Bug 3 fixed.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@6 d688527b-c9ab-4aba-bd8d-4036d912da1d

4 files changed, 58 insertions, 43 deletions

diff --git a/spss.server/.classpath b/spss.server/.classpath
index 4e9b30cf1..ac7c752a3 100644
--- a/spss.server/.classpath
+++ b/spss.server/.classpath
@@ -24,13 +24,13 @@
     <classpathentry kind="lib" path="lib/jsse-1.0.3_01/jsse.jar"/>
     <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
     <classpathentry kind="lib" path="lib/commons-discovery-0.2/commons-discovery.jar"/>
-    <classpathentry kind="lib" path="lib/iaik-moa-1.07/iaik_cms.jar"/>
-    <classpathentry kind="lib" path="lib/iaik-moa-1.07/iaik_ecc.jar"/>
-    <classpathentry kind="lib" path="lib/iaik-moa-1.07/iaik_jce_full.jar"/>
-    <classpathentry kind="lib" path="lib/iaik-moa-1.07/iaik-moa-full.jar"/>
-    <classpathentry kind="lib" path="lib/iaik-moa-1.07/iaikPkcs11Provider.jar"/>
-    <classpathentry kind="lib" path="lib/iaik-moa-1.07/iaikPkcs11Wrapper.jar"/>
-    <classpathentry kind="lib" path="lib/iaik-moa-1.07/ixsil.jar"/>
     <classpathentry kind="src" path="/MOA common"/>
+    <classpathentry kind="lib" path="lib/iaik-moa-20030703/iaik_cms.jar"/>
+    <classpathentry kind="lib" path="lib/iaik-moa-20030703/iaik_ecc.jar"/>
+    <classpathentry kind="lib" path="lib/iaik-moa-20030703/iaik_jce_full.jar"/>
+    <classpathentry kind="lib" path="lib/iaik-moa-20030703/iaik-moa-full.jar"/>
+    <classpathentry kind="lib" path="lib/iaik-moa-20030703/iaikPkcs11Provider.jar"/>
+    <classpathentry kind="lib" path="lib/iaik-moa-20030703/iaikPkcs11Wrapper.jar"/>
+    <classpathentry kind="lib" path="lib/iaik-moa-20030703/ixsil.jar"/>
     <classpathentry kind="output" path="bin"/>
 </classpath>
diff --git a/spss.server/.cvsignore b/spss.server/.cvsignore
index ba077a403..7c18d5ded 100644
--- a/spss.server/.cvsignore
+++ b/spss.server/.cvsignore
@@ -1 +1,2 @@
 bin
+tmp
diff --git a/spss.server/build.xml b/spss.server/build.xml
index 0d0dc1d18..29abc56e1 100644
--- a/spss.server/build.xml
+++ b/spss.server/build.xml
@@ -42,7 +42,7 @@
   <property name="lib.xalan" value="${lib}/xalan-j-2.2"/>
   <property name="lib.jsse" value="${lib}/jsse-1.0.3_01"/>
   <property name="lib.postgres-jdbc" value="${lib}/postgres-jdbc2-7.3"/>
-  <property name="lib.iaik-moa" value="${lib}/iaik-moa-1.07"/>
+  <property name="lib.iaik-moa" value="${lib}/iaik-moa-20030703"/>
   <property name="lib.junit" value="${lib}/junit-3.8.1"/>
   <property name="lib.servlet" value="${lib}/servlet-2.3"/>
   <property name="lib.commons-logging" value="${lib}/commons-logging-1.0.2"/>
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 2f55261d1..543fa3b01 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -51,6 +51,7 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
  * @version $Id$
  */
 public class VerifyXMLSignatureResponseBuilder {
+
   /** The <code>SPSSFactory</code> for creating API objects. */
   private SPSSFactory factory = SPSSFactory.getInstance();
 
@@ -150,45 +151,58 @@ public class VerifyXMLSignatureResponseBuilder {
         checkResultInfo);
 
     // create the signature manifest check
-    if (profile.checkSecurityLayerManifest()) {
-      if (transformsSignatureManifestCheck.getCode() == 1) {
+    if (profile.checkSecurityLayerManifest())
+    {
+      if (transformsSignatureManifestCheck.getCode() == 1)
+      {
         // checking the transforms failed
         signatureManifestCheck = transformsSignatureManifestCheck;
-      } else if (!result.containsSecurityLayerManifest()) {
-        // no security layer manifest in signature
-        signatureManifestCheck = factory.createReferencesCheckResult(2, null);
-      } else {
-        // other error codes provided by IAIK signature verification
-        // need to add 1 to the check code for MOA compatibility
-        SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
-        int verificationResult =
-          slManifest.getManifestVerificationResult().intValue();
-
-        switch (verificationResult) {
-          case 0 :
-            signatureManifestCheck =
-              factory.createReferencesCheckResult(0, null);
-            break;
-          case 2 :
-          case 3 :
-            failedReferences =
-              buildFailedReferences(slManifest.getReferenceInfoList());
-            checkResultInfo =
-              failedReferences != null
-                ? factory.createReferencesCheckResultInfo(null, failedReferences)
-                : null;
-            signatureManifestCheck =
-              factory.createReferencesCheckResult(
-                verificationResult + 1,
-                checkResultInfo);
+      }
+      else if (result.isSecurityLayerManifestRequired())
+      {
+        if (!result.containsSecurityLayerManifest())
+        {
+          // required security layer manifest is missing in signature
+          signatureManifestCheck = factory.createReferencesCheckResult(2, null);
+        } 
+        else
+        {
+          // security layer manifest exists, so we have to check its validity
+          SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
+          int verificationResult = slManifest.getManifestVerificationResult().intValue();
+
+          if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult)
+          {
+            // security layer manifest exists and is free of errors
+            signatureManifestCheck = factory.createReferencesCheckResult(0, null);
+          }
+          else
+          {
+            // security layer manifest exists, but has errors
+            failedReferences = buildFailedReferences(slManifest.getReferenceInfoList());
+            checkResultInfo = (failedReferences != null)
+              ? factory.createReferencesCheckResultInfo(null, failedReferences)
+              : null;
+            if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult)
+            {
+              signatureManifestCheck =  factory.createReferencesCheckResult(3, checkResultInfo);
+            }
+            else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult)
+            {
+              signatureManifestCheck =  factory.createReferencesCheckResult(4, checkResultInfo);
+            }
+            else
+            {
+              // Should not happen
+              throw new RuntimeException("Unexpected result from security layer manifest verification.");
+            }
+          }
         }
       }
-
-      // Code = 1 prüfen 
-
-      if (result.containsSecurityLayerManifest()) {
-      } else {
-        // SignatureManifestCheck Code = 2
+      else
+      {
+        // no security layer manifest is required, so the signature manifest check is ok
+        signatureManifestCheck = factory.createReferencesCheckResult(0, null);
       }
     }