UPNA-008 - Permitir el uso de certificados de empleado público

ctt-gob-es · Jun 13, 2019 · f7f998d · f7f998d
1 parent f9978fb
commit f7f998d
Show file tree

Hide file tree

Showing 4 changed files with 159 additions and 6 deletions.
diff --git a/documentacion/UPNA/Catálogo de commits - UPNA.docx b/documentacion/UPNA/Catálogo de commits - UPNA.docx
diff --git a/documentacion/UPNA/Catálogo de commits - UPNA.pdf b/documentacion/UPNA/Catálogo de commits - UPNA.pdf
diff --git a/...tador/ispac-lib/src/main/java/es/dipucr/sigem/api/rule/common/utils/GestorDatosFirma.java b/...tador/ispac-lib/src/main/java/es/dipucr/sigem/api/rule/common/utils/GestorDatosFirma.java
@@ -10,6 +10,7 @@
 import ieci.tdw.ispac.ispaclib.sign.CamerfirmaCertificateParser;
 import ieci.tdw.ispac.ispaclib.sign.DatosCompletosFirma;
 import ieci.tdw.ispac.ispaclib.sign.FMNTCertificateParser;
+import ieci.tdw.ispac.ispaclib.sign.FMNTEmpleadoPublicoCertificateParser;
 import ieci.tdw.ispac.ispaclib.sign.InfoFirmante;
 import ieci.tdw.ispac.ispaclib.sign.SignDocument;
 import ieci.tecdoc.sgm.core.services.LocalizadorServicios;
@@ -171,8 +172,7 @@ private static DatosCompletosFirma getDatosFirmaByName(IClientContext cct, Strin
 			Map aux1=aux.readPropertiesOid(pkcs7.getSigningCertificate());
 
 			//Caso de certificado FNMT
-			if(null!=aux1.get(FMNTCertificateParser.DNI_OID))
-			{
+			if(null!=aux1.get(FMNTCertificateParser.DNI_OID)) {
 
 				String dni_oid =(String) aux1.get(FMNTCertificateParser.DNI_OID);
 				nombre = getNombreCompletoCertificadoFNMT(aux1);
@@ -183,11 +183,24 @@ private static DatosCompletosFirma getDatosFirmaByName(IClientContext cct, Strin
 					dni = arrNombreCompleto[1].trim();
 				}else{
 				    dni = dni_oid;    	
-				}				
-			}
-
+				}
+
+			// Caso de certificado FMNT 2.16.724.1.3.5.7.2.4
+			} else if (null!=aux1.get(FMNTEmpleadoPublicoCertificateParser.DNI_OID)) {
+
+				String dni_oid =(String) aux1.get(FMNTEmpleadoPublicoCertificateParser.DNI_OID);
+				nombre = getNombreCompletoEmpleadoPublicoCertificadoFNMT(aux1);
+
+				String[] arrNombreCompleto = dni_oid.split("-");
+
+				if(arrNombreCompleto.length>1){    	
+					dni = arrNombreCompleto[1].trim();
+				}else{
+				    dni = dni_oid;    	
+				}
+
 			//Caso de certificado Camerfirma
-			else if(null!=aux1.get(CamerfirmaCertificateParser.POLITICA_CAMERFIRMA_OID) && aux1.get(CamerfirmaCertificateParser.POLITICA_CAMERFIRMA_OID).toString().trim().equals(CamerfirmaCertificateParser.POLITICA_CAMERFIRMA_URL_OID) )
+			} else if(null!=aux1.get(CamerfirmaCertificateParser.POLITICA_CAMERFIRMA_OID) && aux1.get(CamerfirmaCertificateParser.POLITICA_CAMERFIRMA_OID).toString().trim().equals(CamerfirmaCertificateParser.POLITICA_CAMERFIRMA_URL_OID) )
 			{
 				dni = pkcs7.getSignName().split(" ")[0];	
 				nombre = getNombreCompletoCertificadoCamerfirma(aux1);
@@ -250,6 +263,27 @@ private static String getNombreCompletoCertificadoFNMT(Map certProperties) {
 		return sbNombreCompleto.toString().trim();
 	}
 
+
+	@SuppressWarnings("rawtypes")
+	private static String getNombreCompletoEmpleadoPublicoCertificadoFNMT(Map certProperties) {
+
+		StringBuffer sbNombreCompleto = new StringBuffer();
+
+		if (null != certProperties.get(FMNTEmpleadoPublicoCertificateParser.FIRST_NAME_OID)){
+			sbNombreCompleto.append(certProperties.get(FMNTEmpleadoPublicoCertificateParser.FIRST_NAME_OID));
+		}
+		if (null != certProperties.get(FMNTEmpleadoPublicoCertificateParser.SURNAME_OID)){
+			sbNombreCompleto.append(" ");
+			sbNombreCompleto.append(certProperties.get(FMNTEmpleadoPublicoCertificateParser.SURNAME_OID));
+		}
+		if (null != certProperties.get(FMNTEmpleadoPublicoCertificateParser.SECOND_SURNAME_OID)){
+			sbNombreCompleto.append(" ");
+			sbNombreCompleto.append(certProperties.get(FMNTEmpleadoPublicoCertificateParser.SECOND_SURNAME_OID));
+		}
+		return sbNombreCompleto.toString().trim();
+	}
+
+
 	@SuppressWarnings("rawtypes")
 	private static String getNombreCompletoCertificadoCamerfirma(Map certProperties) {
 

diff --git a/...-lib/src/main/java/ieci/tdw/ispac/ispaclib/sign/FMNTEmpleadoPublicoCertificateParser.java b/...-lib/src/main/java/ieci/tdw/ispac/ispaclib/sign/FMNTEmpleadoPublicoCertificateParser.java
@@ -0,0 +1,119 @@
+package ieci.tdw.ispac.ispaclib.sign;
+
+import ieci.tdw.ispac.api.ISignAPI;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
+
+import org.apache.commons.lang.StringUtils;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OctetString;
+
+
+/**
+ * @author josemi.bobadilla
+ * @since 08/01/2009
+ * 
+ * Paser para los certificados de personal al servicio de la administracion (software) de la FMNT 
+ */
+public class FMNTEmpleadoPublicoCertificateParser extends ASN1Parser {
+
+	/**
+	 * Nombre
+	 */
+	public static final String FIRST_NAME_OID = "2.16.724.1.3.5.7.2.6";
+
+	/**
+	 * Primer apellido
+	 */
+	public static final String SURNAME_OID = "2.16.724.1.3.5.7.2.7";
+
+	/**
+	 * Segundo apellido
+	 */
+	public static final String SECOND_SURNAME_OID = "2.16.724.1.3.5.7.2.8";
+
+	/**
+	 * Nif
+	 */
+	public static final String DNI_OID = "2.16.724.1.3.5.7.2.4";
+
+
+	/**
+	 * CERTIFICADO DE EMPLEADO PUBLICO (de nivel medio)
+	 */
+	public static final String TIPO_CERTIFICATE_OID = "2.16.724.1.3.5.7.2.1";
+
+
+	public Map parse(X509Certificate x509Cert) throws IOException{
+
+		Map result = new TreeMap();
+		Map oids = this.readPropertiesOid(x509Cert);
+
+		  Iterator itr= oids.keySet().iterator();
+			while (itr.hasNext()) {
+				String oid= (String) itr.next();
+			if (oid.equals(FIRST_NAME_OID)){
+				result.put(ISignAPI.NOMBRE, oids.get(FIRST_NAME_OID));
+			}else if (oid.equals(SURNAME_OID)){
+				result.put(ISignAPI.PRIMER_APELLIDO, oids.get(SURNAME_OID));
+			}else if (oid.equals(SECOND_SURNAME_OID)){
+				result.put(ISignAPI.SEGUNDO_APELLIDO, oids.get(SECOND_SURNAME_OID));
+
+			}else if (oid.equals(DNI_OID)){
+				result.put(ISignAPI.NIF, oids.get(DNI_OID));
+			}else if (oid.equals(TIPO_CERTIFICATE_OID)){
+				result.put(ISignAPI.TIPO_CERTIFICADO, oids.get(TIPO_CERTIFICATE_OID));
+			}else if (StringUtils.isAsciiPrintable( (String) oids.get(oid))){
+				result.put(oid, oids.get(oid));
+			}
+		}
+
+		String apellidos = "";
+		apellidos.concat((String) oids.get(SURNAME_OID));
+
+		if (StringUtils.isNotBlank((String)oids.get(SECOND_SURNAME_OID))){
+			apellidos.concat(" " + oids.get(SECOND_SURNAME_OID));
+		}
+		result.put(ISignAPI.APELLIDOS, apellidos);
+		return result;	
+	}
+
+	/***
+	 * Parsea un certificado X509 para extraer todos sus oids
+	 * 
+	 * @param certificadoX509
+	 * @return
+	 * @throws IOException 
+	 */
+	public Map readPropertiesOid(X509Certificate certificadoX509) throws IOException {
+		Map propiedadesOid = new HashMap();
+		// obtengo los Oids
+		Set oids = certificadoX509.getNonCriticalExtensionOIDs();
+
+		if (oids != null) {
+			// iteramos sobre los Oids // TODO ( este es el mecanismo para FNMT)
+			  Iterator itr= oids.iterator();
+				while (itr.hasNext()) {
+					String oid= (String) itr.next();
+				ASN1InputStream aIn = new ASN1InputStream(
+							new ByteArrayInputStream(certificadoX509.getExtensionValue(oid)));
+				ASN1OctetString extValue = (ASN1OctetString) aIn.readObject();
+				aIn = new ASN1InputStream(new ByteArrayInputStream(extValue.getOctets()));
+
+				super.readPropiedadesOid(oid, extValue, propiedadesOid);
+			}
+		}
+
+		// retornamos el conjunto de oids recuperados.
+		return propiedadesOid;
+	}
+
+
+}