aboutsummaryrefslogtreecommitdiff
path: root/spss.server/src/at/gv
diff options
context:
space:
mode:
authorgregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-07-08 10:17:08 +0000
committergregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-07-08 10:17:08 +0000
commit0b623988b011df15d88d425449cf8041a48a7457 (patch)
tree6141d87ce41b65025376a92ae97acb8a1f1d105e /spss.server/src/at/gv
parent3f5c953e522deeee267bd02aab790a65bed3d69e (diff)
downloadmoa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.tar.gz
moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.tar.bz2
moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.zip
Bug 3 fixed.
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@6 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss.server/src/at/gv')
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java84
1 files changed, 49 insertions, 35 deletions
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 2f55261d1..543fa3b01 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -51,6 +51,7 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
* @version $Id$
*/
public class VerifyXMLSignatureResponseBuilder {
+
/** The <code>SPSSFactory</code> for creating API objects. */
private SPSSFactory factory = SPSSFactory.getInstance();
@@ -150,45 +151,58 @@ public class VerifyXMLSignatureResponseBuilder {
checkResultInfo);
// create the signature manifest check
- if (profile.checkSecurityLayerManifest()) {
- if (transformsSignatureManifestCheck.getCode() == 1) {
+ if (profile.checkSecurityLayerManifest())
+ {
+ if (transformsSignatureManifestCheck.getCode() == 1)
+ {
// checking the transforms failed
signatureManifestCheck = transformsSignatureManifestCheck;
- } else if (!result.containsSecurityLayerManifest()) {
- // no security layer manifest in signature
- signatureManifestCheck = factory.createReferencesCheckResult(2, null);
- } else {
- // other error codes provided by IAIK signature verification
- // need to add 1 to the check code for MOA compatibility
- SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
- int verificationResult =
- slManifest.getManifestVerificationResult().intValue();
-
- switch (verificationResult) {
- case 0 :
- signatureManifestCheck =
- factory.createReferencesCheckResult(0, null);
- break;
- case 2 :
- case 3 :
- failedReferences =
- buildFailedReferences(slManifest.getReferenceInfoList());
- checkResultInfo =
- failedReferences != null
- ? factory.createReferencesCheckResultInfo(null, failedReferences)
- : null;
- signatureManifestCheck =
- factory.createReferencesCheckResult(
- verificationResult + 1,
- checkResultInfo);
+ }
+ else if (result.isSecurityLayerManifestRequired())
+ {
+ if (!result.containsSecurityLayerManifest())
+ {
+ // required security layer manifest is missing in signature
+ signatureManifestCheck = factory.createReferencesCheckResult(2, null);
+ }
+ else
+ {
+ // security layer manifest exists, so we have to check its validity
+ SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
+ int verificationResult = slManifest.getManifestVerificationResult().intValue();
+
+ if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult)
+ {
+ // security layer manifest exists and is free of errors
+ signatureManifestCheck = factory.createReferencesCheckResult(0, null);
+ }
+ else
+ {
+ // security layer manifest exists, but has errors
+ failedReferences = buildFailedReferences(slManifest.getReferenceInfoList());
+ checkResultInfo = (failedReferences != null)
+ ? factory.createReferencesCheckResultInfo(null, failedReferences)
+ : null;
+ if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult)
+ {
+ signatureManifestCheck = factory.createReferencesCheckResult(3, checkResultInfo);
+ }
+ else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult)
+ {
+ signatureManifestCheck = factory.createReferencesCheckResult(4, checkResultInfo);
+ }
+ else
+ {
+ // Should not happen
+ throw new RuntimeException("Unexpected result from security layer manifest verification.");
+ }
+ }
}
}
-
- // Code = 1 prüfen
-
- if (result.containsSecurityLayerManifest()) {
- } else {
- // SignatureManifestCheck Code = 2
+ else
+ {
+ // no security layer manifest is required, so the signature manifest check is ok
+ signatureManifestCheck = factory.createReferencesCheckResult(0, null);
}
}