aboutsummaryrefslogtreecommitdiff
path: root/spss.server/src/at/gv/egovernment/moa
diff options
context:
space:
mode:
Diffstat (limited to 'spss.server/src/at/gv/egovernment/moa')
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java84
1 files changed, 49 insertions, 35 deletions
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 2f55261d1..543fa3b01 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -51,6 +51,7 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
* @version $Id$
*/
public class VerifyXMLSignatureResponseBuilder {
+
/** The <code>SPSSFactory</code> for creating API objects. */
private SPSSFactory factory = SPSSFactory.getInstance();
@@ -150,45 +151,58 @@ public class VerifyXMLSignatureResponseBuilder {
checkResultInfo);
// create the signature manifest check
- if (profile.checkSecurityLayerManifest()) {
- if (transformsSignatureManifestCheck.getCode() == 1) {
+ if (profile.checkSecurityLayerManifest())
+ {
+ if (transformsSignatureManifestCheck.getCode() == 1)
+ {
// checking the transforms failed
signatureManifestCheck = transformsSignatureManifestCheck;
- } else if (!result.containsSecurityLayerManifest()) {
- // no security layer manifest in signature
- signatureManifestCheck = factory.createReferencesCheckResult(2, null);
- } else {
- // other error codes provided by IAIK signature verification
- // need to add 1 to the check code for MOA compatibility
- SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
- int verificationResult =
- slManifest.getManifestVerificationResult().intValue();
-
- switch (verificationResult) {
- case 0 :
- signatureManifestCheck =
- factory.createReferencesCheckResult(0, null);
- break;
- case 2 :
- case 3 :
- failedReferences =
- buildFailedReferences(slManifest.getReferenceInfoList());
- checkResultInfo =
- failedReferences != null
- ? factory.createReferencesCheckResultInfo(null, failedReferences)
- : null;
- signatureManifestCheck =
- factory.createReferencesCheckResult(
- verificationResult + 1,
- checkResultInfo);
+ }
+ else if (result.isSecurityLayerManifestRequired())
+ {
+ if (!result.containsSecurityLayerManifest())
+ {
+ // required security layer manifest is missing in signature
+ signatureManifestCheck = factory.createReferencesCheckResult(2, null);
+ }
+ else
+ {
+ // security layer manifest exists, so we have to check its validity
+ SecurityLayerManifest slManifest = result.getSecurityLayerManifest();
+ int verificationResult = slManifest.getManifestVerificationResult().intValue();
+
+ if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult)
+ {
+ // security layer manifest exists and is free of errors
+ signatureManifestCheck = factory.createReferencesCheckResult(0, null);
+ }
+ else
+ {
+ // security layer manifest exists, but has errors
+ failedReferences = buildFailedReferences(slManifest.getReferenceInfoList());
+ checkResultInfo = (failedReferences != null)
+ ? factory.createReferencesCheckResultInfo(null, failedReferences)
+ : null;
+ if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult)
+ {
+ signatureManifestCheck = factory.createReferencesCheckResult(3, checkResultInfo);
+ }
+ else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult)
+ {
+ signatureManifestCheck = factory.createReferencesCheckResult(4, checkResultInfo);
+ }
+ else
+ {
+ // Should not happen
+ throw new RuntimeException("Unexpected result from security layer manifest verification.");
+ }
+ }
}
}
-
- // Code = 1 prüfen
-
- if (result.containsSecurityLayerManifest()) {
- } else {
- // SignatureManifestCheck Code = 2
+ else
+ {
+ // no security layer manifest is required, so the signature manifest check is ok
+ signatureManifestCheck = factory.createReferencesCheckResult(0, null);
}
}