summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java29
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java10
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java20
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java64
4 files changed, 96 insertions, 27 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
index ee1037a1..8327b544 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java
@@ -23,15 +23,20 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.PublicKey;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
import javax.xml.transform.TransformerException;
-import org.w3c.dom.Element;
-
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
+import org.w3c.dom.Element;
+
+import lombok.extern.slf4j.Slf4j;
+
/**
* Data contained in an identity link issued by BMI, relevant to the MOA ID
* component. <br>
@@ -41,10 +46,13 @@ import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
* @author Paul Ivancsics
* @version $Id$
*/
+@Slf4j
public class IdentityLink implements Serializable, IIdentityLink {
private static final long serialVersionUID = 1L;
+ public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ssXXX";
+
/**
* <code>"identificationValue"</code> is the translation of
* <code>"Stammzahl"</code>.
@@ -372,6 +380,23 @@ public class IdentityLink implements Serializable, IIdentityLink {
return issueInstant;
}
+ @Override
+ public Date getIssueInstantDate() {
+ final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT);
+ try {
+ if (issueInstant != null) {
+ return f.parse(issueInstant);
+
+ }
+
+ } catch (final ParseException e) {
+ log.error("Can NOT parse Date from String: {}", issueInstant, null, e);
+
+ }
+
+ return null;
+ }
+
/*
* (non-Javadoc)
*
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
index 74c82181..a2288a5b 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
@@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.core.api.idp.auth.data;
import java.io.IOException;
import java.security.PublicKey;
+import java.util.Date;
import javax.xml.transform.TransformerException;
@@ -28,7 +29,7 @@ import org.w3c.dom.Element;
/**
* Deprecated IdentityLink interface.
- *
+ *
* @author tlenz
*
*/
@@ -188,6 +189,13 @@ public interface IIdentityLink {
String getIssueInstant();
/**
+ * Returns the issuing time of the identity link SAML assertion.
+ *
+ * @return The issuing time of the identity link SAML assertion.
+ */
+ Date getIssueInstantDate();
+
+ /**
* Sets the issuing time of the identity link SAML assertion.
*
* @param issueInstant The issueInstant to set.
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
index 67e9e29d..f7a33395 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java
@@ -1,5 +1,6 @@
package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api;
+import java.util.Date;
import java.util.List;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
@@ -44,6 +45,22 @@ public interface ISignatureVerificationService {
* <i>This method only validates the first XML or XAdES signature if more than
* one signature exists</i>
*
+ * @param signature Serialized XML or XAdES signature
+ * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration
+ * @param signingDate Signature timestamp
+ * @return @link {@link IXmlSignatureVerificationResponse}, or null if no
+ * signature was found
+ * @throws MoaSigServiceException on signatue-verification error
+ */
+ IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
+ Date signingDate) throws MoaSigServiceException;
+
+ /**
+ * Verify a XML or XAdES signature. <br>
+ * <br>
+ * <i>This method only validates the first XML or XAdES signature if more than
+ * one signature exists</i>
+ *
* @param signature Serialized XML or XAdES signature
* @param trustProfileID Id of the Trust-Profile from MOA-Sig
* configuration
@@ -89,12 +106,13 @@ public interface ISignatureVerificationService {
* signature-verification
* @param signatureLocationXpath Xpath that points to location of
* Signature element
+ * @param signingDate Signature timestamp
* @return @link {@link IXmlSignatureVerificationResponse}, or null if no
* signature was found
* @throws MoaSigServiceException on signatue-verification error
*/
IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
- List<String> verifyTransformsInfoProfileID, String signatureLocationXpath)
+ List<String> verifyTransformsInfoProfileID, String signatureLocationXpath, Date signingDate)
throws MoaSigServiceException;
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
index 8fc4086e..be27383c 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -2,19 +2,11 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
+import java.util.Date;
import java.util.List;
import javax.annotation.PostConstruct;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.lang.Nullable;
-import org.springframework.stereotype.Service;
-import org.springframework.util.Base64Utils;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
@@ -34,6 +26,16 @@ import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
import at.gv.egovernment.moaspss.util.Constants;
+import org.apache.commons.lang3.time.DateFormatUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.Nullable;
+import org.springframework.stereotype.Service;
+import org.springframework.util.Base64Utils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
/**
* MOA-Sig based signature verification implementation.
*
@@ -50,6 +52,8 @@ public class SignatureVerificationService extends AbstractSignatureService
private static final String DSIG = Constants.DSIG_PREFIX + ":";
private static final String DEFAULT_XPATH_SIGNATURE_LOCATION = "//" + DSIG + "Signature";
+ public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ssXXX";
+
private CMSSignatureVerificationInvoker cadesInvoker;
private XMLSignatureVerificationInvoker xadesInvocer;
@@ -99,7 +103,7 @@ public class SignatureVerificationService extends AbstractSignatureService
@Override
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID) throws MoaSigServiceException {
- return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION);
+ return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null);
}
@@ -115,7 +119,7 @@ public class SignatureVerificationService extends AbstractSignatureService
final String trustProfileID, final List<String> verifyTransformsInfoProfileID)
throws MoaSigServiceException {
return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID,
- DEFAULT_XPATH_SIGNATURE_LOCATION);
+ DEFAULT_XPATH_SIGNATURE_LOCATION, null);
}
/*
@@ -129,27 +133,27 @@ public class SignatureVerificationService extends AbstractSignatureService
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID, final String signatureLocationXpath)
throws MoaSigServiceException {
- return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath);
+ return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null);
+ }
+
+ @Override
+ public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID,
+ Date signingDate) throws MoaSigServiceException {
+ return verifyXmlSignature(signature, trustProfileID, null,
+ DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate);
}
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.
- * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String,
- * java.util.List, java.lang.String)
- */
@Override
public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature,
final String trustProfileID, final List<String> verifyTransformsInfoProfileID,
- final String xpathSignatureLocation) throws MoaSigServiceException {
+ final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException {
try {
// setup context
setUpContexts(Thread.currentThread().getName());
// build signature-verification request
final Element domVerifyXmlSignatureRequest = buildVerifyXmlRequest(signature, trustProfileID,
- verifyTransformsInfoProfileID, xpathSignatureLocation);
+ verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate);
// send signature-verification to MOA-Sig
final VerifyXMLSignatureRequest vsrequest =
@@ -258,15 +262,17 @@ public class SignatureVerificationService extends AbstractSignatureService
* used for validation
* @param xpathSignatureLocation Xpath that points to location of
* Signature element
+ * @param sigValDate Signature timestamp
* @return MOA-Sig verification request element
* @throws MoaSigServiceBuilderException In case of an error
*/
private Element buildVerifyXmlRequest(final byte[] signature, final String trustProfileID,
- final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation)
- throws MoaSigServiceBuilderException {
+ final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation,
+ Date sigValDate) throws MoaSigServiceBuilderException {
try {
// build empty document
final Document requestDoc_ = getNewDocumentBuilder();
+
final Element requestElem_ =
requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
@@ -275,6 +281,18 @@ public class SignatureVerificationService extends AbstractSignatureService
requestDoc_.appendChild(requestElem_);
// build the request
+
+ // build set signing time
+ if (sigValDate != null) {
+ final Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+ requestElem_.appendChild(dateTimeElem);
+ final Node dateTime = requestDoc_.createTextNode(
+ DateFormatUtils.format(sigValDate, PATTERN_ISSUE_INSTANT));
+ dateTimeElem.appendChild(dateTime);
+
+ }
+
+ //set other parameters
final Element verifiySignatureInfoElem =
requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
requestElem_.appendChild(verifiySignatureInfoElem);