update MOA-Sig verification API to set signature-verification timestamp

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-07-30 11:02:10 +0200
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-07-30 11:02:10 +0200
commit: a722ad1f7e8506c58f594ac84dfdedac88a556d4 (patch)
tree: c4ba585dc8b02046b452c543bff6b15dc208d481
parent: e5aa912f1d824ba4d3f9d0091a356a0da183dd4d (diff)
download: EAAF-Components-a722ad1f7e8506c58f594ac84dfdedac88a556d4.tar.gz
EAAF-Components-a722ad1f7e8506c58f594ac84dfdedac88a556d4.tar.bz2
EAAF-Components-a722ad1f7e8506c58f594ac84dfdedac88a556d4.zip
4 files changed, 96 insertions, 27 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
index ee1037a1..8327b544 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
@@ -23,15 +23,20 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.Serializable;
 import java.security.PublicKey;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
 
 import javax.xml.transform.TransformerException;
 
-import org.w3c.dom.Element;
-
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
 import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 
+import org.w3c.dom.Element;
+
+import lombok.extern.slf4j.Slf4j;
+
 /**
  * Data contained in an identity link issued by BMI, relevant to the MOA ID
  * component. <br>
@@ -41,10 +46,13 @@ import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
  * @author Paul Ivancsics
  * @version $Id$
  */
+@Slf4j
 public class IdentityLink implements Serializable, IIdentityLink {
 
   private static final long serialVersionUID = 1L;
 
+  public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ssXXX";
+
   /**
    * <code>"identificationValue"</code> is the translation of
    * <code>"Stammzahl"</code>.
@@ -372,6 +380,23 @@ public class IdentityLink implements Serializable, IIdentityLink {
     return issueInstant;
   }
 
+  @Override
+  public Date getIssueInstantDate() {
+    final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT);
+    try {
+      if (issueInstant != null) {
+        return f.parse(issueInstant);
+
+      }
+
+    } catch (final ParseException e) {
+      log.error("Can NOT parse Date from String: {}", issueInstant, null, e);
+
+    }
+
+    return null;
+  }
+
   /*
    * (non-Javadoc)
    *
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
index 74c82181..a2288a5b 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
@@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.core.api.idp.auth.data;
 
 import java.io.IOException;
 import java.security.PublicKey;
+import java.util.Date;
 
 import javax.xml.transform.TransformerException;
 
@@ -28,7 +29,7 @@ import org.w3c.dom.Element;
 
 /**
  * Deprecated IdentityLink interface.
- * 
+ *
  * @author tlenz
  *
  */
@@ -188,6 +189,13 @@ public interface IIdentityLink {
   String getIssueInstant();
 
   /**
+   * Returns the issuing time of the identity link SAML assertion.
+   *
+   * @return The issuing time of the identity link SAML assertion.
+   */
+  Date getIssueInstantDate();
+
+  /**
    * Sets the issuing time of the identity link SAML assertion.
    *
    * @param issueInstant The issueInstant to set.
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
index 67e9e29d..f7a33395 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
@@ -1,5 +1,6 @@
 package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api;
 
+import java.util.Date;
 import java.util.List;
 
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
@@ -44,6 +45,22 @@ public interface ISignatureVerificationService {
    * <i>This method only validates the first XML or XAdES signature if more than
    * one signature exists</i>
    *
+   * @param signature      Serialized XML or XAdES signature
+   * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
+   * @param signingDate Signature timestamp
+   * @return @link {@link IXmlSignatureVerificationResponse}, or null if no
+   *         signature was found
+   * @throws MoaSigServiceException on signatue-verification error
+   */
+  IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
+      Date signingDate) throws MoaSigServiceException;
+
+  /**
+   * Verify a XML or XAdES signature. <br>
+   * <br>
+   * <i>This method only validates the first XML or XAdES signature if more than
+   * one signature exists</i>
+   *
    * @param signature                     Serialized XML or XAdES signature
    * @param trustProfileID                Id of the Trust-Profile from MOA-Sig
    *                                      configuration
@@ -89,12 +106,13 @@ public interface ISignatureVerificationService {
    *                                      signature-verification
    * @param signatureLocationXpath        Xpath that points to location of
    *                                      Signature element
+   * @param signingDate Signature timestamp
    * @return @link {@link IXmlSignatureVerificationResponse}, or null if no
    *         signature was found
    * @throws MoaSigServiceException on signatue-verification error
    */
   IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
-      List<String> verifyTransformsInfoProfileID, String signatureLocationXpath)
+      List<String> verifyTransformsInfoProfileID, String signatureLocationXpath, Date signingDate)
       throws MoaSigServiceException;
 
 }
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 8fc4086e..be27383c 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -2,19 +2,11 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
 
 import java.io.ByteArrayInputStream;
 import java.security.cert.CertificateEncodingException;
+import java.util.Date;
 import java.util.List;
 
 import javax.annotation.PostConstruct;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.lang.Nullable;
-import org.springframework.stereotype.Service;
-import org.springframework.util.Base64Utils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
@@ -34,6 +26,16 @@ import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
 import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
 import at.gv.egovernment.moaspss.util.Constants;
 
+import org.apache.commons.lang3.time.DateFormatUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.Nullable;
+import org.springframework.stereotype.Service;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
 /**
  * MOA-Sig based signature verification implementation.
  *
@@ -50,6 +52,8 @@ public class SignatureVerificationService extends AbstractSignatureService
   private static final String DSIG = Constants.DSIG_PREFIX + ":";
   private static final String DEFAULT_XPATH_SIGNATURE_LOCATION = "//" + DSIG + "Signature";
 
+  public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ssXXX";
+
   private CMSSignatureVerificationInvoker cadesInvoker;
   private XMLSignatureVerificationInvoker xadesInvocer;
 
@@ -99,7 +103,7 @@ public class SignatureVerificationService extends AbstractSignatureService
   @Override
   public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
       final String trustProfileID) throws MoaSigServiceException {
-    return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION);
+    return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null);
 
   }
 
@@ -115,7 +119,7 @@ public class SignatureVerificationService extends AbstractSignatureService
       final String trustProfileID, final List<String> verifyTransformsInfoProfileID)
       throws MoaSigServiceException {
     return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID,
-        DEFAULT_XPATH_SIGNATURE_LOCATION);
+        DEFAULT_XPATH_SIGNATURE_LOCATION, null);
   }
 
   /*
@@ -129,27 +133,27 @@ public class SignatureVerificationService extends AbstractSignatureService
   public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
       final String trustProfileID, final String signatureLocationXpath)
       throws MoaSigServiceException {
-    return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath);
+    return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null);
+  }
+
+  @Override
+  public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
+      Date signingDate) throws MoaSigServiceException {
+    return verifyXmlSignature(signature, trustProfileID, null,
+        DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate);
   }
 
-  /*
-   * (non-Javadoc)
-   *
-   * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.
-   * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String,
-   * java.util.List, java.lang.String)
-   */
   @Override
   public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
       final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
-      final String xpathSignatureLocation) throws MoaSigServiceException {
+      final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException {
     try {
       // setup context
       setUpContexts(Thread.currentThread().getName());
 
       // build signature-verification request
       final Element domVerifyXmlSignatureRequest = buildVerifyXmlRequest(signature, trustProfileID,
-          verifyTransformsInfoProfileID, xpathSignatureLocation);
+          verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate);
 
       // send signature-verification to MOA-Sig
       final VerifyXMLSignatureRequest vsrequest =
@@ -258,15 +262,17 @@ public class SignatureVerificationService extends AbstractSignatureService
    *                                      used for validation
    * @param xpathSignatureLocation        Xpath that points to location of
    *                                      Signature element
+   * @param  sigValDate Signature timestamp
    * @return MOA-Sig verification request element
    * @throws MoaSigServiceBuilderException In case of an error
    */
   private Element buildVerifyXmlRequest(final byte[] signature, final String trustProfileID,
-      final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation)
-      throws MoaSigServiceBuilderException {
+      final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation,
+      Date sigValDate) throws MoaSigServiceBuilderException {
     try {
       // build empty document
       final Document requestDoc_ = getNewDocumentBuilder();
+
       final Element requestElem_ =
           requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
       requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
@@ -275,6 +281,18 @@ public class SignatureVerificationService extends AbstractSignatureService
       requestDoc_.appendChild(requestElem_);
 
       // build the request
+
+      // build set signing time
+      if (sigValDate != null) {
+        final Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+        requestElem_.appendChild(dateTimeElem);
+        final Node dateTime = requestDoc_.createTextNode(
+            DateFormatUtils.format(sigValDate, PATTERN_ISSUE_INSTANT));
+        dateTimeElem.appendChild(dateTime);
+
+      }
+
+      //set other parameters
       final Element verifiySignatureInfoElem =
           requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
       requestElem_.appendChild(verifiySignatureInfoElem);
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-07-30 11:02:10 +0200
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-07-30 11:02:10 +0200
commit	a722ad1f7e8506c58f594ac84dfdedac88a556d4 (patch)
tree	c4ba585dc8b02046b452c543bff6b15dc208d481
parent	e5aa912f1d824ba4d3f9d0091a356a0da183dd4d (diff)
download	EAAF-Components-a722ad1f7e8506c58f594ac84dfdedac88a556d4.tar.gz EAAF-Components-a722ad1f7e8506c58f594ac84dfdedac88a556d4.tar.bz2 EAAF-Components-a722ad1f7e8506c58f594ac84dfdedac88a556d4.zip