Merge pull request #451 from EsupPortail/test

Test

pom.xml

@@ -7,12 +7,12 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.3.1</version>
+		<version>3.3.3</version>
 		<relativePath />
 	</parent>
 	<groupId>org.esupportail</groupId>
 	<artifactId>esup-signature</artifactId>
-	<version>1.29.15</version>
+	<version>1.29.16-SNAPSHOT</version>
 	<name>esup-signature</name>
 	<properties>
 		<startClass>org.esupportail.esupsignature.EsupSignatureApplication</startClass>
@@ -781,7 +781,8 @@
 						<phase>compile</phase>
 						<configuration>
 							<target>
-                                <replaceregexp flags="g"
+                                <!--suppress UnresolvedMavenProperty -->
+								<replaceregexp flags="g"
                                                match="[?]version=@(version|[A-Z0-9.]+)@"
                                                replace="?version=@${project.version}@">
                                     <fileset dir="target/classes/static/" includes="**/*.css **/*.js" />

src/main/java/org/esupportail/esupsignature/service/utils/sign/NexuService.java

@@ -126,7 +126,7 @@ public DSSDocument signDocument(Long id, String userEppn, SignatureDocumentForm
 		SignatureAlgorithm sigAlgorithm = SignatureAlgorithm.getAlgorithm(signatureDocumentForm.getEncryptionAlgorithm(), signatureDocumentForm.getDigestAlgorithm());
 		SignatureValue signatureValue = new SignatureValue(sigAlgorithm, signatureDocumentForm.getSignatureValue());
 		AbstractSignatureParameters parameters = getSignatureParameters(signRequest, userEppn, signatureDocumentForm, documentsToSign);
-		validationService.checkRevocation(DSSUtils.loadCertificate(signatureDocumentForm.getCertificate()), parameters);
+		validationService.checkRevocation(signatureDocumentForm, DSSUtils.loadCertificate(signatureDocumentForm.getCertificate()), parameters);
 		try {
 			logger.info("End signDocument with one document");
 			return service.signDocument(toSignDssDocument, parameters, signatureValue);

src/main/java/org/esupportail/esupsignature/service/utils/sign/SignService.java

@@ -219,7 +219,7 @@ public Document certSign(SignRequest signRequest, String userEppn, String passwo
 			}
 			parameters.setSigningCertificate(certificateToken);
 			parameters.setCertificateChain(certificateTokenChain);
-			validationService.checkRevocation(certificateToken, parameters);
+			validationService.checkRevocation(signatureDocumentForm, certificateToken, parameters);
 			DSSDocument dssDocument;
 			if (signatureDocumentForm instanceof SignatureMultipleDocumentsForm) {
 				dssDocument = certSignDocument((SignatureMultipleDocumentsForm) signatureDocumentForm, parameters, abstractKeyStoreTokenConnection);

src/main/java/org/esupportail/esupsignature/service/utils/sign/ValidationService.java

@@ -1,6 +1,7 @@
 package org.esupportail.esupsignature.service.utils.sign;
 
 import eu.europa.esig.dss.AbstractSignatureParameters;
+import eu.europa.esig.dss.enumerations.Indication;
 import eu.europa.esig.dss.enumerations.SignatureLevel;
 import eu.europa.esig.dss.enumerations.TokenExtractionStrategy;
 import eu.europa.esig.dss.model.DSSDocument;
@@ -14,13 +15,16 @@
 import eu.europa.esig.dss.validation.reports.Reports;
 import jakarta.annotation.Resource;
 import org.esupportail.esupsignature.dss.DssUtilsService;
+import org.esupportail.esupsignature.dss.model.AbstractSignatureForm;
 import org.esupportail.esupsignature.dss.model.DssMultipartFile;
+import org.esupportail.esupsignature.dss.model.SignatureDocumentForm;
 import org.esupportail.esupsignature.exception.EsupSignatureRuntimeException;
 import org.esupportail.esupsignature.service.utils.file.FileService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
+import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.util.*;
 
@@ -82,17 +86,25 @@ public Reports validate(InputStream docInputStream, InputStream signInputStream)
         return null;
     }
 
-    public void checkRevocation(CertificateToken certificateToken, AbstractSignatureParameters<?> parameters) {
+    public void checkRevocation(AbstractSignatureForm signatureDocumentForm, CertificateToken certificateToken, AbstractSignatureParameters<?> parameters) {
         RevocationToken<OCSP> revocationToken = null;
+        boolean containsBadSignature = false;
         try {
+            Reports reports = validate(new ByteArrayInputStream(((SignatureDocumentForm) signatureDocumentForm).getDocumentToSign().getBytes()), null);
+            for(String signatureId : reports.getSimpleReport().getSignatureIdList()) {
+                if(!reports.getSimpleReport().getIndication(signatureId).equals(Indication.TOTAL_FAILED)) {
+                    containsBadSignature = true;
+                    break;
+                }
+            }
             revocationToken = certificateVerifier.getOcspSource().getRevocationToken(certificateToken, certificateToken);
         } catch (Exception e) {
             logger.warn("revocation check fail " + e.getMessage());
             if(certificateVerifier.isCheckRevocationForUntrustedChains()) {
                 throw new EsupSignatureRuntimeException("Impossible de signer avec ce certificat. Détails : " + e.getMessage());
             }
         }
-        if(revocationToken != null && !certificateVerifier.getRevocationDataVerifier().isAcceptable(revocationToken)
+        if(containsBadSignature || revocationToken != null && !certificateVerifier.getRevocationDataVerifier().isAcceptable(revocationToken)
             || (!certificateToken.isValidOn(new Date()) && parameters.isSignWithExpiredCertificate())) {
             logger.warn("LT or LTA signature level not supported, switching to T level");
             if(parameters.getSignatureLevel().name().contains("_LT") || parameters.getSignatureLevel().name().contains("_LTA")) {