diff options
author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-08-06 11:23:09 +0200 |
---|---|---|
committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-08-06 11:23:09 +0200 |
commit | 01dbd709e7ed34ec7b6bc5fb02f2d5a3399dd35e (patch) | |
tree | d550b9da3fa9d078de315e386565220e0c6fdf0a /eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv | |
parent | 34e3848720e95afe415206b1d0d1ceeef773dd1e (diff) | |
download | EAAF-Components-01dbd709e7ed34ec7b6bc5fb02f2d5a3399dd35e.tar.gz EAAF-Components-01dbd709e7ed34ec7b6bc5fb02f2d5a3399dd35e.tar.bz2 EAAF-Components-01dbd709e7ed34ec7b6bc5fb02f2d5a3399dd35e.zip |
verifyXML: parametrize xpath pointing to Signature location
- Add two methods to public interface of
ISignatureVerificationService, where caller can specify xpath.
- Ignore intellj project files.
Diffstat (limited to 'eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv')
2 files changed, 59 insertions, 10 deletions
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java index 420fe5dc..a3243635 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java @@ -11,7 +11,7 @@ public interface ISignatureVerificationService { /** * Verify a CAdES or CMS signature * <br><br> - * <i>This method only validates the first CMS or CAdES signature of more than one signature exists</i> + * <i>This method only validates the first CMS or CAdES signature if more than one signature exists</i> * * @param signature Enveloped CMS or CAdES signature * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration @@ -26,7 +26,7 @@ public interface ISignatureVerificationService { /** * Verify a XML or XAdES signature * <br><br> - * <i>This method only validates the first XML or XAdES signature of more than one signature exists</i> + * <i>This method only validates the first XML or XAdES signature if more than one signature exists</i> * * @param signature Serialized XML or XAdES signature * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration @@ -39,7 +39,7 @@ public interface ISignatureVerificationService { /** * Verify a XML or XAdES signature * <br><br> - * <i>This method only validates the first XML or XAdES signature of more than one signature exists</i> + * <i>This method only validates the first XML or XAdES signature if more than one signature exists</i> * * @param signature Serialized XML or XAdES signature * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration @@ -50,4 +50,35 @@ public interface ISignatureVerificationService { IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID) throws MOASigServiceException; + + /** + * Verify a XML or XAdES signature + * <br><br> + * <i>This method only validates the first XML or XAdES signature if more than one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param signatureLocationXpath Xpath that points to location of Signature element + * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found + * @throws MOASigServiceException on signatue-verification error + */ + IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, + String signatureLocationXpath) throws MOASigServiceException; + + /** + * Verify a XML or XAdES signature + * <br><br> + * <i>This method only validates the first XML or XAdES signature if more than one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that should be used for signature-verification + * @param signatureLocationXpath Xpath that points to location of Signature element + * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found + * @throws MOASigServiceException on signatue-verification error + */ + IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, + List<String> verifyTransformsInfoProfileID, + String signatureLocationXpath) throws MOASigServiceException; + }
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java index 02f5f12a..e09bc8b4 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -42,7 +42,8 @@ public class SignatureVerificationService extends AbstractSignatureService imple private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; private static final String MOA_NS_URI = Constants.MOA_NS_URI; private static final String DSIG = Constants.DSIG_PREFIX + ":"; - + private static final String DEFAULT_XPATH_SIGNATURE_LOCATION = "//" + DSIG + "Signature"; + private at.gv.egovernment.moa.spss.api.SignatureVerificationService svs; /* (non-Javadoc) @@ -110,18 +111,34 @@ public class SignatureVerificationService extends AbstractSignatureService imple */ @Override public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID) throws MOASigServiceException { - return verifyXMLSignature(signature, trustProfileID, null); + return verifyXMLSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION); } - + /* (non-Javadoc) * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyXMLSignature(byte[], java.lang.String, java.util.List) */ @Override - public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID) throws MOASigServiceException { + public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID) throws MOASigServiceException { + return verifyXMLSignature(signature, trustProfileID, verifyTransformsInfoProfileID, DEFAULT_XPATH_SIGNATURE_LOCATION); + } + + /* (non-Javadoc) + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyXMLSignature(byte[], java.lang.String, java.lang.String) + */ + @Override + public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, String signatureLocationXpath) throws MOASigServiceException { + return verifyXMLSignature(signature, trustProfileID, null, signatureLocationXpath); + } + + /* (non-Javadoc) + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyXMLSignature(byte[], java.lang.String, java.util.List, java.lang.String) + */ + @Override + public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID, String xpathSignatureLocation) throws MOASigServiceException { try { //build signature-verification request - final Element domVerifyXMLSignatureRequest = buildVerifyXMLRequest(signature, trustProfileID, verifyTransformsInfoProfileID); + final Element domVerifyXMLSignatureRequest = buildVerifyXMLRequest(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation); //send signature-verification to MOA-Sig final VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(domVerifyXMLSignatureRequest); @@ -179,10 +196,11 @@ public class SignatureVerificationService extends AbstractSignatureService imple * @param signature Serialized XML signature * @param trustProfileID MOA-Sig Trust-Profile * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles used for validation + * @param xpathSignatureLocation Xpath that points to location of Signature element * @return * @throws MOASigServiceBuilderException */ - private Element buildVerifyXMLRequest(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID) throws MOASigServiceBuilderException { + private Element buildVerifyXMLRequest(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID, String xpathSignatureLocation) throws MOASigServiceBuilderException { try { //build empty document final Document requestDoc_ = getNewDocumentBuilder(); @@ -217,7 +235,7 @@ public class SignatureVerificationService extends AbstractSignatureService imple // specify the signature location final Element verifySignatureLocationElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - final Node signatureLocation = requestDoc_.createTextNode("//" + DSIG + "Signature"); + final Node signatureLocation = requestDoc_.createTextNode(xpathSignatureLocation); verifySignatureLocationElem.appendChild(signatureLocation); // signature manifest params |