value;
+    }
+
     public boolean isEn319132() {
         return en319132;
     }

src/main/java/digital/slovensko/autogram/core/errors/UnknownEformException.java

@@ -0,0 +1,7 @@
+package digital.slovensko.autogram.core.errors;
+
+public class UnknownEformException  extends AutogramException {
+    public UnknownEformException() {
+        super("Neznámy formulár", "Formulár nie je možné podpísať", "Zvolený dokument nie je možné podpísať ako štátny elektronický formulár. Ak ste chceli podpísať elektronický formulár, ozvite sa nám, prosím, emailom na [email protected]");
+    }
+}

src/main/java/digital/slovensko/autogram/server/SignEndpoint.java

@@ -29,7 +29,7 @@ public void handle(HttpExchange exchange) throws IOException {
 
             var responder = body.getBatchId() == null ? new ServerResponder(exchange)
                     : new ResponderInBatch(new ServerResponder(exchange), autogram.getBatch(body.getBatchId()));
-            var job = SigningJob.buildFromRequest(body.getDocument(), body.getParameters(autogram.getTspSource()), responder);
+            var job = SigningJob.buildFromRequest(body.getDocument(), body.getParameters(autogram.getTspSource(), autogram.isPlainXmlEnabled()), responder);
 
             if (body.getBatchId() != null)
                 autogram.batchSign(job, body.getBatchId());

src/main/java/digital/slovensko/autogram/server/dto/ServerSigningParameters.java

@@ -103,7 +103,7 @@ public ServerSigningParameters(SignatureLevel level, ASiCContainerType container
         this.transformationTargetEnvironment = transformationTargetEnvironment;
     }
 
-    public SigningParameters getSigningParameters(boolean isBase64, DSSDocument document, TSPSource tspSource) {
+    public SigningParameters getSigningParameters(boolean isBase64, DSSDocument document, TSPSource tspSource, boolean plainXmlEnabled) {
         return SigningParameters.buildFromRequest(
                 getSignatureLevel(),
                 getContainer(),
@@ -120,7 +120,8 @@ identifier, checkPDFACompliance, getVisualizationWidth(), autoLoadEform, embedUs
                 schemaIdentifier, transformationIdentifier, transformationLanguage,
                 getTransformationMediaDestinationTypeDescription(), transformationTargetEnvironment,
                 document,
-                tspSource);
+                tspSource,
+                plainXmlEnabled);
     }
 
     private String getTransformation(boolean isBase64) throws MalformedBodyException {

src/main/java/digital/slovensko/autogram/server/dto/SignRequestBody.java

@@ -57,8 +57,8 @@ public void validateSigningParameters() throws RequestValidationException, Malfo
         parameters.validate(getDocument().getMimeType());
     }
 
-    public SigningParameters getParameters(TSPSource tspSource) {
-        return parameters.getSigningParameters(isBase64(), getDocument(), tspSource);
+    public SigningParameters getParameters(TSPSource tspSource, boolean plainXmlEnabled) {
+        return parameters.getSigningParameters(isBase64(), getDocument(), tspSource, plainXmlEnabled);
     }
 
     public String getBatchId() {

src/main/java/digital/slovensko/autogram/ui/BatchGuiFileResponder.java

@@ -28,15 +28,17 @@ public class BatchGuiFileResponder extends BatchResponder {
     private final SignatureLevel pDFSignatureLevel;
     private final boolean isEn319132;
     private final TSPSource tspSource;
+    private final boolean plainXmlEnabled;
 
-    public BatchGuiFileResponder(Autogram autogram, List<File> list, Path targetDirectory, boolean checkPDFACompliance, SignatureLevel pDFSignatureLevel, boolean signPDFAsPades, boolean isEn319132, TSPSource tspSource) {
+    public BatchGuiFileResponder(Autogram autogram, List<File> list, Path targetDirectory, boolean checkPDFACompliance, SignatureLevel pDFSignatureLevel, boolean signPDFAsPades, boolean isEn319132, TSPSource tspSource, boolean plainXmlEnabled) {
         this.autogram = autogram;
         this.list = list;
         this.checkPDFACompliance = checkPDFACompliance;
         this.pDFSignatureLevel = pDFSignatureLevel;
         this.isEn319132 = isEn319132;
         this.targetPath = TargetPath.fromTargetDirectory(targetDirectory, signPDFAsPades);
         this.tspSource = tspSource;
+        this.plainXmlEnabled = plainXmlEnabled;
     }
 
     @Override
@@ -62,7 +64,7 @@ public void onBatchStartSuccess(Batch batch) {
                     onAllFilesSigned(batch);
                 }), batch);
 
-                var job = SigningJob.buildFromFile(file, responder, checkPDFACompliance, pDFSignatureLevel, isEn319132, tspSource);
+                var job = SigningJob.buildFromFile(file, responder, checkPDFACompliance, pDFSignatureLevel, isEn319132, tspSource, plainXmlEnabled);
                 autogram.batchSign(job, batch.getBatchId());
             } catch (AutogramException e) {
                 autogram.onSigningFailed(e);

src/main/java/digital/slovensko/autogram/ui/cli/CliApp.java

@@ -32,7 +32,7 @@ public static void start(CommandLine cmd) {
             var jobs = Arrays.stream(sourceList).filter(f -> f.isFile())
                     .map(f -> SigningJob.buildFromFile(f, new SaveFileResponder(f, autogram, targetPathBuilder),
                             settings.isPdfaCompliance(), settings.getSignatureLevel(), settings.isEn319132(),
-                            settings.getTspSource()))
+                            settings.getTspSource(), settings.isPlainXmlEnabled()))
                     .toList();
             if (settings.isPdfaCompliance()) {
                 jobs.forEach(job -> {

src/main/java/digital/slovensko/autogram/ui/cli/CliSettings.java

@@ -33,6 +33,7 @@ public static CliSettings fromCmd(CommandLine cmd) {
         settings.setTsaServer(cmd.getOptionValue("tsa-server", null));
         settings.setTsaEnabled(settings.getTsaServer() != null);
         settings.setBulkEnabled(true);
+        settings.setPlainXmlEnabled(cmd.hasOption("plain-xml"));
 
         return settings;
     }

src/main/java/digital/slovensko/autogram/ui/gui/MainMenuController.java

@@ -112,12 +112,12 @@ private void signFiles(List<File> list) {
             var file = filesList.get(0);
             var job = SigningJob.buildFromFile(file,
                     new SaveFileResponder(file, autogram, userSettings.shouldSignPDFAsPades()),
-                    userSettings.isPdfaCompliance(), userSettings.getSignatureLevel(), userSettings.isEn319132(), tspSource);
+                    userSettings.isPdfaCompliance(), userSettings.getSignatureLevel(), userSettings.isEn319132(), tspSource, userSettings.isPlainXmlEnabled());
             autogram.sign(job);
         } else {
             autogram.batchStart(filesList.size(), new BatchGuiFileResponder(autogram, filesList,
                     filesList.get(0).toPath().getParent().resolve("signed"), userSettings.isPdfaCompliance(),
-                    userSettings.getSignatureLevel(), userSettings.shouldSignPDFAsPades(), userSettings.isEn319132(), tspSource));
+                    userSettings.getSignatureLevel(), userSettings.shouldSignPDFAsPades(), userSettings.isEn319132(), tspSource, userSettings.isPlainXmlEnabled()));
         }
     }
 
@@ -136,7 +136,7 @@ private void signDirectory(File dir) {
         autogram.batchStart(filesList.size(),
                 new BatchGuiFileResponder(autogram, filesList, targetDirectory, userSettings.isPdfaCompliance(),
                         userSettings.getSignatureLevel(), userSettings.shouldSignPDFAsPades(),
-                        userSettings.isEn319132(), tspSource));
+                        userSettings.isEn319132(), tspSource, userSettings.isPlainXmlEnabled()));
     }
 
     public void onAboutButtonAction() {

src/main/java/digital/slovensko/autogram/ui/gui/SettingsDialogController.java

@@ -31,6 +31,8 @@ public class SettingsDialogController {
     @FXML
     private HBox en319132Radios;
     @FXML
+    private HBox plainXmlEnabledRadios;
+    @FXML
     private ChoiceBox<TokenDriver> driverChoiceBox;
     @FXML
     private VBox trustedCountriesList;
@@ -71,6 +73,7 @@ public void initialize() {
         initializeTsaServer();
         initializeBulkEnabledCheckbox();
         initializeEn319132CheckBox();
+        initializePlainXmlEnabledCheckBox();
         initializeCorrectDocumentDisplayCheckBox();
         initializeSignatureValidationCheckBox();
         initializeCheckPDFAComplianceCheckBox();
@@ -178,6 +181,10 @@ private void initializeEn319132CheckBox() {
         initializeBooleanRadios(en319132Radios, t -> userSettings.setEn319132(t), userSettings.isEn319132());
     }
 
+    private void initializePlainXmlEnabledCheckBox() {
+        initializeBooleanRadios(plainXmlEnabledRadios, t -> userSettings.setPlainXmlEnabled(t), userSettings.isPlainXmlEnabled());
+    }
+
     private void initializeCorrectDocumentDisplayCheckBox() {
         initializeBooleanRadios(correctDocumentDisplayRadios, t -> userSettings.setCorrectDocumentDisplay(t),
                 userSettings.isCorrectDocumentDisplay());