diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java')
-rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java deleted file mode 100644 index a238d28cb..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ /dev/null @@ -1,124 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import java.security.PublicKey; -import java.security.interfaces.RSAPublicKey; - -import iaik.asn1.structures.Name; -import iaik.utils.RFC2253NameParserException; -import iaik.x509.X509Certificate; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; - -/** - * This class is used to validate an {@link VerifyXMLSignatureResponse} - * returned by MOA-SPSS - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureResponseValidator { - - /** Identification string for checking identity link */ - public static final String CHECK_IDENTITY_LINK = "IdentityLink"; - /** Identification string for checking authentication block */ - public static final String CHECK_AUTH_BLOCK = "AuthBlock"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static VerifyXMLSignatureResponseValidator instance; - - /** - * Constructor for a singleton VerifyXMLSignatureResponseValidator. - */ - public static synchronized VerifyXMLSignatureResponseValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new VerifyXMLSignatureResponseValidator(); - } - return instance; - } - - /** - * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. - * - * @param verifyXMLSignatureResponse the <code><VerifyXMLSignatureResponse></code> - * @param identityLinkSignersSubjectDNNames subject names configured - * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated - * @throws ValidateException on any validation error - */ - public void validate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - String[] identityLinkSignersSubjectDNNames, String whatToCheck) - throws ValidateException { - - if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) - throw new ValidateException("validator.06", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - throw new ValidateException("validator.07", null); - else - throw new ValidateException("validator.19", null); - if (verifyXMLSignatureResponse.isXmlDSIGManigest()) - if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) - throw new ValidateException("validator.08", null); - //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not - if (identityLinkSignersSubjectDNNames != null) { - String subjectDN = ""; - X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); - try { - subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); - } - catch (RFC2253NameParserException e) { - throw new ValidateException("validator.17", null); - } - boolean found = false; - for (int i = 0; i < identityLinkSignersSubjectDNNames.length; i++) { - if (identityLinkSignersSubjectDNNames[i].equals(subjectDN)) - found = true; - } - if (!found) - throw new ValidateException( - "validator.18", - new Object[] { subjectDN }); - } - } - - /** - * Method validateCertificate. - * @param vsr is the VerifyXMLSignatureResponse - * @param idl - * @throws ValidateException - */ - public void validateCertificate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - IdentityLink idl) - throws ValidateException { - - X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); - PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); - - RSAPublicKey pubKeyResponse = (RSAPublicKey) x509Response.getPublicKey(); - - boolean found = false; - for (int i = 0; i < pubKeysIdentityLink.length; i++) { - if (idl.getPublicKey()[i] - instanceof java.security.interfaces.RSAPublicKey) { - /* for (int j = 0; - j < idl.getPublicKey()[i].getClass().getInterfaces().length; - j++) { - if (idl.getPublicKey()[i].getClass().getInterfaces()[j].getName() - .equals("java.security.interfaces.RSAPublicKey")) {*/ - RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; - if (rsakey.getModulus().equals(pubKeyResponse.getModulus()) - && rsakey.getPublicExponent().equals( - pubKeyResponse.getPublicExponent())) - found = true; - } - - } - - if (!found) - throw new ValidateException("validator.09", null); - } - -} |