From 01dbd709e7ed34ec7b6bc5fb02f2d5a3399dd35e Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Tue, 6 Aug 2019 11:23:09 +0200 Subject: verifyXML: parametrize xpath pointing to Signature location - Add two methods to public interface of ISignatureVerificationService, where caller can specify xpath. - Ignore intellj project files. --- .gitignore | 2 ++ .../moasig/api/ISignatureVerificationService.java | 37 ++++++++++++++++++++-- .../moasig/impl/SignatureVerificationService.java | 32 +++++++++++++++---- 3 files changed, 61 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index 16a0a262..1faa634d 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,5 @@ target .directory .checkstyle /id/server/moa-id-frontend-resources/src/main/resources/mainGUI/version.txt +.idea +*.iml diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java index 420fe5dc..a3243635 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java @@ -11,7 +11,7 @@ public interface ISignatureVerificationService { /** * Verify a CAdES or CMS signature *

- * This method only validates the first CMS or CAdES signature of more than one signature exists + * This method only validates the first CMS or CAdES signature if more than one signature exists * * @param signature Enveloped CMS or CAdES signature * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration @@ -26,7 +26,7 @@ public interface ISignatureVerificationService { /** * Verify a XML or XAdES signature *

- * This method only validates the first XML or XAdES signature of more than one signature exists + * This method only validates the first XML or XAdES signature if more than one signature exists * * @param signature Serialized XML or XAdES signature * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration @@ -39,7 +39,7 @@ public interface ISignatureVerificationService { /** * Verify a XML or XAdES signature *

- * This method only validates the first XML or XAdES signature of more than one signature exists + * This method only validates the first XML or XAdES signature if more than one signature exists * * @param signature Serialized XML or XAdES signature * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration @@ -50,4 +50,35 @@ public interface ISignatureVerificationService { IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, List verifyTransformsInfoProfileID) throws MOASigServiceException; + + /** + * Verify a XML or XAdES signature + *

+ * This method only validates the first XML or XAdES signature if more than one signature exists + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param signatureLocationXpath Xpath that points to location of Signature element + * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found + * @throws MOASigServiceException on signatue-verification error + */ + IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, + String signatureLocationXpath) throws MOASigServiceException; + + /** + * Verify a XML or XAdES signature + *

+ * This method only validates the first XML or XAdES signature if more than one signature exists + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that should be used for signature-verification + * @param signatureLocationXpath Xpath that points to location of Signature element + * @return @link {@link IXMLSignatureVerificationResponse}, or null if no signature was found + * @throws MOASigServiceException on signatue-verification error + */ + IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, + List verifyTransformsInfoProfileID, + String signatureLocationXpath) throws MOASigServiceException; + } \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java index 02f5f12a..e09bc8b4 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -42,7 +42,8 @@ public class SignatureVerificationService extends AbstractSignatureService imple private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; private static final String MOA_NS_URI = Constants.MOA_NS_URI; private static final String DSIG = Constants.DSIG_PREFIX + ":"; - + private static final String DEFAULT_XPATH_SIGNATURE_LOCATION = "//" + DSIG + "Signature"; + private at.gv.egovernment.moa.spss.api.SignatureVerificationService svs; /* (non-Javadoc) @@ -110,18 +111,34 @@ public class SignatureVerificationService extends AbstractSignatureService imple */ @Override public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID) throws MOASigServiceException { - return verifyXMLSignature(signature, trustProfileID, null); + return verifyXMLSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION); } - + /* (non-Javadoc) * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyXMLSignature(byte[], java.lang.String, java.util.List) */ @Override - public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, List verifyTransformsInfoProfileID) throws MOASigServiceException { + public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, List verifyTransformsInfoProfileID) throws MOASigServiceException { + return verifyXMLSignature(signature, trustProfileID, verifyTransformsInfoProfileID, DEFAULT_XPATH_SIGNATURE_LOCATION); + } + + /* (non-Javadoc) + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyXMLSignature(byte[], java.lang.String, java.lang.String) + */ + @Override + public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, String signatureLocationXpath) throws MOASigServiceException { + return verifyXMLSignature(signature, trustProfileID, null, signatureLocationXpath); + } + + /* (non-Javadoc) + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyXMLSignature(byte[], java.lang.String, java.util.List, java.lang.String) + */ + @Override + public IXMLSignatureVerificationResponse verifyXMLSignature(byte[] signature, String trustProfileID, List verifyTransformsInfoProfileID, String xpathSignatureLocation) throws MOASigServiceException { try { //build signature-verification request - final Element domVerifyXMLSignatureRequest = buildVerifyXMLRequest(signature, trustProfileID, verifyTransformsInfoProfileID); + final Element domVerifyXMLSignatureRequest = buildVerifyXMLRequest(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation); //send signature-verification to MOA-Sig final VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(domVerifyXMLSignatureRequest); @@ -179,10 +196,11 @@ public class SignatureVerificationService extends AbstractSignatureService imple * @param signature Serialized XML signature * @param trustProfileID MOA-Sig Trust-Profile * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles used for validation + * @param xpathSignatureLocation Xpath that points to location of Signature element * @return * @throws MOASigServiceBuilderException */ - private Element buildVerifyXMLRequest(byte[] signature, String trustProfileID, List verifyTransformsInfoProfileID) throws MOASigServiceBuilderException { + private Element buildVerifyXMLRequest(byte[] signature, String trustProfileID, List verifyTransformsInfoProfileID, String xpathSignatureLocation) throws MOASigServiceBuilderException { try { //build empty document final Document requestDoc_ = getNewDocumentBuilder(); @@ -217,7 +235,7 @@ public class SignatureVerificationService extends AbstractSignatureService imple // specify the signature location final Element verifySignatureLocationElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - final Node signatureLocation = requestDoc_.createTextNode("//" + DSIG + "Signature"); + final Node signatureLocation = requestDoc_.createTextNode(xpathSignatureLocation); verifySignatureLocationElem.appendChild(signatureLocation); // signature manifest params -- cgit v1.2.3