diff --git a/pom.xml b/pom.xml
index ea798a5f4..a6e3ba52d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,12 +7,12 @@
org.springframework.boot
spring-boot-starter-parent
- 3.3.1
+ 3.3.3
org.esupportail
esup-signature
- 1.29.15
+ 1.29.16-SNAPSHOT
esup-signature
org.esupportail.esupsignature.EsupSignatureApplication
@@ -781,7 +781,8 @@
compile
-
+
diff --git a/src/main/java/org/esupportail/esupsignature/service/utils/sign/NexuService.java b/src/main/java/org/esupportail/esupsignature/service/utils/sign/NexuService.java
index b148143e2..2f1666303 100644
--- a/src/main/java/org/esupportail/esupsignature/service/utils/sign/NexuService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/utils/sign/NexuService.java
@@ -126,7 +126,7 @@ public DSSDocument signDocument(Long id, String userEppn, SignatureDocumentForm
SignatureAlgorithm sigAlgorithm = SignatureAlgorithm.getAlgorithm(signatureDocumentForm.getEncryptionAlgorithm(), signatureDocumentForm.getDigestAlgorithm());
SignatureValue signatureValue = new SignatureValue(sigAlgorithm, signatureDocumentForm.getSignatureValue());
AbstractSignatureParameters parameters = getSignatureParameters(signRequest, userEppn, signatureDocumentForm, documentsToSign);
- validationService.checkRevocation(DSSUtils.loadCertificate(signatureDocumentForm.getCertificate()), parameters);
+ validationService.checkRevocation(signatureDocumentForm, DSSUtils.loadCertificate(signatureDocumentForm.getCertificate()), parameters);
try {
logger.info("End signDocument with one document");
return service.signDocument(toSignDssDocument, parameters, signatureValue);
diff --git a/src/main/java/org/esupportail/esupsignature/service/utils/sign/SignService.java b/src/main/java/org/esupportail/esupsignature/service/utils/sign/SignService.java
index e865de559..de41b7704 100644
--- a/src/main/java/org/esupportail/esupsignature/service/utils/sign/SignService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/utils/sign/SignService.java
@@ -219,7 +219,7 @@ public Document certSign(SignRequest signRequest, String userEppn, String passwo
}
parameters.setSigningCertificate(certificateToken);
parameters.setCertificateChain(certificateTokenChain);
- validationService.checkRevocation(certificateToken, parameters);
+ validationService.checkRevocation(signatureDocumentForm, certificateToken, parameters);
DSSDocument dssDocument;
if (signatureDocumentForm instanceof SignatureMultipleDocumentsForm) {
dssDocument = certSignDocument((SignatureMultipleDocumentsForm) signatureDocumentForm, parameters, abstractKeyStoreTokenConnection);
diff --git a/src/main/java/org/esupportail/esupsignature/service/utils/sign/ValidationService.java b/src/main/java/org/esupportail/esupsignature/service/utils/sign/ValidationService.java
index 564b9a4fe..8999b8282 100644
--- a/src/main/java/org/esupportail/esupsignature/service/utils/sign/ValidationService.java
+++ b/src/main/java/org/esupportail/esupsignature/service/utils/sign/ValidationService.java
@@ -1,6 +1,7 @@
package org.esupportail.esupsignature.service.utils.sign;
import eu.europa.esig.dss.AbstractSignatureParameters;
+import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.enumerations.TokenExtractionStrategy;
import eu.europa.esig.dss.model.DSSDocument;
@@ -14,13 +15,16 @@
import eu.europa.esig.dss.validation.reports.Reports;
import jakarta.annotation.Resource;
import org.esupportail.esupsignature.dss.DssUtilsService;
+import org.esupportail.esupsignature.dss.model.AbstractSignatureForm;
import org.esupportail.esupsignature.dss.model.DssMultipartFile;
+import org.esupportail.esupsignature.dss.model.SignatureDocumentForm;
import org.esupportail.esupsignature.exception.EsupSignatureRuntimeException;
import org.esupportail.esupsignature.service.utils.file.FileService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
+import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.*;
@@ -82,9 +86,17 @@ public Reports validate(InputStream docInputStream, InputStream signInputStream)
return null;
}
- public void checkRevocation(CertificateToken certificateToken, AbstractSignatureParameters parameters) {
+ public void checkRevocation(AbstractSignatureForm signatureDocumentForm, CertificateToken certificateToken, AbstractSignatureParameters parameters) {
RevocationToken revocationToken = null;
+ boolean containsBadSignature = false;
try {
+ Reports reports = validate(new ByteArrayInputStream(((SignatureDocumentForm) signatureDocumentForm).getDocumentToSign().getBytes()), null);
+ for(String signatureId : reports.getSimpleReport().getSignatureIdList()) {
+ if(!reports.getSimpleReport().getIndication(signatureId).equals(Indication.TOTAL_FAILED)) {
+ containsBadSignature = true;
+ break;
+ }
+ }
revocationToken = certificateVerifier.getOcspSource().getRevocationToken(certificateToken, certificateToken);
} catch (Exception e) {
logger.warn("revocation check fail " + e.getMessage());
@@ -92,7 +104,7 @@ public void checkRevocation(CertificateToken certificateToken, AbstractSignature
throw new EsupSignatureRuntimeException("Impossible de signer avec ce certificat. Détails : " + e.getMessage());
}
}
- if(revocationToken != null && !certificateVerifier.getRevocationDataVerifier().isAcceptable(revocationToken)
+ if(containsBadSignature || revocationToken != null && !certificateVerifier.getRevocationDataVerifier().isAcceptable(revocationToken)
|| (!certificateToken.isValidOn(new Date()) && parameters.isSignWithExpiredCertificate())) {
logger.warn("LT or LTA signature level not supported, switching to T level");
if(parameters.getSignatureLevel().name().contains("_LT") || parameters.getSignatureLevel().name().contains("_LTA")) {