summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_moa-sig/src
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-10-13 18:32:49 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-10-13 18:32:49 +0200
commite6f5094b2db9d85a28009c288a6c923e336c82b4 (patch)
tree2ec1f3c357c3b576915b8a202fe4515734439317 /eaaf_modules/eaaf_module_moa-sig/src
parent54fdf1c8201312ffedec71595aa6602bb11e7640 (diff)
parent03bde4a2dda7880007f9910ffecddc0ca8a4b7ba (diff)
downloadEAAF-Components-e6f5094b2db9d85a28009c288a6c923e336c82b4.tar.gz
EAAF-Components-e6f5094b2db9d85a28009c288a6c923e336c82b4.tar.bz2
EAAF-Components-e6f5094b2db9d85a28009c288a6c923e336c82b4.zip
Merge branch 'nightlyBuild' of gitlab.iaik.tugraz.at:egiz/eaaf_components into nightlyBuild
Diffstat (limited to 'eaaf_modules/eaaf_module_moa-sig/src')
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java28
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java8
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java50
3 files changed, 76 insertions, 10 deletions
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java
index 7c009b68..e4577cae 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java
@@ -2,6 +2,7 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.api;
import java.util.Date;
import java.util.List;
+import java.util.Map;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
@@ -115,4 +116,31 @@ public interface ISignatureVerificationService {
List<String> verifyTransformsInfoProfileID, String signatureLocationXpath, Date signingDate)
throws MoaSigServiceException;
+
+ /**
+ * Verify a XML or XAdES signature. <br>
+ * <br>
+ * <i>This method only validates the first XML or XAdES signature if more than
+ * one signature exists</i>
+ *
+ * @param signature Serialized XML or XAdES signature
+ * @param trustProfileID Id of the Trust-Profile from MOA-Sig
+ * configuration
+ * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that
+ * should be used for
+ * signature-verification
+ * @param signatureLocationXpath Xpath that points to location of
+ * Signature element
+ * @param signingDate Signature timestamp
+ * @param supplementContent Map that contains supplement profile content; keyed by references. Each entry
+ * in this map becomes a Content/Base64Content child in the SupplementProfile
+ * node.
+ * @return @link {@link IXmlSignatureVerificationResponse}, or null if no
+ * signature was found
+ * @throws MoaSigServiceException on signatue-verification error
+ */
+ IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
+ final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
+ final String signatureLocationXpath, Date signingDate,
+ final Map<String, byte[]> supplementContent) throws MoaSigServiceException;
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java
index ae8c2c97..880b3791 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java
@@ -49,9 +49,11 @@ public class MoaSigInitializer {
log.info("Initializing MOA-Sig signature-verification service ... ");
log.info("Loading Java security providers.");
- IAIK.addAsProvider();
- ECCelerate.addAsProvider();
-
+ //IAIK.addAsProvider();
+ //ECCelerate.addAsProvider();
+ Security.addProvider(new IAIK());
+ Security.addProvider(new ECCelerate());
+
try {
LoggingContextManager.getInstance().setLoggingContext(new LoggingContext("startup"));
log.debug("MOA-Sig library initialization process ... ");
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 0818a260..9ee6d0aa 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -2,8 +2,10 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
+import java.util.Collections;
import java.util.Date;
import java.util.List;
+import java.util.Map;
import javax.annotation.PostConstruct;
@@ -103,7 +105,8 @@ public class SignatureVerificationService extends AbstractSignatureService
@Override
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID) throws MoaSigServiceException {
- return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null);
+ return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null,
+ Collections.EMPTY_MAP);
}
@@ -119,7 +122,7 @@ public class SignatureVerificationService extends AbstractSignatureService
final String trustProfileID, final List<String> verifyTransformsInfoProfileID)
throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID,
- DEFAULT_XPATH_SIGNATURE_LOCATION, null);
+ DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP);
}
/*
@@ -133,27 +136,37 @@ public class SignatureVerificationService extends AbstractSignatureService
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID, final String signatureLocationXpath)
throws MoaSigServiceException {
- return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null);
+ return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.EMPTY_MAP);
}
@Override
public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
Date signingDate) throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, null,
- DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate);
+ DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.EMPTY_MAP);
}
+
@Override
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException {
+ return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation,
+ signingDate, Collections.EMPTY_MAP);
+ }
+
+ @Override
+ public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
+ final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
+ final String xpathSignatureLocation, Date signingDate, final Map<String, byte[]> supplementContent)
+ throws MoaSigServiceException {
try {
// setup context
setUpContexts(Thread.currentThread().getName());
// build signature-verification request
final Element domVerifyXmlSignatureRequest = buildVerifyXmlRequest(signature, trustProfileID,
- verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate);
+ verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate, supplementContent);
// send signature-verification to MOA-Sig
final VerifyXMLSignatureRequest vsrequest =
@@ -262,13 +275,17 @@ public class SignatureVerificationService extends AbstractSignatureService
* used for validation
* @param xpathSignatureLocation Xpath that points to location of
* Signature element
- * @param sigValDate Signature timestamp
+ * @param sigValDate Signature timestamp
+ * @param supplementContent Map that contains supplement profile content; keyed by references. Each entry
+ * in this map becomes a Content/Base64Content child in the SupplementProfile
+ * node. Use this map to specify content of references that the verification
+ * service cannot resolve.
* @return MOA-Sig verification request element
* @throws MoaSigServiceBuilderException In case of an error
*/
private Element buildVerifyXmlRequest(final byte[] signature, final String trustProfileID,
final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation,
- Date sigValDate) throws MoaSigServiceBuilderException {
+ Date sigValDate, final Map<String, byte[]> supplementContent) throws MoaSigServiceBuilderException {
try {
// build empty document
final Document requestDoc_ = getNewDocumentBuilder();
@@ -352,6 +369,25 @@ public class SignatureVerificationService extends AbstractSignatureService
trustProfileIdElem.appendChild(requestDoc_.createTextNode(trustProfileID));
requestElem_.appendChild(trustProfileIdElem);
+ // add supplement profile
+ if (!supplementContent.isEmpty()) {
+
+ final Element supplementProfile = requestDoc_.createElementNS(MOA_NS_URI, "SupplementProfile");
+
+ for (Map.Entry<String, byte[]> entry: supplementContent.entrySet()) {
+ String reference = entry.getKey();
+ byte[] contentBytes = entry.getValue();
+ final Element content = requestDoc_.createElementNS(MOA_NS_URI, "Content");
+ content.setAttribute("Reference", reference);
+ final Element b64content = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+ b64content.setTextContent(Base64Utils.encodeToString(contentBytes));
+ content.appendChild(b64content);
+ supplementProfile.appendChild(content);
+ }
+
+ requestElem_.appendChild(supplementProfile);
+ }
+
return requestElem_;
} catch (final Throwable t) {