From 2a097e3666d8617ffc9819fba7317ca52d1f16e6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 30 Jul 2020 14:28:32 +0200 Subject: change packagenames of MOA-Sig module --- .../moasig/api/ISignatureCreationService.java | 5 + .../moasig/api/ISignatureVerificationService.java | 118 +++++++ .../data/ICmsSignatureVerificationResponse.java | 5 + .../IGenericSignatureVerificationResponse.java | 75 ++++ .../moasig/api/data/ISchemaRessourceProvider.java | 21 ++ .../data/IXmlSignatureVerificationResponse.java | 39 +++ .../exceptions/MoaSigServiceBuilderException.java | 14 + .../MoaSigServiceConfigurationException.java | 11 + .../moasig/exceptions/MoaSigServiceException.java | 26 ++ .../exceptions/MoaSigServiceParserException.java | 14 + .../moasig/impl/AbstractSignatureService.java | 79 +++++ .../sigverify/moasig/impl/MoaSigInitializer.java | 130 +++++++ .../moasig/impl/MoaSigSpringResourceProvider.java | 28 ++ .../moasig/impl/SignatureCreationService.java | 32 ++ .../moasig/impl/SignatureVerificationService.java | 377 +++++++++++++++++++++ .../data/GenericSignatureVerificationResponse.java | 153 +++++++++ .../impl/data/VerifyCmsSignatureResponse.java | 10 + .../impl/data/VerifyXmlSignatureResponse.java | 115 +++++++ .../parser/VerifyXmlSignatureResponseParser.java | 193 +++++++++++ .../moasig/api/ISignatureCreationService.java | 5 - .../moasig/api/ISignatureVerificationService.java | 118 ------- .../data/ICmsSignatureVerificationResponse.java | 5 - .../IGenericSignatureVerificationResponse.java | 74 ---- .../moasig/api/data/ISchemaRessourceProvider.java | 21 -- .../data/IXmlSignatureVerificationResponse.java | 39 --- .../exceptions/MoaSigServiceBuilderException.java | 14 - .../MoaSigServiceConfigurationException.java | 11 - .../moasig/exceptions/MoaSigServiceException.java | 26 -- .../exceptions/MoaSigServiceParserException.java | 14 - .../moasig/impl/AbstractSignatureService.java | 79 ----- .../sigverify/moasig/impl/MoaSigInitializer.java | 130 ------- .../moasig/impl/MoaSigSpringResourceProvider.java | 28 -- .../moasig/impl/SignatureCreationService.java | 32 -- .../moasig/impl/SignatureVerificationService.java | 377 --------------------- .../data/GenericSignatureVerificationResponse.java | 152 --------- .../impl/data/VerifyCmsSignatureResponse.java | 10 - .../impl/data/VerifyXmlSignatureResponse.java | 115 ------- .../parser/VerifyXmlSignatureResponseParser.java | 193 ----------- .../src/main/resources/moa-sig-service.beans.xml | 6 +- 39 files changed, 1448 insertions(+), 1446 deletions(-) create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureCreationService.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceException.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureCreationService.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceException.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java delete mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java (limited to 'eaaf_modules/eaaf_module_moa-sig/src/main') diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureCreationService.java new file mode 100644 index 00000000..dbf5846b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureCreationService.java @@ -0,0 +1,5 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api; + +public interface ISignatureCreationService { + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java new file mode 100644 index 00000000..7c009b68 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java @@ -0,0 +1,118 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api; + +import java.util.Date; +import java.util.List; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; + +public interface ISignatureVerificationService { + + /** + * Verify a CAdES or CMS signature.
+ *
+ * This method only validates the first CMS or CAdES signature if more than + * one signature exists + * + * @param signature Enveloped CMS or CAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @return @link {@link ICmsSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID) + throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature.
+ *
+ * This method only validates the first XML or XAdES signature if more than + * one signature exists + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID) + throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature.
+ *
+ * This method only validates the first XML or XAdES signature if more than + * one signature exists + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param signingDate Signature timestamp + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + Date signingDate) throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature.
+ *
+ * This method only validates the first XML or XAdES signature if more than + * one signature exists + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that + * should be used for + * signature-verification + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + List verifyTransformsInfoProfileID) throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature.
+ *
+ * This method only validates the first XML or XAdES signature if more than + * one signature exists + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param signatureLocationXpath Xpath that points to location of Signature + * element + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + String signatureLocationXpath) throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature.
+ *
+ * This method only validates the first XML or XAdES signature if more than + * one signature exists + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that + * should be used for + * signature-verification + * @param signatureLocationXpath Xpath that points to location of + * Signature element + * @param signingDate Signature timestamp + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + List verifyTransformsInfoProfileID, String signatureLocationXpath, Date signingDate) + throws MoaSigServiceException; + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java new file mode 100644 index 00000000..f3d1dffc --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java @@ -0,0 +1,5 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; + +public interface ICmsSignatureVerificationResponse extends IGenericSignatureVerificationResponse { + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java new file mode 100644 index 00000000..e7de6958 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java @@ -0,0 +1,75 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; + +import java.util.Date; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; + +import org.springframework.lang.Nullable; + +import iaik.x509.X509Certificate; + +public interface IGenericSignatureVerificationResponse { + + /** + * Returns the signing time. + * + * @return Signing time, or null if signature contains no time information + */ + @Nullable + Date getSigningDateTime(); + + /** + * Returns the signatureCheckCode. + * + * @return int + */ + int getSignatureCheckCode(); + + /** + * Returns the certificateCheckCode. + * + * @return int + */ + int getCertificateCheckCode(); + + /** + * Returns the qualifiedCertificate. + * + * @return boolean + */ + boolean isQualifiedCertificate(); + + /** + * Returns the X509 certificate. + * + * @return X509Certificate, or null if no certificate information exists + * @throws MoaSigServiceException if X509 certificate can not be deserialized + */ + @Nullable + X509Certificate getX509Certificate() throws MoaSigServiceException; + + /** + * Returns the X509 certificate in serialized form. + * + * @return Serialized X509 certificate, or null if no certificate information + * exists + */ + @Nullable + byte[] getX509CertificateEncoded(); + + /** + * Returns the publicAuthority. + * + * @return boolean + */ + boolean isPublicAuthority(); + + /** + * Returns the publicAuthorityCode. + * + * @return String OID, or null if no OID exists + */ + @Nullable + String getPublicAuthorityCode(); + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java new file mode 100644 index 00000000..edbbf628 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java @@ -0,0 +1,21 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; + +import java.io.InputStream; +import java.util.Map; + +/** + * Inject additional XML schemes into MOA-Sig. + * + * @author tlenz + * + */ +public interface ISchemaRessourceProvider { + + /** + * Get a Map of additional XML schemes that should be injected into MOA-Sig. + * + * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme + * as {@link InputStream} + */ + Map getSchemas(); +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java new file mode 100644 index 00000000..c7d0b276 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java @@ -0,0 +1,39 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; + +/** + * XML signature verification result. + * + * @author tlenz + * + */ +public interface IXmlSignatureVerificationResponse extends IGenericSignatureVerificationResponse { + + /** + * Returns the xmlDSIGManifestCheckCode. + * + * @return int + */ + int getXmlDsigManifestCheckCode(); + + /** + * Returns the xmlDsigSubjectName. + * + * @return String + */ + String getXmlDsigSubjectName(); + + /** + * Returns the xmlDSIGManigest. + * + * @return boolean + */ + boolean isXmlDsigManigest(); + + /** + * Returns the the resulting code of the signature manifest check. + * + * @return The code of the sigature manifest check. + */ + int getSignatureManifestCheckCode(); + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java new file mode 100644 index 00000000..560732c3 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java @@ -0,0 +1,14 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions; + +public class MoaSigServiceBuilderException extends MoaSigServiceException { + + private static final long serialVersionUID = 5178393157255309476L; + + public MoaSigServiceBuilderException(final String errorId, final Object[] params) { + super(errorId, params); + } + + public MoaSigServiceBuilderException(final String errorId, final Object[] params, final Throwable e) { + super(errorId, params, e); + } +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java new file mode 100644 index 00000000..97817e01 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java @@ -0,0 +1,11 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions; + +public class MoaSigServiceConfigurationException extends MoaSigServiceException { + + private static final long serialVersionUID = -4710795384615456488L; + + public MoaSigServiceConfigurationException(final String errorId, final Object[] params, final Throwable e) { + super(errorId, params, e); + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceException.java new file mode 100644 index 00000000..56277d7d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceException.java @@ -0,0 +1,26 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions; + +import at.gv.egiz.eaaf.core.exceptions.EaafServiceException; + +public class MoaSigServiceException extends EaafServiceException { + + private static final long serialVersionUID = -6088238428550563658L; + private static final String MOA_SIG_SERVICE_ID = "MOA-SIG-VERIFY"; + + public MoaSigServiceException(final String errorId, final Object[] params) { + super(errorId, params); + + } + + public MoaSigServiceException(final String errorId, final Object[] params, final Throwable e) { + super(errorId, params, e); + + } + + @Override + protected String getServiceIdentifier() { + return MOA_SIG_SERVICE_ID; + + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java new file mode 100644 index 00000000..760e293f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java @@ -0,0 +1,14 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions; + +public class MoaSigServiceParserException extends MoaSigServiceException { + + private static final long serialVersionUID = 5178393157255309476L; + + public MoaSigServiceParserException(final String errorId, final Object[] params) { + super(errorId, params); + } + + public MoaSigServiceParserException(final String errorId, final Object[] params, final Throwable e) { + super(errorId, params, e); + } +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java new file mode 100644 index 00000000..c7efc677 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java @@ -0,0 +1,79 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; + +public abstract class AbstractSignatureService { + private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class); + + @Autowired(required = true) + MoaSigInitializer moaSigConfig; + + /** + * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, + * because {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not + * thread-safe. + * + * @return {@link Document} + * @throws ParserConfigurationException In case of an error + */ + protected synchronized Document getNewDocumentBuilder() throws ParserConfigurationException { + final DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + return docBuilder.newDocument(); + + } + + /** + * Set up the thread-local context information needed for calling the various + * Invoker classes. + * + * @throws ConfigurationException An error occurred setting up the configuration + * in the TransactionContext. + */ + protected final void setUpContexts(final String transactionID) throws ConfigurationException { + final TransactionContextManager txMgr = TransactionContextManager.getInstance(); + final LoggingContextManager logMgr = LoggingContextManager.getInstance(); + + if (txMgr.getTransactionContext() == null) { + log.debug("Set not MOA-Sig transaction context"); + final TransactionContext ctx = + new TransactionContext(transactionID, null, ConfigurationProvider.getInstance()); + txMgr.setTransactionContext(ctx); + + } + + if (logMgr.getLoggingContext() == null) { + final LoggingContext ctx = new LoggingContext(transactionID); + logMgr.setLoggingContext(ctx); + + } + + new IaikConfigurator().configure(ConfigurationProvider.getInstance()); + + } + + /** + * Tear down thread-local context information. + */ + protected void tearDownContexts() { + TransactionContextManager.getInstance().setTransactionContext(null); + LoggingContextManager.getInstance().setLoggingContext(null); + log.debug("Closing MOA-Sig transaction context"); + + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java new file mode 100644 index 00000000..ae8c2c97 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java @@ -0,0 +1,130 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; + +import java.io.IOException; +import java.io.InputStream; +import java.security.Provider; +import java.security.Security; +import java.util.Iterator; +import java.util.Map.Entry; + +import javax.annotation.Nonnull; +import javax.annotation.PostConstruct; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ISchemaRessourceProvider; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.DOMUtils; +import iaik.asn1.structures.AlgorithmID; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +public class MoaSigInitializer { + private static final Logger log = LoggerFactory.getLogger(MoaSigInitializer.class); + + @Autowired(required = false) + ISchemaRessourceProvider[] schemas; + + private Configurator moaSigConfigurator; + + /** + * Get MOA-Sig configuration object. + * + * @return moa-sig configuration + */ + @Nonnull + public Configurator getMoaSigConfigurator() { + return moaSigConfigurator; + + } + + @PostConstruct + private synchronized void initialize() throws MoaSigServiceConfigurationException { + log.info("Initializing MOA-Sig signature-verification service ... "); + + log.info("Loading Java security providers."); + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + + try { + LoggingContextManager.getInstance().setLoggingContext(new LoggingContext("startup")); + log.debug("MOA-Sig library initialization process ... "); + Configurator.getInstance().init(); + log.info("MOA-Sig library initialization complete "); + + //Security.insertProviderAt(IAIK.getInstance(), 0); + + //final ECCelerate eccProvider = ECCelerate.getInstance(); + //if (Security.getProvider(eccProvider.getName()) != null) { + // Security.removeProvider(eccProvider.getName()); + //} + //Security.addProvider(new ECCelerate()); + + fixJava8_141ProblemWithSslAlgorithms(); + + if (log.isDebugEnabled()) { + log.debug("Loaded Security Provider:"); + final Provider[] providerList = Security.getProviders(); + for (int i = 0; i < providerList.length; i++) { + log.debug( + i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); + } + + } + + // Inject additional XML schemes + if (schemas != null && schemas.length > 0) { + log.debug("Infjecting additional XML schemes ... "); + for (final ISchemaRessourceProvider el : schemas) { + final Iterator> xmlSchemeIt = + el.getSchemas().entrySet().iterator(); + while (xmlSchemeIt.hasNext()) { + final Entry xmlDef = xmlSchemeIt.next(); + try { + DOMUtils.addSchemaToPool(xmlDef.getValue(), xmlDef.getKey()); + log.info("Inject XML scheme: {}", xmlDef.getKey()); + + } catch (final IOException e) { + log.warn("Can NOT inject XML scheme: " + xmlDef.getKey(), e); + + } + + } + } + } + + moaSigConfigurator = Configurator.getInstance(); + + } catch (final MOAException e) { + log.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new MoaSigServiceConfigurationException("service.moasig.04", + new Object[] { e.toString() }, e); + } + + } + + private static void fixJava8_141ProblemWithSslAlgorithms() { + log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); + // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] + // { "MD5withRSA", + // "MD5/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", + new String[] { "SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + + log.info("Change AlgorithmIDs finished"); + } +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java new file mode 100644 index 00000000..b5e190d8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java @@ -0,0 +1,28 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class MoaSigSpringResourceProvider implements SpringResourceProvider { + + @Override + public Resource[] getResourcesToLoad() { + final ClassPathResource moaSigConfig = + new ClassPathResource("/moa-sig-service.beans.xml", MoaSigSpringResourceProvider.class); + return new Resource[] { moaSigConfig }; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getName() { + return "Signature-verification service based on MOA-Sig (MOA-SPSS)"; + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureCreationService.java new file mode 100644 index 00000000..0d8b7975 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureCreationService.java @@ -0,0 +1,32 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; + +import javax.annotation.PostConstruct; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureCreationService; +import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker; +import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker; + +@Service(value = "moaSigCreateService") +public class SignatureCreationService extends AbstractSignatureService + implements ISignatureCreationService { + private static final Logger log = LoggerFactory.getLogger(SignatureCreationService.class); + + private XMLSignatureCreationInvoker xadesInvoker; + private CMSSignatureCreationInvoker cadesInvoker; + + @PostConstruct + protected void internalInitializer() { + log.debug("Instanzing SignatureCreationService implementation ... "); + xadesInvoker = XMLSignatureCreationInvoker.getInstance(); + cadesInvoker = CMSSignatureCreationInvoker.getInstance(); + log.trace("XML_impl: {} , CMS_imp: {}", + xadesInvoker.getClass().getName(), cadesInvoker.getClass().getName()); + log.info("MOA-Sig signature-creation service initialized"); + + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java new file mode 100644 index 00000000..0818a260 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -0,0 +1,377 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; + +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateEncodingException; +import java.util.Date; +import java.util.List; + +import javax.annotation.PostConstruct; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; +import at.gv.egovernment.moa.spss.api.impl.VerifyCMSSignatureRequestImpl; +import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; +import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; +import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; +import at.gv.egovernment.moaspss.util.Constants; + +import org.apache.commons.lang3.time.DateFormatUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.lang.Nullable; +import org.springframework.stereotype.Service; +import org.springframework.util.Base64Utils; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +/** + * MOA-Sig based signature verification implementation. + * + * @author tlenz + * + */ +@Service(value = "moaSigVerifyService") +public class SignatureVerificationService extends AbstractSignatureService + implements ISignatureVerificationService { + private static final Logger log = LoggerFactory.getLogger(SignatureVerificationService.class); + + private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; + private static final String MOA_NS_URI = Constants.MOA_NS_URI; + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + private static final String DEFAULT_XPATH_SIGNATURE_LOCATION = "//" + DSIG + "Signature"; + + public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ssXXX"; + + private CMSSignatureVerificationInvoker cadesInvoker; + private XMLSignatureVerificationInvoker xadesInvocer; + + /* + * (non-Javadoc) + * + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. + * ISignatureVerificationService# verifyCMSSignature(byte[], java.lang.String) + */ + @Override + @Nullable + public ICmsSignatureVerificationResponse verifyCmsSignature(final byte[] signature, + final String trustProfileID) throws MoaSigServiceException { + try { + // setup context + setUpContexts(Thread.currentThread().getName()); + + // verify signature + final VerifyCMSSignatureRequest cmsSigVerifyReq = + buildVerfifyCmsRequest(signature, trustProfileID, false, false); + final VerifyCMSSignatureResponse cmsSigVerifyResp = + cadesInvoker.verifyCMSSignature(cmsSigVerifyReq); + return parseCmsVerificationResult(cmsSigVerifyResp); + + } catch (final MOAException e) { + log.warn("CMS signature verification has an error.", e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); + + } catch (final CertificateEncodingException e) { + log.warn("Can NOT serialize X509 certificate from CMS/CAdES signature-verification response", + e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); + + } finally { + tearDownContexts(); + + } + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. + * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String) + */ + @Override + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID) throws MoaSigServiceException { + return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null); + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. + * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String, + * java.util.List) + */ + @Override + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID, final List verifyTransformsInfoProfileID) + throws MoaSigServiceException { + return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, + DEFAULT_XPATH_SIGNATURE_LOCATION, null); + } + + /* + * (non-Javadoc) + * + * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. + * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String, + * java.lang.String) + */ + @Override + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID, final String signatureLocationXpath) + throws MoaSigServiceException { + return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null); + } + + @Override + public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + Date signingDate) throws MoaSigServiceException { + return verifyXmlSignature(signature, trustProfileID, null, + DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate); + } + + @Override + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID, final List verifyTransformsInfoProfileID, + final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException { + try { + // setup context + setUpContexts(Thread.currentThread().getName()); + + // build signature-verification request + final Element domVerifyXmlSignatureRequest = buildVerifyXmlRequest(signature, trustProfileID, + verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate); + + // send signature-verification to MOA-Sig + final VerifyXMLSignatureRequest vsrequest = + new VerifyXMLSignatureRequestParser().parse(domVerifyXmlSignatureRequest); + final VerifyXMLSignatureResponse vsresponse = xadesInvocer.verifyXMLSignature(vsrequest); + final Document result = new VerifyXMLSignatureResponseBuilder(true).build(vsresponse); + + // parses the + final IXmlSignatureVerificationResponse verifyXmlSignatureResponse = + new VerifyXmlSignatureResponseParser(result.getDocumentElement()).parseData(); + + return verifyXmlSignatureResponse; + + } catch (final MoaSigServiceException e) { + throw e; + + } catch (final MOAException e) { + log.warn("MOA-Sig signature-verification has an internal error." + " MsgCode: " + + e.getMessageId() + " Msg: " + e.getMessage(), e); + throw new MoaSigServiceException("service.moasig.03", new Object[] { e.getMessage() }, e); + + } finally { + tearDownContexts(); + + } + } + + private ICmsSignatureVerificationResponse parseCmsVerificationResult( + final VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException { + + if (cmsSigVerifyResp.getResponseElements() == null + || cmsSigVerifyResp.getResponseElements().isEmpty()) { + log.info("No CMS signature FOUND. "); + return null; + + } + + if (cmsSigVerifyResp.getResponseElements().size() > 1) { + log.warn( + "CMS or CAdES signature contains more than one technical signatures. Only validate the first signature"); + } + + final VerifyCMSSignatureResponseElement firstSig = + (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0); + + final at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse result = + new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(); + + // parse results into response container + result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode()); + result.setCertificateCheckCode(firstSig.getCertificateCheck().getCode()); + + if (firstSig.getSignerInfo() != null) { + result.setSigningDateTime(firstSig.getSignerInfo().getSigningTime()); + result + .setX509CertificateEncoded(firstSig.getSignerInfo().getSignerCertificate().getEncoded()); + result.setQualifiedCertificate(firstSig.getSignerInfo().isQualifiedCertificate()); + + result.setPublicAuthority(firstSig.getSignerInfo().isPublicAuthority()); + result.setPublicAuthorityCode(firstSig.getSignerInfo().getPublicAuhtorityID()); + + } else { + log.info("CMS or CAdES verification result contains no SignerInfo"); + } + + return result; + } + + /** + * Build a VerifyCMS-Siganture request for MOA-Sig.
+ *
+ * This builder only generates verification-request for enveloped CMS or CAdES + * signatures
+ * This + * + * @param signature CMS or CAdES signature + * @param trustProfileID trustProfileID MOA-Sig Trust-Profile + * @param isPdfSignature Make CAdES signature as part of an PAdES + * document + * @param performExtendedValidation To extended validation. See MOA-Sig + * documentation for detailed information + * @return + */ + private VerifyCMSSignatureRequest buildVerfifyCmsRequest(final byte[] signature, + final String trustProfileID, final boolean isPdfSignature, + final boolean performExtendedValidation) { + final VerifyCMSSignatureRequestImpl verifyCmsSignatureRequest = + new VerifyCMSSignatureRequestImpl(); + verifyCmsSignatureRequest.setDateTime(null); + verifyCmsSignatureRequest.setCMSSignature(new ByteArrayInputStream(signature)); + verifyCmsSignatureRequest.setDataObject(null); + verifyCmsSignatureRequest.setTrustProfileId(trustProfileID); + verifyCmsSignatureRequest.setSignatories(VerifyCMSSignatureRequest.ALL_SIGNATORIES); + verifyCmsSignatureRequest.setPDF(isPdfSignature); + verifyCmsSignatureRequest.setExtended(performExtendedValidation); + return verifyCmsSignatureRequest; + + } + + /** + * Build a VerifyXML-Signature request for MOA-Sig. + * + * @param signature Serialized XML signature + * @param trustProfileID MOA-Sig Trust-Profile + * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles + * used for validation + * @param xpathSignatureLocation Xpath that points to location of + * Signature element + * @param sigValDate Signature timestamp + * @return MOA-Sig verification request element + * @throws MoaSigServiceBuilderException In case of an error + */ + private Element buildVerifyXmlRequest(final byte[] signature, final String trustProfileID, + final List verifyTransformsInfoProfileID, final String xpathSignatureLocation, + Date sigValDate) throws MoaSigServiceBuilderException { + try { + // build empty document + final Document requestDoc_ = getNewDocumentBuilder(); + + final Element requestElem_ = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, + Constants.DSIG_NS_URI); + requestDoc_.appendChild(requestElem_); + + // build the request + + // build set signing time + if (sigValDate != null) { + final Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); + requestElem_.appendChild(dateTimeElem); + final Node dateTime = requestDoc_.createTextNode( + DateFormatUtils.format(sigValDate, PATTERN_ISSUE_INSTANT)); + dateTimeElem.appendChild(dateTime); + + } + + //set other parameters + final Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + final Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + final Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + + // insert the base64 encoded signature + String base64EncodedAssertion = Base64Utils.encodeToString(signature); + // replace all '\r' characters by no char. + final StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i++) { + final char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } + } + base64EncodedAssertion = replaced.toString(); + final Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + + // specify the signature location + final Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + final Node signatureLocation = requestDoc_.createTextNode(xpathSignatureLocation); + verifySignatureLocationElem.appendChild(signatureLocation); + + // signature manifest params + if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) { + final Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); + + // verify transformations + final Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + for (final String element : verifyTransformsInfoProfileID) { + final Element verifyTransformsInfoProfileIdElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIdElem); + verifyTransformsInfoProfileIdElem.appendChild(requestDoc_.createTextNode(element)); + + } + } + + // hashinput data + final Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + + // add trustProfileID + final Element trustProfileIdElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIdElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIdElem); + + return requestElem_; + + } catch (final Throwable t) { + log.warn("Can NOT build VerifyXML-Signature request for MOA-Sig", t); + throw new MoaSigServiceBuilderException("service.moasig.03", new Object[] { t.getMessage() }, + t); + + } + + } + + @PostConstruct + protected void internalInitializer() { + log.debug("Instanzing SignatureVerificationService implementation ... "); + // svs = + // at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance(); + cadesInvoker = CMSSignatureVerificationInvoker.getInstance(); + xadesInvocer = XMLSignatureVerificationInvoker.getInstance(); + log.info("MOA-Sig signature-verification service initialized"); + + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java new file mode 100644 index 00000000..56054d71 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java @@ -0,0 +1,153 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; + +import java.io.Serializable; +import java.security.cert.CertificateException; +import java.util.Date; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IGenericSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; + +import iaik.x509.X509Certificate; + +public class GenericSignatureVerificationResponse + implements IGenericSignatureVerificationResponse, Serializable { + + private static final long serialVersionUID = -7751001050689401118L; + private static final Logger log = + LoggerFactory.getLogger(GenericSignatureVerificationResponse.class); + + /** The signing time. */ + private Date signingDateTime; + + /** The signatureCheckCode to be stored. */ + private int signatureCheckCode; + + /** The certificateCheckCode to be stored. */ + private int certificateCheckCode; + + /** The publicAuthority to be stored. */ + private boolean publicAuthority; + + /** The publicAuthorityCode to be stored. */ + private String publicAuthorityCode; + + /** The qualifiedCertificate to be stored. */ + private boolean qualifiedCertificate; + + private byte[] x509CertificateEncoded; + + @Override + public Date getSigningDateTime() { + if (this.signingDateTime != null) { + return new Date(this.signingDateTime.getTime()); + } + return null; + + } + + @Override + public int getSignatureCheckCode() { + return this.signatureCheckCode; + + } + + @Override + public int getCertificateCheckCode() { + return this.certificateCheckCode; + + } + + @Override + public boolean isQualifiedCertificate() { + return this.qualifiedCertificate; + + } + + @Override + public X509Certificate getX509Certificate() throws MoaSigServiceException { + if (x509CertificateEncoded != null) { + try { + return new X509Certificate(x509CertificateEncoded); + + } catch (final CertificateException e) { + log.error("Can NOT parse X509 certifcate in " + + GenericSignatureVerificationResponse.class.getName(), e); + throw new MoaSigServiceParserException("service.moasig.01", null, e); + } + + } + + return null; + + } + + @Override + public byte[] getX509CertificateEncoded() { + if (this.x509CertificateEncoded != null) { + return this.x509CertificateEncoded.clone(); + + } + return null; + + } + + @Override + public boolean isPublicAuthority() { + return this.publicAuthority; + + } + + @Override + public String getPublicAuthorityCode() { + return this.publicAuthorityCode; + + } + + /** + * Set signature creation timestramp. + * + * @param signingDateTime timestamp + */ + public void setSigningDateTime(final Date signingDateTime) { + if (signingDateTime != null) { + this.signingDateTime = new Date(signingDateTime.getTime()); + } + } + + public void setSignatureCheckCode(final int signatureCheckCode) { + this.signatureCheckCode = signatureCheckCode; + } + + public void setCertificateCheckCode(final int certificateCheckCode) { + this.certificateCheckCode = certificateCheckCode; + } + + public void setPublicAuthority(final boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + + public void setPublicAuthorityCode(final String publicAuthorityCode) { + this.publicAuthorityCode = publicAuthorityCode; + } + + public void setQualifiedCertificate(final boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + /** + * Set encoded signer certificate. + * + * @param x509CertificateEncoded signer cerificate + */ + public void setX509CertificateEncoded(final byte[] x509CertificateEncoded) { + if (x509CertificateEncoded != null) { + this.x509CertificateEncoded = x509CertificateEncoded.clone(); + + } + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java new file mode 100644 index 00000000..244aa223 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java @@ -0,0 +1,10 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; + +public class VerifyCmsSignatureResponse extends GenericSignatureVerificationResponse + implements ICmsSignatureVerificationResponse { + + private static final long serialVersionUID = 708260904158070696L; + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java new file mode 100644 index 00000000..cbce53b7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java @@ -0,0 +1,115 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; + +/** + * MOA-Sig signature verification response for XML based signatures. + * + * @author tlenz + * + */ + +public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResponse + implements IXmlSignatureVerificationResponse { + + private static final long serialVersionUID = 8386070769565711601L; + + /** The xmlDsigSubjectName to be stored. */ + private String xmlDsigSubjectName; + + /** The xmlDSIGManifestCheckCode to be stored. */ + private int xmlDsigManifestCheckCode; + /** The xmlDSIGManigest to be stored. */ + private boolean xmlDsigManigest; + + /** + * The result of the signature manifest check. The default value -1 + * indicates that the signature manifest has not been checked. + */ + private int signatureManifestCheckCode = -1; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * getXmlDSIGManifestCheckCode() + */ + @Override + public int getXmlDsigManifestCheckCode() { + return xmlDsigManifestCheckCode; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * getXmlDsigSubjectName() + */ + @Override + public String getXmlDsigSubjectName() { + return xmlDsigSubjectName; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * setXmlDSIGManifestCheckCode( int) + */ + public void setXmlDsigManifestCheckCode(final int xmlDsigManifestCheckCode) { + this.xmlDsigManifestCheckCode = xmlDsigManifestCheckCode; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * setXmlDsigSubjectName(java.lang .String) + */ + public void setXmlDsigSubjectName(final String xmlDsigSubjectName) { + this.xmlDsigSubjectName = xmlDsigSubjectName; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * isXmlDSIGManigest() + */ + @Override + public boolean isXmlDsigManigest() { + return xmlDsigManigest; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * setXmlDSIGManigest(boolean) + */ + public void setXmlDsigManigest(final boolean xmlDsigManigest) { + this.xmlDsigManigest = xmlDsigManigest; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * getSignatureManifestCheckCode() + */ + @Override + public int getSignatureManifestCheckCode() { + return signatureManifestCheckCode; + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# + * setSignatureManifestCheckCode( int) + */ + public void setSignatureManifestCheckCode(final int signatureManifestCheckCode) { + this.signatureManifestCheckCode = signatureManifestCheckCode; + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java new file mode 100644 index 00000000..b7fc8200 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java @@ -0,0 +1,193 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.parser; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import org.joda.time.DateTime; +import org.joda.time.format.ISODateTimeFormat; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.lang.NonNull; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyXmlSignatureResponse; +import at.gv.egovernment.moaspss.util.Constants; +import at.gv.egovernment.moaspss.util.DOMUtils; +import at.gv.egovernment.moaspss.util.XPathUtils; +import iaik.utils.Base64InputStream; +import iaik.x509.X509Certificate; + +public class VerifyXmlSignatureResponseParser { + private static final Logger log = LoggerFactory.getLogger(VerifyXmlSignatureResponseParser.class); + + // + // XPath namespace prefix shortcuts + // + /** Xpath prefix for reaching MOA Namespaces. */ + private static final String MOA = Constants.MOA_PREFIX + ":"; + /** Xpath prefix for reaching DSIG Namespaces. */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + /** Xpath expression to the root element. */ + private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/"; + + /** Xpath expression to the X509SubjectName element. */ + private static final String DSIG_SUBJECT_NAME_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + DSIG + "X509SubjectName"; + /** Xpath expression to the X509Certificate element. */ + private static final String DSIG_X509_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + DSIG + "X509Certificate"; + /** Xpath expression to the PublicAuthority element. */ + private static final String PUBLIC_AUTHORITY_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + MOA + "PublicAuthority"; + /** Xpath expression to the PublicAuthorityCode element. */ + private static final String PUBLIC_AUTHORITY_CODE_XPATH = + PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code"; + /** Xpath expression to the QualifiedCertificate element. */ + private static final String QUALIFIED_CERTIFICATE_XPATH = + ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + MOA + "QualifiedCertificate"; + + /** Xpath expression to the SignatureCheckCode element. */ + private static final String SIGNATURE_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureCheck/" + MOA + "Code"; + /** Xpath expression to the XMLDSIGManifestCheckCode element. */ + private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; + /** Xpath expression to the SignatureManifestCheckCode element. */ + private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = + ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code"; + /** Xpath expression to the CertificateCheckCode element. */ + private static final String CERTIFICATE_CHECK_CODE_XPATH = + ROOT + MOA + "CertificateCheck/" + MOA + "Code"; + + private static final String SIGNING_TIME_XPATH = ROOT + MOA + "SigningTime"; + + /** + * This is the root element of the XML-Document provided by the Security Layer + * Card. + */ + private Element verifyXmlSignatureResponse; + + /** + * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the + * incoming String will be created + * + * @param xmlResponse <InfoboxReadResponse> as String + * @throws MoaSigServiceParserException on any parsing error + */ + public VerifyXmlSignatureResponseParser(final String xmlResponse) + throws MoaSigServiceParserException { + try { + final InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); + verifyXmlSignatureResponse = DOMUtils.parseXmlValidating(s); + + } catch (final Throwable t) { + log.warn("Can not parse MOA-Sig response.", t); + throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t); + + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the + * incoming Inputstream will be created + * + * @param xmlResponse <InfoboxReadResponse> as InputStream + * @throws MoaSigServiceParserException on any parsing error + */ + public VerifyXmlSignatureResponseParser(final InputStream xmlResponse) + throws MoaSigServiceParserException { + try { + verifyXmlSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse); + + } catch (final Throwable t) { + log.warn("Can not parse MOA-Sig response.", t); + throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t); + + } + } + + /** + * Constructor for VerifyXMLSignatureResponseParser. The incoming Element will + * be used for further operations + * + * @param xmlResponse <InfoboxReadResponse> as Element + */ + public VerifyXmlSignatureResponseParser(final Element xmlResponse) { + verifyXmlSignatureResponse = xmlResponse; + + } + + /** + * Parse MOA-Sig signatur-verification result into + * {@link IXmlSignatureVerificationResponse}. + * + * @return {@link IXmlSignatureVerificationResponse} + * @throws MoaSigServiceException on any parsing error + */ + @NonNull + public IXmlSignatureVerificationResponse parseData() throws MoaSigServiceException { + try { + final VerifyXmlSignatureResponse respData = new VerifyXmlSignatureResponse(); + respData.setXmlDsigSubjectName( + XPathUtils.getElementValue(verifyXmlSignatureResponse, DSIG_SUBJECT_NAME_XPATH, "")); + final Element e = (Element) XPathUtils.selectSingleNode(verifyXmlSignatureResponse, + QUALIFIED_CERTIFICATE_XPATH); + respData.setQualifiedCertificate(e != null); + + final Base64InputStream in = new Base64InputStream(new ByteArrayInputStream( + XPathUtils.getElementValue(verifyXmlSignatureResponse, DSIG_X509_CERTIFICATE_XPATH, "") + .getBytes("UTF-8")), + true); + + respData.setX509CertificateEncoded(new X509Certificate(in).getEncoded()); + + final Element publicAuthority = + (Element) XPathUtils.selectSingleNode(verifyXmlSignatureResponse, PUBLIC_AUTHORITY_XPATH); + respData.setPublicAuthority(publicAuthority != null); + respData.setPublicAuthorityCode( + XPathUtils.getElementValue(verifyXmlSignatureResponse, PUBLIC_AUTHORITY_CODE_XPATH, "")); + respData.setSignatureCheckCode(Integer.parseInt( + XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNATURE_CHECK_CODE_XPATH, ""))); + + final String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXmlSignatureResponse, + XMLDSIG_MANIFEST_CHECK_CODE_XPATH, null); + if (xmlDsigCheckCode != null) { + respData.setXmlDsigManigest(true); + respData.setXmlDsigManifestCheckCode(Integer.parseInt(xmlDsigCheckCode)); + + } else { + respData.setXmlDsigManigest(false); + + } + + final String signatureManifestCheckCode = XPathUtils + .getElementValue(verifyXmlSignatureResponse, SIGNATURE_MANIFEST_CHECK_CODE_XPATH, null); + if (signatureManifestCheckCode != null) { + respData.setSignatureManifestCheckCode(Integer.parseInt(signatureManifestCheckCode)); + + } + respData.setCertificateCheckCode(Integer.parseInt( + XPathUtils.getElementValue(verifyXmlSignatureResponse, CERTIFICATE_CHECK_CODE_XPATH, ""))); + + final String signingTimeElement = + XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNING_TIME_XPATH, ""); + if (signingTimeElement != null && !signingTimeElement.isEmpty()) { + final DateTime datetime = + ISODateTimeFormat.dateOptionalTimeParser().parseDateTime(signingTimeElement); + respData.setSigningDateTime(datetime.toDate()); + + } + + return respData; + + } catch (final Throwable t) { + log.warn("Can not parse MOA-Sig response.", t); + throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t); + } + + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java deleted file mode 100644 index 66eedd79..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java +++ /dev/null @@ -1,5 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api; - -public interface ISignatureCreationService { - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java deleted file mode 100644 index f7a33395..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java +++ /dev/null @@ -1,118 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api; - -import java.util.Date; -import java.util.List; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; - -public interface ISignatureVerificationService { - - /** - * Verify a CAdES or CMS signature.
- *
- * This method only validates the first CMS or CAdES signature if more than - * one signature exists - * - * @param signature Enveloped CMS or CAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @return @link {@link ICmsSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID) - throws MoaSigServiceException; - - /** - * Verify a XML or XAdES signature.
- *
- * This method only validates the first XML or XAdES signature if more than - * one signature exists - * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @return @link {@link IXmlSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID) - throws MoaSigServiceException; - - /** - * Verify a XML or XAdES signature.
- *
- * This method only validates the first XML or XAdES signature if more than - * one signature exists - * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @param signingDate Signature timestamp - * @return @link {@link IXmlSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, - Date signingDate) throws MoaSigServiceException; - - /** - * Verify a XML or XAdES signature.
- *
- * This method only validates the first XML or XAdES signature if more than - * one signature exists - * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig - * configuration - * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that - * should be used for - * signature-verification - * @return @link {@link IXmlSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, - List verifyTransformsInfoProfileID) throws MoaSigServiceException; - - /** - * Verify a XML or XAdES signature.
- *
- * This method only validates the first XML or XAdES signature if more than - * one signature exists - * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig - * configuration - * @param signatureLocationXpath Xpath that points to location of Signature - * element - * @return @link {@link IXmlSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, - String signatureLocationXpath) throws MoaSigServiceException; - - /** - * Verify a XML or XAdES signature.
- *
- * This method only validates the first XML or XAdES signature if more than - * one signature exists - * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig - * configuration - * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that - * should be used for - * signature-verification - * @param signatureLocationXpath Xpath that points to location of - * Signature element - * @param signingDate Signature timestamp - * @return @link {@link IXmlSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, - List verifyTransformsInfoProfileID, String signatureLocationXpath, Date signingDate) - throws MoaSigServiceException; - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java deleted file mode 100644 index 5e7a4564..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java +++ /dev/null @@ -1,5 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; - -public interface ICmsSignatureVerificationResponse extends IGenericSignatureVerificationResponse { - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java deleted file mode 100644 index 8ebd90be..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java +++ /dev/null @@ -1,74 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; - -import java.util.Date; - -import org.springframework.lang.Nullable; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; -import iaik.x509.X509Certificate; - -public interface IGenericSignatureVerificationResponse { - - /** - * Returns the signing time. - * - * @return Signing time, or null if signature contains no time information - */ - @Nullable - Date getSigningDateTime(); - - /** - * Returns the signatureCheckCode. - * - * @return int - */ - int getSignatureCheckCode(); - - /** - * Returns the certificateCheckCode. - * - * @return int - */ - int getCertificateCheckCode(); - - /** - * Returns the qualifiedCertificate. - * - * @return boolean - */ - boolean isQualifiedCertificate(); - - /** - * Returns the X509 certificate. - * - * @return X509Certificate, or null if no certificate information exists - * @throws MoaSigServiceException if X509 certificate can not be deserialized - */ - @Nullable - X509Certificate getX509Certificate() throws MoaSigServiceException; - - /** - * Returns the X509 certificate in serialized form. - * - * @return Serialized X509 certificate, or null if no certificate information - * exists - */ - @Nullable - byte[] getX509CertificateEncoded(); - - /** - * Returns the publicAuthority. - * - * @return boolean - */ - boolean isPublicAuthority(); - - /** - * Returns the publicAuthorityCode. - * - * @return String OID, or null if no OID exists - */ - @Nullable - String getPublicAuthorityCode(); - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java deleted file mode 100644 index 17d5fa59..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java +++ /dev/null @@ -1,21 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; - -import java.io.InputStream; -import java.util.Map; - -/** - * Inject additional XML schemes into MOA-Sig. - * - * @author tlenz - * - */ -public interface ISchemaRessourceProvider { - - /** - * Get a Map of additional XML schemes that should be injected into MOA-Sig. - * - * @return A Set of {@link Entry} consist of Name of the Scheme and XML scheme - * as {@link InputStream} - */ - Map getSchemas(); -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java deleted file mode 100644 index 5b766917..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java +++ /dev/null @@ -1,39 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; - -/** - * XML signature verification result. - * - * @author tlenz - * - */ -public interface IXmlSignatureVerificationResponse extends IGenericSignatureVerificationResponse { - - /** - * Returns the xmlDSIGManifestCheckCode. - * - * @return int - */ - int getXmlDsigManifestCheckCode(); - - /** - * Returns the xmlDsigSubjectName. - * - * @return String - */ - String getXmlDsigSubjectName(); - - /** - * Returns the xmlDSIGManigest. - * - * @return boolean - */ - boolean isXmlDsigManigest(); - - /** - * Returns the the resulting code of the signature manifest check. - * - * @return The code of the sigature manifest check. - */ - int getSignatureManifestCheckCode(); - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java deleted file mode 100644 index e32ab932..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java +++ /dev/null @@ -1,14 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions; - -public class MoaSigServiceBuilderException extends MoaSigServiceException { - - private static final long serialVersionUID = 5178393157255309476L; - - public MoaSigServiceBuilderException(final String errorId, final Object[] params) { - super(errorId, params); - } - - public MoaSigServiceBuilderException(final String errorId, final Object[] params, final Throwable e) { - super(errorId, params, e); - } -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java deleted file mode 100644 index fd5f8caf..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java +++ /dev/null @@ -1,11 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions; - -public class MoaSigServiceConfigurationException extends MoaSigServiceException { - - private static final long serialVersionUID = -4710795384615456488L; - - public MoaSigServiceConfigurationException(final String errorId, final Object[] params, final Throwable e) { - super(errorId, params, e); - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceException.java deleted file mode 100644 index a4fb6290..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceException.java +++ /dev/null @@ -1,26 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions; - -import at.gv.egiz.eaaf.core.exceptions.EaafServiceException; - -public class MoaSigServiceException extends EaafServiceException { - - private static final long serialVersionUID = -6088238428550563658L; - private static final String MOA_SIG_SERVICE_ID = "MOA-SIG-VERIFY"; - - public MoaSigServiceException(final String errorId, final Object[] params) { - super(errorId, params); - - } - - public MoaSigServiceException(final String errorId, final Object[] params, final Throwable e) { - super(errorId, params, e); - - } - - @Override - protected String getServiceIdentifier() { - return MOA_SIG_SERVICE_ID; - - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java deleted file mode 100644 index a47b45e0..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java +++ /dev/null @@ -1,14 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions; - -public class MoaSigServiceParserException extends MoaSigServiceException { - - private static final long serialVersionUID = 5178393157255309476L; - - public MoaSigServiceParserException(final String errorId, final Object[] params) { - super(errorId, params); - } - - public MoaSigServiceParserException(final String errorId, final Object[] params, final Throwable e) { - super(errorId, params, e); - } -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java deleted file mode 100644 index d2cab2ef..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java +++ /dev/null @@ -1,79 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.w3c.dom.Document; - -import at.gv.egovernment.moa.spss.server.config.ConfigurationException; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; -import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; -import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; -import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; -import at.gv.egovernment.moaspss.logging.LoggingContext; -import at.gv.egovernment.moaspss.logging.LoggingContextManager; - -public abstract class AbstractSignatureService { - private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class); - - @Autowired(required = true) - MoaSigInitializer moaSigConfig; - - /** - * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, - * because {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not - * thread-safe. - * - * @return {@link Document} - * @throws ParserConfigurationException In case of an error - */ - protected synchronized Document getNewDocumentBuilder() throws ParserConfigurationException { - final DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - return docBuilder.newDocument(); - - } - - /** - * Set up the thread-local context information needed for calling the various - * Invoker classes. - * - * @throws ConfigurationException An error occurred setting up the configuration - * in the TransactionContext. - */ - protected final void setUpContexts(final String transactionID) throws ConfigurationException { - final TransactionContextManager txMgr = TransactionContextManager.getInstance(); - final LoggingContextManager logMgr = LoggingContextManager.getInstance(); - - if (txMgr.getTransactionContext() == null) { - log.debug("Set not MOA-Sig transaction context"); - final TransactionContext ctx = - new TransactionContext(transactionID, null, ConfigurationProvider.getInstance()); - txMgr.setTransactionContext(ctx); - - } - - if (logMgr.getLoggingContext() == null) { - final LoggingContext ctx = new LoggingContext(transactionID); - logMgr.setLoggingContext(ctx); - - } - - new IaikConfigurator().configure(ConfigurationProvider.getInstance()); - - } - - /** - * Tear down thread-local context information. - */ - protected void tearDownContexts() { - TransactionContextManager.getInstance().setTransactionContext(null); - LoggingContextManager.getInstance().setLoggingContext(null); - log.debug("Closing MOA-Sig transaction context"); - - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java deleted file mode 100644 index 9b7f29b8..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java +++ /dev/null @@ -1,130 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; - -import java.io.IOException; -import java.io.InputStream; -import java.security.Provider; -import java.security.Security; -import java.util.Iterator; -import java.util.Map.Entry; - -import javax.annotation.Nonnull; -import javax.annotation.PostConstruct; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ISchemaRessourceProvider; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException; -import at.gv.egovernment.moa.spss.MOAException; -import at.gv.egovernment.moa.spss.api.Configurator; -import at.gv.egovernment.moaspss.logging.LoggingContext; -import at.gv.egovernment.moaspss.logging.LoggingContextManager; -import at.gv.egovernment.moaspss.util.DOMUtils; -import iaik.asn1.structures.AlgorithmID; -import iaik.security.ec.provider.ECCelerate; -import iaik.security.provider.IAIK; - -public class MoaSigInitializer { - private static final Logger log = LoggerFactory.getLogger(MoaSigInitializer.class); - - @Autowired(required = false) - ISchemaRessourceProvider[] schemas; - - private Configurator moaSigConfigurator; - - /** - * Get MOA-Sig configuration object. - * - * @return moa-sig configuration - */ - @Nonnull - public Configurator getMoaSigConfigurator() { - return moaSigConfigurator; - - } - - @PostConstruct - private synchronized void initialize() throws MoaSigServiceConfigurationException { - log.info("Initializing MOA-Sig signature-verification service ... "); - - log.info("Loading Java security providers."); - IAIK.addAsProvider(); - ECCelerate.addAsProvider(); - - try { - LoggingContextManager.getInstance().setLoggingContext(new LoggingContext("startup")); - log.debug("MOA-Sig library initialization process ... "); - Configurator.getInstance().init(); - log.info("MOA-Sig library initialization complete "); - - //Security.insertProviderAt(IAIK.getInstance(), 0); - - //final ECCelerate eccProvider = ECCelerate.getInstance(); - //if (Security.getProvider(eccProvider.getName()) != null) { - // Security.removeProvider(eccProvider.getName()); - //} - //Security.addProvider(new ECCelerate()); - - fixJava8_141ProblemWithSslAlgorithms(); - - if (log.isDebugEnabled()) { - log.debug("Loaded Security Provider:"); - final Provider[] providerList = Security.getProviders(); - for (int i = 0; i < providerList.length; i++) { - log.debug( - i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); - } - - } - - // Inject additional XML schemes - if (schemas != null && schemas.length > 0) { - log.debug("Infjecting additional XML schemes ... "); - for (final ISchemaRessourceProvider el : schemas) { - final Iterator> xmlSchemeIt = - el.getSchemas().entrySet().iterator(); - while (xmlSchemeIt.hasNext()) { - final Entry xmlDef = xmlSchemeIt.next(); - try { - DOMUtils.addSchemaToPool(xmlDef.getValue(), xmlDef.getKey()); - log.info("Inject XML scheme: {}", xmlDef.getKey()); - - } catch (final IOException e) { - log.warn("Can NOT inject XML scheme: " + xmlDef.getKey(), e); - - } - - } - } - } - - moaSigConfigurator = Configurator.getInstance(); - - } catch (final MOAException e) { - log.error("MOA-SP initialization FAILED!", e.getWrapped()); - throw new MoaSigServiceConfigurationException("service.moasig.04", - new Object[] { e.toString() }, e); - } - - } - - private static void fixJava8_141ProblemWithSslAlgorithms() { - log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); - // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] - // { "MD5withRSA", - // "MD5/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", - new String[] { "SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", - new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", - new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", - new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", - new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); - - log.info("Change AlgorithmIDs finished"); - } -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java deleted file mode 100644 index d09b26de..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java +++ /dev/null @@ -1,28 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; - -import org.springframework.core.io.ClassPathResource; -import org.springframework.core.io.Resource; - -import at.gv.egiz.components.spring.api.SpringResourceProvider; - -public class MoaSigSpringResourceProvider implements SpringResourceProvider { - - @Override - public Resource[] getResourcesToLoad() { - final ClassPathResource moaSigConfig = - new ClassPathResource("/moa-sig-service.beans.xml", MoaSigSpringResourceProvider.class); - return new Resource[] { moaSigConfig }; - } - - @Override - public String[] getPackagesToScan() { - // TODO Auto-generated method stub - return null; - } - - @Override - public String getName() { - return "Signature-verification service based on MOA-Sig (MOA-SPSS)"; - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java deleted file mode 100644 index 559af62a..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java +++ /dev/null @@ -1,32 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; - -import javax.annotation.PostConstruct; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureCreationService; -import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker; -import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker; - -@Service(value = "moaSigCreateService") -public class SignatureCreationService extends AbstractSignatureService - implements ISignatureCreationService { - private static final Logger log = LoggerFactory.getLogger(SignatureCreationService.class); - - private XMLSignatureCreationInvoker xadesInvoker; - private CMSSignatureCreationInvoker cadesInvoker; - - @PostConstruct - protected void internalInitializer() { - log.debug("Instanzing SignatureCreationService implementation ... "); - xadesInvoker = XMLSignatureCreationInvoker.getInstance(); - cadesInvoker = CMSSignatureCreationInvoker.getInstance(); - log.trace("XML_impl: {} , CMS_imp: {}", - xadesInvoker.getClass().getName(), cadesInvoker.getClass().getName()); - log.info("MOA-Sig signature-creation service initialized"); - - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java deleted file mode 100644 index be27383c..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ /dev/null @@ -1,377 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; - -import java.io.ByteArrayInputStream; -import java.security.cert.CertificateEncodingException; -import java.util.Date; -import java.util.List; - -import javax.annotation.PostConstruct; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser; -import at.gv.egovernment.moa.spss.MOAException; -import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; -import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; -import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; -import at.gv.egovernment.moa.spss.api.impl.VerifyCMSSignatureRequestImpl; -import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; -import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; -import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; -import at.gv.egovernment.moaspss.util.Constants; - -import org.apache.commons.lang3.time.DateFormatUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.lang.Nullable; -import org.springframework.stereotype.Service; -import org.springframework.util.Base64Utils; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -/** - * MOA-Sig based signature verification implementation. - * - * @author tlenz - * - */ -@Service(value = "moaSigVerifyService") -public class SignatureVerificationService extends AbstractSignatureService - implements ISignatureVerificationService { - private static final Logger log = LoggerFactory.getLogger(SignatureVerificationService.class); - - private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; - private static final String MOA_NS_URI = Constants.MOA_NS_URI; - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - private static final String DEFAULT_XPATH_SIGNATURE_LOCATION = "//" + DSIG + "Signature"; - - public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ssXXX"; - - private CMSSignatureVerificationInvoker cadesInvoker; - private XMLSignatureVerificationInvoker xadesInvocer; - - /* - * (non-Javadoc) - * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. - * ISignatureVerificationService# verifyCMSSignature(byte[], java.lang.String) - */ - @Override - @Nullable - public ICmsSignatureVerificationResponse verifyCmsSignature(final byte[] signature, - final String trustProfileID) throws MoaSigServiceException { - try { - // setup context - setUpContexts(Thread.currentThread().getName()); - - // verify signature - final VerifyCMSSignatureRequest cmsSigVerifyReq = - buildVerfifyCmsRequest(signature, trustProfileID, false, false); - final VerifyCMSSignatureResponse cmsSigVerifyResp = - cadesInvoker.verifyCMSSignature(cmsSigVerifyReq); - return parseCmsVerificationResult(cmsSigVerifyResp); - - } catch (final MOAException e) { - log.warn("CMS signature verification has an error.", e); - throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); - - } catch (final CertificateEncodingException e) { - log.warn("Can NOT serialize X509 certificate from CMS/CAdES signature-verification response", - e); - throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); - - } finally { - tearDownContexts(); - - } - - } - - /* - * (non-Javadoc) - * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. - * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String) - */ - @Override - public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, - final String trustProfileID) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null); - - } - - /* - * (non-Javadoc) - * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. - * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String, - * java.util.List) - */ - @Override - public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, - final String trustProfileID, final List verifyTransformsInfoProfileID) - throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, - DEFAULT_XPATH_SIGNATURE_LOCATION, null); - } - - /* - * (non-Javadoc) - * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. - * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String, - * java.lang.String) - */ - @Override - public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, - final String trustProfileID, final String signatureLocationXpath) - throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null); - } - - @Override - public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, - Date signingDate) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, - DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate); - } - - @Override - public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, - final String trustProfileID, final List verifyTransformsInfoProfileID, - final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException { - try { - // setup context - setUpContexts(Thread.currentThread().getName()); - - // build signature-verification request - final Element domVerifyXmlSignatureRequest = buildVerifyXmlRequest(signature, trustProfileID, - verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate); - - // send signature-verification to MOA-Sig - final VerifyXMLSignatureRequest vsrequest = - new VerifyXMLSignatureRequestParser().parse(domVerifyXmlSignatureRequest); - final VerifyXMLSignatureResponse vsresponse = xadesInvocer.verifyXMLSignature(vsrequest); - final Document result = new VerifyXMLSignatureResponseBuilder(true).build(vsresponse); - - // parses the - final IXmlSignatureVerificationResponse verifyXmlSignatureResponse = - new VerifyXmlSignatureResponseParser(result.getDocumentElement()).parseData(); - - return verifyXmlSignatureResponse; - - } catch (final MoaSigServiceException e) { - throw e; - - } catch (final MOAException e) { - log.warn("MOA-Sig signature-verification has an internal error." + " MsgCode: " - + e.getMessageId() + " Msg: " + e.getMessage(), e); - throw new MoaSigServiceException("service.moasig.03", new Object[] { e.getMessage() }, e); - - } finally { - tearDownContexts(); - - } - } - - private ICmsSignatureVerificationResponse parseCmsVerificationResult( - final VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException { - - if (cmsSigVerifyResp.getResponseElements() == null - || cmsSigVerifyResp.getResponseElements().isEmpty()) { - log.info("No CMS signature FOUND. "); - return null; - - } - - if (cmsSigVerifyResp.getResponseElements().size() > 1) { - log.warn( - "CMS or CAdES signature contains more than one technical signatures. Only validate the first signature"); - } - - final VerifyCMSSignatureResponseElement firstSig = - (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0); - - final at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse result = - new at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(); - - // parse results into response container - result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode()); - result.setCertificateCheckCode(firstSig.getCertificateCheck().getCode()); - - if (firstSig.getSignerInfo() != null) { - result.setSigningDateTime(firstSig.getSignerInfo().getSigningTime()); - result - .setX509CertificateEncoded(firstSig.getSignerInfo().getSignerCertificate().getEncoded()); - result.setQualifiedCertificate(firstSig.getSignerInfo().isQualifiedCertificate()); - - result.setPublicAuthority(firstSig.getSignerInfo().isPublicAuthority()); - result.setPublicAuthorityCode(firstSig.getSignerInfo().getPublicAuhtorityID()); - - } else { - log.info("CMS or CAdES verification result contains no SignerInfo"); - } - - return result; - } - - /** - * Build a VerifyCMS-Siganture request for MOA-Sig.
- *
- * This builder only generates verification-request for enveloped CMS or CAdES - * signatures
- * This - * - * @param signature CMS or CAdES signature - * @param trustProfileID trustProfileID MOA-Sig Trust-Profile - * @param isPdfSignature Make CAdES signature as part of an PAdES - * document - * @param performExtendedValidation To extended validation. See MOA-Sig - * documentation for detailed information - * @return - */ - private VerifyCMSSignatureRequest buildVerfifyCmsRequest(final byte[] signature, - final String trustProfileID, final boolean isPdfSignature, - final boolean performExtendedValidation) { - final VerifyCMSSignatureRequestImpl verifyCmsSignatureRequest = - new VerifyCMSSignatureRequestImpl(); - verifyCmsSignatureRequest.setDateTime(null); - verifyCmsSignatureRequest.setCMSSignature(new ByteArrayInputStream(signature)); - verifyCmsSignatureRequest.setDataObject(null); - verifyCmsSignatureRequest.setTrustProfileId(trustProfileID); - verifyCmsSignatureRequest.setSignatories(VerifyCMSSignatureRequest.ALL_SIGNATORIES); - verifyCmsSignatureRequest.setPDF(isPdfSignature); - verifyCmsSignatureRequest.setExtended(performExtendedValidation); - return verifyCmsSignatureRequest; - - } - - /** - * Build a VerifyXML-Signature request for MOA-Sig. - * - * @param signature Serialized XML signature - * @param trustProfileID MOA-Sig Trust-Profile - * @param verifyTransformsInfoProfileID {@link List} of Transformation-Profiles - * used for validation - * @param xpathSignatureLocation Xpath that points to location of - * Signature element - * @param sigValDate Signature timestamp - * @return MOA-Sig verification request element - * @throws MoaSigServiceBuilderException In case of an error - */ - private Element buildVerifyXmlRequest(final byte[] signature, final String trustProfileID, - final List verifyTransformsInfoProfileID, final String xpathSignatureLocation, - Date sigValDate) throws MoaSigServiceBuilderException { - try { - // build empty document - final Document requestDoc_ = getNewDocumentBuilder(); - - final Element requestElem_ = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); - requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); - requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, - Constants.DSIG_NS_URI); - requestDoc_.appendChild(requestElem_); - - // build the request - - // build set signing time - if (sigValDate != null) { - final Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); - requestElem_.appendChild(dateTimeElem); - final Node dateTime = requestDoc_.createTextNode( - DateFormatUtils.format(sigValDate, PATTERN_ISSUE_INSTANT)); - dateTimeElem.appendChild(dateTime); - - } - - //set other parameters - final Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - final Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - final Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); - verifySignatureEnvironmentElem.appendChild(base64ContentElem); - - // insert the base64 encoded signature - String base64EncodedAssertion = Base64Utils.encodeToString(signature); - // replace all '\r' characters by no char. - final StringBuffer replaced = new StringBuffer(); - for (int i = 0; i < base64EncodedAssertion.length(); i++) { - final char c = base64EncodedAssertion.charAt(i); - if (c != '\r') { - replaced.append(c); - } - } - base64EncodedAssertion = replaced.toString(); - final Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); - base64ContentElem.appendChild(base64Content); - - // specify the signature location - final Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - final Node signatureLocation = requestDoc_.createTextNode(xpathSignatureLocation); - verifySignatureLocationElem.appendChild(signatureLocation); - - // signature manifest params - if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) { - final Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); - - // verify transformations - final Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - for (final String element : verifyTransformsInfoProfileID) { - final Element verifyTransformsInfoProfileIdElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileIdElem); - verifyTransformsInfoProfileIdElem.appendChild(requestDoc_.createTextNode(element)); - - } - } - - // hashinput data - final Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - - // add trustProfileID - final Element trustProfileIdElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIdElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIdElem); - - return requestElem_; - - } catch (final Throwable t) { - log.warn("Can NOT build VerifyXML-Signature request for MOA-Sig", t); - throw new MoaSigServiceBuilderException("service.moasig.03", new Object[] { t.getMessage() }, - t); - - } - - } - - @PostConstruct - protected void internalInitializer() { - log.debug("Instanzing SignatureVerificationService implementation ... "); - // svs = - // at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance(); - cadesInvoker = CMSSignatureVerificationInvoker.getInstance(); - xadesInvocer = XMLSignatureVerificationInvoker.getInstance(); - log.info("MOA-Sig signature-verification service initialized"); - - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java deleted file mode 100644 index 0485f31f..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java +++ /dev/null @@ -1,152 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; - -import java.io.Serializable; -import java.security.cert.CertificateException; -import java.util.Date; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IGenericSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; -import iaik.x509.X509Certificate; - -public class GenericSignatureVerificationResponse - implements IGenericSignatureVerificationResponse, Serializable { - - private static final long serialVersionUID = -7751001050689401118L; - private static final Logger log = - LoggerFactory.getLogger(GenericSignatureVerificationResponse.class); - - /** The signing time. */ - private Date signingDateTime; - - /** The signatureCheckCode to be stored. */ - private int signatureCheckCode; - - /** The certificateCheckCode to be stored. */ - private int certificateCheckCode; - - /** The publicAuthority to be stored. */ - private boolean publicAuthority; - - /** The publicAuthorityCode to be stored. */ - private String publicAuthorityCode; - - /** The qualifiedCertificate to be stored. */ - private boolean qualifiedCertificate; - - private byte[] x509CertificateEncoded; - - @Override - public Date getSigningDateTime() { - if (this.signingDateTime != null) { - return new Date(this.signingDateTime.getTime()); - } - return null; - - } - - @Override - public int getSignatureCheckCode() { - return this.signatureCheckCode; - - } - - @Override - public int getCertificateCheckCode() { - return this.certificateCheckCode; - - } - - @Override - public boolean isQualifiedCertificate() { - return this.qualifiedCertificate; - - } - - @Override - public X509Certificate getX509Certificate() throws MoaSigServiceException { - if (x509CertificateEncoded != null) { - try { - return new X509Certificate(x509CertificateEncoded); - - } catch (final CertificateException e) { - log.error("Can NOT parse X509 certifcate in " - + GenericSignatureVerificationResponse.class.getName(), e); - throw new MoaSigServiceParserException("service.moasig.01", null, e); - } - - } - - return null; - - } - - @Override - public byte[] getX509CertificateEncoded() { - if (this.x509CertificateEncoded != null) { - return this.x509CertificateEncoded.clone(); - - } - return null; - - } - - @Override - public boolean isPublicAuthority() { - return this.publicAuthority; - - } - - @Override - public String getPublicAuthorityCode() { - return this.publicAuthorityCode; - - } - - /** - * Set signature creation timestramp. - * - * @param signingDateTime timestamp - */ - public void setSigningDateTime(final Date signingDateTime) { - if (signingDateTime != null) { - this.signingDateTime = new Date(signingDateTime.getTime()); - } - } - - public void setSignatureCheckCode(final int signatureCheckCode) { - this.signatureCheckCode = signatureCheckCode; - } - - public void setCertificateCheckCode(final int certificateCheckCode) { - this.certificateCheckCode = certificateCheckCode; - } - - public void setPublicAuthority(final boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - public void setPublicAuthorityCode(final String publicAuthorityCode) { - this.publicAuthorityCode = publicAuthorityCode; - } - - public void setQualifiedCertificate(final boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Set encoded signer certificate. - * - * @param x509CertificateEncoded signer cerificate - */ - public void setX509CertificateEncoded(final byte[] x509CertificateEncoded) { - if (x509CertificateEncoded != null) { - this.x509CertificateEncoded = x509CertificateEncoded.clone(); - - } - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java deleted file mode 100644 index ed679828..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java +++ /dev/null @@ -1,10 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; - -public class VerifyCmsSignatureResponse extends GenericSignatureVerificationResponse - implements ICmsSignatureVerificationResponse { - - private static final long serialVersionUID = 708260904158070696L; - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java deleted file mode 100644 index 4b0632b1..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java +++ /dev/null @@ -1,115 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; - -/** - * MOA-Sig signature verification response for XML based signatures. - * - * @author tlenz - * - */ - -public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResponse - implements IXmlSignatureVerificationResponse { - - private static final long serialVersionUID = 8386070769565711601L; - - /** The xmlDsigSubjectName to be stored. */ - private String xmlDsigSubjectName; - - /** The xmlDSIGManifestCheckCode to be stored. */ - private int xmlDsigManifestCheckCode; - /** The xmlDSIGManigest to be stored. */ - private boolean xmlDsigManigest; - - /** - * The result of the signature manifest check. The default value -1 - * indicates that the signature manifest has not been checked. - */ - private int signatureManifestCheckCode = -1; - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * getXmlDSIGManifestCheckCode() - */ - @Override - public int getXmlDsigManifestCheckCode() { - return xmlDsigManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * getXmlDsigSubjectName() - */ - @Override - public String getXmlDsigSubjectName() { - return xmlDsigSubjectName; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setXmlDSIGManifestCheckCode( int) - */ - public void setXmlDsigManifestCheckCode(final int xmlDsigManifestCheckCode) { - this.xmlDsigManifestCheckCode = xmlDsigManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setXmlDsigSubjectName(java.lang .String) - */ - public void setXmlDsigSubjectName(final String xmlDsigSubjectName) { - this.xmlDsigSubjectName = xmlDsigSubjectName; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * isXmlDSIGManigest() - */ - @Override - public boolean isXmlDsigManigest() { - return xmlDsigManigest; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setXmlDSIGManigest(boolean) - */ - public void setXmlDsigManigest(final boolean xmlDsigManigest) { - this.xmlDsigManigest = xmlDsigManigest; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * getSignatureManifestCheckCode() - */ - @Override - public int getSignatureManifestCheckCode() { - return signatureManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setSignatureManifestCheckCode( int) - */ - public void setSignatureManifestCheckCode(final int signatureManifestCheckCode) { - this.signatureManifestCheckCode = signatureManifestCheckCode; - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java deleted file mode 100644 index 231cb94f..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java +++ /dev/null @@ -1,193 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.joda.time.DateTime; -import org.joda.time.format.ISODateTimeFormat; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.lang.NonNull; -import org.w3c.dom.Element; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyXmlSignatureResponse; -import at.gv.egovernment.moaspss.util.Constants; -import at.gv.egovernment.moaspss.util.DOMUtils; -import at.gv.egovernment.moaspss.util.XPathUtils; -import iaik.utils.Base64InputStream; -import iaik.x509.X509Certificate; - -public class VerifyXmlSignatureResponseParser { - private static final Logger log = LoggerFactory.getLogger(VerifyXmlSignatureResponseParser.class); - - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching MOA Namespaces. */ - private static final String MOA = Constants.MOA_PREFIX + ":"; - /** Xpath prefix for reaching DSIG Namespaces. */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath expression to the root element. */ - private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/"; - - /** Xpath expression to the X509SubjectName element. */ - private static final String DSIG_SUBJECT_NAME_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + DSIG + "X509SubjectName"; - /** Xpath expression to the X509Certificate element. */ - private static final String DSIG_X509_CERTIFICATE_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + DSIG + "X509Certificate"; - /** Xpath expression to the PublicAuthority element. */ - private static final String PUBLIC_AUTHORITY_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + MOA + "PublicAuthority"; - /** Xpath expression to the PublicAuthorityCode element. */ - private static final String PUBLIC_AUTHORITY_CODE_XPATH = - PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code"; - /** Xpath expression to the QualifiedCertificate element. */ - private static final String QUALIFIED_CERTIFICATE_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + MOA + "QualifiedCertificate"; - - /** Xpath expression to the SignatureCheckCode element. */ - private static final String SIGNATURE_CHECK_CODE_XPATH = - ROOT + MOA + "SignatureCheck/" + MOA + "Code"; - /** Xpath expression to the XMLDSIGManifestCheckCode element. */ - private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = - ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; - /** Xpath expression to the SignatureManifestCheckCode element. */ - private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = - ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code"; - /** Xpath expression to the CertificateCheckCode element. */ - private static final String CERTIFICATE_CHECK_CODE_XPATH = - ROOT + MOA + "CertificateCheck/" + MOA + "Code"; - - private static final String SIGNING_TIME_XPATH = ROOT + MOA + "SigningTime"; - - /** - * This is the root element of the XML-Document provided by the Security Layer - * Card. - */ - private Element verifyXmlSignatureResponse; - - /** - * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the - * incoming String will be created - * - * @param xmlResponse <InfoboxReadResponse> as String - * @throws MoaSigServiceParserException on any parsing error - */ - public VerifyXmlSignatureResponseParser(final String xmlResponse) - throws MoaSigServiceParserException { - try { - final InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - verifyXmlSignatureResponse = DOMUtils.parseXmlValidating(s); - - } catch (final Throwable t) { - log.warn("Can not parse MOA-Sig response.", t); - throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t); - - } - } - - /** - * Constructor for VerifyXMLSignatureResponseParser. A DOM-representation of the - * incoming Inputstream will be created - * - * @param xmlResponse <InfoboxReadResponse> as InputStream - * @throws MoaSigServiceParserException on any parsing error - */ - public VerifyXmlSignatureResponseParser(final InputStream xmlResponse) - throws MoaSigServiceParserException { - try { - verifyXmlSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse); - - } catch (final Throwable t) { - log.warn("Can not parse MOA-Sig response.", t); - throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t); - - } - } - - /** - * Constructor for VerifyXMLSignatureResponseParser. The incoming Element will - * be used for further operations - * - * @param xmlResponse <InfoboxReadResponse> as Element - */ - public VerifyXmlSignatureResponseParser(final Element xmlResponse) { - verifyXmlSignatureResponse = xmlResponse; - - } - - /** - * Parse MOA-Sig signatur-verification result into - * {@link IXmlSignatureVerificationResponse}. - * - * @return {@link IXmlSignatureVerificationResponse} - * @throws MoaSigServiceException on any parsing error - */ - @NonNull - public IXmlSignatureVerificationResponse parseData() throws MoaSigServiceException { - try { - final VerifyXmlSignatureResponse respData = new VerifyXmlSignatureResponse(); - respData.setXmlDsigSubjectName( - XPathUtils.getElementValue(verifyXmlSignatureResponse, DSIG_SUBJECT_NAME_XPATH, "")); - final Element e = (Element) XPathUtils.selectSingleNode(verifyXmlSignatureResponse, - QUALIFIED_CERTIFICATE_XPATH); - respData.setQualifiedCertificate(e != null); - - final Base64InputStream in = new Base64InputStream(new ByteArrayInputStream( - XPathUtils.getElementValue(verifyXmlSignatureResponse, DSIG_X509_CERTIFICATE_XPATH, "") - .getBytes("UTF-8")), - true); - - respData.setX509CertificateEncoded(new X509Certificate(in).getEncoded()); - - final Element publicAuthority = - (Element) XPathUtils.selectSingleNode(verifyXmlSignatureResponse, PUBLIC_AUTHORITY_XPATH); - respData.setPublicAuthority(publicAuthority != null); - respData.setPublicAuthorityCode( - XPathUtils.getElementValue(verifyXmlSignatureResponse, PUBLIC_AUTHORITY_CODE_XPATH, "")); - respData.setSignatureCheckCode(Integer.parseInt( - XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNATURE_CHECK_CODE_XPATH, ""))); - - final String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXmlSignatureResponse, - XMLDSIG_MANIFEST_CHECK_CODE_XPATH, null); - if (xmlDsigCheckCode != null) { - respData.setXmlDsigManigest(true); - respData.setXmlDsigManifestCheckCode(Integer.parseInt(xmlDsigCheckCode)); - - } else { - respData.setXmlDsigManigest(false); - - } - - final String signatureManifestCheckCode = XPathUtils - .getElementValue(verifyXmlSignatureResponse, SIGNATURE_MANIFEST_CHECK_CODE_XPATH, null); - if (signatureManifestCheckCode != null) { - respData.setSignatureManifestCheckCode(Integer.parseInt(signatureManifestCheckCode)); - - } - respData.setCertificateCheckCode(Integer.parseInt( - XPathUtils.getElementValue(verifyXmlSignatureResponse, CERTIFICATE_CHECK_CODE_XPATH, ""))); - - final String signingTimeElement = - XPathUtils.getElementValue(verifyXmlSignatureResponse, SIGNING_TIME_XPATH, ""); - if (signingTimeElement != null && !signingTimeElement.isEmpty()) { - final DateTime datetime = - ISODateTimeFormat.dateOptionalTimeParser().parseDateTime(signingTimeElement); - respData.setSigningDateTime(datetime.toDate()); - - } - - return respData; - - } catch (final Throwable t) { - log.warn("Can not parse MOA-Sig response.", t); - throw new MoaSigServiceParserException("service.moasig.02", new Object[] { t.toString() }, t); - } - - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml index c5e05853..d3de7ba1 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml @@ -12,14 +12,14 @@ + class="at.gv.egiz.eaaf.modules.sigverify.moasig.impl.MoaSigInitializer" /> \ No newline at end of file -- cgit v1.2.3