Allow to specify User-Agent info (#594)

IB-8023

Signed-off-by: Raul Metsma <[email protected]>

examples/DigiDocCSharp/DigiDocCSharp.csproj

@@ -2,12 +2,11 @@
   <PropertyGroup>
     <TargetFramework>net472</TargetFramework>
     <OutputType>Exe</OutputType>
-    <AssemblyVersion>0.5.0.0</AssemblyVersion>
-    <FileVersion>0.5.0.0</FileVersion>
+    <Version>0.6.0.0</FileVersion>
     <Copyright>Copyright ©  2015</Copyright>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(OS)' == 'Windows_NT' ">
-    <DefineConstants>_WINDOWS</DefineConstants>
+    <DefineConstants>$(DefineConstants);_WINDOWS</DefineConstants>
   </PropertyGroup>
   <ItemGroup>
     <Folder Include="digidoc\" />

examples/DigiDocCSharp/Program.cs

@@ -40,7 +40,7 @@ private static void Add(string[] args)
             try
             {
                 Console.WriteLine("Creating file: " + args[args.Length - 1]);
-                Container b = Container.create(args[args.Length - 1]);
+                var b = Container.create(args[args.Length - 1]);
                 for (int i = 1; i < args.Length - 1; ++i)
                 {
                     b.addDataFile(args[i], "application/octet-stream");
@@ -60,9 +60,9 @@ private static void Extract(int index, string file)
             try
             {
                 Console.WriteLine("Opening file: " + file);
-                Container b = Container.open(file);
-                DataFile d = b.dataFiles()[index];
-                string dest = Path.Combine(Directory.GetCurrentDirectory(), d.fileName());
+                var b = Container.open(file);
+                var d = b.dataFiles()[index];
+                var dest = Path.Combine(Directory.GetCurrentDirectory(), d.fileName());
                 Console.WriteLine("Extracting file {0} to {1}", d.fileName(), dest);
                 try
                 {
@@ -114,7 +114,7 @@ private static void Sign(string[] args)
             try
             {
                 Console.WriteLine("Creating file: " + args[args.Length - 1]);
-                Container b = Container.create(args[args.Length - 1]);
+                var b = Container.create(args[args.Length - 1]);
 #if _WINDOWS
                 for (int i = 1; i < args.Length - 1; ++i)
 #else
@@ -148,26 +148,27 @@ private static void Websign(string[] args)
             try
             {
                 Console.WriteLine("Creating file: " + args[args.Length - 1]);
-                Container b = Container.create(args[args.Length - 1]);
+                var b = Container.create(args[args.Length - 1]);
                 for (int i = 1; i < args.Length - 2; ++i)
                 {
                     b.addDataFile(args[i], "application/octet-stream");
                 }
 
                 var cert = new X509Certificate(args[args.Length - 2]);
-                Signature c = b.prepareWebSignature(cert.Export(X509ContentType.Cert), "time-stamp");
+                var signer = new ExternalSigner(cert.Export(X509ContentType.Cert));
+                var c = b.prepareSignature(signer);
                 Console.WriteLine("Signature method: " + c.signatureMethod());
                 Console.WriteLine("Digest to sign: " + BitConverter.ToString(c.dataToSign()).Replace("-", string.Empty));
                 Console.WriteLine("Please enter signed digest in hex: ");
 
-                byte[] inputBuffer = new byte[1024];
-                Stream inputStream = Console.OpenStandardInput(inputBuffer.Length);
+                var inputBuffer = new byte[1024];
+                var inputStream = Console.OpenStandardInput(inputBuffer.Length);
                 Console.SetIn(new StreamReader(inputStream, Console.InputEncoding, false, inputBuffer.Length));
-                string hex = Console.ReadLine();
+                var hex = Console.ReadLine();
 
-                byte[] signature = Enumerable.Range(0, hex.Length / 2).Select(x => Convert.ToByte(hex.Substring(x * 2, 2), 16)).ToArray();
+                var signature = Enumerable.Range(0, hex.Length / 2).Select(x => Convert.ToByte(hex.Substring(x * 2, 2), 16)).ToArray();
                 c.setSignatureValue(signature);
-                c.extendSignatureProfile("time-stamp");
+                c.extendSignatureProfile(signer);
                 b.save();
             }
             catch (Exception e)
@@ -184,7 +185,7 @@ private static void Verify(string file)
             {
                 Console.WriteLine("Opening file: " + file);
                 var cb = new ContainerOpen();
-                Container b = Container.open(file, cb);
+                var b = Container.open(file, cb);
 
                 Console.WriteLine("Files:");
                 foreach (DataFile d in b.dataFiles())

examples/java/gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

examples/java/src/main/java/ee/ria/libdigidocpp/libdigidocpp.java

@@ -109,14 +109,15 @@ static void websign(String[] args) {
                 b.addDataFile(args[i], "application/octet-stream");
 
             X509Certificate cert = toX509(Files.readAllBytes(Paths.get(args[args.length - 2])));
-            Signature c = b.prepareWebSignature(cert.getEncoded(), "time-stamp");
+            ExternalSigner signer = new ExternalSigner(cert.getEncoded());
+            Signature c = b.prepareSignature(signer);
             System.out.println("Signature method: " + c.signatureMethod());
             System.out.println("Digest to sign: " + HexFormat.of().formatHex(c.dataToSign()));
             System.out.println("Please enter signed digest in hex: ");
 
             String signature = scanner.nextLine();
             c.setSignatureValue(HexFormat.of().parseHex(signature));
-            c.extendSignatureProfile("time-stamp");
+            c.extendSignatureProfile(signer);
             b.save();
         }
         catch (Exception e)
@@ -172,7 +173,7 @@ static void verify(String file) {
     }
 
     static void version() {
-        System.out.println("DigiDocJAVA 0.4 libdigidocpp " + digidoc.version());
+        System.out.println("DigiDocJAVA 0.5 libdigidocpp " + digidoc.version());
     }
 
     static X509Certificate toX509(byte[] der) throws CertificateException {

libdigidocpp.dox

@@ -928,7 +928,7 @@ signature->setSignatureValue(signatureValue);
 
 5. Add time-stamp and OCSP data to Signature object, according to the signature's profile (see also section \ref API-sign-profile for more information):
 \code{.cpp}
-signature->extendSignatureProfile(signer->profile());
+signature->extendSignatureProfile(signer);
 \endcode
 
 6. Write the document to output, as specified in section \ref containeropen

libdigidocpp.i

@@ -274,17 +274,7 @@ def transfer(self):
                                    const std::string &city = {}, const std::string &state = {},
                                    const std::string &postalCode = {}, const std::string &country = {})
     {
-        class final: public digidoc::Signer
-        {
-        public:
-            digidoc::X509Cert cert() const final { return _cert; }
-            std::vector<unsigned char> sign(const std::string &, const std::vector<unsigned char> &) const final
-            {
-                THROW("Not implemented");
-            }
-            digidoc::X509Cert _cert;
-        } signer;
-        signer._cert = digidoc::X509Cert(cert, digidoc::X509Cert::Der);
+        digidoc::ExternalSigner signer(cert);
         signer.setProfile(profile);
         signer.setSignatureProductionPlace(city, state, postalCode, country);
         signer.setSignerRoles(roles);

src/ASiC_E.cpp

@@ -302,7 +302,7 @@ Signature *ASiC_E::sign(Signer* signer)
     try
     {
         s->setSignatureValue(signer->sign(s->signatureMethod(), s->dataToSign()));
-        s->extendSignatureProfile(signer->profile());
+        s->extendSignatureProfile(signer);
     }
     catch(const Exception& e)
     {

src/Signature.cpp

@@ -20,6 +20,7 @@
 #include "Signature.h"
 
 #include "Exception.h"
+#include "crypto/Signer.h"
 #include "crypto/X509Cert.h"
 
 #include <algorithm>
@@ -166,7 +167,22 @@ void Signature::validate(const std::string & /*policy*/) const { validate(); }
  *
  * @param profile Target profile
  */
-void Signature::extendSignatureProfile(const string & /*profile*/) {}
+void Signature::extendSignatureProfile(const string &profile) {
+    struct ProfileSigner: public Signer
+    {
+        X509Cert cert() const { return X509Cert(); }
+        vector<unsigned char> sign(const string &/*method*/, const vector<unsigned char> &/*digest*/) const { return {}; }
+    } signer;
+    signer.setProfile(profile);
+    extendSignatureProfile(&signer);
+}
+
+/**
+ * Extends signature to selected profile
+ *
+ * @param signer Signer parameters
+ */
+void Signature::extendSignatureProfile(Signer * /*signer*/) {}
 
 /**
  * Returns signature policy when it is available or empty string.

src/Signature.h

@@ -26,6 +26,7 @@
 
 namespace digidoc
 {
+    class Signer;
     class X509Cert;
     class DIGIDOCPP_EXPORT Signature
     {
@@ -73,7 +74,7 @@ namespace digidoc
           virtual void validate() const = 0;
           virtual std::vector<unsigned char> dataToSign() const = 0;
           virtual void setSignatureValue(const std::vector<unsigned char> &signatureValue) = 0;
-          virtual void extendSignatureProfile(const std::string &profile);
+          DIGIDOCPP_DEPRECATED virtual void extendSignatureProfile(const std::string &profile);
 
           // Xades properties
           virtual std::string policy() const;
@@ -110,6 +111,9 @@ namespace digidoc
           // Other
           virtual std::vector<unsigned char> messageImprint() const;
 
+          // DSig properties
+          virtual void extendSignatureProfile(Signer *signer);
+
       protected:
           Signature();
 

src/SignatureXAdES_LT.cpp

@@ -23,6 +23,7 @@
 #include "Conf.h"
 #include "crypto/Digest.h"
 #include "crypto/OCSP.h"
+#include "crypto/Signer.h"
 #include "crypto/TS.h"
 #include "crypto/X509Cert.h"
 #include "crypto/X509CertStore.h"
@@ -202,10 +203,10 @@ void SignatureXAdES_LT::validate(const string &policy) const
  *
  * @throws SignatureException
  */
-void SignatureXAdES_LT::extendSignatureProfile(const string &profile)
+void SignatureXAdES_LT::extendSignatureProfile(Signer *signer)
 {
-    SignatureXAdES_T::extendSignatureProfile(profile);
-    if(profile.find(ASiC_E::ASIC_TS_PROFILE) == string::npos)
+    SignatureXAdES_T::extendSignatureProfile(signer);
+    if(signer->profile().find(ASiC_E::ASIC_TS_PROFILE) == string::npos)
         return;
 
     // Get issuer certificate from certificate store.
@@ -217,7 +218,7 @@ void SignatureXAdES_LT::extendSignatureProfile(const string &profile)
         THROW("Could not find certificate issuer '%s' in certificate store or from AIA.",
             cert.issuerName().c_str());
 
-    OCSP ocsp(cert, issuer);
+    OCSP ocsp(cert, issuer, signer->userAgent());
     ocsp.verifyResponse(cert);
 
     addCertificateValue(id() + "-CA-CERT", issuer);

src/SignatureXAdES_LT.h

@@ -38,7 +38,7 @@ class SignatureXAdES_LT: public SignatureXAdES_T
     X509Cert OCSPCertificate() const override;
     std::string OCSPProducedAt() const override;
     void validate(const std::string &policy) const override;
-    void extendSignatureProfile(const std::string &profile) override;
+    void extendSignatureProfile(Signer *signer) override;
 
 private:
     DISABLE_COPY(SignatureXAdES_LT);

src/SignatureXAdES_LTA.cpp

@@ -20,9 +20,9 @@
 #include "SignatureXAdES_LTA.h"
 
 #include "ASiC_E.h"
-#include "Conf.h"
 #include "DataFile_p.h"
 #include "crypto/Digest.h"
+#include "crypto/Signer.h"
 #include "crypto/TS.h"
 #include "crypto/X509Cert.h"
 #include "util/DateTime.h"
@@ -101,16 +101,16 @@ void SignatureXAdES_LTA::calcArchiveDigest(const Digest &digest, string_view can
     //ds:Object
 }
 
-void SignatureXAdES_LTA::extendSignatureProfile(const string &profile)
+void SignatureXAdES_LTA::extendSignatureProfile(Signer *signer)
 {
-    SignatureXAdES_LT::extendSignatureProfile(profile);
-    if(profile != ASiC_E::ASIC_TSA_PROFILE)
+    SignatureXAdES_LT::extendSignatureProfile(signer);
+    if(signer->profile() != ASiC_E::ASIC_TSA_PROFILE)
         return;
     Digest calc;
     auto method = canonicalizationMethod();
     calcArchiveDigest(calc, method);
 
-    TS tsa(CONF(TSUrl), calc);
+    TS tsa(calc, signer->userAgent());
     auto ts = unsignedSignatureProperties() + ArchiveTimeStamp;
     ts.setNS(ts.addNS(XADESv141_NS, "xades141"));
     ts.setProperty("Id", id() + "-A0");

src/SignatureXAdES_LTA.h

@@ -32,7 +32,7 @@ class SignatureXAdES_LTA final: public SignatureXAdES_LT
     X509Cert ArchiveTimeStampCertificate() const final;
     std::string ArchiveTimeStampTime() const final;
     void validate(const std::string &policy) const final;
-    void extendSignatureProfile(const std::string &profile) final;
+    void extendSignatureProfile(Signer *signer) final;
 
 private:
     DISABLE_COPY(SignatureXAdES_LTA);

src/SignatureXAdES_T.cpp

@@ -20,9 +20,9 @@
 #include "SignatureXAdES_T.h"
 
 #include "ASiC_E.h"
-#include "Conf.h"
 #include "crypto/Digest.h"
 #include "crypto/OCSP.h"
+#include "crypto/Signer.h"
 #include "crypto/TS.h"
 #include "crypto/X509Cert.h"
 #include "util/DateTime.h"
@@ -52,9 +52,9 @@ string SignatureXAdES_T::trustedSigningTime() const
     return time.empty() ? SignatureXAdES_B::trustedSigningTime() : std::move(time);
 }
 
-void SignatureXAdES_T::extendSignatureProfile(const std::string &profile)
+void SignatureXAdES_T::extendSignatureProfile(Signer *signer)
 {
-    if(profile.find(ASiC_E::ASIC_TS_PROFILE) == string::npos)
+    if(signer->profile().find(ASiC_E::ASIC_TS_PROFILE) == string::npos)
         return;
 
     auto up = qualifyingProperties()/"UnsignedProperties";
@@ -72,7 +72,7 @@ void SignatureXAdES_T::extendSignatureProfile(const std::string &profile)
     auto method = canonicalizationMethod();
     signatures->c14n(calc, method, signatureValue());
 
-    TS tsa(CONF(TSUrl), calc);
+    TS tsa(calc, signer->userAgent());
     auto ts = usp + "SignatureTimeStamp";
     ts.setProperty("Id", id() + Log::format("-T%zu", i));
     (ts + CanonicalizationMethod).setProperty("Algorithm", method);

src/SignatureXAdES_T.h

@@ -40,7 +40,7 @@ class SignatureXAdES_T: public SignatureXAdES_B
     X509Cert TimeStampCertificate() const override;
     std::string TimeStampTime() const override;
     void validate(const std::string &policy) const override;
-    void extendSignatureProfile(const std::string &profile) override;
+    void extendSignatureProfile(Signer *signer) override;
 
 protected:
     XMLNode unsignedSignatureProperties() const;

src/crypto/Connect.cpp

@@ -58,7 +58,7 @@ using namespace std;
 
 
 
-Connect::Connect(const string &_url, string _method, int _timeout, const vector<X509Cert> &certs)
+Connect::Connect(const string &_url, string _method, int _timeout, const vector<X509Cert> &certs, const string &userAgentData)
     : method(std::move(_method))
     , timeout(_timeout)
 {
@@ -195,8 +195,8 @@ Connect::Connect(const string &_url, string _method, int _timeout, const vector<
         addHeader("Host", host);
     else
         addHeader("Host", host + ':' + port);
-    if(!userAgent().empty())
-        addHeader("User-Agent", "LIB libdigidocpp/" FILE_VER_STR " (" TARGET_ARCH ") APP " + userAgent());
+    if(const auto &agent = userAgentData.empty() ? userAgent() : userAgentData; !agent.empty())
+        addHeader("User-Agent", "LIB libdigidocpp/" FILE_VER_STR " (" TARGET_ARCH ") APP " + agent);
     if(usessl == 0)
         sendProxyAuth();
 }

src/crypto/Connect.h

@@ -26,8 +26,8 @@
 #include <string>
 #include <vector>
 
-typedef struct bio_st BIO;
-typedef struct ssl_ctx_st SSL_CTX;
+using BIO = struct bio_st;
+using SSL_CTX = struct ssl_ctx_st;
 
 namespace digidoc {
 
@@ -61,7 +61,7 @@ class Connect
     };
 
     Connect(const std::string &url, std::string method = "POST",
-        int timeout = 0, const std::vector<X509Cert> &certs = {});
+        int timeout = 0, const std::vector<X509Cert> &certs = {}, const std::string &userAgentData = {});
     ~Connect();
     inline Result exec(std::initializer_list<std::pair<std::string_view,std::string_view>> headers,
         const std::vector<unsigned char> &data)