diff options
author | gregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2003-07-08 10:17:08 +0000 |
---|---|---|
committer | gregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2003-07-08 10:17:08 +0000 |
commit | 0b623988b011df15d88d425449cf8041a48a7457 (patch) | |
tree | 6141d87ce41b65025376a92ae97acb8a1f1d105e /spss.server/src/at/gv | |
parent | 3f5c953e522deeee267bd02aab790a65bed3d69e (diff) | |
download | moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.tar.gz moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.tar.bz2 moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.zip |
Bug 3 fixed.
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@6 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss.server/src/at/gv')
-rw-r--r-- | spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java | 84 |
1 files changed, 49 insertions, 35 deletions
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 2f55261d1..543fa3b01 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -51,6 +51,7 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; * @version $Id$ */ public class VerifyXMLSignatureResponseBuilder { + /** The <code>SPSSFactory</code> for creating API objects. */ private SPSSFactory factory = SPSSFactory.getInstance(); @@ -150,45 +151,58 @@ public class VerifyXMLSignatureResponseBuilder { checkResultInfo); // create the signature manifest check - if (profile.checkSecurityLayerManifest()) { - if (transformsSignatureManifestCheck.getCode() == 1) { + if (profile.checkSecurityLayerManifest()) + { + if (transformsSignatureManifestCheck.getCode() == 1) + { // checking the transforms failed signatureManifestCheck = transformsSignatureManifestCheck; - } else if (!result.containsSecurityLayerManifest()) { - // no security layer manifest in signature - signatureManifestCheck = factory.createReferencesCheckResult(2, null); - } else { - // other error codes provided by IAIK signature verification - // need to add 1 to the check code for MOA compatibility - SecurityLayerManifest slManifest = result.getSecurityLayerManifest(); - int verificationResult = - slManifest.getManifestVerificationResult().intValue(); - - switch (verificationResult) { - case 0 : - signatureManifestCheck = - factory.createReferencesCheckResult(0, null); - break; - case 2 : - case 3 : - failedReferences = - buildFailedReferences(slManifest.getReferenceInfoList()); - checkResultInfo = - failedReferences != null - ? factory.createReferencesCheckResultInfo(null, failedReferences) - : null; - signatureManifestCheck = - factory.createReferencesCheckResult( - verificationResult + 1, - checkResultInfo); + } + else if (result.isSecurityLayerManifestRequired()) + { + if (!result.containsSecurityLayerManifest()) + { + // required security layer manifest is missing in signature + signatureManifestCheck = factory.createReferencesCheckResult(2, null); + } + else + { + // security layer manifest exists, so we have to check its validity + SecurityLayerManifest slManifest = result.getSecurityLayerManifest(); + int verificationResult = slManifest.getManifestVerificationResult().intValue(); + + if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult) + { + // security layer manifest exists and is free of errors + signatureManifestCheck = factory.createReferencesCheckResult(0, null); + } + else + { + // security layer manifest exists, but has errors + failedReferences = buildFailedReferences(slManifest.getReferenceInfoList()); + checkResultInfo = (failedReferences != null) + ? factory.createReferencesCheckResultInfo(null, failedReferences) + : null; + if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult) + { + signatureManifestCheck = factory.createReferencesCheckResult(3, checkResultInfo); + } + else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult) + { + signatureManifestCheck = factory.createReferencesCheckResult(4, checkResultInfo); + } + else + { + // Should not happen + throw new RuntimeException("Unexpected result from security layer manifest verification."); + } + } } } - - // Code = 1 prüfen - - if (result.containsSecurityLayerManifest()) { - } else { - // SignatureManifestCheck Code = 2 + else + { + // no security layer manifest is required, so the signature manifest check is ok + signatureManifestCheck = factory.createReferencesCheckResult(0, null); } } |