close MOA-Sig transaction context

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2019-11-28 18:28:05 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2019-11-28 18:28:05 +0100
commit: 36c4fa60c8f246f4c1f015e47847aeb01b1100c6 (patch)
tree: e4363df63ba26a0639a78ed6504168ccf1d11d47 /eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
parent: 1ca2a728adf96890b5738b7f6f8e61228f7b6351 (diff)
download: EAAF-Components-36c4fa60c8f246f4c1f015e47847aeb01b1100c6.tar.gz
EAAF-Components-36c4fa60c8f246f4c1f015e47847aeb01b1100c6.tar.bz2
EAAF-Components-36c4fa60c8f246f4c1f015e47847aeb01b1100c6.zip
1 files changed, 77 insertions, 74 deletions
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
index c77f3097..f610e59e 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -3,18 +3,7 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
 import java.io.ByteArrayInputStream;
 import java.security.cert.CertificateEncodingException;
 import java.util.List;
-
 import javax.annotation.PostConstruct;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.lang.Nullable;
-import org.springframework.stereotype.Service;
-import org.springframework.util.Base64Utils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse;
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
@@ -33,6 +22,14 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
 import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
 import at.gv.egovernment.moaspss.util.Constants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.Nullable;
+import org.springframework.stereotype.Service;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 
 
 /**
@@ -40,9 +37,9 @@ import at.gv.egovernment.moaspss.util.Constants;
  *
  */
 @Service(value="moaSigVerifyService")
-public class SignatureVerificationService extends AbstractSignatureService implements ISignatureVerificationService {	
+public class SignatureVerificationService extends AbstractSignatureService implements ISignatureVerificationService {
 	private static final Logger log = LoggerFactory.getLogger(SignatureVerificationService.class);
-	
+
 	private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
 	private static final String MOA_NS_URI = Constants.MOA_NS_URI;
 	private static final String DSIG = Constants.DSIG_PREFIX + ":";
@@ -50,41 +47,44 @@ public class SignatureVerificationService extends AbstractSignatureService imple
 
 	private CMSSignatureVerificationInvoker cadesInvoker;
 	private XMLSignatureVerificationInvoker xadesInvocer;
-	
+
 	/* (non-Javadoc)
 	 * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyCMSSignature(byte[], java.lang.String)
 	 */
 	@Override
 	@Nullable
-	public ICMSSignatureVerificationResponse verifyCMSSignature(byte[] signature, String trustProfileID) throws MOASigServiceException {	 
+	public ICMSSignatureVerificationResponse verifyCMSSignature(byte[] signature, String trustProfileID) throws MOASigServiceException {
 		try {
 			//setup context
 			setUpContexts(Thread.currentThread().getName());
-			
+
 			//verify signature
 			final VerifyCMSSignatureRequest cmsSigVerifyReq = buildVerfifyCMSRequest(signature, trustProfileID, false, false);
 			final VerifyCMSSignatureResponse cmsSigVerifyResp = cadesInvoker.verifyCMSSignature(cmsSigVerifyReq );
 			return parseCMSVerificationResult(cmsSigVerifyResp);
-									
+
 		} catch (final MOAException e) {
 			log.warn("CMS signature verification has an error.", e);
 			throw new MOASigServiceException("service.03", new Object[] { e.toString()}, e);
-			  
+
 		} catch (final CertificateEncodingException e) {
 			log.warn("Can NOT serialize X509 certificate from CMS/CAdES signature-verification response", e);
 			throw new MOASigServiceException("service.03", new Object[] { e.toString()}, e);
-			
-		}
-		  
+
+		} finally {
+            tearDownContexts();
+
+        }
+
 	}
-	 
+
 	/* (non-Javadoc)
 	 * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyXMLSignature(byte[], java.lang.String)
 	 */
 	@Override
-	public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID) throws MOASigServiceException {	
+	public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID) throws MOASigServiceException {
 		return verifyXMLSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION);
-		  
+
 	}
 
 	/* (non-Javadoc)
@@ -111,82 +111,85 @@ public class SignatureVerificationService extends AbstractSignatureService imple
 		try {
 			//setup context
 			setUpContexts(Thread.currentThread().getName());
-			
+
 			//build signature-verification request
 			 final Element domVerifyXMLSignatureRequest = buildVerifyXMLRequest(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation);
 
-			//send signature-verification to MOA-Sig			  	
-			final VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(domVerifyXMLSignatureRequest);		
+			//send signature-verification to MOA-Sig
+			final VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(domVerifyXMLSignatureRequest);
 		    final VerifyXMLSignatureResponse vsresponse = xadesInvocer.verifyXMLSignature(vsrequest);
 		    final Document result = new VerifyXMLSignatureResponseBuilder(true).build(vsresponse);
-			  			
+
 			// parses the <IXMLSignatureVerificationResponse>
 			final IXMLSignatureVerificationResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(result.getDocumentElement()).parseData();
-			
+
 			return verifyXMLSignatureResponse;
-			  
+
 		} catch (final MOASigServiceException e) {
 			  throw e;
-			  
+
 		} catch (final MOAException e) {
 			  log.warn("MOA-Sig signature-verification has an internal error."
 			  		+ " MsgCode: " + e.getMessageId()
 			  		+ " Msg: " + e.getMessage(),
 			  		e);
 			  throw new MOASigServiceException("service.moasig.03", new Object[]{e.getMessage()}, e);
-			  
-		}		
+
+		} finally {
+		    tearDownContexts();
+
+        }
 	}
-	  
+
 private ICMSSignatureVerificationResponse parseCMSVerificationResult(VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException {
-		
+
 		if (cmsSigVerifyResp.getResponseElements() == null ||
 				cmsSigVerifyResp.getResponseElements().isEmpty()) {
 			log.info("No CMS signature FOUND. ");
 			return null;
-			
+
 		}
-		
+
 		if (cmsSigVerifyResp.getResponseElements().size() > 1)
 			log.warn("CMS or CAdES signature contains more than one technical signatures. Only validate the first signature");
-		
+
 		final VerifyCMSSignatureResponseElement firstSig = (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0);
-		
-		final at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCMSSignatureResponse result = 
+
+		final at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCMSSignatureResponse result =
 				new at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCMSSignatureResponse();
-	
+
 		//parse results into response container
 		result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode());
 		result.setCertificateCheckCode(firstSig.getCertificateCheck().getCode());
-		
+
 		if (firstSig.getSignerInfo() != null) {
 			result.setSigningDateTime(firstSig.getSignerInfo().getSigningTime());
 			result.setX509CertificateEncoded(firstSig.getSignerInfo().getSignerCertificate().getEncoded());
 			result.setQualifiedCertificate(firstSig.getSignerInfo().isQualifiedCertificate());
-		
+
 			result.setPublicAuthority(firstSig.getSignerInfo().isPublicAuthority());
 			result.setPublicAuthorityCode(firstSig.getSignerInfo().getPublicAuhtorityID());
-			
+
 		} else
-			log.info("CMS or CAdES verification result contains no SignerInfo");		
-		
+			log.info("CMS or CAdES verification result contains no SignerInfo");
+
 		return result;
 	}
-	
+
 	/**
 	 * Build a VerifyCMS-Siganture request for MOA-Sig.
 	 * <br><br>
 	 * This builder only generates verification-request for enveloped CMS or CAdES signatures
 	 * <br>
-	 * This 
-	 * 
-	 * @param signature CMS or CAdES signature 
+	 * This
+	 *
+	 * @param signature CMS or CAdES signature
 	 * @param trustProfileID trustProfileID MOA-Sig Trust-Profile
 	 * @param isPdfSignature Make CAdES signature as part of an PAdES document
 	 * @param performExtendedValidation To extended validation. See MOA-Sig documentation for detailed information
-	 * @return 
+	 * @return
 	 */
-	private VerifyCMSSignatureRequest buildVerfifyCMSRequest(byte[] signature, String trustProfileID, 
+	private VerifyCMSSignatureRequest buildVerfifyCMSRequest(byte[] signature, String trustProfileID,
 			boolean isPdfSignature, boolean performExtendedValidation) {
 		final VerifyCMSSignatureRequestImpl verifyCMSSignatureRequest = new VerifyCMSSignatureRequestImpl();
 		verifyCMSSignatureRequest.setDateTime(null);
@@ -197,12 +200,12 @@ private ICMSSignatureVerificationResponse parseCMSVerificationResult(VerifyCMSSi
 		verifyCMSSignatureRequest.setPDF(isPdfSignature);
 		verifyCMSSignatureRequest.setExtended(performExtendedValidation);
 		return verifyCMSSignatureRequest;
-		
+
 	}
-	
+
 	/**
 	 * Build a VerifyXML-Signature request for MOA-Sig
-	 * 
+	 *
 	 * @param signature Serialized XML signature
 	 * @param trustProfileID MOA-Sig Trust-Profile
 	 * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles used for validation
@@ -213,13 +216,13 @@ private ICMSSignatureVerificationResponse parseCMSVerificationResult(VerifyCMSSi
 	private Element buildVerifyXMLRequest(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID, String xpathSignatureLocation) throws MOASigServiceBuilderException {
 		try {
 			//build empty document
-			final Document requestDoc_ = getNewDocumentBuilder(); 
+			final Document requestDoc_ = getNewDocumentBuilder();
 			final Element requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
 			requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
 	        requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
 	        requestDoc_.appendChild(requestElem_);
-			
-			
+
+
 			// build the request
 			final Element verifiySignatureInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
 			requestElem_.appendChild(verifiySignatureInfoElem);
@@ -228,7 +231,7 @@ private ICMSSignatureVerificationResponse parseCMSVerificationResult(VerifyCMSSi
 			final Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
 			verifySignatureEnvironmentElem.appendChild(base64ContentElem);
 
-			// insert the base64 encoded signature	      
+			// insert the base64 encoded signature
 			String base64EncodedAssertion = Base64Utils.encodeToString(signature);
 			//replace all '\r' characters by no char.
 			final StringBuffer replaced = new StringBuffer();
@@ -240,31 +243,31 @@ private ICMSSignatureVerificationResponse parseCMSVerificationResult(VerifyCMSSi
 			}
 			base64EncodedAssertion = replaced.toString();
 			final Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
-			base64ContentElem.appendChild(base64Content);      
-	     
+			base64ContentElem.appendChild(base64Content);
+
 			// specify the signature location
 			final Element verifySignatureLocationElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
 			verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
 			final Node signatureLocation = requestDoc_.createTextNode(xpathSignatureLocation);
-			verifySignatureLocationElem.appendChild(signatureLocation);      
-	      
+			verifySignatureLocationElem.appendChild(signatureLocation);
+
 			// signature manifest params
-			if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {				
+			if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {
 				final Element signatureManifestCheckParamsElem = requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
 				requestElem_.appendChild(signatureManifestCheckParamsElem);
 				signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
 
-				//verify transformations			
+				//verify transformations
 				final Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
 				signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
 				for (final String element : verifyTransformsInfoProfileID) {
 					final Element verifyTransformsInfoProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
 					referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
 					verifyTransformsInfoProfileIDElem.appendChild(requestDoc_.createTextNode(element));
-	            
+
 				}
 			}
-	      	      
+
 			//hashinput data
 			final Element returnHashInputDataElem = requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
 			requestElem_.appendChild(returnHashInputDataElem);
@@ -273,27 +276,27 @@ private ICMSSignatureVerificationResponse parseCMSVerificationResult(VerifyCMSSi
 			final Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
 			trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
 			requestElem_.appendChild(trustProfileIDElem);
-			
+
 			return requestElem_;
-			
+
 	    } catch (final Throwable t) {
 	    	log.warn("Can NOT build VerifyXML-Signature request for MOA-Sig", t);
 	    	throw new MOASigServiceBuilderException("service.moasig.03", new Object[] { t.getMessage() }, t);
-	      
+
 	    }
-	    
+
 	  }
 
 
-	
+
 	@PostConstruct
 	protected void internalInitializer() {
         log.debug("Instanzing SignatureVerificationService implementation ... ");
-		//svs = at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance();		
+		//svs = at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance();
 		cadesInvoker = CMSSignatureVerificationInvoker.getInstance();
 		xadesInvocer = XMLSignatureVerificationInvoker.getInstance();
 		log.info("MOA-Sig signature-verification service initialized");
-		
+
 	}
 
 }
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2019-11-28 18:28:05 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2019-11-28 18:28:05 +0100
commit	36c4fa60c8f246f4c1f015e47847aeb01b1100c6 (patch)
tree	e4363df63ba26a0639a78ed6504168ccf1d11d47 /eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
parent	1ca2a728adf96890b5738b7f6f8e61228f7b6351 (diff)
download	EAAF-Components-36c4fa60c8f246f4c1f015e47847aeb01b1100c6.tar.gz EAAF-Components-36c4fa60c8f246f4c1f015e47847aeb01b1100c6.tar.bz2 EAAF-Components-36c4fa60c8f246f4c1f015e47847aeb01b1100c6.zip