Bug 3 fixed.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@6 d688527b-c9ab-4aba-bd8d-4036d912da1d
author: gregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2003-07-08 10:17:08 +0000
committer: gregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2003-07-08 10:17:08 +0000
commit: 0b623988b011df15d88d425449cf8041a48a7457 (patch)
tree: 6141d87ce41b65025376a92ae97acb8a1f1d105e /spss.server/src
parent: 3f5c953e522deeee267bd02aab790a65bed3d69e (diff)
download: moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.tar.gz
moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.tar.bz2
moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.zip
1 files changed, 49 insertions, 35 deletions
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 2f55261d1..543fa3b01 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -51,6 +51,7 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
  * @version $Id$
  */
 public class VerifyXMLSignatureResponseBuilder {
+
   /** The <code>SPSSFactory</code> for creating API objects. */
   private SPSSFactory factory = SPSSFactory.getInstance();
 
@@ -150,45 +151,58 @@ public class VerifyXMLSignatureResponseBuilder {
         checkResultInfo);
 
     // create the signature manifest check
-    if (profile.checkSecurityLayerManifest()) {
-      if (transformsSignatureManifestCheck.getCode() == 1) {
+    if (profile.checkSecurityLayerManifest())
+    {
+      if (transformsSignatureManifestCheck.getCode() == 1)
+      {
         // checking the transforms failed
         signatureManifestCheck = transformsSignatureManifestCheck;
-      } else if (!result.containsSecurityLayerManifest()) {
-        // no security layer manifest in signature
-        signatureManifestCheck = factory.createReferencesCheckResult(2, null);
-      } else {
-        // other error codes provided by IAIK signature verification
-        // need to add 1 to the check code for MOA compatibility
-        SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
-        int verificationResult =
-          slManifest.getManifestVerificationResult().intValue();
-
-        switch (verificationResult) {
-          case 0 :
-            signatureManifestCheck =
-              factory.createReferencesCheckResult(0, null);
-            break;
-          case 2 :
-          case 3 :
-            failedReferences =
-              buildFailedReferences(slManifest.getReferenceInfoList());
-            checkResultInfo =
-              failedReferences != null
-                ? factory.createReferencesCheckResultInfo(null, failedReferences)
-                : null;
-            signatureManifestCheck =
-              factory.createReferencesCheckResult(
-                verificationResult + 1,
-                checkResultInfo);
+      }
+      else if (result.isSecurityLayerManifestRequired())
+      {
+        if (!result.containsSecurityLayerManifest())
+        {
+          // required security layer manifest is missing in signature
+          signatureManifestCheck = factory.createReferencesCheckResult(2, null);
+        } 
+        else
+        {
+          // security layer manifest exists, so we have to check its validity
+          SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
+          int verificationResult = slManifest.getManifestVerificationResult().intValue();
+
+          if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult)
+          {
+            // security layer manifest exists and is free of errors
+            signatureManifestCheck = factory.createReferencesCheckResult(0, null);
+          }
+          else
+          {
+            // security layer manifest exists, but has errors
+            failedReferences = buildFailedReferences(slManifest.getReferenceInfoList());
+            checkResultInfo = (failedReferences != null)
+              ? factory.createReferencesCheckResultInfo(null, failedReferences)
+              : null;
+            if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult)
+            {
+              signatureManifestCheck =  factory.createReferencesCheckResult(3, checkResultInfo);
+            }
+            else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult)
+            {
+              signatureManifestCheck =  factory.createReferencesCheckResult(4, checkResultInfo);
+            }
+            else
+            {
+              // Should not happen
+              throw new RuntimeException("Unexpected result from security layer manifest verification.");
+            }
+          }
         }
       }
-
-      // Code = 1 prüfen 
-
-      if (result.containsSecurityLayerManifest()) {
-      } else {
-        // SignatureManifestCheck Code = 2
+      else
+      {
+        // no security layer manifest is required, so the signature manifest check is ok
+        signatureManifestCheck = factory.createReferencesCheckResult(0, null);
       }
     }
author	gregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2003-07-08 10:17:08 +0000
committer	gregor <gregor@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2003-07-08 10:17:08 +0000
commit	0b623988b011df15d88d425449cf8041a48a7457 (patch)
tree	6141d87ce41b65025376a92ae97acb8a1f1d105e /spss.server/src
parent	3f5c953e522deeee267bd02aab790a65bed3d69e (diff)
download	moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.tar.gz moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.tar.bz2 moa-id-spss-0b623988b011df15d88d425449cf8041a48a7457.zip