2 files changed, 71 insertions, 7 deletions

diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java
index 7c009b68..e4577cae 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java
@@ -2,6 +2,7 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.api;
 
 import java.util.Date;
 import java.util.List;
+import java.util.Map;
 
 import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
 import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
@@ -115,4 +116,31 @@ public interface ISignatureVerificationService {
       List<String> verifyTransformsInfoProfileID, String signatureLocationXpath, Date signingDate)
       throws MoaSigServiceException;
 
+
+  /**
+   * Verify a XML or XAdES signature. <br>
+   * <br>
+   * <i>This method only validates the first XML or XAdES signature if more than
+   * one signature exists</i>
+   *
+   * @param signature                     Serialized XML or XAdES signature
+   * @param trustProfileID                Id of the Trust-Profile from MOA-Sig
+   *                                      configuration
+   * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that
+   *                                      should be used for
+   *                                      signature-verification
+   * @param signatureLocationXpath        Xpath that points to location of
+   *                                      Signature element
+   * @param signingDate                   Signature timestamp
+   * @param supplementContent             Map that contains supplement profile content; keyed by references. Each entry
+   *                                      in this map becomes a Content/Base64Content child in the SupplementProfile
+   *                                      node.
+   * @return @link {@link IXmlSignatureVerificationResponse}, or null if no
+   *         signature was found
+   * @throws MoaSigServiceException on signatue-verification error
+   */
+  IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
+      final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
+      final String signatureLocationXpath, Date signingDate,
+      final Map<String, byte[]> supplementContent) throws MoaSigServiceException;
 }
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 0818a260..9ee6d0aa 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -2,8 +2,10 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;
 
 import java.io.ByteArrayInputStream;
 import java.security.cert.CertificateEncodingException;
+import java.util.Collections;
 import java.util.Date;
 import java.util.List;
+import java.util.Map;
 
 import javax.annotation.PostConstruct;
 
@@ -103,7 +105,8 @@ public class SignatureVerificationService extends AbstractSignatureService
   @Override
   public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
       final String trustProfileID) throws MoaSigServiceException {
-    return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null);
+    return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null,
+            Collections.EMPTY_MAP);
 
   }
 
@@ -119,7 +122,7 @@ public class SignatureVerificationService extends AbstractSignatureService
       final String trustProfileID, final List<String> verifyTransformsInfoProfileID)
       throws MoaSigServiceException {
     return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID,
-        DEFAULT_XPATH_SIGNATURE_LOCATION, null);
+        DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP);
   }
 
   /*
@@ -133,27 +136,37 @@ public class SignatureVerificationService extends AbstractSignatureService
   public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
       final String trustProfileID, final String signatureLocationXpath)
       throws MoaSigServiceException {
-    return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null);
+    return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.EMPTY_MAP);
   }
 
   @Override
   public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
       Date signingDate) throws MoaSigServiceException {
     return verifyXmlSignature(signature, trustProfileID, null,
-        DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate);
+        DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.EMPTY_MAP);
   }
 
+
   @Override
   public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
       final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
       final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException {
+    return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation,
+            signingDate, Collections.EMPTY_MAP);
+  }
+
+  @Override
+  public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
+      final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
+      final String xpathSignatureLocation, Date signingDate, final Map<String, byte[]> supplementContent)
+          throws MoaSigServiceException {
     try {
       // setup context
       setUpContexts(Thread.currentThread().getName());
 
       // build signature-verification request
       final Element domVerifyXmlSignatureRequest = buildVerifyXmlRequest(signature, trustProfileID,
-          verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate);
+          verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate, supplementContent);
 
       // send signature-verification to MOA-Sig
       final VerifyXMLSignatureRequest vsrequest =
@@ -262,13 +275,17 @@ public class SignatureVerificationService extends AbstractSignatureService
    *                                      used for validation
    * @param xpathSignatureLocation        Xpath that points to location of
    *                                      Signature element
-   * @param  sigValDate Signature timestamp
+   * @param  sigValDate                   Signature timestamp
+   * @param  supplementContent            Map that contains supplement profile content; keyed by references. Each entry
+   *                                      in this map becomes a Content/Base64Content child in the SupplementProfile
+   *                                      node. Use this map to specify content of references that the verification
+   *                                      service cannot resolve.
    * @return MOA-Sig verification request element
    * @throws MoaSigServiceBuilderException In case of an error
    */
   private Element buildVerifyXmlRequest(final byte[] signature, final String trustProfileID,
       final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation,
-      Date sigValDate) throws MoaSigServiceBuilderException {
+      Date sigValDate, final Map<String, byte[]> supplementContent) throws MoaSigServiceBuilderException {
     try {
       // build empty document
       final Document requestDoc_ = getNewDocumentBuilder();
@@ -352,6 +369,25 @@ public class SignatureVerificationService extends AbstractSignatureService
       trustProfileIdElem.appendChild(requestDoc_.createTextNode(trustProfileID));
       requestElem_.appendChild(trustProfileIdElem);
 
+      // add supplement profile
+      if (!supplementContent.isEmpty()) {
+
+        final Element supplementProfile = requestDoc_.createElementNS(MOA_NS_URI, "SupplementProfile");
+
+        for (Map.Entry<String, byte[]> entry: supplementContent.entrySet()) {
+          String reference = entry.getKey();
+          byte[] contentBytes = entry.getValue();
+          final Element content = requestDoc_.createElementNS(MOA_NS_URI, "Content");
+          content.setAttribute("Reference", reference);
+          final Element b64content = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+          b64content.setTextContent(Base64Utils.encodeToString(contentBytes));
+          content.appendChild(b64content);
+          supplementProfile.appendChild(content);
+        }
+
+        requestElem_.appendChild(supplementProfile);
+      }
+
       return requestElem_;
 
     } catch (final Throwable t) {