diff options
Diffstat (limited to 'spss.slinterface')
10 files changed, 672 insertions, 23 deletions
diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java index cb37fe843..434643d16 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/Constants.java @@ -53,6 +53,7 @@ public class Constants public static final String NSURI_MOA_12_ = "http://reference.e-government.gv.at/namespace/moa/20020822#"; public static final String NSURI_NAMESPACES_ = "http://www.w3.org/2000/xmlns/"; public static final String NSURI_XML_ = "http://www.w3.org/XML/1998/namespace"; + public static final String NSURI_DSIG_ = "http://www.w3.org/2000/09/xmldsig#"; // Namespace prefixes public static final String NSPRE_SL_10_ = "sl10"; diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java new file mode 100644 index 000000000..8bc23efa9 --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/DOMUtils.java @@ -0,0 +1,126 @@ +/* + * Created on 28.11.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface; + +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class DOMUtils +{ + /* ---------------------------------------------------------------------------------------------------- */ + + /** + * Gets the first text node of the specified element. + * + * @param elem The element. + * + * @return the first text node of the specified element, or <code>null</code> if <code>element</code> + * equals <code>null</code>, or if the element has no text node. + */ + public static String getText(Element elem) + { + if (elem == null) return null; + NodeList childNodes = elem.getChildNodes(); + for (int i = 0; i < childNodes.getLength(); i++) + { + Node currNode = childNodes.item(i); + if (currNode.getNodeType() == Node.TEXT_NODE) return currNode.getNodeValue(); + } + return null; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + /** + * Gets the first text node of the specified child element from the specified parent element. + * + * @param parent The parent. + * + * @param childNS The namespace of the child element. + * + * @param childLocName The local name of the child element. + * + * @return the first text node of the specified child, or <code>null</code> if <code>parent</code> equals + * <code>null</code> or has no child element with the specified namespace and local name, or if + * the child element has no text node. + */ + public static String getChildText(Element parent, String childNS, String childLocName) + { + if (parent == null) return null; + Element child = getChildElem(parent, childNS, childLocName); + if (child == null) return null; + return getText(child); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + /** + * Gets the first child element of the specified parent with the specified namspace and local name. + * + * @param parent The parent. + * + * @param childNS The namespace of the child element to be searched for. + * + * @param childLocName The local name of the child element to be searched for. + * + * @return the first child element as described above, or <code>null</code> if <code>parent</code> is + * null or has no child elements with for the specified namespace and local name. + */ + public static Element getChildElem(Element parent, String childNS, String childLocName) + { + List childElems = getChildElems(parent, childNS, childLocName, true); + return (childElems == null) ? null : (Element) childElems.get(0); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + /** + * Gets all or the first child element(s) of the specified parent with the specified namspace and local + * name. + * + * @param parent The parent. + * + * @param childNS The namespace of the child elements to be searched for. + * + * @param childLocName The local name of the child elements to be searched for. + * + * @param firstOnly Specifies wheter only the first or all child elements with the specified namespace and + * local name should be returned. + * + * @return a <code>java.util.List</code> with objects of type <code>org.w3c.dom.Element</code>; each + * element in the list represents a child element as specified above. If <code>parent</code> + * equals <code>null</code>, or if there are no child elements as specified above, <code>null + * </code> will be returned. + */ + public static List getChildElems(Element parent, String childNS, String childLocName, boolean firstOnly) + { + if (parent == null) return null; + + ArrayList childElems = new ArrayList(); + NodeList childNodes = parent.getChildNodes(); + for (int i = 0; i < childNodes.getLength(); i++) + { + Node currNode = childNodes.item(i); + if (currNode.getNodeType() == Node.ELEMENT_NODE) + { + Element currElem = (Element) currNode; + if (childNS.equals(currElem.getNamespaceURI()) && childLocName.equals(currElem.getLocalName())) + { + childElems.add(currElem); + if (firstOnly) break; + } + } + } + return (childElems.size() == 0) ? null : childElems; + } +} diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/ChecksInfoBean.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/ChecksInfoBean.java new file mode 100644 index 000000000..00c9fd517 --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/ChecksInfoBean.java @@ -0,0 +1,165 @@ +/* + * Created on 27.11.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import java.util.List; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.slinterface.Constants; +import at.gv.egovernment.moa.spss.slinterface.DOMUtils; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class ChecksInfoBean +{ + private static final String SIG_CHECK_ELEM_ = "SignatureCheck"; + private static final String SIGMF_CHECK_ELEM_ = "SignatureManifestCheck"; + private static final String XMLDSIGMF_CHECK_ELEM_ = "XMLDSIGManifestCheck"; + private static final String CERT_CHECK_ELEM_ = "CertificateCheck"; + private static final String CODE_ELEM_ = "Code"; + private static final String INFO_ELEM_ = "Info"; + private static final String FAILEDREF_ELEM_ = "FailedReference"; + private static final String REFSIGREF_ELEM_ = "ReferringSigReference"; + + private Element sigCheckElem_; + private int sigCheckFaildRefCount_; + + private Element sigMFCheckElem_; + private int sigMFCheckFaildRefCount_; + + private List xmldsigMFCheckElems_; + private int xmldsigMFCheckCount_; + private int xmldsigMFCheckFaildRefCount_; + + private Element certCheckElem_; + + /** + * Creates a bean with information about the checks executed for the verified xml signature. + * + * @pre slResponseDoc has been validated. + */ + public ChecksInfoBean(Document slResponseDoc) + { + Element verifyXMLResponseElem = slResponseDoc.getDocumentElement(); + sigCheckElem_ = DOMUtils.getChildElem( + verifyXMLResponseElem, Constants.NSURI_SL_11_, SIG_CHECK_ELEM_); + sigMFCheckElem_ = DOMUtils.getChildElem( + verifyXMLResponseElem, Constants.NSURI_SL_11_, SIGMF_CHECK_ELEM_); + xmldsigMFCheckElems_ = DOMUtils.getChildElems( + verifyXMLResponseElem, Constants.NSURI_SL_11_, XMLDSIGMF_CHECK_ELEM_, false); + certCheckElem_ = DOMUtils.getChildElem( + verifyXMLResponseElem, Constants.NSURI_SL_11_, CERT_CHECK_ELEM_); + + sigCheckFaildRefCount_ = 0; + sigMFCheckFaildRefCount_ = 0; + xmldsigMFCheckFaildRefCount_ = 0; + xmldsigMFCheckCount_ = 0; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSigCheckCode() + { + return DOMUtils.getChildText(sigCheckElem_, Constants.NSURI_SL_11_, CODE_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setSigCheckFailedRefCount(int count) + { + sigCheckFaildRefCount_ = count; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSigCheckFailedRef() + { + Element info = DOMUtils.getChildElem(sigCheckElem_, Constants.NSURI_SL_11_, INFO_ELEM_); + if (info == null) return null; + List failedRefElems = DOMUtils.getChildElems(info, Constants.NSURI_SL_11_, FAILEDREF_ELEM_, false); + if (failedRefElems == null || failedRefElems.size() <= sigCheckFaildRefCount_) return null; + return DOMUtils.getText((Element)failedRefElems.get(sigCheckFaildRefCount_)); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSigMFCheckCode() + { + return DOMUtils.getChildText(sigMFCheckElem_, Constants.NSURI_SL_11_, CODE_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setSigMFCheckFailedRefCount(int count) + { + sigMFCheckFaildRefCount_ = count; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSigMFCheckFailedRef() + { + Element info = DOMUtils.getChildElem(sigMFCheckElem_, Constants.NSURI_SL_11_, INFO_ELEM_); + if (info == null) return null; + List failedRefElems = DOMUtils.getChildElems(info, Constants.NSURI_SL_11_, FAILEDREF_ELEM_, false); + if (failedRefElems == null || failedRefElems.size() <= sigMFCheckFaildRefCount_) return null; + return DOMUtils.getText((Element)failedRefElems.get(sigMFCheckFaildRefCount_)); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setXmldsigMFCheckCount(int count) + { + xmldsigMFCheckCount_ = count; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setXmldsigMFCheckFailedRefCount(int count) + { + xmldsigMFCheckFaildRefCount_ = count; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getXmldsigMFCheckCode() + { + Element xmldsigMFCheckElem = (Element)xmldsigMFCheckElems_.get(xmldsigMFCheckCount_); + return DOMUtils.getChildText(xmldsigMFCheckElem, Constants.NSURI_SL_11_, CODE_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getXmldsigMFCheckFailedRef() + { + Element xmldsigMFCheckElem = (Element)xmldsigMFCheckElems_.get(xmldsigMFCheckCount_); + Element info = DOMUtils.getChildElem(xmldsigMFCheckElem, Constants.NSURI_SL_11_, INFO_ELEM_); + if (info == null) return null; + List failedRefElems = DOMUtils.getChildElems(info, Constants.NSURI_SL_11_, FAILEDREF_ELEM_, false); + if (failedRefElems == null || failedRefElems.size() <= xmldsigMFCheckFaildRefCount_) return null; + return DOMUtils.getText((Element)failedRefElems.get(xmldsigMFCheckFaildRefCount_)); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getXmldsigMFCheckReferringSigRef() + { + Element xmldsigMFCheckElem = (Element)xmldsigMFCheckElems_.get(xmldsigMFCheckCount_); + Element info = DOMUtils.getChildElem(xmldsigMFCheckElem, Constants.NSURI_SL_11_, INFO_ELEM_); + if (info == null) return null; + return DOMUtils.getChildText(info, Constants.NSURI_SL_11_, REFSIGREF_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getCertCheckCode() + { + return DOMUtils.getChildText(certCheckElem_, Constants.NSURI_SL_10_, CODE_ELEM_); + } +} diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java new file mode 100644 index 000000000..1a64312d7 --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/DataInfoBean.java @@ -0,0 +1,25 @@ +/* + * Created on 27.11.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import org.w3c.dom.Document; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class DataInfoBean +{ + + /** + * + */ + public DataInfoBean(Document slResponseDoc) + { + super(); + // TODO Auto-generated constructor stub + } + +} diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/SignerInfoBean.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/SignerInfoBean.java new file mode 100644 index 000000000..2893b2ac3 --- /dev/null +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/beans/SignerInfoBean.java @@ -0,0 +1,127 @@ +/* + * Created on 27.11.2003 + * + * (c) Stabsstelle IKT-Strategie des Bundes + */ +package at.gv.egovernment.moa.spss.slinterface.beans; + +import iaik.asn1.ObjectID; +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.slinterface.Constants; +import at.gv.egovernment.moa.spss.slinterface.DOMUtils; + +/** + * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) + */ +public class SignerInfoBean +{ + private static final String SIGNERINFO_ELEM_ = "SignerInfo"; + private static final String X509DATA_ELEM_ = "X509Data"; + private static final String X509SUBJNAME_ELEM_ = "X509SubjectName"; + private static final String X509ISSUERSERIAL_ELEM_ = "X509IssuerSerial"; + private static final String SERIAL_ELEM_ = "X509SerialNumber"; + private static final String ISSUER_ELEM_ = "X509IssuerName"; + private static final String QUALCERT_ELEM_ = "QualifiedCertificate"; + + private Element signerInfoElem_; + + private String subjectNameItemSel_; + private String issuerNameItemSel_; + + /* ---------------------------------------------------------------------------------------------------- */ + + public SignerInfoBean(Document slResponseDoc) + { + Element verifyXMLResponseElem = slResponseDoc.getDocumentElement(); + signerInfoElem_ = DOMUtils.getChildElem( + verifyXMLResponseElem, Constants.NSURI_SL_11_, SIGNERINFO_ELEM_); + + subjectNameItemSel_ = "2.5.4.3"; + issuerNameItemSel_ = "2.5.4.3"; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setSubjectNameItemSel(String selector) + { + subjectNameItemSel_ = selector; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSubjectNameItem() + { + Element x509DataElem = DOMUtils.getChildElem(signerInfoElem_, Constants.NSURI_DSIG_, X509DATA_ELEM_); + String subjectNameStr = DOMUtils.getChildText(x509DataElem, Constants.NSURI_DSIG_, X509SUBJNAME_ELEM_); + if (subjectNameStr == null) return null; + return getRDN(subjectNameStr, subjectNameItemSel_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getSerial() + { + Element x509DataElem = DOMUtils.getChildElem(signerInfoElem_, Constants.NSURI_DSIG_, X509DATA_ELEM_); + Element iSElem = DOMUtils.getChildElem(x509DataElem, Constants.NSURI_DSIG_, X509ISSUERSERIAL_ELEM_); + return DOMUtils.getChildText(iSElem, Constants.NSURI_DSIG_, SERIAL_ELEM_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public void setIssuerNameItemSel(String selector) + { + issuerNameItemSel_ = selector; + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public String getIssuerNameItem() + { + Element x509DataElem = DOMUtils.getChildElem(signerInfoElem_, Constants.NSURI_DSIG_, X509DATA_ELEM_); + Element iSElem = DOMUtils.getChildElem(x509DataElem, Constants.NSURI_DSIG_, X509ISSUERSERIAL_ELEM_); + String issuerNameStr = DOMUtils.getChildText(iSElem, Constants.NSURI_DSIG_, ISSUER_ELEM_); + if (issuerNameStr == null) return null; + return getRDN(issuerNameStr, issuerNameItemSel_); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + public boolean getIsQualified() + { + Element x509DataElem = DOMUtils.getChildElem(signerInfoElem_, Constants.NSURI_DSIG_, X509DATA_ELEM_); + Element qCElem = DOMUtils.getChildElem(x509DataElem, Constants.NSURI_SL_11_, QUALCERT_ELEM_); + return (qCElem != null); + } + + /* ---------------------------------------------------------------------------------------------------- */ + + private String getRDN(String nameStr, String oidStr) + { + try + { + RFC2253NameParser nameParser = new RFC2253NameParser(nameStr); + Name name = nameParser.parse(); + ObjectID oid = ObjectID.getObjectID(oidStr); + if (oid == null) return null; + String[] rdns = name.getRDNs(oid); + if (rdns == null) return null; + StringBuffer rdnsStr = new StringBuffer(); + for (int i = 0; i < rdns.length; i++) + { + if (i > 0) rdnsStr.append(", "); + rdnsStr.append(rdns[i]); + } + return rdnsStr.toString(); + } + catch (RFC2253NameParserException e) + { + return null; + } + } +} diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java index 08b8635ba..f4a4a1243 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/filters/SL2MOAFilter.java @@ -20,6 +20,7 @@ import java.util.Properties; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; +import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; @@ -44,6 +45,9 @@ import org.xml.sax.InputSource; import org.xml.sax.SAXException; import at.gv.egovernment.moa.spss.slinterface.Constants; +import at.gv.egovernment.moa.spss.slinterface.beans.ChecksInfoBean; +import at.gv.egovernment.moa.spss.slinterface.beans.DataInfoBean; +import at.gv.egovernment.moa.spss.slinterface.beans.SignerInfoBean; import at.gv.egovernment.moa.spss.slinterface.moainvoker.MOAInvoker; import at.gv.egovernment.moa.spss.slinterface.servlets.SLRequest; import at.gv.egovernment.moa.spss.slinterface.transformers.MOA2SL; @@ -106,34 +110,54 @@ public class SL2MOAFilter implements Filter ResponseWrapper responseWrapper = new ResponseWrapper((HttpServletResponse) response); chain.doFilter(requestWrapper, responseWrapper); - // Transform MOA response into a SL response + // Parse MOA response DOMParser xmlParser = (DOMParser) config_.getServletContext().getAttribute(Constants.WSCP_XMLPARSER_); ServletOutputStream moaResponseSOS = (ServletOutputStream) responseWrapper.getOutputStream(); ByteArrayInputStream moaResponseBIS = new ByteArrayInputStream(moaResponseSOS.toByteArray()); InputSource responseSource = new InputSource(moaResponseBIS); - Document slResponseDoc; + Document moaResponseDoc; try { xmlParser.parse(responseSource); - Document moaResponseDoc = xmlParser.getDocument(); - slResponseDoc = MOA2SL.toSlVerifyXMLSignatureResponse(moaResponseDoc); + moaResponseDoc = xmlParser.getDocument(); } catch (SAXException e) { - String message = "Transforming MOA XML response into SL XML response failed."; + String message = "Parsing MOA XML response failed."; logger_.error(message, e); throw new ServletException(message, e); } + + // Create bean with info about signed data + DataInfoBean dataInfo = new DataInfoBean(moaResponseDoc); + request.setAttribute("dataInfo", dataInfo); + + // Transform MOA response into a SL response + Document slResponseDoc; + slResponseDoc = MOA2SL.toSlVerifyXMLSignatureResponse(moaResponseDoc); session.setAttribute("slResponseDoc", slResponseDoc); - String continueURL = ((HttpServletRequest) request).getContextPath() + "/results"; - continueURL = ((HttpServletResponse) response).encodeURL(continueURL); - String responseStr = "<html><body><a href=\"" + continueURL + ">Und weiter geht es ...</a></body></html>"; + // Create bean with info about signer + SignerInfoBean signerInfo = new SignerInfoBean(slResponseDoc); + request.setAttribute("signerInfo", signerInfo); + + // Create bean with info about checks + ChecksInfoBean checksInfo = new ChecksInfoBean(slResponseDoc); + request.setAttribute("checksInfo", checksInfo); + // Include jsp page, which writes the overview information about the verified signature response.setContentType("text/html"); - OutputStream responseOS = response.getOutputStream(); - responseOS.write(responseStr.getBytes("UTF-8")); - responseOS.flush(); + try + { + RequestDispatcher dispatcher = request.getRequestDispatcher("/pages/resultOverview.jsp"); + dispatcher.include(request, response); + } + catch (IOException e) + { + String message = "Failed to create result overview page."; + logger_.error(message, e); + throw new ServletException(message, e); + } } /* ---------------------------------------------------------------------------------------------------- */ diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/servlets/ResultServlet.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/servlets/ReturnServlet.java index 67397a1ee..c37e6f697 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/servlets/ResultServlet.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/servlets/ReturnServlet.java @@ -27,7 +27,7 @@ import at.gv.egovernment.moa.spss.slinterface.moainvoker.MOAInvoker; /** * @author Gregor Karlinger (mailto:gregor.karlinger@cio.gv.at) */ -public class ResultServlet extends HttpServlet +public class ReturnServlet extends HttpServlet { private static Logger logger_ = Logger.getLogger(Constants.LH_SERVLETS_); @@ -35,7 +35,7 @@ public class ResultServlet extends HttpServlet /** * Default constructor. */ - public ResultServlet() + public ReturnServlet() { super(); } diff --git a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/transformers/MOA2SL.java b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/transformers/MOA2SL.java index a85917d81..2e82d4d32 100644 --- a/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/transformers/MOA2SL.java +++ b/spss.slinterface/WEB-INF/src/at/gv/egovernment/moa/spss/slinterface/transformers/MOA2SL.java @@ -10,6 +10,7 @@ import java.util.HashMap; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.slinterface.Constants; @@ -73,14 +74,18 @@ public class MOA2SL nsTransforms.clear(); nsTransforms.put(Constants.NSURI_SL_11_, Constants.NSURI_SL_10_); nameTransforms.clear(); - NodeList signatureCheckChildren = signatureCheckElem.getElementsByTagName("*"); - ArrayList signatureCheckChildrenList = new ArrayList(signatureCheckChildren.getLength()); - for (int i = 0; i < signatureCheckChildren.getLength(); i++) + Element certCheckElem = (Element) verifyResponseElem.getElementsByTagNameNS( + Constants.NSURI_SL_11_, "CertificateCheck").item(0); + NodeList certCheckChildren = certCheckElem.getChildNodes(); + ArrayList certCheckChildElemsList = new ArrayList(certCheckChildren.getLength()); + for (int i = 0; i < certCheckChildren.getLength(); i++) { - signatureCheckChildrenList.add(signatureCheckChildren.item(i)); + Node currentNode = certCheckChildren.item(i); + if (currentNode.getNodeType() == Node.ELEMENT_NODE) + certCheckChildElemsList.add(certCheckChildren.item(i)); } - for (int i = 0; i < signatureCheckChildrenList.size(); i++) - Utils.transformDeep((Element) signatureCheckChildrenList.get(i), prefixMap, nsTransforms, + for (int i = 0; i < certCheckChildElemsList.size(); i++) + Utils.transformDeep((Element) certCheckChildElemsList.get(i), prefixMap, nsTransforms, nameTransforms); return moaVerifyXMLSignatureResponse; diff --git a/spss.slinterface/pages/resultOverview.jsp b/spss.slinterface/pages/resultOverview.jsp new file mode 100644 index 000000000..5a29e5b4c --- /dev/null +++ b/spss.slinterface/pages/resultOverview.jsp @@ -0,0 +1,167 @@ +<%@ page contentType="text/html; charset=ISO-8859-1" %>
+
+<jsp:useBean
+ id="checksInfo"
+ class="at.gv.egovernment.moa.spss.slinterface.beans.ChecksInfoBean" scope="request">
+</jsp:useBean>
+
+<jsp:useBean
+ id="signerInfo"
+ class="at.gv.egovernment.moa.spss.slinterface.beans.SignerInfoBean" scope="request">
+</jsp:useBean>
+
+<html>
+ <head>
+ <head><title>Resultate der Signaturprüfung</title></head>
+ </head>
+ <body>
+ <h1>Informationen zum Unterzeichner</h1>
+
+ <!-- ######################################################### -->
+ <!-- Name des Unterzeichners -->
+ <!-- ######################################################### -->
+
+ <h2>Name des Unterzeichners</h2>
+ <p>
+ <%
+ String[] subOIDNames = new String[]{"2.5.4.3", "2.5.4.11", "2.5.4.10", "2.5.4.6"}; // CN, OU, O, C
+ String[] subOIDRegNames = new String[]{"CN", "OU", "O", "C"};
+ for (int i = 0; i < subOIDNames.length; i++)
+ {
+ signerInfo.setSubjectNameItemSel(subOIDNames[i]);
+ String currSubjectNameRDN = signerInfo.getSubjectNameItem();
+ if (currSubjectNameRDN != null)
+ {
+ out.print(subOIDRegNames[i] + ": " + currSubjectNameRDN);
+ %>
+ <br/>
+ <%
+ }
+ }
+ %>
+ </p>
+
+ <!-- ######################################################### -->
+ <!-- Name des Ausstellers -->
+ <!-- ######################################################### -->
+
+ <h2>Name des Ausstellers</h2>
+ <p>
+ <%
+ String[] issuerOIDNames = new String[]{"2.5.4.3", "2.5.4.11", "2.5.4.10", "2.5.4.6"}; // CN, OU, O, C
+ String[] issuerOIDRegNames = new String[]{"CN", "OU", "O", "C"};
+ for (int i = 0; i < issuerOIDNames.length; i++)
+ {
+ signerInfo.setIssuerNameItemSel(issuerOIDNames[i]);
+ String currIssuerNameRDN = signerInfo.getIssuerNameItem();
+ if (currIssuerNameRDN != null)
+ {
+ out.print(issuerOIDRegNames[i] + ": " + currIssuerNameRDN);
+ %>
+ <br/>
+ <%
+ }
+ }
+ %>
+ </p>
+
+ <!-- ######################################################### -->
+ <!-- Seriennummer des Zertifikats -->
+ <!-- ######################################################### -->
+
+ <h2>Seriennummer des Zertifikats</h2>
+ <p>
+ Seriennummer:
+ <%
+ out.print(signerInfo.getSerial());
+ %>
+ </p>
+
+ <!-- ######################################################### -->
+ <!-- Qualifiziertes Zertifikat? -->
+ <!-- ######################################################### -->
+
+ <h2>Qualität des Zertifikats</h2>
+ <p>
+ Das Zertifikat ist ein
+ <% out.print(signerInfo.getIsQualified() ? "qualifiziertes" : "gewöhnliches"); %>
+ Zertifikat.
+ </p>
+
+
+ <h1>Prüfungen</h1>
+
+ <!-- ######################################################### -->
+ <!-- Signaturprüfung -->
+ <!-- ######################################################### -->
+
+ <h2>Signaturprüfung</h2>
+ <p>
+ <%
+ String [] sigCheckMsgs = new String[]
+ {
+ "Die Überprüfung der Hash-Werte und des Werts der Signatur konnte erfolgreich durchgeführt werden.",
+ "Bei der Überprüfung des Hash-Werts zumindest einer dsig:Reference der Signatur ist ein Fehler aufgetreten. Der Wert der Signatur (dsig:SignatureValue) wurde nicht überprüft.",
+ "Die Überprüfung der Hash-Werte konnte erfolgreich durchgeführt werden. Beim Überprüfen des Werts der Signatur (dsig:SignatureValue) ist jedoch ein Fehler aufgetreten."
+ };
+
+ int sigCheckCode = Integer.parseInt(checksInfo.getSigCheckCode());
+ out.print(sigCheckMsgs[sigCheckCode]);
+ %>
+ <br/>
+ <%
+ if (sigCheckCode == 1)
+ {
+ %>
+ Fehlerhafte Referenzen:
+ <%
+ int count = 0;
+ do
+ {
+ checksInfo.setSigCheckFailedRefCount(count);
+ String failedRef = checksInfo.getSigCheckFailedRef();
+ if (null == failedRef) break;
+ if (count > 0) out.print(", ");
+ out.print(failedRef);
+ count++;
+ }
+ while (true);
+ }
+ %>
+ </p>
+
+ <!-- ######################################################### -->
+ <!-- Signaturmanifestprüfung -->
+ <!-- ######################################################### -->
+
+ <!-- Aus der Sicht des Bürgers nicht sinnvoll -->
+
+ <!-- ######################################################### -->
+ <!-- XMLDSIG-Manifestprüfung -->
+ <!-- ######################################################### -->
+
+ <!-- Derzeit nicht implementiert, Bean "checksInfo" enthält allerdings alle notwendigen Infos -->
+
+ <!-- ######################################################### -->
+ <!-- Zertifikatsprüfung -->
+ <!-- ######################################################### -->
+
+ <h2>Zertifikatsprüfung</h2>
+ <p>
+ <%
+ String [] certCheckMsgs = new String[]
+ {
+ "Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Jedes Zertifikat dieser Kette ist zum in der Anfrage angegebenen Prüfzeitpunkt gültig.",
+ "Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden.",
+ "Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für zumindest ein Zertifikat dieser Kette fällt der Prüfzeitpunkt nicht in das Gültigkeitsintervall.",
+ "Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.",
+ "Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Zumindest ein Zertifikat ist zum Prüfzeitpunkt widerrufen.",
+ "Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Kein Zertifikat dieser Kette ist zum Prüfzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Prüfzeitpunkt gesperrt.",
+ "Die Prüfung der Signaturprüfdaten wurde nicht durchgeführt, da bei der Prüfung der Gültigkeit der Signatur ein Fehler aufgetreten ist."
+ };
+ int certCheckCode = Integer.parseInt(checksInfo.getCertCheckCode());
+ certCheckCode = (certCheckCode == 99) ? 6 : certCheckCode;
+ out.print(certCheckMsgs[certCheckCode]);
+ %>
+ </body>
+</html>
\ No newline at end of file diff --git a/spss.slinterface/res/resources/schemas/MOA-SPSS-1.2.xsd b/spss.slinterface/res/resources/schemas/MOA-SPSS-1.2.xsd index f0a53cfa0..d7a06d6e7 100644 --- a/spss.slinterface/res/resources/schemas/MOA-SPSS-1.2.xsd +++ b/spss.slinterface/res/resources/schemas/MOA-SPSS-1.2.xsd @@ -3,8 +3,8 @@ MOA SP/SS 1.2 Schema
-->
<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
- <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
- <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
<!--########## Create XML Signature ###-->
<!--### Create XML Signature Request ###-->
<xsd:element name="CreateXMLSignatureRequest">
@@ -173,6 +173,15 @@ <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
+ <xsd:complexType name="FinalDataMetaInfoType">
+ <xsd:complexContent>
+ <xsd:extension base="MetaInfoType">
+ <xsd:sequence>
+ <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
<xsd:complexType name="DataObjectInfoType">
<xsd:sequence>
<xsd:element name="DataObject">
@@ -202,7 +211,7 @@ <xsd:complexType name="TransformsInfoType">
<xsd:sequence>
<xsd:element ref="dsig:Transforms" minOccurs="0"/>
- <xsd:element name="FinalDataMetaInfo" type="MetaInfoType"/>
+ <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="XMLDataObjectAssociationType">
@@ -257,7 +266,7 @@ <xsd:restriction base="CheckResultType">
<xsd:sequence>
<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
- <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+ <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
</xsd:sequence>
</xsd:restriction>
</xsd:complexContent>
|