diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java')
| -rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java | 151 |
1 files changed, 0 insertions, 151 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java deleted file mode 100644 index 5adbc5b3d..000000000 --- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ /dev/null @@ -1,151 +0,0 @@ -package at.gv.egovernment.moa.id.auth.validator; - -import java.security.PublicKey; -import java.security.interfaces.RSAPublicKey; -import iaik.security.ecc.ecdsa.ECPublicKey; - -import iaik.asn1.structures.Name; -import iaik.utils.RFC2253NameParserException; -import iaik.x509.X509Certificate; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; - -/** - * This class is used to validate an {@link VerifyXMLSignatureResponse} - * returned by MOA-SPSS - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureResponseValidator { - - /** Identification string for checking identity link */ - public static final String CHECK_IDENTITY_LINK = "IdentityLink"; - /** Identification string for checking authentication block */ - public static final String CHECK_AUTH_BLOCK = "AuthBlock"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static VerifyXMLSignatureResponseValidator instance; - - /** - * Constructor for a singleton VerifyXMLSignatureResponseValidator. - */ - public static synchronized VerifyXMLSignatureResponseValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new VerifyXMLSignatureResponseValidator(); - } - return instance; - } - - /** - * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. - * - * @param verifyXMLSignatureResponse the <code><VerifyXMLSignatureResponse></code> - * @param identityLinkSignersSubjectDNNames subject names configured - * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated - * @throws ValidateException on any validation error - */ - public void validate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - String[] identityLinkSignersSubjectDNNames, String whatToCheck) - throws ValidateException { - - if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) - throw new ValidateException("validator.06", null); - - if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { - String checkFailedReason =""; - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); - - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); - else - throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); - } - if (verifyXMLSignatureResponse.isXmlDSIGManigest()) - if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) - throw new ValidateException("validator.08", null); - //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not - if (identityLinkSignersSubjectDNNames != null) { - String subjectDN = ""; - X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); - try { - subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); - } - catch (RFC2253NameParserException e) { - throw new ValidateException("validator.17", null); - } - boolean found = false; - for (int i = 0; i < identityLinkSignersSubjectDNNames.length; i++) { - if (identityLinkSignersSubjectDNNames[i].equals(subjectDN)) - found = true; - } - if (!found) - throw new ValidateException( - "validator.18", - new Object[] { subjectDN }); - } - } - - /** - * Method validateCertificate. - * @param vsr is the VerifyXMLSignatureResponse - * @param idl - * @throws ValidateException - */ - public void validateCertificate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - IdentityLink idl) - throws ValidateException { - - X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); - PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); - - PublicKey pubKeySignature = x509Response.getPublicKey(); - - boolean found = false; - for (int i = 0; i < pubKeysIdentityLink.length; i++) { - - //compare RSAPublicKeys - if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) && - (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) { - - RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature; - RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; - - //TODO check the usage of equals method - if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus()) - && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent())) - found = true; - } - - //compare ECDSAPublicKeys - //TODO check implementation - if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) && - (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) { - - ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature; - ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i]; - - if(ecdsakey.equals(ecdsaPubKeySignature)) - found = true; - } - } - - if (!found) - throw new ValidateException("validator.09", null); - } - -} |