4 files changed, 64 insertions, 4 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index 6004f251f..1624a59c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -25,10 +25,13 @@
 package at.gv.egovernment.moa.id.auth.parser;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.xml.transform.TransformerException;
+
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
@@ -157,6 +160,7 @@ public class CreateXMLSignatureResponseParser {
       Element dsigSignatureNode = (Element) list.item(0);
       
       Element dsigSignatureElement = (Element) dsigSignatureNode;
+      
       cResp.setDsigSignature(dsigSignatureElement);
     }
     catch (Throwable t) {
@@ -201,6 +205,11 @@ public class CreateXMLSignatureResponseParser {
       SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
       samlAttributes.toArray(result);
       cResp.setSamlAttributes(result);
+      
+      NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+      Element dsigSignatureNode = (Element) list.item(0); 
+      cResp.setDsigSignature(dsigSignatureNode);
+      
     }
     catch (Throwable t) {
       throw new ParseException("parser.01", new Object[] { t.toString()}, t);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 4ddad2429..2c957603b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -151,6 +151,8 @@ public class VerifyXMLSignatureResponseParser {
     VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
 
     try {
+    	
+      String s = DOMUtils.serializeNode(verifyXMLSignatureResponse);
       respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
       Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
       respData.setQualifiedCertificate(e!=null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index d0fb1f87f..b2ef2d000 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -24,9 +24,14 @@
 
 package at.gv.egovernment.moa.id.auth.validator;
 
+import java.util.Calendar;
+import java.util.GregorianCalendar;
 import java.util.Iterator;
 import java.util.List;
 
+import javax.xml.bind.DatatypeConverter;
+
+import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -59,11 +64,25 @@ public class CreateXMLSignatureResponseValidator {
   /** Xpath expression to the dsig:Signature element */
   private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
   
-  //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
-     
+  private static final String XADES_1_1_1_SIGNINGTIME_PATH = "//" + Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
+  private static final String XADES_1_3_2_SIGNINGTIME_PATH = "//" + Constants.XADES_1_3_2_NS_PREFIX + ":SigningTime";
+  
+  
+  private static final long MAX_DIFFERENCE_IN_MILLISECONDS = 600000; // 10min
+  
  /** Singleton instance. <code>null</code>, if none has been created. */
   private static CreateXMLSignatureResponseValidator instance;
 
+  private static SimpleNamespaceContext NS_CONTEXT;
+  static {
+    NS_CONTEXT = new SimpleNamespaceContext();
+    NS_CONTEXT.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI);
+    NS_CONTEXT.addNamespace(Constants.XADES_1_2_2_NS_PREFIX, Constants.XADES_1_2_2_NS_URI);
+    NS_CONTEXT.addNamespace(Constants.XADES_1_3_2_NS_PREFIX, Constants.XADES_1_3_2_NS_URI);
+    NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI);
+  }
+
+  
   /**
    * Constructor for a singleton CreateXMLSignatureResponseValidator.
    * @return an instance of CreateXMLSignatureResponseValidator
@@ -550,8 +569,36 @@ public class CreateXMLSignatureResponseValidator {
   
   public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
 	
-	  //TODO: insert Time validation!!!!
-	  
+	  Element dsigSignatureElement = csresp.getDsigSignature();
+	  if (dsigSignatureElement == null) {
+		  throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
+	  }
+	  else {
+		  Element signingTimeElem = (Element) XPathUtils.selectSingleNode(dsigSignatureElement, NS_CONTEXT, XADES_1_1_1_SIGNINGTIME_PATH);
+		  if (signingTimeElem == null) {
+			  signingTimeElem = (Element) XPathUtils.selectSingleNode(dsigSignatureElement, NS_CONTEXT, XADES_1_3_2_SIGNINGTIME_PATH);
+			  if (signingTimeElem == null)
+				  throw new ValidateException("validator.68", null) ;
+		  }
+			  
+			  
+		  String signingTimeStr = signingTimeElem.getTextContent();
+		  if (signingTimeStr == null)
+			  throw new ValidateException("validator.68", null) ;
+			  
+		  Calendar signingTimeCal = DatatypeConverter.parseDate(signingTimeStr);
+		  Calendar serverTimeCal = new GregorianCalendar();
+		  
+		  long diff = Math.abs(signingTimeCal.getTimeInMillis() - serverTimeCal.getTimeInMillis());
+		  
+		  if (diff > MAX_DIFFERENCE_IN_MILLISECONDS)
+			  throw new ValidateException("validator.69", new Object[] {"mehr als " + MAX_DIFFERENCE_IN_MILLISECONDS + " Millisekunden"}) ;
+
+		  Logger.debug("Compare \"" + signingTimeCal.getTime() + "\" (SigningTime) with \"" + serverTimeCal.getTime() + "\" (server time)");
+			
+		  
+	  }
+		  
   }
   
 }
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 272f26efb..c5ebc4b0d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -181,6 +181,8 @@ validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Part
 validator.66=?berpr?fung der {0}-Infobox fehlgeschlagen\: berufliche Parteienvetretung ist nicht konfiguriert.

 

 validator.67=Der Specialtext ({0}) stimmt nicht mit dem für diese Applikation hinterlegten Text ({1}) überein.

+validator.68=SigningTime im AUTH-Block konnte nicht eruiert werden.

+validator.69=SigningTime im AUTH-Block und Serverzeit weichen zu stark ab ({0}).

 

 ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen